Commit | Line | Data |
---|---|---|
299a08f3 NR |
1 | BLOCKCHAINS ARE NOT SAFE FOR VOTING, CONCLUDES NAP REPORT \r |
2 | (NYTIMES.COM) \r | |
3 | \r | |
4 | Thursday September 06, 2018 @11:30PM (BeauHD)\r | |
5 | from the ensuring-the-integrity-of-elections dept.\r | |
6 | \r | |
c715ea02 | 7 | o Reference: 0102640864\r |
299a08f3 NR |
8 | o News link: https://politics.slashdot.org/story/18/09/06/2137245/blockchains-are-not-safe-for-voting-concludes-nap-report\r |
9 | o Source link: https://www.nytimes.com/aponline/2018/09/06/technology/ap-us-tec-election-security-reform-report.html\r | |
10 | \r | |
11 | \r | |
12 | The National Academies Press has released a 156-page report,\r | |
e818d449 NR |
13 | called " [1]Securing the Vote: Protecting American Democracy\r |
14 | ," concluding that blockchains are not safe for the U.S.\r | |
15 | election system. "While the notion of using a blockchain as an\r | |
299a08f3 NR |
16 | immutable ballot box may seem promising, blockchain technology\r |
17 | does little to solve the fundamental security issues of\r | |
18 | elections, and indeed, blockchains introduce additional\r | |
e818d449 NR |
19 | security vulnerabilities," the report [2]states . "In\r |
20 | particular, if malware on a voter's device alters a vote\r | |
21 | before it ever reaches a blockchain, the immutability of the\r | |
22 | blockchain fails to provide the desired integrity, and the\r | |
23 | voter may never know of the alteration."\r | |
24 | \r | |
25 | The report goes on to say that "Blockchains do not provide the\r | |
26 | anonymity often ascribed to them." It continues: "In the\r | |
27 | particular context of elections, voters need to be authorized\r | |
28 | as eligible to vote and as not having cast more than one\r | |
29 | ballot in the particular election. Blockchains do not offer\r | |
30 | means for providing the necessary authorization. [...] If a\r | |
31 | blockchain is used, then cast ballots must be encrypted or\r | |
32 | otherwise anonymized to prevent coercion and vote-selling."\r | |
33 | The New York Times summarizes the findings:\r | |
34 | \r | |
35 | > The cautiously worded report [3]calls for conducting all\r | |
36 | federal, state and local elections on paper ballots by 2020 .\r | |
37 | Its other top recommendation would require nationwide use of a\r | |
38 | specific form of routine postelection audit to ensure votes\r | |
39 | have been accurately counted. The panel did not offer a price\r | |
40 | tag for its recommended overhaul. New York University's\r | |
299a08f3 NR |
41 | Brennan Center has estimated that replacing aging voting\r |
42 | machines over the next few years could cost well over $1\r | |
43 | billion. The 156-page report [...] bemoans a rickety system\r | |
44 | compromised by insecure voting equipment and software whose\r | |
45 | vulnerabilities were exposed more than a decade ago and which\r | |
46 | are too often managed by officials with little training in\r | |
e818d449 NR |
47 | cybersecurity.\r |
48 | \r | |
49 | >\r | |
50 | \r | |
51 | > Among its specific recommendations was a mainstay of\r | |
52 | election reformers: All elections should use human-readable\r | |
53 | paper ballots by 2020. Such systems are intended to assure\r | |
54 | voters that their vote was recorded accurately. They also\r | |
55 | create a lasting record of "voter intent" that can be used for\r | |
56 | reliable recounts, which may not be possible in systems that\r | |
57 | record votes electronically. [...] The panel also calls for\r | |
58 | all states to adopt a type of post-election audit that employs\r | |
59 | statistical analysis of ballots prior to results\r | |
60 | certification. Such "risk-limiting" audits are designed to\r | |
61 | uncover miscounts and vote tampering. Currently only three\r | |
62 | states mandate them.\r | |
63 | \r | |
64 | \r | |
65 | \r | |
66 | [1] https://www.nap.edu/catalog/25120/securing-the-vote-protec-\r | |
67 | ting-american-democracy\r | |
68 | \r | |
69 | [2] https://www.nap.edu/read/25120/chapter/7#103\r | |
70 | \r | |
71 | [3] https://www.nytimes.com/aponline/2018/09/06/technology/ap-\r | |
72 | us-tec-election-security-reform-report.html\r | |
299a08f3 NR |
73 | \r |
74 | \r | |
75 | ** \r | |
76 | \r | |
77 | ** Re:All security = an implementation. (Score:5, Insightful)\r | |
78 | (by PopeRatzo ( 965947 ))\r | |
79 | \r | |
80 | \r | |
81 | > To say blockchain is inherently unsafe is like saying\r | |
82 | > software is inherently unsafe\r | |
83 | Oh, you are so close to a breakthrough.\r | |
84 | When it comes to voting, blockchain, like software, IS\r | |
85 | inherently unsafe. If the main goal for voting security is\r | |
86 | maintaining the people's confidence in an election, the only\r | |
87 | system that will meet that standard is a system where people\r | |
88 | are actually keeping an eye on one another. And I mean\r | |
89 | physically watching one another. And that's the system we had\r | |
90 | in place before the advent of voting machines and election\r | |
91 | software. You had a room full of election judges from both\r | |
92 | sides, and they sat side-by-side checking in voters as they\r | |
93 | approached the voting booth and physically watched them put\r | |
94 | the ballot in the box. When the votes were counted, there was\r | |
95 | a whole bunch of people from both parties standing around\r | |
96 | keeping a close eye. When the ballots were sent for storage,\r | |
97 | one person from each party rode in the truck to drop them off\r | |
98 | after sealing the container - together - and signing off.\r | |
99 | It was trust, but verify. Was it possible to jigger with an\r | |
100 | election like that? Of course. But you had a list of names of\r | |
101 | people you could hold accountable at every step in the\r | |
102 | process. Electronic voting will never, ever be trusted. That\r | |
103 | is the effect of transparency.\r | |
104 | \r | |
105 | ** \r | |
106 | \r | |
107 | ** Re: (Score:1, Insightful)\r | |
108 | (by Anonymous Coward)\r | |
109 | \r | |
110 | \r | |
111 | > " If the main goal for voting security is maintaining\r | |
112 | > the people's confidence in an election " - Well I don't\r | |
113 | > agree with that starting point definition. I think\r | |
114 | > security = security, not theater of.\r | |
115 | Then you're bad at security. Security is theater.\r | |
116 | There is no impregnable system. Security can only\r | |
117 | increase the difficulty of entering a system, it cannot\r | |
118 | stop a determined opponent. Is a CCTV system going to\r | |
119 | stop someone from breaking into your store? No, but it\r | |
120 | will make the person think twice about it, because they\r | |
121 | are likely to be recorded, found, and caught. Is the\r | |
122 | TSA likely to stop all bad guys from getting on planes?\r | |
123 | No, but it alters how much they must prepare to get on\r | |
124 | board the plane so hop\r | |
125 | \r | |
126 | ** Re: (Score:2)\r | |
127 | (by Ocker3 ( 1232550 ))\r | |
128 | \r | |
129 | \r | |
130 | Sadly, the TSA haven't shown themselves to be any\r | |
131 | good at their job, repeatedly. It's hard to get good\r | |
132 | help when the work is shite, the 'customers' range\r | |
133 | from sullen to hating you, and the pay is peanuts.\r | |
134 | \r | |
135 | \r | |
136 | \r | |
137 | \r | |
138 | ** Transparency is the key (Score:1)\r | |
139 | (by victor_alarcon ( 5520418 ))\r | |
140 | \r | |
141 | \r | |
142 | I thought that was the main selling point. Yes, I'm sure\r | |
143 | someone can come up with some anonymity scheme but\r | |
144 | transparency should be top priority. Apologies if the\r | |
145 | point is too naive.\r | |
146 | \r | |
147 | \r | |
148 | ** Re: (Score:1)\r | |
149 | (by Anonymous Coward)\r | |
150 | \r | |
151 | \r | |
152 | Paper votes aren't any better, just look at Russia's vote\r | |
153 | stuffing. Literately. Someone comes up to the booth and\r | |
154 | stuffs fake/coerced votes into the box.\r | |
155 | Now the way most US, Canadian, and UK elections are run,\r | |
156 | the paper vote is a two-step process.\r | |
157 | A) You go to a scrutineer to check your name off a PAPER\r | |
158 | list, they hand you a ballot with no identifying\r | |
159 | information on it\r | |
160 | B) You mark an X on the ballot, fold it in half or stick\r | |
161 | it in a privacy envelope and then stick it in a cardboard\r | |
162 | box with a hole on top.\r | |
163 | Now\r | |
164 | \r | |
165 | ** Re: (Score:2)\r | |
166 | (by PopeRatzo ( 965947 ))\r | |
167 | \r | |
168 | \r | |
169 | > Paper votes aren't any better, just look at Russia's\r | |
170 | > vote stuffing. Literately. Someone comes up to the\r | |
171 | > booth and stuffs fake/coerced votes into the box.\r | |
172 | That's right, because Russia doesn't have the same\r | |
173 | safeguards built into their elections that we have. You\r | |
174 | don't have election judges from both sides watching\r | |
175 | every vote from the time it's cast to the time it's\r | |
176 | counted to the time it's sent for storage. In the US,\r | |
177 | there have to be two election judges on hand when\r | |
178 | absentee ballots are opened.\r | |
179 | People can sti\r | |
180 | \r | |
181 | \r | |
182 | \r | |
183 | ** Re: (Score:2)\r | |
184 | (by Ocker3 ( 1232550 ))\r | |
185 | \r | |
186 | \r | |
187 | I'd invite you to visit us in Australia, where we have the\r | |
188 | Australian Electoral Commission (AEC), a non-partisan (not\r | |
189 | bi-partisan) body of people who are collectively\r | |
190 | considered the Platinum Standard of running elections\r | |
191 | around the world. We actually send people to the USA to\r | |
192 | train election staff. We don't have party reps in the\r | |
193 | voting area until the polls close, then the parties can\r | |
194 | send in scrutineers who check that the paper ballots are\r | |
195 | being counted as per the regulations (when I did this I\r | |
196 | actually not\r | |
197 | \r | |
198 | ** Re: (Score:2)\r | |
199 | (by PopeRatzo ( 965947 ))\r | |
200 | \r | |
201 | \r | |
202 | > I'd invite you to visit us in Australia,\r | |
203 | I've spent a fair amount of time in Australia. Yes,\r | |
204 | I've heard you guys do a good job with elections, but\r | |
205 | I'm not coming back until you get rid of those spiders\r | |
206 | that jump up and bite you on the eye. Oh, and drop\r | |
207 | bears and yowgwai. I don't need that kind of stress,\r | |
208 | thanks.\r | |
209 | \r | |
210 | \r | |
211 | \r | |
212 | \r | |
213 | ** Re: (Score:2)\r | |
214 | (by shellster_dude ( 1261444 ))\r | |
215 | \r | |
216 | \r | |
217 | Blockchains are obviously a terrible solution to election\r | |
218 | fraud. The only thing that prevents blockchain tampering is a\r | |
219 | ton of neutral third party machines checking the transactions\r | |
220 | (typically miners). We've already seen that this is a\r | |
221 | non-trivial problem when there is plenty of incentive for\r | |
222 | random people to fulfill that role (mining of crypto\r | |
223 | currency). National elections have very little incentive for\r | |
224 | people to invest thousands in hardware and electricity, and a\r | |
225 | ton of incentive for nation states like\r | |
226 | \r | |
227 | \r | |
228 | ** Oh the irony (Score:4, Insightful)\r | |
229 | (by the_skywise ( 189793 ))\r | |
230 | \r | |
231 | \r | |
232 | > All elections should use human-readable paper ballots by 2020.\r | |
233 | > Such systems are intended to assure voters that their vote was\r | |
234 | > recorded accurately. They also create a lasting record of "voter\r | |
235 | > intent" that can be used for reliable recounts,\r | |
236 | Now I agree with this and am happy to move back to paper ballots\r | |
237 | - But the entire reason we moved away from paper ballots was\r | |
238 | because of the 2000 elections where Florida used punch cards and\r | |
239 | political officers kept trying to argue over "partial punches",\r | |
240 | "dimpled chads" and "dangling chads" where they tried to\r | |
241 | reassess what the voter's INTENT was.\r | |
242 | And, of course, let's not forget magical disappearing and\r | |
243 | appearing boxes of ballots.\r | |
244 | Any system can be hacked but the electronic one is harder to\r | |
245 | track hacking than the good ol' traditional methods with paper\r | |
246 | ballots.\r | |
247 | \r | |
248 | ** Re: (Score:3)\r | |
249 | (by Dare nMc ( 468959 ))\r | |
250 | \r | |
251 | \r | |
252 | Their have been academic papers proposing electronic system\r | |
253 | that would be safe, where you could verify that your vote was\r | |
254 | counted (IE received at the server.)\r | |
255 | In theory with open software, hardware, and multiple servers\r | |
256 | (again all open source) we could have a very robust\r | |
257 | electronic voting system. This would require a large project\r | |
258 | likely done with universities, and it may even be similar to\r | |
259 | some bitcoin concepts.\r | |
260 | The technology side is very solvable, getting the project\r | |
261 | started, past the politics, and accept\r | |
262 | \r | |
263 | \r | |
264 | ** Key statement (Score:2, Insightful)\r | |
265 | (by Anonymous Coward)\r | |
266 | \r | |
267 | \r | |
268 | They key statement in the finding that most technology solutions\r | |
269 | fail to solve is this:\r | |
270 | "Such systems are intended to *assure* voters that their vote\r | |
271 | was recorded accurately."\r | |
272 | In the end, paper ballots may seem inefficient from a processing\r | |
273 | perspective, but that inefficiency becomes inherently difficult\r | |
274 | to tamper with and builds in systems for checks and recounts.\r | |
275 | The argument here is that blockchain is vulnerable before the\r | |
276 | data is stored in the blockchain, at the UI and the machine\r | |
277 | level, and blockchain th\r | |
278 | \r | |
279 | ** Re: (Score:2)\r | |
280 | (by presidenteloco ( 659168 ))\r | |
281 | \r | |
282 | \r | |
283 | Blanket arguments against computer algorithms for secure\r | |
284 | voting (or secure anything) are illogical, emotional, and\r | |
285 | flawed.\r | |
286 | People argue to the effect: Because many programs have been\r | |
287 | found to have a security flaw in either A) the algorithm\r | |
288 | mathematics and logical assumptions, or in B) the\r | |
289 | implementation, therefore ALL programs must have some flaw in\r | |
290 | A) or B) therefore there is no such thing is a secure\r | |
291 | computer program. That is just bullshit. It's incorrect,\r | |
292 | unsupported generalization from specific examples.\r | |
293 | \r | |
294 | ** Re: (Score:2)\r | |
295 | (by presidenteloco ( 659168 ))\r | |
296 | \r | |
297 | \r | |
298 | Ok, there's a stupid bug in slashdot apparently, not\r | |
299 | including my less-than sign.\r | |
300 | There. One bug.\r | |
301 | What's up with that. Let me try again. Hmm. There was a\r | |
302 | less-than in there just to the left of this sentence.\r | |
303 | That's lame on slashdot software's part.\r | |
304 | So you proved that ALL programs have bugs?\r | |
305 | Didn't think so.\r | |
306 | \r | |
307 | \r | |
308 | \r | |
309 | ** Paper ballots are by far the most secure solution (Score:4,\r | |
310 | Insightful)\r | |
311 | (by Seven Spirals ( 4924941 ))\r | |
312 | \r | |
313 | \r | |
314 | Gimme a break. Use paper. Computers will be better tools for\r | |
315 | tabulating and processing the votes after they are cast, but\r | |
316 | it's tough to beat paper for a recount. Even paper has it's\r | |
317 | flaws, but the hand waving crypto-bullshit is pathetic "Oh but\r | |
318 | this counter signature will detect if the previous\r | |
319 | initialization vector was properly zeroed inside of the S-Box"\r | |
320 | *rolls eyes*. KISS baby. Things don't get more secure by making\r | |
321 | them more complex and I can't think of any way to make something\r | |
322 | more complex than to introduce computers. Computers are great at\r | |
323 | some things, ideal for some tasks: not for voting. They suck at\r | |
324 | that.\r | |
325 | \r | |
326 | ** paper ballots (Score:1)\r | |
327 | (by Anonymous Coward)\r | |
328 | \r | |
329 | \r | |
330 | The only way you can have some measure of accountability while\r | |
331 | keeping votes anonymous.\r | |
332 | \r | |
333 | ** Or, for heaven's sake, you can just use paper (Score:3)\r | |
334 | (by mark-t ( 151149 ))\r | |
335 | \r | |
336 | \r | |
337 | Make a simple mark on a paper ballot indicating your vote, fold\r | |
338 | it, put it in a box.\r | |
339 | done\r | |
340 | Now theoretically you could bribe people who do the counting,\r | |
341 | but you'd have to bribe a *LOT* of people to make any kind of\r | |
342 | difference because each individual ballot box with the folded\r | |
343 | ballots contains but a tiny fraction of the number of votes, and\r | |
344 | nobody ever counts the ballots from more than one or sometimes\r | |
345 | two different boxes.\r | |
346 | \r | |
347 | ** the real story (Score:2)\r | |
348 | (by slashmydots ( 2189826 ))\r | |
349 | \r | |
350 | \r | |
351 | Blockchains are perfect, right? WRONG. And also right. They are\r | |
352 | mathmatically flawless BUT if you outprocess the rest of the\r | |
353 | network, you can finalize a block with whatever the hell you\r | |
354 | want in it. You can form a block that says you own all bitcoins,\r | |
355 | all transactions put them in your wallet, and you're also the\r | |
356 | queen of England. The reason this "51% attack" doesn't happen it\r | |
357 | because that amount of processing power doesn't exist. That many\r | |
358 | ASICs don't exist on Earth. But let's set up a separate\r | |
359 | blockchain an\r | |
360 | \r | |
361 | ** Re: (Score:2)\r | |
362 | (by Kaenneth ( 82978 ))\r | |
363 | \r | |
364 | \r | |
365 | Even with a 51% attack, the Bitcoin blockchain is filled with\r | |
366 | digital signatures; noone but your own nodes would accept the\r | |
367 | blocks, and you would only be 'fooling' yourself.\r | |
368 | Electronic voting could only work if every citizen had their\r | |
369 | own private, secure, digital signature key. Which can't\r | |
370 | happen in the US because poor people can't afford them, and a\r | |
371 | certain party would never give anything for free, while the\r | |
372 | other would protect the poor.\r | |
373 | \r | |
374 | \r | |
375 | ** \r | |
376 | \r | |
377 | ** Re: (Score:2)\r | |
378 | (by jwymanm ( 627857 ))\r | |
379 | \r | |
380 | \r | |
381 | This was the dumbest comment in the article. Obviously\r | |
382 | software methods exist to verify after the fact that what you\r | |
383 | saved is what you expected.\r | |
384 | \r | |
385 | \r | |
386 | ** It's not how the vote was recorded... (Score:2)\r | |
387 | (by LynnwoodRooster ( 966895 ))\r | |
388 | \r | |
389 | \r | |
390 | > The report goes on to say that "Blockchains do not provide the\r | |
391 | > anonymity often ascribed to them." It continues: "In the\r | |
392 | > particular context of elections, voters need to be authorized as\r | |
393 | > eligible to vote and as not having cast more than one ballot in\r | |
394 | > the particular election.\r | |
395 | It's who casts the vote. Before we even worry about Blockchain,\r | |
396 | we need to ensure people casting the ballots are legally\r | |
397 | eligible to vote. Guaranteeing a vote was cast is no more\r | |
398 | important than guaranteeing who cast the vote was eligible to\r | |
399 | actually cast that vote.\r | |
400 | \r | |
401 | ** Paper ballots (Score:2)\r | |
402 | (by burtosis ( 1124179 ))\r | |
403 | \r | |
404 | \r | |
405 | Let me start out saying 100% electronic voting is going to be a\r | |
406 | disaster, triply so when done remotely and not at a secure\r | |
407 | voting machine. But what most people don't realize is we\r | |
408 | currently use unencrypted images of paper ballots in many states\r | |
409 | as backups. These are very insecure. Why not use paper ballots\r | |
410 | for the primary method, blockchain for the electronic backups?\r | |
411 | This ultimately seems far more secure than what we are doing\r | |
412 | now. We also could use open source machines and have audits at\r | |
413 | each polling\r | |
414 | \r | |
415 | \r |