Internet voting may have security vulnerabilities, but blockchain can still provide much-needed transparency for online systems.
As shelter-in-place orders are extended throughout the United States due to the coronavirus pandemic, controversy around online voting systems has surfaced. The dangers of internet voting were recently publicly announced by the American Association for the Advancement of Science, or AAAS.
On April 9, the AAAS Center for Scientific Evidence in Public Issues wrote an open letter to U.S. governors, secretaries of state and state election directors expressing great concern regarding the security of online voting systems.
While the letter stated that “internet voting is not a secure solution for voting in the United States, nor will it be in the foreseeable future,” experts note that blockchain could still play a prominent role in the advancement of online voting systems.
Is that true?
Stanford University cryptography Ph.D. student Ben Fisch told Cointelegraph that he agrees with the concerns expressed in the AAAS letter, which states that internet voting is insecure due to malware instructions, denial-of-service attacks and privacy violations. Yet, despite these vulnerabilities, Fisch explained that internet voting is an entirely appropriate application for blockchain technology:
“If designed appropriately, blockchains are supposed to be transparent and auditable databases, ensuring consistency among all viewers. This is entirely relevant to the problem of voter-verified ballots. However, I would also echo the concerns expressed in the AAAS letter, which was indeed endorsed by many experts in the field.”
Fisch further noted that the attacks associated with internet voting is vast, saying that “all current technological solutions are likely too immature to be used right now given the high stakes.”
However, it’s still important to recognize how emerging technologies such as blockchain can appropriately be applied to improve internet voting systems in the future. Chief of staff at Voatz, Hilary Braseth, told Cointelegraph that the five-year-old blockchain-based platform allows those deployed in the military or disabled individuals the opportunity to vote using their mobile phones:
“Today, we run 10 governmental pilots involving less that 800 voters. Historically, these people are voting over email, which isn’t secure. The other option would be a paper ballot, which is hard to access when you are deployed. We now see that States are keen to offer more accessible options for these voters.”
Braseth explained that individuals using Voatz have the advantage of accessing election ballots from their mobile devices. She noted that a public, permissioned blockchain network is leveraged to record votes, ensuring that selections cannot be altered:
“The oval selections individuals make on voting ballots are equivalent to one token on a blockchain, serving as a transaction that gets recorded to the Voatz blockchain, which is powered by Hyperledger Fabric.”
Braseth further noted that every ballot submitted over a mobile phone also produces a paper ballot that contains a long stream of characters called an “anonymous ID.” This ID is used after each election to audit tabulated selections from ballots against the blockchain data to make sure that everything matches accordingly. In addition, voters receive ballot receipts that contain their anonymous ID so they can make sure their vote was properly submitted and accounted for.
Blockchain doesn’t provide security
While the concept behind Voatz is quite revolutionary, MIT researchers uncovered a number of vulnerabilities in its system. They noted that hackers could alter, stop or expose how an individual user has voted. Additionally, researchers found that Voatz’s use of a third-party vendor for voter identification and verification poses potential privacy issues.
While these vulnerabilities are similar to those of general online voting systems, Braseth explained that blockchain is being leveraged in Voatz to provide transparency rather than security. She explained, “Blockchain is used as an audit mechanism for our governmental voting pilots.”
Additionally, Fisch pointed out that while MIT’s security analysis report on Voatz unveils numerous issues with the platform, he notes that the problem is not that blockchain is the wrong tool, but rather that Voatz did not appropriately use blockchain techniques to address the fundamental issues in secure internet voting. He explained:
“In particular, Voatz’s blockchain design does not guarantee query consistency, which is a basic blockchain system requirement. This means that if any two different users query the server(s) hosting the blockchain database with the same question, they get exactly the same answer. Any inconsistency in the responses given to distinct users will eventually be detected. Query consistency is the property that would, in theory, enable voters to verify that their vote was counted in the election tally.”
A revolutionary concept in development
Although Voatz may still be a work in progress, its mission caught the attention of West Virginia Secretary of State Mac Warner. After serving 23 years in the United States Army, Secretary Warner told Cointelegraph that his military background encouraged him to find a solution that would allow deployed soldiers to easily vote in U.S. elections while overseas:
“Once elected as West Virginia’s Secretary of State, I had a mission to help soldiers in deployment participate in elections. I was never satisfied with military efforts and their voting systems, as the emphasis has always been misplaced — yes, soldiers have the right to vote, but they don’t have the capabilities.”
Upon learning that Voatz was a mobile-based voting platform, Secretary Warner signed a memorandum of understanding to conduct a pilot using Voatz in two counties for West Virginia’s May 2018 primary election.
Satisfied with the results, West Virginia passed a law in February of this year requiring its counties to offer voters with disabilities the option of receiving ballots electronically, starting with the May 12 primary. Yet, due to the vulnerabilities highlighted by the media regarding internet voting and flaws in blockchain-based systems, West Virginia recently decided against using Voatz for the upcoming primary election.
However, Secretary Warner explained that leveraging Voatz is not entirely out of the equation for West Virginia in the future. He noted that blockchain was never a requirement for West Virginia’s mobile voting solution, but that Voatz initially worked well for the state’s goal of enabling voters to vote via mobile devices:
“Voatz worked well with our applications. We tested the system before it went live, but because of recent scruintity we’ve decided to use Democracy Live, a web based voting solution, for this upcoming election. This isn’t about a specific concern over Voatz or blockchain. In fact, we may go back to Voatz once there is a wider application and acceptance of the platform.”
What about paper ballots?
Finally, as technology-enabled voting systems continue to advance, officials are now considering using just the paper ballots to keep elections secure during the coronavirus pandemic. Yet, while paper ballots may not be prone to the same security issues faced by online voting systems, there are still many problems with this model. For example, Secretary Warner explained the challenges West Virginia is currently facing with paper absentee ballots, saying:
“While vote by mail sounds attractive on its surface, I’m in a state where we have an application process to ask for the absentee ballot. We are sending out 1.2 million application cards to our voters, which requires hours of work and training. For instance, we have to think about how many ballots we need to print now. Where we typically have 2 percent of voters vote by absentee, it’s a guessing game on how many ballots are needed now.”
Due to the challenges associated with paper voting systems, Warner noted that tech-based solutions are needed more than ever before, even though he has never been an outspoken advocate of such solutions in the past: “But if we had this technology proven and accepted now, then a number of election officials would have turned to mobile voting solutions.”