A new report by NASEM, US National Academies of Sciences, Engineering and Medicine, states that blockchain is inadequate for online voting, according to Verge.

Online voting through the blockchain is recommended by many new startups as a way to curb corruption and fake votes and to make tallying more accurate. The immutability of the blockchain allows for automatic tallies of the votes, producing a near real time vote count along with identity verification that goes far beyond simple ID checks present in today’s paper vote system. This also prevents the votes of dead people or people who emigrated.

The point of the 156-page report is as follows: malware on the devices of the voters would be able to alter the vote before it reaches the blockchain, thereby rendering the blockchain’s security irrelevant.

Unfortunately, as is often the case when people who are not experts in their field make conclusions, the conclusion is only correct because the premise is wrong. The claim that a Tesla Model S is a bad boat is only correct because it is not a boat at all, but a car.

Voting on the blockchain cannot and must not be attempted by letting voters use an app to cast votes. Their identity and vote must be verified on the blockchain but only as they cast the vote in surroundings outside of their influence.

Voting in booths

With dedicated voting centers, we’re merely replacing the old, inefficient, highly corrupt paper system with a secure, blockchain based one.

The voter is given a private root-key derived from their biometric information and a password – e.g. both iris scan and fingerprint – and Ethereum addresses can be generated from that key. The bio data is encrypted and thus not visible while the hash of these biometric data remains unique and permanently verifiable deep into the future.

The generated private key can be used to generate a public Ethereum address with additional data tacked on like age, emigration status, ID expiration date, etc. When entering the voting booth, the voter signs in with his biometric data and the password and this triple factor authentication is plenty enough for securing the space – far above the current simple visual ID check. The voter is then allowed to vote via a simple button which displays the chosen vote option on screen. Given that it’s all on the blockchain, the voter can use a third party app to make sure their vote was cast the way they intended.

For an added layer of security, a voter can have for example 6 hours to cancel or change the vote, and will need to identify themselves in the same way. Blockchain is immutable, yes, but only in that you cannot change what was done but you can change the data. If this wasn’t possible, we wouldn’t be able to send ether and tokens around. So the key owner (the voter) can have special permissions built-in to change the vote within a specific timeframe, further increasing the security of the whole system.

An added advantage of this approach is that the root key can be used to generate more addresses without making it obvious that they come from the same key. If, for example, you look at how the Ledger Nano S works when you connect it to some wallet-interface like MyEtherWallet, you’ll see an infinity of addresses there. There’s no way to determine that they all come from the same key and yet they’re all still yours, usable through a single key.

Such a derivation of single-use addresses based on biometric data would make participation in various raffles, polls, TV votes, reviews in apps and more possible without revealing the identity of the participant until absolutely necessary. Such a system can replace the entire current ID card and driver license system.

Voting at home

Since it’s unrealistic to expect “civilians” to use such methods of voting at home, it’s a little more complex there. One option is a verified government-issued device not unlike a bank token which plugs into a computer or smartphone. This device can run the biometric checks and issue transactions for the user once authorized. The only way to abuse this system is by kidnapping and forced votes or bribery, both of which are present in the current system as well.

Conclusion

Fear of new tech is counterproductive for society. Voting on the blockchain is not only secure, but also the ideal evolution of the voting system. There aren’t many use cases for the blockchain but this is certainly one of them. However, to implement this we’ll need experts that are willing to go beyond theorizing their fears.

3 COMMENTS

  1. This is very complex problem, more complex than it seems at first glance.
    For blockchain solution:

    – there is a indisputable connection between a person and a vote even if it’s hard/almost impossible to reveal the starting and ending point. Even more so, because it remains publicly written forever. This is a big no-no in voting systems. You might argue that your handwriting style may also be analyzed in the future but this is significantly harder and less possible to legitimately carry out than collect/steal person => privateKey mapping someday and analyze historical votes on a supercomputer (anonymity is even one of the reasons that paper votes with any kind of identifiable stuff get rejected, images, text, anything other than a circle/X )

    – who does guarantee that devices do not intercept biometric data/private keys/whatever and send them to 3rd party or record somewhere? For sure, the people won’t vote by manually signing transactions with pen and paper? There must be some kind of software layer in between. Who does guarantee that user is even connected to the right blockchain network? Man in the middle, DNS hijacking, fake blockchain, just a simulation of the real interface, there is even a blockchain hack scenario that’s improbable but is a possibility. If you think the solution for any of this and more is a digital one, than ask the same security/privacy questions for that proposed digital solution… and down the rabbit hole you go(which is pretty much non-existant with simple cardboard box and papers and room with mostly unrelated supervisory people). Any kind of hack in regard of blockchain voting would probably easily fool 99% of the people in comparison with current system where pretty much anyone understands pen and paper(voters, counters, supervisors) and anyone can easily spot malicious activity.

    – I don’t see how blockchain solves the problem of dead people voting. Especially if it’s allowed to vote from “home devices”. Who guarantees that issuer of the devices won’t generate millions of fake vote accounts and start voting. You shouldn’t be able to verify that, because if you could, there would be no real anonymity, so any case where someone regulates and verifies the real person blockchain vote validity, falls into water. What I think is the biggest misconception in practicality of blockchain is that blockchain guarantees the data that is written there is not modified, but, it does not guarantee that the data is correct. Every blockchain interface with the real world(where the information comes from) opens a possibility for malicious activity. It’s more dangerous than current system because at the moment you have a bunch of voting centers, vote counts are revealed in the end and vote counter of that region can confirm the numbers, multiple people supervise voting, counting etc. You must control a bunch of people to make some kind of effect. In comparison to hacking a piece of software/network that may or may not require significant resources and greatly affect the voting.

    – I also don’t see real time results as a positive side, maybe I’m wrong, but I think this could greatly affect the voting in unpredictable ways

    Maybe I’m just not educated enough in the field and may be plain wrong, but this are just some of my thoughts and concerns at the moment, especially after watching this https://www.youtube.com/watch?v=w3_0x6oaDmI and reading a few similar articles.

    • Thanks for the feedback.

      1. This is not a problem. Your approach is looking at it from the wrong angle. There is no concrete data stored in the blockchain about the users, and every time an interaction with the blockchain is made, it’s made from a different address (sub-identity). I’m working on such a system. In a nutshell, there are ways to permanently obscure and verify identites without having to write them on the blockchain.

      2. It is easier to hack people in voting centers than blockchain because when working with the blockchain you work with a system verifiable by everyone and all third party apps. Just in case, though, this is why the 6 hour cooldown is in place. Once the transactions appears on the network and the user can verfiy it, it’s all safe. Prior, during and after every voting process the system can be checked automatically by third party NGO software for full transparency without relying on trust towards supervisors. In absolutely every way this is much safer than anything that has been suggested so far. There is no DNS to hijack, there is no fake blockchain to submit a TX to because then all the apps scanning the real one would immediately notice. There is no way to fool a decentralized system without fooling the entire world, and at that point you’re not fooling anyone because your truth effectively becomes the real truth.

      3. Blockchain identities can have timestaps which require periodic renewal / regeneration of the identity. A dead person’s voting ability will simply expire. The daya cannot not be correct, because the identity is generated from a triple combination of biometric data and a password. You cannot get a dead person’s biometrics for a scan, and even if you do, you probably deserve the extra vote it gives you, just for effort. It would be much harder to generate a dead person’s identity – especially since their identity hash is already bound to the event “death” on the blockchain – than to fake papers or bribe counters.

      4. Everything affects voting in unpredictable ways. From presidential yogurt statements to wars across the world. I don’t think transparency towards the accurate number of votes would be a net negative.

      The problem with articles and videos like the one you linked to are that these people are not exactly experts in their field so they can’t apply solutions that they don’t know exist. There are people who have been dealing with these problems full time for years now, considering each and every edge case, and it is not only possible but preferred to any current system in existence. Anyway, enough talk – stay tuned for a PoC soon 🙂

      • Hey, thanks for the response. I’m still not totally convinced, mostly because I don’t understand the complete mechanics of the described processes. But, I’d love to see a PoC that would prove me wrong. It would also make debating easier, commenting and analyzing the concrete solution rather than covering the theoretical implementations and outcomes etc. Good luck with the project!

LEAVE A REPLY

Please enter your comment!
Please enter your name here