“It’s ridiculous that in 2020 we are still standing in line for hours to vote in antiquated voting booths. It is 100% technically possible to have fraud-proof voting on our mobile phones today using the blockchain. This would revolutionize true democracy and increase participation to include all Americans – those without smartphones could use the legacy system and lines would be very short.”– Andrew Yang
Andrew Yang’s endorsement of blockchain voting technology running on the Ethereum network kicked off a torrent of excitement from within the cryptocurrency community as well as harsh criticism from paper ballot purists. These groups are on opposite sides of the moat on digital voting, but they both have salient points. I refer to them as paper ballot purists because they believe that digital voting systems will always have security issues so we should turn to the much harder to compromise paper ballot, much in the same way that the United States relies on ancient computer systems to control America’s nuclear arsenal. However, I think it’s disingenuous to deify paper ballots as they have their own set of flaws.
Voting in the Modern Era
The primary risk of any system of voting is that an adversary can change the ballots, either through intimidation, which can happen both on a local or a national scale, or when a ballot counter or malicious third-party intercepts or changes the ballots cast by citizens. Paper ballots have traditionally had an advantage over digital voting schemes in that it is difficult to change a massive amount of paper ballots without someone noticing. This all assumes that the electoral system is trying to be honest, and the paper ballots are counted absent government-wide manipulation, which can happen. We see that in banana republics where dictators manage to farcically capture almost 100% of the vote, but still want to maintain the illusion of an electoral process. Paper Ballots are much harder to change en masse, but they are not perfect.
Banana republics are not the only targets of voter fraud. During a 1954 election in Quebec, the mob tried, and failed, to fudge the ballots and intimidate voters: “On election day Pretrulla’s goon squads terrorized voters, wrecked opponents’ committee rooms, and stuffed ballot boxes — in vain.” Quebec has a sordid history with mob interference in elections. Some succeeded, some failed, but the ballot box represents an easy target for a malcontent to either intercept and swap out ballots or to have thugs intimidate voters in crucial swing districts. “In Rivière-des-Prairies in 1955, four polls were attacked by men carrying rifles and shotguns. In Ville-St-Michel the following year, gangs of goons hired as “special constables” patrolled polling booths with baseball bats and blackjacks.”
Voter turnout and public election apathy may be issues that a blockchain voting system could improve. The United States had a voter turnout rate of 60.1% in 2016. Canada’s was 68.5% in 2015. Part of the cause is due to the inconvenience of heading to a polling station and casting a ballot. A digital election, like the one Andrew Yang is suggesting, could boost voter turnout. In Estonia, a digital voting system increased voter turnout by 40%. Would that happen in the United States? Possibly. Democracies have long been struggling with a declining voter turnout rate. A significant portion of the electorate is not voting, and that begs the question: How representative is a democracy where 40 percent of the electorate is not voting?
Direct democracy, wherein citizens would be able to vote directly on important issues would be possible nationwide with online voting in a way that hasn’t been viable in large democratic nations almost as long as the democratic tradition has been alive. The phenomenon where an elected representative’s policies lag behind public desire would disappear as democracies would be able to poll citizens directly via a popular vote on their phones. Direct democracy could also increase voter turnout by combatting the apathy that voters suffer from in many representative democracies because their votes would have a direct impact on issues of governance rather than depend on the honesty of their representatives to implement policies they’ve promised during election campaigns. One of the advantages of representative democracy is it can act as a cushion against reactionary and radical elements in public thinking. It is a bulwark against crowd-wisdom. But politics is a dynamic and very contextual or situational phenomenon. Representative democracy can also act as a bulwark against positive movements for society. An excellent example of this is Marijuana legalization, where the majority public opinion on legalization has been positive for a long time, but the elected representatives dragged their feet carrying out the public will. I’m not sure which way I lean on allowing a direct democratic vote on everything. It is both exciting and alarming to me. The ship of a nation-state is a hard thing to steer, and the momentum of bad decisions can be and has been measured in the deaths of hundreds of millions. As the founding fathers of the United States envisioned, sometimes a slow roll is preferable to an uncontrolled descent. Nevertheless, I see this as a boon mostly because democratic societies that tear themselves apart or devolve into dictatorship have managed to do so just fine without direct democracy.
Another boon to digital voting is that it removes transportation barriers for people that do not own cars and would have trouble travelling to polling stations, which have sometimes been placed strategically far away as a form of voter disenfranchisement.
Digital voting schemes have a different and more severe risk category than paper ballots. If a flaw is found in the software or hardware that the voting system uses, a malicious actor could potentially change all the votes at once. Blockchain voting systems differ from traditional digital voting machines a great deal. Changing a cast ballot once it has been recorded should not be possible using a properly designed system. It would be akin to changing the record of a completed bitcoin transaction which is effectively impossible. The immutability of the blockchain would make any manipulation apparent to authorities. The risk then becomes an issue of a third-party manipulating ballots as they are being cast either through some flaw in the system akin to the smart contract thefts that caused the split between ETC and ETH. With the blockchain, this kind of manipulation should be detectable. With the convenience of online voting, holding a follow-up election would not be the massive undertaking and expense that holding a traditional election would be. And the electorate would be more likely to turn out.
An additional risk for electoral manipulation with an online voting system is that a malicious third party might be able to compromise a voter endpoint and change the vote as it is being sent. Would it be enough to steal an election? It very well could be, depending on how many devices the malware managed to infect and how long they were able to remain undetected. Generally, the more pervasive a malware campaign is, the more likely it is to be detected. Indiscriminately infecting hundreds of thousands of consumer phones and computers through a malicious advertising campaign would not go undetected. The most significant risk would come from a foreign state-sponsored adversary that could exploit unknown flaws in consumer operating systems and cast votes using a citizen’s credentials. This is a big problem for online voting systems. If a vote is cast for someone or modified in a way that changes a citizen’s vote, the blockchain should allow a voter to determine that his ballot has been modified or miscast. How the electoral system reacts when it detects these compromises and determines if they were of significant enough quantity to change the result of the election is paramount. The way we think about voting now is a one and done affair. Forcing the electorate back to the polls is a rare thing. It need not be so with a digital election. What about repeated interference election after election as a kind of denial of service attack for voting? Politicians are already looking at electoral interference as an act of war. The United States government applied sanctions on Russian firms for election meddling through social media. I cannot see an explicit attack on a massive number of digital devices that are used to vote being allowed to continue without severe repercussions for the state sponsor.
Another potential risk is that the blockchain voting system is not robustly designed. With the system in Moscow, a security researcher discovered that the Russians were using a weak encryption scheme to protect a voter’s private keys. The researcher indicated, “In the worst-case scenario, the votes of all voters using this system would be revealed to anyone as soon as they cast their vote.” I’m not certain if this means that a third-party could determine the identity of the voter or if they would be only able to determine the vote cast. If you consider that the government would be giving the credentials to citizens, they would now have the ability to figure out how a specific citizen voted. The ballot, in this case, would no longer be secret, which a cornerstone of modern democracy. If the state or agents of the state can figure out how citizens have voted, they can punish them for voting for the wrong candidate. If a third party were able to tie a vote to a voter, either through a government database leak or a flaw in the encryption used, they could intimidate or punish members of the electorate for voting for the wrong party. Coindesk indicated that the Russian system guarantees complete anonymity for voters so I’m taking an assumptive leap that the flaw as described above would allow people to tie voter identity to the credentials they are given to by the government.
Microsoft’s election guard technology allows voters to verify that their vote has been cast legitimately without advertising whom they voted for: “They can use the tracking code on an election website to verify that their vote has been counted and that the vote has not been altered.” Something similar should be possible on the blockchain. So long as the government is not storing the tracking code or user credentials next to personally identifiable names, it should be possible to keep the names of voters off the blockchain.
Blockchain Voting Systems Currently in Service
Several blockchain voting systems are being developed and deployed in elections worldwide.
• Kaspersky is currently developing an Ethereum powered voting system called Polys. It is currently closed source, though they have indicated they will open-source it once their internal audits are complete.
• West Virginia carried out a trial program using a Voatz, a voting system powered by IBM’s Hyperledger blockchain framework.
• The Republican party used a system by Smartmatic in the Republican Presidential Caucus. https://www.smartmatic.com/case-studies/article/utah-republican-presidential-caucus-2016/
• Russia will deploy a blockchain voting system during a September 2019 election powered by the Ethereum blockchain.
Online voting is not likely to disappear. Whether it is the blockchain or a different system that manages to capture this market remains to be seen. Detractors to digital voting would argue that such a system can never be entirely secure, and vulnerabilities will always exist, but the same applies to online banking, online storefronts, and digital communications. Digital mediums have thrived largely because the benefits of convenience outweigh the risks of exploitation. There will always be a trade-off between convenience and security, but this doesn’t mean that we should go back to burning candles and writing on a typewriter. People have been stealing elections as long as there have been elections, but if the online voting system is transparent, it should give the public and authorities enough information to deal with it. With the blockchain, I think the benefits outweigh the risks.