1 BLOCKCHAINS ARE NOT SAFE FOR VOTING, CONCLUDES NAP REPORT
4 Thursday September 06, 2018 @11:30PM (BeauHD)
5 from the ensuring-the-integrity-of-elections dept.
7 o Reference: 0102640864
8 o News link: https://politics.slashdot.org/story/18/09/06/2137245/blockchains-are-not-safe-for-voting-concludes-nap-report
9 o Source link: https://www.nytimes.com/aponline/2018/09/06/technology/ap-us-tec-election-security-reform-report.html
12 The National Academies Press has released a 156-page report,
13 called " [1]Securing the Vote: Protecting American Democracy
14 ," concluding that blockchains are not safe for the U.S.
15 election system. "While the notion of using a blockchain as an
16 immutable ballot box may seem promising, blockchain technology
17 does little to solve the fundamental security issues of
18 elections, and indeed, blockchains introduce additional
19 security vulnerabilities," the report [2]states . "In
20 particular, if malware on a voter's device alters a vote
21 before it ever reaches a blockchain, the immutability of the
22 blockchain fails to provide the desired integrity, and the
23 voter may never know of the alteration."
25 The report goes on to say that "Blockchains do not provide the
26 anonymity often ascribed to them." It continues: "In the
27 particular context of elections, voters need to be authorized
28 as eligible to vote and as not having cast more than one
29 ballot in the particular election. Blockchains do not offer
30 means for providing the necessary authorization. [...] If a
31 blockchain is used, then cast ballots must be encrypted or
32 otherwise anonymized to prevent coercion and vote-selling."
33 The New York Times summarizes the findings:
35 > The cautiously worded report [3]calls for conducting all
36 federal, state and local elections on paper ballots by 2020 .
37 Its other top recommendation would require nationwide use of a
38 specific form of routine postelection audit to ensure votes
39 have been accurately counted. The panel did not offer a price
40 tag for its recommended overhaul. New York University's
41 Brennan Center has estimated that replacing aging voting
42 machines over the next few years could cost well over $1
43 billion. The 156-page report [...] bemoans a rickety system
44 compromised by insecure voting equipment and software whose
45 vulnerabilities were exposed more than a decade ago and which
46 are too often managed by officials with little training in
51 > Among its specific recommendations was a mainstay of
52 election reformers: All elections should use human-readable
53 paper ballots by 2020. Such systems are intended to assure
54 voters that their vote was recorded accurately. They also
55 create a lasting record of "voter intent" that can be used for
56 reliable recounts, which may not be possible in systems that
57 record votes electronically. [...] The panel also calls for
58 all states to adopt a type of post-election audit that employs
59 statistical analysis of ballots prior to results
60 certification. Such "risk-limiting" audits are designed to
61 uncover miscounts and vote tampering. Currently only three
66 [1] https://www.nap.edu/catalog/25120/securing-the-vote-protec-
67 ting-american-democracy
69 [2] https://www.nap.edu/read/25120/chapter/7#103
71 [3] https://www.nytimes.com/aponline/2018/09/06/technology/ap-
72 us-tec-election-security-reform-report.html
77 ** Re:All security = an implementation. (Score:5, Insightful)
78 (by PopeRatzo ( 965947 ))
81 > To say blockchain is inherently unsafe is like saying
82 > software is inherently unsafe
83 Oh, you are so close to a breakthrough.
84 When it comes to voting, blockchain, like software, IS
85 inherently unsafe. If the main goal for voting security is
86 maintaining the people's confidence in an election, the only
87 system that will meet that standard is a system where people
88 are actually keeping an eye on one another. And I mean
89 physically watching one another. And that's the system we had
90 in place before the advent of voting machines and election
91 software. You had a room full of election judges from both
92 sides, and they sat side-by-side checking in voters as they
93 approached the voting booth and physically watched them put
94 the ballot in the box. When the votes were counted, there was
95 a whole bunch of people from both parties standing around
96 keeping a close eye. When the ballots were sent for storage,
97 one person from each party rode in the truck to drop them off
98 after sealing the container - together - and signing off.
99 It was trust, but verify. Was it possible to jigger with an
100 election like that? Of course. But you had a list of names of
101 people you could hold accountable at every step in the
102 process. Electronic voting will never, ever be trusted. That
103 is the effect of transparency.
107 ** Re: (Score:1, Insightful)
108 (by Anonymous Coward)
111 > " If the main goal for voting security is maintaining
112 > the people's confidence in an election " - Well I don't
113 > agree with that starting point definition. I think
114 > security = security, not theater of.
115 Then you're bad at security. Security is theater.
116 There is no impregnable system. Security can only
117 increase the difficulty of entering a system, it cannot
118 stop a determined opponent. Is a CCTV system going to
119 stop someone from breaking into your store? No, but it
120 will make the person think twice about it, because they
121 are likely to be recorded, found, and caught. Is the
122 TSA likely to stop all bad guys from getting on planes?
123 No, but it alters how much they must prepare to get on
124 board the plane so hop
127 (by Ocker3 ( 1232550 ))
130 Sadly, the TSA haven't shown themselves to be any
131 good at their job, repeatedly. It's hard to get good
132 help when the work is shite, the 'customers' range
133 from sullen to hating you, and the pay is peanuts.
138 ** Transparency is the key (Score:1)
139 (by victor_alarcon ( 5520418 ))
142 I thought that was the main selling point. Yes, I'm sure
143 someone can come up with some anonymity scheme but
144 transparency should be top priority. Apologies if the
149 (by Anonymous Coward)
152 Paper votes aren't any better, just look at Russia's vote
153 stuffing. Literately. Someone comes up to the booth and
154 stuffs fake/coerced votes into the box.
155 Now the way most US, Canadian, and UK elections are run,
156 the paper vote is a two-step process.
157 A) You go to a scrutineer to check your name off a PAPER
158 list, they hand you a ballot with no identifying
160 B) You mark an X on the ballot, fold it in half or stick
161 it in a privacy envelope and then stick it in a cardboard
162 box with a hole on top.
166 (by PopeRatzo ( 965947 ))
169 > Paper votes aren't any better, just look at Russia's
170 > vote stuffing. Literately. Someone comes up to the
171 > booth and stuffs fake/coerced votes into the box.
172 That's right, because Russia doesn't have the same
173 safeguards built into their elections that we have. You
174 don't have election judges from both sides watching
175 every vote from the time it's cast to the time it's
176 counted to the time it's sent for storage. In the US,
177 there have to be two election judges on hand when
178 absentee ballots are opened.
184 (by Ocker3 ( 1232550 ))
187 I'd invite you to visit us in Australia, where we have the
188 Australian Electoral Commission (AEC), a non-partisan (not
189 bi-partisan) body of people who are collectively
190 considered the Platinum Standard of running elections
191 around the world. We actually send people to the USA to
192 train election staff. We don't have party reps in the
193 voting area until the polls close, then the parties can
194 send in scrutineers who check that the paper ballots are
195 being counted as per the regulations (when I did this I
199 (by PopeRatzo ( 965947 ))
202 > I'd invite you to visit us in Australia,
203 I've spent a fair amount of time in Australia. Yes,
204 I've heard you guys do a good job with elections, but
205 I'm not coming back until you get rid of those spiders
206 that jump up and bite you on the eye. Oh, and drop
207 bears and yowgwai. I don't need that kind of stress,
214 (by shellster_dude ( 1261444 ))
217 Blockchains are obviously a terrible solution to election
218 fraud. The only thing that prevents blockchain tampering is a
219 ton of neutral third party machines checking the transactions
220 (typically miners). We've already seen that this is a
221 non-trivial problem when there is plenty of incentive for
222 random people to fulfill that role (mining of crypto
223 currency). National elections have very little incentive for
224 people to invest thousands in hardware and electricity, and a
225 ton of incentive for nation states like
228 ** Oh the irony (Score:4, Insightful)
229 (by the_skywise ( 189793 ))
232 > All elections should use human-readable paper ballots by 2020.
233 > Such systems are intended to assure voters that their vote was
234 > recorded accurately. They also create a lasting record of "voter
235 > intent" that can be used for reliable recounts,
236 Now I agree with this and am happy to move back to paper ballots
237 - But the entire reason we moved away from paper ballots was
238 because of the 2000 elections where Florida used punch cards and
239 political officers kept trying to argue over "partial punches",
240 "dimpled chads" and "dangling chads" where they tried to
241 reassess what the voter's INTENT was.
242 And, of course, let's not forget magical disappearing and
243 appearing boxes of ballots.
244 Any system can be hacked but the electronic one is harder to
245 track hacking than the good ol' traditional methods with paper
249 (by Dare nMc ( 468959 ))
252 Their have been academic papers proposing electronic system
253 that would be safe, where you could verify that your vote was
254 counted (IE received at the server.)
255 In theory with open software, hardware, and multiple servers
256 (again all open source) we could have a very robust
257 electronic voting system. This would require a large project
258 likely done with universities, and it may even be similar to
259 some bitcoin concepts.
260 The technology side is very solvable, getting the project
261 started, past the politics, and accept
264 ** Key statement (Score:2, Insightful)
265 (by Anonymous Coward)
268 They key statement in the finding that most technology solutions
269 fail to solve is this:
270 "Such systems are intended to *assure* voters that their vote
271 was recorded accurately."
272 In the end, paper ballots may seem inefficient from a processing
273 perspective, but that inefficiency becomes inherently difficult
274 to tamper with and builds in systems for checks and recounts.
275 The argument here is that blockchain is vulnerable before the
276 data is stored in the blockchain, at the UI and the machine
277 level, and blockchain th
280 (by presidenteloco ( 659168 ))
283 Blanket arguments against computer algorithms for secure
284 voting (or secure anything) are illogical, emotional, and
286 People argue to the effect: Because many programs have been
287 found to have a security flaw in either A) the algorithm
288 mathematics and logical assumptions, or in B) the
289 implementation, therefore ALL programs must have some flaw in
290 A) or B) therefore there is no such thing is a secure
291 computer program. That is just bullshit. It's incorrect,
292 unsupported generalization from specific examples.
295 (by presidenteloco ( 659168 ))
298 Ok, there's a stupid bug in slashdot apparently, not
299 including my less-than sign.
301 What's up with that. Let me try again. Hmm. There was a
302 less-than in there just to the left of this sentence.
303 That's lame on slashdot software's part.
304 So you proved that ALL programs have bugs?
309 ** Paper ballots are by far the most secure solution (Score:4,
311 (by Seven Spirals ( 4924941 ))
314 Gimme a break. Use paper. Computers will be better tools for
315 tabulating and processing the votes after they are cast, but
316 it's tough to beat paper for a recount. Even paper has it's
317 flaws, but the hand waving crypto-bullshit is pathetic "Oh but
318 this counter signature will detect if the previous
319 initialization vector was properly zeroed inside of the S-Box"
320 *rolls eyes*. KISS baby. Things don't get more secure by making
321 them more complex and I can't think of any way to make something
322 more complex than to introduce computers. Computers are great at
323 some things, ideal for some tasks: not for voting. They suck at
326 ** paper ballots (Score:1)
327 (by Anonymous Coward)
330 The only way you can have some measure of accountability while
331 keeping votes anonymous.
333 ** Or, for heaven's sake, you can just use paper (Score:3)
334 (by mark-t ( 151149 ))
337 Make a simple mark on a paper ballot indicating your vote, fold
340 Now theoretically you could bribe people who do the counting,
341 but you'd have to bribe a *LOT* of people to make any kind of
342 difference because each individual ballot box with the folded
343 ballots contains but a tiny fraction of the number of votes, and
344 nobody ever counts the ballots from more than one or sometimes
347 ** the real story (Score:2)
348 (by slashmydots ( 2189826 ))
351 Blockchains are perfect, right? WRONG. And also right. They are
352 mathmatically flawless BUT if you outprocess the rest of the
353 network, you can finalize a block with whatever the hell you
354 want in it. You can form a block that says you own all bitcoins,
355 all transactions put them in your wallet, and you're also the
356 queen of England. The reason this "51% attack" doesn't happen it
357 because that amount of processing power doesn't exist. That many
358 ASICs don't exist on Earth. But let's set up a separate
362 (by Kaenneth ( 82978 ))
365 Even with a 51% attack, the Bitcoin blockchain is filled with
366 digital signatures; noone but your own nodes would accept the
367 blocks, and you would only be 'fooling' yourself.
368 Electronic voting could only work if every citizen had their
369 own private, secure, digital signature key. Which can't
370 happen in the US because poor people can't afford them, and a
371 certain party would never give anything for free, while the
372 other would protect the poor.
378 (by jwymanm ( 627857 ))
381 This was the dumbest comment in the article. Obviously
382 software methods exist to verify after the fact that what you
383 saved is what you expected.
386 ** It's not how the vote was recorded... (Score:2)
387 (by LynnwoodRooster ( 966895 ))
390 > The report goes on to say that "Blockchains do not provide the
391 > anonymity often ascribed to them." It continues: "In the
392 > particular context of elections, voters need to be authorized as
393 > eligible to vote and as not having cast more than one ballot in
394 > the particular election.
395 It's who casts the vote. Before we even worry about Blockchain,
396 we need to ensure people casting the ballots are legally
397 eligible to vote. Guaranteeing a vote was cast is no more
398 important than guaranteeing who cast the vote was eligible to
399 actually cast that vote.
401 ** Paper ballots (Score:2)
402 (by burtosis ( 1124179 ))
405 Let me start out saying 100% electronic voting is going to be a
406 disaster, triply so when done remotely and not at a secure
407 voting machine. But what most people don't realize is we
408 currently use unencrypted images of paper ballots in many states
409 as backups. These are very insecure. Why not use paper ballots
410 for the primary method, blockchain for the electronic backups?
411 This ultimately seems far more secure than what we are doing
412 now. We also could use open source machines and have audits at
git://git.nikiroo.be / gofetch.git / blob