--- /dev/null
+ BLOCKCHAINS ARE NOT SAFE FOR VOTING, CONCLUDES NAP REPORT \r
+ (NYTIMES.COM) \r
+\r
+ Thursday September 06, 2018 @11:30PM (BeauHD)\r
+ from the ensuring-the-integrity-of-elections dept.\r
+\r
+ o News link: https://politics.slashdot.org/story/18/09/06/2137245/blockchains-are-not-safe-for-voting-concludes-nap-report\r
+ o Source link: https://www.nytimes.com/aponline/2018/09/06/technology/ap-us-tec-election-security-reform-report.html\r
+\r
+\r
+ The National Academies Press has released a 156-page report,\r
+ called "Securing the Vote: Protecting American Democracy,"\r
+ concluding that blockchains are not safe for the U.S. election\r
+ system. "While the notion of using a blockchain as an\r
+ immutable ballot box may seem promising, blockchain technology\r
+ does little to solve the fundamental security issues of\r
+ elections, and indeed, blockchains introduce additional\r
+ security vulnerabilities," the report states. "In particular,\r
+ if malware on a voter's device alters a vote before it ever\r
+ reaches a blockchain, the immutability of the blockchain fails\r
+ to provide the desired integrity, and the voter may never know\r
+ of the alteration." The report goes on to say that\r
+ "Blockchains do not provide the anonymity often ascribed to\r
+ them." It continues: "In the particular context of elections,\r
+ voters need to be authorized as eligible to vote and as not\r
+ having cast more than one ballot in the particular election.\r
+ Blockchains do not offer means for providing the necessary\r
+ authorization. [...] If a blockchain is used, then cast\r
+ ballots must be encrypted or otherwise anonymized to prevent\r
+ coercion and vote-selling." The New York Times summarizes the\r
+ findings: The cautiously worded report calls for conducting\r
+ all federal, state and local elections on paper ballots by\r
+ 2020. Its other top recommendation would require nationwide\r
+ use of a specific form of routine postelection audit to ensure\r
+ votes have been accurately counted. The panel did not offer a\r
+ price tag for its recommended overhaul. New York University's\r
+ Brennan Center has estimated that replacing aging voting\r
+ machines over the next few years could cost well over $1\r
+ billion. The 156-page report [...] bemoans a rickety system\r
+ compromised by insecure voting equipment and software whose\r
+ vulnerabilities were exposed more than a decade ago and which\r
+ are too often managed by officials with little training in\r
+ cybersecurity. Among its specific recommendations was a\r
+ mainstay of election reformers: All elections should use\r
+ human-readable paper ballots by 2020. Such systems are\r
+ intended to assure voters that their vote was recorded\r
+ accurately. They also create a lasting record of "voter\r
+ intent" that can be used for reliable recounts, which may not\r
+ be possible in systems that record votes electronically. [...]\r
+ The panel also calls for all states to adopt a type of\r
+ post-election audit that employs statistical analysis of\r
+ ballots prior to results certification. Such "risk-limiting"\r
+ audits are designed to uncover miscounts and vote tampering.\r
+ Currently only three states mandate them.\r
+\r
+\r
+ ** \r
+\r
+ ** Re:All security = an implementation. (Score:5, Insightful)\r
+ (by PopeRatzo ( 965947 ))\r
+\r
+ \r
+ > To say blockchain is inherently unsafe is like saying\r
+ > software is inherently unsafe\r
+ Oh, you are so close to a breakthrough.\r
+ When it comes to voting, blockchain, like software, IS\r
+ inherently unsafe. If the main goal for voting security is\r
+ maintaining the people's confidence in an election, the only\r
+ system that will meet that standard is a system where people\r
+ are actually keeping an eye on one another. And I mean\r
+ physically watching one another. And that's the system we had\r
+ in place before the advent of voting machines and election\r
+ software. You had a room full of election judges from both\r
+ sides, and they sat side-by-side checking in voters as they\r
+ approached the voting booth and physically watched them put\r
+ the ballot in the box. When the votes were counted, there was\r
+ a whole bunch of people from both parties standing around\r
+ keeping a close eye. When the ballots were sent for storage,\r
+ one person from each party rode in the truck to drop them off\r
+ after sealing the container - together - and signing off.\r
+ It was trust, but verify. Was it possible to jigger with an\r
+ election like that? Of course. But you had a list of names of\r
+ people you could hold accountable at every step in the\r
+ process. Electronic voting will never, ever be trusted. That\r
+ is the effect of transparency.\r
+\r
+ ** \r
+\r
+ ** Re: (Score:1, Insightful)\r
+ (by Anonymous Coward)\r
+\r
+ \r
+ > " If the main goal for voting security is maintaining\r
+ > the people's confidence in an election " - Well I don't\r
+ > agree with that starting point definition. I think\r
+ > security = security, not theater of.\r
+ Then you're bad at security. Security is theater.\r
+ There is no impregnable system. Security can only\r
+ increase the difficulty of entering a system, it cannot\r
+ stop a determined opponent. Is a CCTV system going to\r
+ stop someone from breaking into your store? No, but it\r
+ will make the person think twice about it, because they\r
+ are likely to be recorded, found, and caught. Is the\r
+ TSA likely to stop all bad guys from getting on planes?\r
+ No, but it alters how much they must prepare to get on\r
+ board the plane so hop\r
+\r
+ ** Re: (Score:2)\r
+ (by Ocker3 ( 1232550 ))\r
+\r
+ \r
+ Sadly, the TSA haven't shown themselves to be any\r
+ good at their job, repeatedly. It's hard to get good\r
+ help when the work is shite, the 'customers' range\r
+ from sullen to hating you, and the pay is peanuts.\r
+\r
+\r
+\r
+\r
+ ** Transparency is the key (Score:1)\r
+ (by victor_alarcon ( 5520418 ))\r
+\r
+ \r
+ I thought that was the main selling point. Yes, I'm sure\r
+ someone can come up with some anonymity scheme but\r
+ transparency should be top priority. Apologies if the\r
+ point is too naive.\r
+\r
+\r
+ ** Re: (Score:1)\r
+ (by Anonymous Coward)\r
+\r
+ \r
+ Paper votes aren't any better, just look at Russia's vote\r
+ stuffing. Literately. Someone comes up to the booth and\r
+ stuffs fake/coerced votes into the box.\r
+ Now the way most US, Canadian, and UK elections are run,\r
+ the paper vote is a two-step process.\r
+ A) You go to a scrutineer to check your name off a PAPER\r
+ list, they hand you a ballot with no identifying\r
+ information on it\r
+ B) You mark an X on the ballot, fold it in half or stick\r
+ it in a privacy envelope and then stick it in a cardboard\r
+ box with a hole on top.\r
+ Now\r
+\r
+ ** Re: (Score:2)\r
+ (by PopeRatzo ( 965947 ))\r
+\r
+ \r
+ > Paper votes aren't any better, just look at Russia's\r
+ > vote stuffing. Literately. Someone comes up to the\r
+ > booth and stuffs fake/coerced votes into the box.\r
+ That's right, because Russia doesn't have the same\r
+ safeguards built into their elections that we have. You\r
+ don't have election judges from both sides watching\r
+ every vote from the time it's cast to the time it's\r
+ counted to the time it's sent for storage. In the US,\r
+ there have to be two election judges on hand when\r
+ absentee ballots are opened.\r
+ People can sti\r
+\r
+\r
+\r
+ ** Re: (Score:2)\r
+ (by Ocker3 ( 1232550 ))\r
+\r
+ \r
+ I'd invite you to visit us in Australia, where we have the\r
+ Australian Electoral Commission (AEC), a non-partisan (not\r
+ bi-partisan) body of people who are collectively\r
+ considered the Platinum Standard of running elections\r
+ around the world. We actually send people to the USA to\r
+ train election staff. We don't have party reps in the\r
+ voting area until the polls close, then the parties can\r
+ send in scrutineers who check that the paper ballots are\r
+ being counted as per the regulations (when I did this I\r
+ actually not\r
+\r
+ ** Re: (Score:2)\r
+ (by PopeRatzo ( 965947 ))\r
+\r
+ \r
+ > I'd invite you to visit us in Australia,\r
+ I've spent a fair amount of time in Australia. Yes,\r
+ I've heard you guys do a good job with elections, but\r
+ I'm not coming back until you get rid of those spiders\r
+ that jump up and bite you on the eye. Oh, and drop\r
+ bears and yowgwai. I don't need that kind of stress,\r
+ thanks.\r
+\r
+\r
+\r
+\r
+ ** Re: (Score:2)\r
+ (by shellster_dude ( 1261444 ))\r
+\r
+ \r
+ Blockchains are obviously a terrible solution to election\r
+ fraud. The only thing that prevents blockchain tampering is a\r
+ ton of neutral third party machines checking the transactions\r
+ (typically miners). We've already seen that this is a\r
+ non-trivial problem when there is plenty of incentive for\r
+ random people to fulfill that role (mining of crypto\r
+ currency). National elections have very little incentive for\r
+ people to invest thousands in hardware and electricity, and a\r
+ ton of incentive for nation states like\r
+\r
+\r
+ ** Oh the irony (Score:4, Insightful)\r
+ (by the_skywise ( 189793 ))\r
+\r
+ \r
+ > All elections should use human-readable paper ballots by 2020.\r
+ > Such systems are intended to assure voters that their vote was\r
+ > recorded accurately. They also create a lasting record of "voter\r
+ > intent" that can be used for reliable recounts,\r
+ Now I agree with this and am happy to move back to paper ballots\r
+ - But the entire reason we moved away from paper ballots was\r
+ because of the 2000 elections where Florida used punch cards and\r
+ political officers kept trying to argue over "partial punches",\r
+ "dimpled chads" and "dangling chads" where they tried to\r
+ reassess what the voter's INTENT was.\r
+ And, of course, let's not forget magical disappearing and\r
+ appearing boxes of ballots.\r
+ Any system can be hacked but the electronic one is harder to\r
+ track hacking than the good ol' traditional methods with paper\r
+ ballots.\r
+\r
+ ** Re: (Score:3)\r
+ (by Dare nMc ( 468959 ))\r
+\r
+ \r
+ Their have been academic papers proposing electronic system\r
+ that would be safe, where you could verify that your vote was\r
+ counted (IE received at the server.)\r
+ In theory with open software, hardware, and multiple servers\r
+ (again all open source) we could have a very robust\r
+ electronic voting system. This would require a large project\r
+ likely done with universities, and it may even be similar to\r
+ some bitcoin concepts.\r
+ The technology side is very solvable, getting the project\r
+ started, past the politics, and accept\r
+\r
+\r
+ ** Key statement (Score:2, Insightful)\r
+ (by Anonymous Coward)\r
+\r
+ \r
+ They key statement in the finding that most technology solutions\r
+ fail to solve is this:\r
+ "Such systems are intended to *assure* voters that their vote\r
+ was recorded accurately."\r
+ In the end, paper ballots may seem inefficient from a processing\r
+ perspective, but that inefficiency becomes inherently difficult\r
+ to tamper with and builds in systems for checks and recounts.\r
+ The argument here is that blockchain is vulnerable before the\r
+ data is stored in the blockchain, at the UI and the machine\r
+ level, and blockchain th\r
+\r
+ ** Re: (Score:2)\r
+ (by presidenteloco ( 659168 ))\r
+\r
+ \r
+ Blanket arguments against computer algorithms for secure\r
+ voting (or secure anything) are illogical, emotional, and\r
+ flawed.\r
+ People argue to the effect: Because many programs have been\r
+ found to have a security flaw in either A) the algorithm\r
+ mathematics and logical assumptions, or in B) the\r
+ implementation, therefore ALL programs must have some flaw in\r
+ A) or B) therefore there is no such thing is a secure\r
+ computer program. That is just bullshit. It's incorrect,\r
+ unsupported generalization from specific examples.\r
+\r
+ ** Re: (Score:2)\r
+ (by presidenteloco ( 659168 ))\r
+\r
+ \r
+ Ok, there's a stupid bug in slashdot apparently, not\r
+ including my less-than sign.\r
+ There. One bug.\r
+ What's up with that. Let me try again. Hmm. There was a\r
+ less-than in there just to the left of this sentence.\r
+ That's lame on slashdot software's part.\r
+ So you proved that ALL programs have bugs?\r
+ Didn't think so.\r
+\r
+\r
+\r
+ ** Paper ballots are by far the most secure solution (Score:4,\r
+ Insightful)\r
+ (by Seven Spirals ( 4924941 ))\r
+\r
+ \r
+ Gimme a break. Use paper. Computers will be better tools for\r
+ tabulating and processing the votes after they are cast, but\r
+ it's tough to beat paper for a recount. Even paper has it's\r
+ flaws, but the hand waving crypto-bullshit is pathetic "Oh but\r
+ this counter signature will detect if the previous\r
+ initialization vector was properly zeroed inside of the S-Box"\r
+ *rolls eyes*. KISS baby. Things don't get more secure by making\r
+ them more complex and I can't think of any way to make something\r
+ more complex than to introduce computers. Computers are great at\r
+ some things, ideal for some tasks: not for voting. They suck at\r
+ that.\r
+\r
+ ** paper ballots (Score:1)\r
+ (by Anonymous Coward)\r
+\r
+ \r
+ The only way you can have some measure of accountability while\r
+ keeping votes anonymous.\r
+\r
+ ** Or, for heaven's sake, you can just use paper (Score:3)\r
+ (by mark-t ( 151149 ))\r
+\r
+ \r
+ Make a simple mark on a paper ballot indicating your vote, fold\r
+ it, put it in a box.\r
+ done\r
+ Now theoretically you could bribe people who do the counting,\r
+ but you'd have to bribe a *LOT* of people to make any kind of\r
+ difference because each individual ballot box with the folded\r
+ ballots contains but a tiny fraction of the number of votes, and\r
+ nobody ever counts the ballots from more than one or sometimes\r
+ two different boxes.\r
+\r
+ ** the real story (Score:2)\r
+ (by slashmydots ( 2189826 ))\r
+\r
+ \r
+ Blockchains are perfect, right? WRONG. And also right. They are\r
+ mathmatically flawless BUT if you outprocess the rest of the\r
+ network, you can finalize a block with whatever the hell you\r
+ want in it. You can form a block that says you own all bitcoins,\r
+ all transactions put them in your wallet, and you're also the\r
+ queen of England. The reason this "51% attack" doesn't happen it\r
+ because that amount of processing power doesn't exist. That many\r
+ ASICs don't exist on Earth. But let's set up a separate\r
+ blockchain an\r
+\r
+ ** Re: (Score:2)\r
+ (by Kaenneth ( 82978 ))\r
+\r
+ \r
+ Even with a 51% attack, the Bitcoin blockchain is filled with\r
+ digital signatures; noone but your own nodes would accept the\r
+ blocks, and you would only be 'fooling' yourself.\r
+ Electronic voting could only work if every citizen had their\r
+ own private, secure, digital signature key. Which can't\r
+ happen in the US because poor people can't afford them, and a\r
+ certain party would never give anything for free, while the\r
+ other would protect the poor.\r
+\r
+\r
+ ** \r
+\r
+ ** Re: (Score:2)\r
+ (by jwymanm ( 627857 ))\r
+\r
+ \r
+ This was the dumbest comment in the article. Obviously\r
+ software methods exist to verify after the fact that what you\r
+ saved is what you expected.\r
+\r
+\r
+ ** It's not how the vote was recorded... (Score:2)\r
+ (by LynnwoodRooster ( 966895 ))\r
+\r
+ \r
+ > The report goes on to say that "Blockchains do not provide the\r
+ > anonymity often ascribed to them." It continues: "In the\r
+ > particular context of elections, voters need to be authorized as\r
+ > eligible to vote and as not having cast more than one ballot in\r
+ > the particular election.\r
+ It's who casts the vote. Before we even worry about Blockchain,\r
+ we need to ensure people casting the ballots are legally\r
+ eligible to vote. Guaranteeing a vote was cast is no more\r
+ important than guaranteeing who cast the vote was eligible to\r
+ actually cast that vote.\r
+\r
+ ** Paper ballots (Score:2)\r
+ (by burtosis ( 1124179 ))\r
+\r
+ \r
+ Let me start out saying 100% electronic voting is going to be a\r
+ disaster, triply so when done remotely and not at a secure\r
+ voting machine. But what most people don't realize is we\r
+ currently use unencrypted images of paper ballots in many states\r
+ as backups. These are very insecure. Why not use paper ballots\r
+ for the primary method, blockchain for the electronic backups?\r
+ This ultimately seems far more secure than what we are doing\r
+ now. We also could use open source machines and have audits at\r
+ each polling\r
+\r
+\r