| 1 | BLOCKCHAINS ARE NOT SAFE FOR VOTING, CONCLUDES NAP REPORT \r |
| 2 | (NYTIMES.COM) \r |
| 3 | \r |
| 4 | Thursday September 06, 2018 @11:30PM (BeauHD)\r |
| 5 | from the ensuring-the-integrity-of-elections dept.\r |
| 6 | \r |
| 7 | o Reference: 0102640864\r |
| 8 | o News link: https://politics.slashdot.org/story/18/09/06/2137245/blockchains-are-not-safe-for-voting-concludes-nap-report\r |
| 9 | o Source link: https://www.nytimes.com/aponline/2018/09/06/technology/ap-us-tec-election-security-reform-report.html\r |
| 10 | \r |
| 11 | \r |
| 12 | The National Academies Press has released a 156-page report,\r |
| 13 | called " [1]Securing the Vote: Protecting American Democracy\r |
| 14 | ," concluding that blockchains are not safe for the U.S.\r |
| 15 | election system. "While the notion of using a blockchain as an\r |
| 16 | immutable ballot box may seem promising, blockchain technology\r |
| 17 | does little to solve the fundamental security issues of\r |
| 18 | elections, and indeed, blockchains introduce additional\r |
| 19 | security vulnerabilities," the report [2]states . "In\r |
| 20 | particular, if malware on a voter's device alters a vote\r |
| 21 | before it ever reaches a blockchain, the immutability of the\r |
| 22 | blockchain fails to provide the desired integrity, and the\r |
| 23 | voter may never know of the alteration."\r |
| 24 | \r |
| 25 | The report goes on to say that "Blockchains do not provide the\r |
| 26 | anonymity often ascribed to them." It continues: "In the\r |
| 27 | particular context of elections, voters need to be authorized\r |
| 28 | as eligible to vote and as not having cast more than one\r |
| 29 | ballot in the particular election. Blockchains do not offer\r |
| 30 | means for providing the necessary authorization. [...] If a\r |
| 31 | blockchain is used, then cast ballots must be encrypted or\r |
| 32 | otherwise anonymized to prevent coercion and vote-selling."\r |
| 33 | The New York Times summarizes the findings:\r |
| 34 | \r |
| 35 | > The cautiously worded report [3]calls for conducting all\r |
| 36 | federal, state and local elections on paper ballots by 2020 .\r |
| 37 | Its other top recommendation would require nationwide use of a\r |
| 38 | specific form of routine postelection audit to ensure votes\r |
| 39 | have been accurately counted. The panel did not offer a price\r |
| 40 | tag for its recommended overhaul. New York University's\r |
| 41 | Brennan Center has estimated that replacing aging voting\r |
| 42 | machines over the next few years could cost well over $1\r |
| 43 | billion. The 156-page report [...] bemoans a rickety system\r |
| 44 | compromised by insecure voting equipment and software whose\r |
| 45 | vulnerabilities were exposed more than a decade ago and which\r |
| 46 | are too often managed by officials with little training in\r |
| 47 | cybersecurity.\r |
| 48 | \r |
| 49 | >\r |
| 50 | \r |
| 51 | > Among its specific recommendations was a mainstay of\r |
| 52 | election reformers: All elections should use human-readable\r |
| 53 | paper ballots by 2020. Such systems are intended to assure\r |
| 54 | voters that their vote was recorded accurately. They also\r |
| 55 | create a lasting record of "voter intent" that can be used for\r |
| 56 | reliable recounts, which may not be possible in systems that\r |
| 57 | record votes electronically. [...] The panel also calls for\r |
| 58 | all states to adopt a type of post-election audit that employs\r |
| 59 | statistical analysis of ballots prior to results\r |
| 60 | certification. Such "risk-limiting" audits are designed to\r |
| 61 | uncover miscounts and vote tampering. Currently only three\r |
| 62 | states mandate them.\r |
| 63 | \r |
| 64 | \r |
| 65 | \r |
| 66 | [1] https://www.nap.edu/catalog/25120/securing-the-vote-protec-\r |
| 67 | ting-american-democracy\r |
| 68 | \r |
| 69 | [2] https://www.nap.edu/read/25120/chapter/7#103\r |
| 70 | \r |
| 71 | [3] https://www.nytimes.com/aponline/2018/09/06/technology/ap-\r |
| 72 | us-tec-election-security-reform-report.html\r |
| 73 | \r |
| 74 | \r |
| 75 | ** \r |
| 76 | \r |
| 77 | ** Re:All security = an implementation. (Score:5, Insightful)\r |
| 78 | (by PopeRatzo ( 965947 ))\r |
| 79 | \r |
| 80 | \r |
| 81 | > To say blockchain is inherently unsafe is like saying\r |
| 82 | > software is inherently unsafe\r |
| 83 | Oh, you are so close to a breakthrough.\r |
| 84 | When it comes to voting, blockchain, like software, IS\r |
| 85 | inherently unsafe. If the main goal for voting security is\r |
| 86 | maintaining the people's confidence in an election, the only\r |
| 87 | system that will meet that standard is a system where people\r |
| 88 | are actually keeping an eye on one another. And I mean\r |
| 89 | physically watching one another. And that's the system we had\r |
| 90 | in place before the advent of voting machines and election\r |
| 91 | software. You had a room full of election judges from both\r |
| 92 | sides, and they sat side-by-side checking in voters as they\r |
| 93 | approached the voting booth and physically watched them put\r |
| 94 | the ballot in the box. When the votes were counted, there was\r |
| 95 | a whole bunch of people from both parties standing around\r |
| 96 | keeping a close eye. When the ballots were sent for storage,\r |
| 97 | one person from each party rode in the truck to drop them off\r |
| 98 | after sealing the container - together - and signing off.\r |
| 99 | It was trust, but verify. Was it possible to jigger with an\r |
| 100 | election like that? Of course. But you had a list of names of\r |
| 101 | people you could hold accountable at every step in the\r |
| 102 | process. Electronic voting will never, ever be trusted. That\r |
| 103 | is the effect of transparency.\r |
| 104 | \r |
| 105 | ** \r |
| 106 | \r |
| 107 | ** Re: (Score:1, Insightful)\r |
| 108 | (by Anonymous Coward)\r |
| 109 | \r |
| 110 | \r |
| 111 | > " If the main goal for voting security is maintaining\r |
| 112 | > the people's confidence in an election " - Well I don't\r |
| 113 | > agree with that starting point definition. I think\r |
| 114 | > security = security, not theater of.\r |
| 115 | Then you're bad at security. Security is theater.\r |
| 116 | There is no impregnable system. Security can only\r |
| 117 | increase the difficulty of entering a system, it cannot\r |
| 118 | stop a determined opponent. Is a CCTV system going to\r |
| 119 | stop someone from breaking into your store? No, but it\r |
| 120 | will make the person think twice about it, because they\r |
| 121 | are likely to be recorded, found, and caught. Is the\r |
| 122 | TSA likely to stop all bad guys from getting on planes?\r |
| 123 | No, but it alters how much they must prepare to get on\r |
| 124 | board the plane so hop\r |
| 125 | \r |
| 126 | ** Re: (Score:2)\r |
| 127 | (by Ocker3 ( 1232550 ))\r |
| 128 | \r |
| 129 | \r |
| 130 | Sadly, the TSA haven't shown themselves to be any\r |
| 131 | good at their job, repeatedly. It's hard to get good\r |
| 132 | help when the work is shite, the 'customers' range\r |
| 133 | from sullen to hating you, and the pay is peanuts.\r |
| 134 | \r |
| 135 | \r |
| 136 | \r |
| 137 | \r |
| 138 | ** Transparency is the key (Score:1)\r |
| 139 | (by victor_alarcon ( 5520418 ))\r |
| 140 | \r |
| 141 | \r |
| 142 | I thought that was the main selling point. Yes, I'm sure\r |
| 143 | someone can come up with some anonymity scheme but\r |
| 144 | transparency should be top priority. Apologies if the\r |
| 145 | point is too naive.\r |
| 146 | \r |
| 147 | \r |
| 148 | ** Re: (Score:1)\r |
| 149 | (by Anonymous Coward)\r |
| 150 | \r |
| 151 | \r |
| 152 | Paper votes aren't any better, just look at Russia's vote\r |
| 153 | stuffing. Literately. Someone comes up to the booth and\r |
| 154 | stuffs fake/coerced votes into the box.\r |
| 155 | Now the way most US, Canadian, and UK elections are run,\r |
| 156 | the paper vote is a two-step process.\r |
| 157 | A) You go to a scrutineer to check your name off a PAPER\r |
| 158 | list, they hand you a ballot with no identifying\r |
| 159 | information on it\r |
| 160 | B) You mark an X on the ballot, fold it in half or stick\r |
| 161 | it in a privacy envelope and then stick it in a cardboard\r |
| 162 | box with a hole on top.\r |
| 163 | Now\r |
| 164 | \r |
| 165 | ** Re: (Score:2)\r |
| 166 | (by PopeRatzo ( 965947 ))\r |
| 167 | \r |
| 168 | \r |
| 169 | > Paper votes aren't any better, just look at Russia's\r |
| 170 | > vote stuffing. Literately. Someone comes up to the\r |
| 171 | > booth and stuffs fake/coerced votes into the box.\r |
| 172 | That's right, because Russia doesn't have the same\r |
| 173 | safeguards built into their elections that we have. You\r |
| 174 | don't have election judges from both sides watching\r |
| 175 | every vote from the time it's cast to the time it's\r |
| 176 | counted to the time it's sent for storage. In the US,\r |
| 177 | there have to be two election judges on hand when\r |
| 178 | absentee ballots are opened.\r |
| 179 | People can sti\r |
| 180 | \r |
| 181 | \r |
| 182 | \r |
| 183 | ** Re: (Score:2)\r |
| 184 | (by Ocker3 ( 1232550 ))\r |
| 185 | \r |
| 186 | \r |
| 187 | I'd invite you to visit us in Australia, where we have the\r |
| 188 | Australian Electoral Commission (AEC), a non-partisan (not\r |
| 189 | bi-partisan) body of people who are collectively\r |
| 190 | considered the Platinum Standard of running elections\r |
| 191 | around the world. We actually send people to the USA to\r |
| 192 | train election staff. We don't have party reps in the\r |
| 193 | voting area until the polls close, then the parties can\r |
| 194 | send in scrutineers who check that the paper ballots are\r |
| 195 | being counted as per the regulations (when I did this I\r |
| 196 | actually not\r |
| 197 | \r |
| 198 | ** Re: (Score:2)\r |
| 199 | (by PopeRatzo ( 965947 ))\r |
| 200 | \r |
| 201 | \r |
| 202 | > I'd invite you to visit us in Australia,\r |
| 203 | I've spent a fair amount of time in Australia. Yes,\r |
| 204 | I've heard you guys do a good job with elections, but\r |
| 205 | I'm not coming back until you get rid of those spiders\r |
| 206 | that jump up and bite you on the eye. Oh, and drop\r |
| 207 | bears and yowgwai. I don't need that kind of stress,\r |
| 208 | thanks.\r |
| 209 | \r |
| 210 | \r |
| 211 | \r |
| 212 | \r |
| 213 | ** Re: (Score:2)\r |
| 214 | (by shellster_dude ( 1261444 ))\r |
| 215 | \r |
| 216 | \r |
| 217 | Blockchains are obviously a terrible solution to election\r |
| 218 | fraud. The only thing that prevents blockchain tampering is a\r |
| 219 | ton of neutral third party machines checking the transactions\r |
| 220 | (typically miners). We've already seen that this is a\r |
| 221 | non-trivial problem when there is plenty of incentive for\r |
| 222 | random people to fulfill that role (mining of crypto\r |
| 223 | currency). National elections have very little incentive for\r |
| 224 | people to invest thousands in hardware and electricity, and a\r |
| 225 | ton of incentive for nation states like\r |
| 226 | \r |
| 227 | \r |
| 228 | ** Oh the irony (Score:4, Insightful)\r |
| 229 | (by the_skywise ( 189793 ))\r |
| 230 | \r |
| 231 | \r |
| 232 | > All elections should use human-readable paper ballots by 2020.\r |
| 233 | > Such systems are intended to assure voters that their vote was\r |
| 234 | > recorded accurately. They also create a lasting record of "voter\r |
| 235 | > intent" that can be used for reliable recounts,\r |
| 236 | Now I agree with this and am happy to move back to paper ballots\r |
| 237 | - But the entire reason we moved away from paper ballots was\r |
| 238 | because of the 2000 elections where Florida used punch cards and\r |
| 239 | political officers kept trying to argue over "partial punches",\r |
| 240 | "dimpled chads" and "dangling chads" where they tried to\r |
| 241 | reassess what the voter's INTENT was.\r |
| 242 | And, of course, let's not forget magical disappearing and\r |
| 243 | appearing boxes of ballots.\r |
| 244 | Any system can be hacked but the electronic one is harder to\r |
| 245 | track hacking than the good ol' traditional methods with paper\r |
| 246 | ballots.\r |
| 247 | \r |
| 248 | ** Re: (Score:3)\r |
| 249 | (by Dare nMc ( 468959 ))\r |
| 250 | \r |
| 251 | \r |
| 252 | Their have been academic papers proposing electronic system\r |
| 253 | that would be safe, where you could verify that your vote was\r |
| 254 | counted (IE received at the server.)\r |
| 255 | In theory with open software, hardware, and multiple servers\r |
| 256 | (again all open source) we could have a very robust\r |
| 257 | electronic voting system. This would require a large project\r |
| 258 | likely done with universities, and it may even be similar to\r |
| 259 | some bitcoin concepts.\r |
| 260 | The technology side is very solvable, getting the project\r |
| 261 | started, past the politics, and accept\r |
| 262 | \r |
| 263 | \r |
| 264 | ** Key statement (Score:2, Insightful)\r |
| 265 | (by Anonymous Coward)\r |
| 266 | \r |
| 267 | \r |
| 268 | They key statement in the finding that most technology solutions\r |
| 269 | fail to solve is this:\r |
| 270 | "Such systems are intended to *assure* voters that their vote\r |
| 271 | was recorded accurately."\r |
| 272 | In the end, paper ballots may seem inefficient from a processing\r |
| 273 | perspective, but that inefficiency becomes inherently difficult\r |
| 274 | to tamper with and builds in systems for checks and recounts.\r |
| 275 | The argument here is that blockchain is vulnerable before the\r |
| 276 | data is stored in the blockchain, at the UI and the machine\r |
| 277 | level, and blockchain th\r |
| 278 | \r |
| 279 | ** Re: (Score:2)\r |
| 280 | (by presidenteloco ( 659168 ))\r |
| 281 | \r |
| 282 | \r |
| 283 | Blanket arguments against computer algorithms for secure\r |
| 284 | voting (or secure anything) are illogical, emotional, and\r |
| 285 | flawed.\r |
| 286 | People argue to the effect: Because many programs have been\r |
| 287 | found to have a security flaw in either A) the algorithm\r |
| 288 | mathematics and logical assumptions, or in B) the\r |
| 289 | implementation, therefore ALL programs must have some flaw in\r |
| 290 | A) or B) therefore there is no such thing is a secure\r |
| 291 | computer program. That is just bullshit. It's incorrect,\r |
| 292 | unsupported generalization from specific examples.\r |
| 293 | \r |
| 294 | ** Re: (Score:2)\r |
| 295 | (by presidenteloco ( 659168 ))\r |
| 296 | \r |
| 297 | \r |
| 298 | Ok, there's a stupid bug in slashdot apparently, not\r |
| 299 | including my less-than sign.\r |
| 300 | There. One bug.\r |
| 301 | What's up with that. Let me try again. Hmm. There was a\r |
| 302 | less-than in there just to the left of this sentence.\r |
| 303 | That's lame on slashdot software's part.\r |
| 304 | So you proved that ALL programs have bugs?\r |
| 305 | Didn't think so.\r |
| 306 | \r |
| 307 | \r |
| 308 | \r |
| 309 | ** Paper ballots are by far the most secure solution (Score:4,\r |
| 310 | Insightful)\r |
| 311 | (by Seven Spirals ( 4924941 ))\r |
| 312 | \r |
| 313 | \r |
| 314 | Gimme a break. Use paper. Computers will be better tools for\r |
| 315 | tabulating and processing the votes after they are cast, but\r |
| 316 | it's tough to beat paper for a recount. Even paper has it's\r |
| 317 | flaws, but the hand waving crypto-bullshit is pathetic "Oh but\r |
| 318 | this counter signature will detect if the previous\r |
| 319 | initialization vector was properly zeroed inside of the S-Box"\r |
| 320 | *rolls eyes*. KISS baby. Things don't get more secure by making\r |
| 321 | them more complex and I can't think of any way to make something\r |
| 322 | more complex than to introduce computers. Computers are great at\r |
| 323 | some things, ideal for some tasks: not for voting. They suck at\r |
| 324 | that.\r |
| 325 | \r |
| 326 | ** paper ballots (Score:1)\r |
| 327 | (by Anonymous Coward)\r |
| 328 | \r |
| 329 | \r |
| 330 | The only way you can have some measure of accountability while\r |
| 331 | keeping votes anonymous.\r |
| 332 | \r |
| 333 | ** Or, for heaven's sake, you can just use paper (Score:3)\r |
| 334 | (by mark-t ( 151149 ))\r |
| 335 | \r |
| 336 | \r |
| 337 | Make a simple mark on a paper ballot indicating your vote, fold\r |
| 338 | it, put it in a box.\r |
| 339 | done\r |
| 340 | Now theoretically you could bribe people who do the counting,\r |
| 341 | but you'd have to bribe a *LOT* of people to make any kind of\r |
| 342 | difference because each individual ballot box with the folded\r |
| 343 | ballots contains but a tiny fraction of the number of votes, and\r |
| 344 | nobody ever counts the ballots from more than one or sometimes\r |
| 345 | two different boxes.\r |
| 346 | \r |
| 347 | ** the real story (Score:2)\r |
| 348 | (by slashmydots ( 2189826 ))\r |
| 349 | \r |
| 350 | \r |
| 351 | Blockchains are perfect, right? WRONG. And also right. They are\r |
| 352 | mathmatically flawless BUT if you outprocess the rest of the\r |
| 353 | network, you can finalize a block with whatever the hell you\r |
| 354 | want in it. You can form a block that says you own all bitcoins,\r |
| 355 | all transactions put them in your wallet, and you're also the\r |
| 356 | queen of England. The reason this "51% attack" doesn't happen it\r |
| 357 | because that amount of processing power doesn't exist. That many\r |
| 358 | ASICs don't exist on Earth. But let's set up a separate\r |
| 359 | blockchain an\r |
| 360 | \r |
| 361 | ** Re: (Score:2)\r |
| 362 | (by Kaenneth ( 82978 ))\r |
| 363 | \r |
| 364 | \r |
| 365 | Even with a 51% attack, the Bitcoin blockchain is filled with\r |
| 366 | digital signatures; noone but your own nodes would accept the\r |
| 367 | blocks, and you would only be 'fooling' yourself.\r |
| 368 | Electronic voting could only work if every citizen had their\r |
| 369 | own private, secure, digital signature key. Which can't\r |
| 370 | happen in the US because poor people can't afford them, and a\r |
| 371 | certain party would never give anything for free, while the\r |
| 372 | other would protect the poor.\r |
| 373 | \r |
| 374 | \r |
| 375 | ** \r |
| 376 | \r |
| 377 | ** Re: (Score:2)\r |
| 378 | (by jwymanm ( 627857 ))\r |
| 379 | \r |
| 380 | \r |
| 381 | This was the dumbest comment in the article. Obviously\r |
| 382 | software methods exist to verify after the fact that what you\r |
| 383 | saved is what you expected.\r |
| 384 | \r |
| 385 | \r |
| 386 | ** It's not how the vote was recorded... (Score:2)\r |
| 387 | (by LynnwoodRooster ( 966895 ))\r |
| 388 | \r |
| 389 | \r |
| 390 | > The report goes on to say that "Blockchains do not provide the\r |
| 391 | > anonymity often ascribed to them." It continues: "In the\r |
| 392 | > particular context of elections, voters need to be authorized as\r |
| 393 | > eligible to vote and as not having cast more than one ballot in\r |
| 394 | > the particular election.\r |
| 395 | It's who casts the vote. Before we even worry about Blockchain,\r |
| 396 | we need to ensure people casting the ballots are legally\r |
| 397 | eligible to vote. Guaranteeing a vote was cast is no more\r |
| 398 | important than guaranteeing who cast the vote was eligible to\r |
| 399 | actually cast that vote.\r |
| 400 | \r |
| 401 | ** Paper ballots (Score:2)\r |
| 402 | (by burtosis ( 1124179 ))\r |
| 403 | \r |
| 404 | \r |
| 405 | Let me start out saying 100% electronic voting is going to be a\r |
| 406 | disaster, triply so when done remotely and not at a secure\r |
| 407 | voting machine. But what most people don't realize is we\r |
| 408 | currently use unencrypted images of paper ballots in many states\r |
| 409 | as backups. These are very insecure. Why not use paper ballots\r |
| 410 | for the primary method, blockchain for the electronic backups?\r |
| 411 | This ultimately seems far more secure than what we are doing\r |
| 412 | now. We also could use open source machines and have audits at\r |
| 413 | each polling\r |
| 414 | \r |
| 415 | \r |