1 BLOCKCHAINS ARE NOT SAFE FOR VOTING, CONCLUDES NAP REPORT
4 Thursday September 06, 2018 @11:30PM (BeauHD)
5 from the ensuring-the-integrity-of-elections dept.
7 o News link: https://politics.slashdot.org/story/18/09/06/2137245/blockchains-are-not-safe-for-voting-concludes-nap-report
8 o Source link: https://www.nytimes.com/aponline/2018/09/06/technology/ap-us-tec-election-security-reform-report.html
11 The National Academies Press has released a 156-page report,
12 called "Securing the Vote: Protecting American Democracy,"
13 concluding that blockchains are not safe for the U.S. election
14 system. "While the notion of using a blockchain as an
15 immutable ballot box may seem promising, blockchain technology
16 does little to solve the fundamental security issues of
17 elections, and indeed, blockchains introduce additional
18 security vulnerabilities," the report states. "In particular,
19 if malware on a voter's device alters a vote before it ever
20 reaches a blockchain, the immutability of the blockchain fails
21 to provide the desired integrity, and the voter may never know
22 of the alteration." The report goes on to say that
23 "Blockchains do not provide the anonymity often ascribed to
24 them." It continues: "In the particular context of elections,
25 voters need to be authorized as eligible to vote and as not
26 having cast more than one ballot in the particular election.
27 Blockchains do not offer means for providing the necessary
28 authorization. [...] If a blockchain is used, then cast
29 ballots must be encrypted or otherwise anonymized to prevent
30 coercion and vote-selling." The New York Times summarizes the
31 findings: The cautiously worded report calls for conducting
32 all federal, state and local elections on paper ballots by
33 2020. Its other top recommendation would require nationwide
34 use of a specific form of routine postelection audit to ensure
35 votes have been accurately counted. The panel did not offer a
36 price tag for its recommended overhaul. New York University's
37 Brennan Center has estimated that replacing aging voting
38 machines over the next few years could cost well over $1
39 billion. The 156-page report [...] bemoans a rickety system
40 compromised by insecure voting equipment and software whose
41 vulnerabilities were exposed more than a decade ago and which
42 are too often managed by officials with little training in
43 cybersecurity. Among its specific recommendations was a
44 mainstay of election reformers: All elections should use
45 human-readable paper ballots by 2020. Such systems are
46 intended to assure voters that their vote was recorded
47 accurately. They also create a lasting record of "voter
48 intent" that can be used for reliable recounts, which may not
49 be possible in systems that record votes electronically. [...]
50 The panel also calls for all states to adopt a type of
51 post-election audit that employs statistical analysis of
52 ballots prior to results certification. Such "risk-limiting"
53 audits are designed to uncover miscounts and vote tampering.
54 Currently only three states mandate them.
59 ** Re:All security = an implementation. (Score:5, Insightful)
60 (by PopeRatzo ( 965947 ))
63 > To say blockchain is inherently unsafe is like saying
64 > software is inherently unsafe
65 Oh, you are so close to a breakthrough.
66 When it comes to voting, blockchain, like software, IS
67 inherently unsafe. If the main goal for voting security is
68 maintaining the people's confidence in an election, the only
69 system that will meet that standard is a system where people
70 are actually keeping an eye on one another. And I mean
71 physically watching one another. And that's the system we had
72 in place before the advent of voting machines and election
73 software. You had a room full of election judges from both
74 sides, and they sat side-by-side checking in voters as they
75 approached the voting booth and physically watched them put
76 the ballot in the box. When the votes were counted, there was
77 a whole bunch of people from both parties standing around
78 keeping a close eye. When the ballots were sent for storage,
79 one person from each party rode in the truck to drop them off
80 after sealing the container - together - and signing off.
81 It was trust, but verify. Was it possible to jigger with an
82 election like that? Of course. But you had a list of names of
83 people you could hold accountable at every step in the
84 process. Electronic voting will never, ever be trusted. That
85 is the effect of transparency.
89 ** Re: (Score:1, Insightful)
93 > " If the main goal for voting security is maintaining
94 > the people's confidence in an election " - Well I don't
95 > agree with that starting point definition. I think
96 > security = security, not theater of.
97 Then you're bad at security. Security is theater.
98 There is no impregnable system. Security can only
99 increase the difficulty of entering a system, it cannot
100 stop a determined opponent. Is a CCTV system going to
101 stop someone from breaking into your store? No, but it
102 will make the person think twice about it, because they
103 are likely to be recorded, found, and caught. Is the
104 TSA likely to stop all bad guys from getting on planes?
105 No, but it alters how much they must prepare to get on
106 board the plane so hop
109 (by Ocker3 ( 1232550 ))
112 Sadly, the TSA haven't shown themselves to be any
113 good at their job, repeatedly. It's hard to get good
114 help when the work is shite, the 'customers' range
115 from sullen to hating you, and the pay is peanuts.
120 ** Transparency is the key (Score:1)
121 (by victor_alarcon ( 5520418 ))
124 I thought that was the main selling point. Yes, I'm sure
125 someone can come up with some anonymity scheme but
126 transparency should be top priority. Apologies if the
131 (by Anonymous Coward)
134 Paper votes aren't any better, just look at Russia's vote
135 stuffing. Literately. Someone comes up to the booth and
136 stuffs fake/coerced votes into the box.
137 Now the way most US, Canadian, and UK elections are run,
138 the paper vote is a two-step process.
139 A) You go to a scrutineer to check your name off a PAPER
140 list, they hand you a ballot with no identifying
142 B) You mark an X on the ballot, fold it in half or stick
143 it in a privacy envelope and then stick it in a cardboard
144 box with a hole on top.
148 (by PopeRatzo ( 965947 ))
151 > Paper votes aren't any better, just look at Russia's
152 > vote stuffing. Literately. Someone comes up to the
153 > booth and stuffs fake/coerced votes into the box.
154 That's right, because Russia doesn't have the same
155 safeguards built into their elections that we have. You
156 don't have election judges from both sides watching
157 every vote from the time it's cast to the time it's
158 counted to the time it's sent for storage. In the US,
159 there have to be two election judges on hand when
160 absentee ballots are opened.
166 (by Ocker3 ( 1232550 ))
169 I'd invite you to visit us in Australia, where we have the
170 Australian Electoral Commission (AEC), a non-partisan (not
171 bi-partisan) body of people who are collectively
172 considered the Platinum Standard of running elections
173 around the world. We actually send people to the USA to
174 train election staff. We don't have party reps in the
175 voting area until the polls close, then the parties can
176 send in scrutineers who check that the paper ballots are
177 being counted as per the regulations (when I did this I
181 (by PopeRatzo ( 965947 ))
184 > I'd invite you to visit us in Australia,
185 I've spent a fair amount of time in Australia. Yes,
186 I've heard you guys do a good job with elections, but
187 I'm not coming back until you get rid of those spiders
188 that jump up and bite you on the eye. Oh, and drop
189 bears and yowgwai. I don't need that kind of stress,
196 (by shellster_dude ( 1261444 ))
199 Blockchains are obviously a terrible solution to election
200 fraud. The only thing that prevents blockchain tampering is a
201 ton of neutral third party machines checking the transactions
202 (typically miners). We've already seen that this is a
203 non-trivial problem when there is plenty of incentive for
204 random people to fulfill that role (mining of crypto
205 currency). National elections have very little incentive for
206 people to invest thousands in hardware and electricity, and a
207 ton of incentive for nation states like
210 ** Oh the irony (Score:4, Insightful)
211 (by the_skywise ( 189793 ))
214 > All elections should use human-readable paper ballots by 2020.
215 > Such systems are intended to assure voters that their vote was
216 > recorded accurately. They also create a lasting record of "voter
217 > intent" that can be used for reliable recounts,
218 Now I agree with this and am happy to move back to paper ballots
219 - But the entire reason we moved away from paper ballots was
220 because of the 2000 elections where Florida used punch cards and
221 political officers kept trying to argue over "partial punches",
222 "dimpled chads" and "dangling chads" where they tried to
223 reassess what the voter's INTENT was.
224 And, of course, let's not forget magical disappearing and
225 appearing boxes of ballots.
226 Any system can be hacked but the electronic one is harder to
227 track hacking than the good ol' traditional methods with paper
231 (by Dare nMc ( 468959 ))
234 Their have been academic papers proposing electronic system
235 that would be safe, where you could verify that your vote was
236 counted (IE received at the server.)
237 In theory with open software, hardware, and multiple servers
238 (again all open source) we could have a very robust
239 electronic voting system. This would require a large project
240 likely done with universities, and it may even be similar to
241 some bitcoin concepts.
242 The technology side is very solvable, getting the project
243 started, past the politics, and accept
246 ** Key statement (Score:2, Insightful)
247 (by Anonymous Coward)
250 They key statement in the finding that most technology solutions
251 fail to solve is this:
252 "Such systems are intended to *assure* voters that their vote
253 was recorded accurately."
254 In the end, paper ballots may seem inefficient from a processing
255 perspective, but that inefficiency becomes inherently difficult
256 to tamper with and builds in systems for checks and recounts.
257 The argument here is that blockchain is vulnerable before the
258 data is stored in the blockchain, at the UI and the machine
259 level, and blockchain th
262 (by presidenteloco ( 659168 ))
265 Blanket arguments against computer algorithms for secure
266 voting (or secure anything) are illogical, emotional, and
268 People argue to the effect: Because many programs have been
269 found to have a security flaw in either A) the algorithm
270 mathematics and logical assumptions, or in B) the
271 implementation, therefore ALL programs must have some flaw in
272 A) or B) therefore there is no such thing is a secure
273 computer program. That is just bullshit. It's incorrect,
274 unsupported generalization from specific examples.
277 (by presidenteloco ( 659168 ))
280 Ok, there's a stupid bug in slashdot apparently, not
281 including my less-than sign.
283 What's up with that. Let me try again. Hmm. There was a
284 less-than in there just to the left of this sentence.
285 That's lame on slashdot software's part.
286 So you proved that ALL programs have bugs?
291 ** Paper ballots are by far the most secure solution (Score:4,
293 (by Seven Spirals ( 4924941 ))
296 Gimme a break. Use paper. Computers will be better tools for
297 tabulating and processing the votes after they are cast, but
298 it's tough to beat paper for a recount. Even paper has it's
299 flaws, but the hand waving crypto-bullshit is pathetic "Oh but
300 this counter signature will detect if the previous
301 initialization vector was properly zeroed inside of the S-Box"
302 *rolls eyes*. KISS baby. Things don't get more secure by making
303 them more complex and I can't think of any way to make something
304 more complex than to introduce computers. Computers are great at
305 some things, ideal for some tasks: not for voting. They suck at
308 ** paper ballots (Score:1)
309 (by Anonymous Coward)
312 The only way you can have some measure of accountability while
313 keeping votes anonymous.
315 ** Or, for heaven's sake, you can just use paper (Score:3)
316 (by mark-t ( 151149 ))
319 Make a simple mark on a paper ballot indicating your vote, fold
322 Now theoretically you could bribe people who do the counting,
323 but you'd have to bribe a *LOT* of people to make any kind of
324 difference because each individual ballot box with the folded
325 ballots contains but a tiny fraction of the number of votes, and
326 nobody ever counts the ballots from more than one or sometimes
329 ** the real story (Score:2)
330 (by slashmydots ( 2189826 ))
333 Blockchains are perfect, right? WRONG. And also right. They are
334 mathmatically flawless BUT if you outprocess the rest of the
335 network, you can finalize a block with whatever the hell you
336 want in it. You can form a block that says you own all bitcoins,
337 all transactions put them in your wallet, and you're also the
338 queen of England. The reason this "51% attack" doesn't happen it
339 because that amount of processing power doesn't exist. That many
340 ASICs don't exist on Earth. But let's set up a separate
344 (by Kaenneth ( 82978 ))
347 Even with a 51% attack, the Bitcoin blockchain is filled with
348 digital signatures; noone but your own nodes would accept the
349 blocks, and you would only be 'fooling' yourself.
350 Electronic voting could only work if every citizen had their
351 own private, secure, digital signature key. Which can't
352 happen in the US because poor people can't afford them, and a
353 certain party would never give anything for free, while the
354 other would protect the poor.
360 (by jwymanm ( 627857 ))
363 This was the dumbest comment in the article. Obviously
364 software methods exist to verify after the fact that what you
365 saved is what you expected.
368 ** It's not how the vote was recorded... (Score:2)
369 (by LynnwoodRooster ( 966895 ))
372 > The report goes on to say that "Blockchains do not provide the
373 > anonymity often ascribed to them." It continues: "In the
374 > particular context of elections, voters need to be authorized as
375 > eligible to vote and as not having cast more than one ballot in
376 > the particular election.
377 It's who casts the vote. Before we even worry about Blockchain,
378 we need to ensure people casting the ballots are legally
379 eligible to vote. Guaranteeing a vote was cast is no more
380 important than guaranteeing who cast the vote was eligible to
381 actually cast that vote.
383 ** Paper ballots (Score:2)
384 (by burtosis ( 1124179 ))
387 Let me start out saying 100% electronic voting is going to be a
388 disaster, triply so when done remotely and not at a secure
389 voting machine. But what most people don't realize is we
390 currently use unencrypted images of paper ballots in many states
391 as backups. These are very insecure. Why not use paper ballots
392 for the primary method, blockchain for the electronic backups?
393 This ultimately seems far more secure than what we are doing
394 now. We also could use open source machines and have audits at
git://git.nikiroo.be / gofetch.git / blob