Can blockchain fix voting?
Could digital voting have prevented the chaos before the US election? And can blockchain help now or in the future?
Democracy faces a host of challenges, and that includes voting itself. Voter turnout is falling – in the UK, it fell to 67% of eligible people in the 2019 general election, down by 1.5% from 2017. And that was before the pandemic hit. During the US election, casting an in-person ballot caused some consternation about the potential risk of queuing at a polling station, while others more worried about the impact of the most vulnerable voters deciding to stay at home. Mail-in ballots are one answer, but the chaos surrounding the US Postal Service (USPS) had many concerned.
E-voting is often suggested as a solution, and has been trialled in Estonia with some success, but digital polls are haunted by security concerns. Could blockchain be the answer?
The digital ledger at the core of Bitcoin, blockchain has emerged as a hyped technology in its own right, offering a decentralised way of holding pieces of data that are hard to change. Once data has been written in a block, everyone on the blockchain has to agree to change it, which makes it potentially useful against fraud.
However, despite the many headlines proclaiming a new use for the idea – from tracing coffee beans for Starbucks to a game called CryptoKitties – blockchain largely remains a solution without a problem to solve. Could e-voting be blockchain’s killer app?
The short answer is “maybe”. We still need to tackle serious challenges around security, privacy and transparency – and most of the hurdles have nothing to do with blockchain, but the technology that will need to be built around it to prove and check identities, for example. The problems with voting aren’t normally the ballot paper itself, after all, and when it comes to elections, the blockchain is about little more than verifiably storing a piece of data.
That said, the USPS believes that blockchain might provide a solution to some of its woes, and in February filed a patent for a new voting system that pairs blockchain and postal ballots.
“A voting system can use the security of blockchain and the mail to provide a reliable voting system,” reads the patent, which was made public in August. “A registered voter receives a computer-readable code in the mail and confirms identity and confirms correct ballot information in an election. The system separates voter identification and votes to ensure vote anonymity, and stores votes on a distributed ledger in a blockchain.”
This isn’t the first attempt at blockchain voting. Alongside Democracy Earth and Votem, US startup Voatz has been developing the idea since 2014, when founder Nimit Sawhney came up with the idea at a hackathon. Since then, it’s run 70 election trials, of which 11 have been for governments or political parties, explained Hilary Braseth, chief of staff at Voatz. Generally, there are two different products: an entirely blockchain-based voting system and one that uses paper votes but adds blockchain for fraud protection.
The former sees the vote stored on the blockchain and is used for anything from board meetings to church gatherings; anywhere a verifiable ballot is required. It’s even been used for some political uses, such as internal party decisions. The latter, meanwhile, is required for government elections, as that piece of paper is required by law. In that case, the vote is cast via paper but also recorded on blockchain as an added form of verification.
To use the system to vote in a US government election, the voter would fill out a form to request a digital vote, in the same way that they’d request a mail-in ballot. They would then be sent an invitation to download the app, with one vote allowed per device. The voter would set up an account by verifying their identity using what Braseth called a “live selfie”: facial recognition could be fooled by holding up a photo of the person, so instead it uses a live video stream. When it’s time to vote, a notification will pop up with the ballot loaded by election officials into the app.
Once a vote is cast, a ballot is printed by election officials at their offices. Instead of the voter’s name, it’s printed with an anonymous ID. The voter is also sent an email with a receipt that contains that ID, meaning they can verify their vote. And their choice is saved to the blockchain for additional auditing. For non-governmental votes, such as at board meetings, ballots are held entirely on the blockchain.
One of the key trials run by Voatz has been running elections for overseas Americans, such as soldiers. More recently, the company has expanded to those with disabilities that keep them from being able to visit the polls in person but who also find a mail-in ballot difficult, such as blind people who can vote via app using assistive technologies. “They can vote independently for the first time ever, because they don’t need someone to help fill out a paper ballot and mail it,” said Braseth.
The Covid-19 pandemic has exacerbated that, and Braseth said the company has been inundated with phone calls from election officials this year. While she can’t specifically share which areas Voatz is working on for the US ballot in November, Braseth said it was largely limited to those at risk of disenfranchisement because of health issues.
Securing the vote
The main criticism for blockchain voting is security. “There’s a number of challenges that haven’t yet been fully solved,” said Steve Schneider, director of the Surrey Centre for Cyber Security. “I’m not against electronic voting under any circumstances, but I’m kind of nervous about some security aspects.”
And that criticism extends to Voatz in particular. Researchers from MIT found vulnerabilities that could allow hackers to change a vote or see how someone cast their ballot. That’s an alarming result, although Voatz said the research used an outdated version of the app. “Their methodology was flawed,” said Braseth, who claims more recent versions address the spotted flaws.
Alongside the security criticism have come complaints about transparency, with the researchers noting they had to use an older version because they weren’t able to access the current one for their work. “One of the main problems with using a private company is that no one can really look at how the system works,” said Nir Kshetri of the University of North Carolina at Greensboro.
Since the research, Voatz has introduced a bug bounty programme and Braseth said the company does allow auditors to look at its systems, saying that securing such a system is an ongoing effort. “Security is not an endpoint, it’s not like you’re secure one day and then automatically secure tomorrow,” Braseth said. “Threats continue to evolve.” However, the company has since filed a brief in a US Supreme Court case on hacking, saying that while some computer breaches are necessary, so-called white-hat hackers and researchers should check with a company before beginning such work – a move that would make such attacks harder.
There are challenges to securing any digital voting system, however. Generally speaking, the blockchain is fairly secure, noted Kshetri. It depends what sort of implementation is used – private versus public and so on – but the real security threat is likely to be the app or site that’s used to access the system or register for it. “There may be vulnerabilities,” Kshetri said. “The computer or phone may be infected with some malware or virus.”
Voatz does acknowledge this, and scans users’ devices for infections. Voatz ran an election for the Republican Party in Utah and spotted malware on users’ devices. “The voter had no idea they had malware on their phone,” Braseth said. If it can’t be removed, there’s a backup system to vote via a phone call.
While that’s a positive step, what if an infection or malware is missed? An election hack is likely to come from a state-sponsored actor and may have access to vulnerabilities above and beyond your basic criminal – that Voatz spotted some malware doesn’t mean it saw it all. “It seems it’s within the capability of nation states to launch attacks, and some of the difficulties with voting systems in particular is being confident that you’ve got the correct result and people should have trust in that,” said Schneider.
Transparency – and too much of it
Another security risk is raised by private blockchains. With a public blockchain, anyone can have their own copy and store it wherever they would like. With a private one, it’s only accessible with permission from the company that’s managing it and may only be held in a limited number of locations.
Kshetri noted that if one were held by a single cloud provider, it would be possible for a political party to collude with it to change voting blocks. “I think if you’re doing a public ballot, you certainly want that kind of verifiable information to be publicly available,” agreed Schneider.
That doesn’t mean that a public blockchain is best. Alongside being slower and more complicated, there is also the risk of unpicking how people voted. In 2019, for example, Moscow used a public blockchain to run a city election. Ahead of the ballot, the system was hacked in just 20 minutes by a security researcher at France’s National Centre for Scientific Research, potentially letting votes be linked to voters.
This is a core concern for blockchain voting. “One of the worries would be that if my vote could be linked back to me in any way, that’s not something I would want and certainly not something that you should have the possibility of,” explained Schneider. Votes could be cryptographically secured rather than stored in plain text, but to be verifiable there needs to be a way for a voter to see that their ballot has been recorded correctly. If that can be reverse-engineered, there’s a problem.
A privately managed but openly accessible blockchain could be the answer; what’s known as a “public-permissioned” network. As most people don’t know how to access and understand a blockchain – perhaps IT Pro readers do, but most of the general electorate doesn’t – it doesn’t necessarily need to be a fully public blockchain, but merely be openly accessible to independent experts.
Schneider suggests that we could hire cryptographers to check our votes in the same way we use lawyers to look over a contract. “The public needs to be able to access the evidence that the elections have run correctly,” Schneider added. “There’s a notion of verifiability in electronic voting. The blockchain could provide a platform for holding that information and then for people being able to verify the correctness of the tallying process.”
Disenfranchised by AI
One of the challenges around e-voting, be it blockchain-based or not, is verifying identity to ensure the right person is voting. With systems such as Voatz, that tends to be done by looking at an image of the person when they registered – perhaps pulled from government records, such as a passport or driving licence – and using a smartphone camera to compare it to the person using the app to vote.
Such systems use facial recognition, and that raises a problem as such artificial intelligence-based technologies have faced criticisms of bias. “They recognise white males with close to 99% accuracy,” said Kshetri. “But if you look at African American women, the error rate was as much as 30%.” That has the potential to further disenfranchise such groups of people by leaving them unable to vote via the app.
Moreover, such systems can be fiddly to use for people who aren’t tech savvy. “It needs to be accessible to everyone,” said Schneider. “It’s a real challenge.”
Is this the solution?
Blockchain voting won’t solve all of the problems faced by this year’s US election – none of the systems have been tested enough for such an important event. Nevertheless, we’re inching slowly toward techniques to secure and protect mobile or digital voting, and blockchain might be part of that.
“I think it has the features to be part of the solution,” explained Schneider. “I don’t think it solves all of the challenges there are around electronic voting, but in terms of being a secure platform for information and trusted… that is a useful component in an online election.”
Mobile voting isn’t here yet, but when it is, we may use blockchain as an anti-fraud tool during digital elections. Whether that counts as full blockchain voting or not, we might have finally found a real-world, genuinely helpful application for this much-discussed technology in search of a purpose.
Braseth says the intent isn’t for Voatz to run an entire election, but to be part of it. “It’s one extra tool alongside mail-in votes,” she said.
It’s an acknowledgement that our current election systems aren’t perfect. “It actively shuts out citizens from participating,” said Braseth. “In the US, our overseas population votes at a rate of 7% – and there are three million eligible voters. That can impact the outcome of an election, and it’s largely due to logistical barriers – and right now, the US post office isn’t delivering to 70 countries, if not more.”
Overall, blockchain technology might not be the solution that makes e-voting a possibility, but there’s no question this is a problem that needs solving. After all, as Braseth pointed out, “a vote not cast changes the outcome of an election just as much as a vote changed.”