Why blockchain-based voting could threaten democracy

As the desire to increase voter turnout remains strong and the number of online voting pilot projects rises in the U.S. and abroad, some security experts warn any internet-based election system is wide open to attack, regardless of the underlying infrastructure.

1 2 Page 2
Page 2 of 2

Medici Ventures-backed Voatz is among a small community of mobile voting platforms worldwide using blockchain as the basis for a distributed voting system. Other companies include Barcelona-based Scytl, Australia-based SecureVote, London-based Smartmatic Corp. and Cleveland-based Votem Corp. Though Votem reportedly shuttered its operations after layoffs, Votem CEO Peter Martin said via email the company continues to support its customers "and in fact have signed up some new customers."

Even so, several European countries abandoned internet voting after seeing that the increases in turnout were not as large as expected, the Univeristy of Chicago study pointed out; those lower-than-expected increases, however, could have been affected by already waning voter turnout in those European nations.

Estonia a model for online voting

Estonia, however, has embraced internet-based voting and created the world's first national online voting system. In 2005, the Baltic nation of 1.3 million people introduced online voting via Smartmatic Corp.'s technology and used it for local government elections; two years later, Estonia used internet voting for parliamentary elections in which more than 30,000 people voted online.

The Estonian internet voting system has now been used in eight major elections over 10 years. Today, online voting participation in the Balkan state has reached 44.4% of the population.

The Parliamentary elections held earlier this year saw an increase of 40% in online participation over the same elections in 2015. Online voting, or i-voting as it's called in Estonia, takes place in advance of election day and runs until the fourth day before the election. Citizens download a voting application via a national election site, then register through a national ID card or mobile PIN assigned through a registration process.

Estonian citizens and permanent residents can request two forms of digital identification: digi-ID and mobiil-ID. Digi-ID is a card similar to the national ID card that is designed only for online use. The digi-ID card does not have a printed photo of the citizen, and contains less personal data then the national ID card, while still providing authentication and digital signature functions. Mobiil-ID provides similar functionality to digi-ID, but is built into a mobile phone SIM card rather than a chip-and-PIN card. This enables the citizen to perform digital authentication and signing using their mobile phone with no extra hardware.

Smartmatic's online voting system was also used in the 2016 Utah Republican Party Caucus and voters from more 45 countries, including places as far away as French Polynesia, South Africa and Japan, cast ballots online. Eighty-nine percent of 24,486 registered Utah Republican Party members registered to vote online and participated in the caucus process, according to Smartmatic.

Participation was strongest among voters 56 to 65 years old. After making their selections, online voting participants were asked to provide feedback on their experience: 94% described the online voting experience as good, 97% would consider voting online in future elections and 82% wanted to see online voting implemented nationwide

Smartmatic's system, however, only uses blockchain to report and tally votes, not as an open network enabling voting itself. The Smartmatic app is downloaded to the voter's PC and allows them to communicate with the vote forwarding server and cast a ballot. The client is available for Windows, Mac OS and Linux.

West Virginia still the only one to use blockchain in a national election

West Virginia remains the first state and only state to use a blockchain-based mobile voting application for a general election, which was made available only to military members and their dependents living overseas.

This summer, Utah County became the latest government entity to pilot the Voatz mobile voting app for military absentee voters casting ballots in a municipal primary election. Denver also recently allowed overseas voters to use the same platform to participate in its municipal elections.

The Voatz application uses a permissioned blockchain based on the HyperLedger framework first created by IBM and now supported by the Linux Foundation. In the election, verified validating nodes (servers) are used, split evenly between AWS and Microsoft Azure, each of which are geographically distributed, according to Voatz. Military personnel and their families who used the Voatz app only need an Apple or Android smartphone and a state or federal ID.

Computerworld > Mobile voting via Voatz phone app Voatz / blackdovfx / Getty Images

Voatz uses multi-factor authentication, including iPhone fingerprint and facial recognition, to allow pre-registered voters to submit ballots; all personally identifiable information and voting results are encrypted on the blockchain ledger.

The Voatz app has been used in non-public election voting such as state political party conventions, caucus voting, labor unions, nonprofits and student government elections at universities, according to Voatz CEO Nimit Sawhney.

"In the near future, it is anticipated that pilots could be expanded to citizens with disabilities, and/or other absentee voters in a graduated, step-by-step manner," Sawhney said via email.

The Voatz platform goes to significant lengths to prevent a vote from being submitted if a device is compromised (e.g. rooted or jailbroken) or has malware on it, according to Sawhney. Only certain classes of smartphones equipped with the latest security features are allowed to be used. Voatz conducts frequent security audits, including penetration and source code level, and also was the first elections company to offer a public bug bounty program via HackerOne starting in 2018.

“In line with our commitment to privacy and security, the voter photo-IDs and selfies are deleted soon after verification and are not used for any other purpose outside of voter identity verification,” Sawhney said. “Any biometric information never leaves the secure storage on the mobile devices and is not stored on remote servers.”

But Jacob Hoffman-Andrews, a senior staff technologist with the Electronic Frontier Foundation, said election security experts are "near-unanimous" in their opinion that online voting is too risky.

"Blockchain doesn't change that, because it doesn't address the underlying issues with online voting," Hoffman-Andrews said.

For instance, Hoffman-Andrews explained, if the device you use to vote is compromised by malware, as many laptops and smartphones are, that malware could tamper with a vote before it ever reaches the servers used to count it.

"Internet voting also poses a risk of disruption via denial-of-service attacks, and phishing/misinformation campaigns that lead people to send their vote somewhere where it won't be tabulated," Hoffman-Andrews said.

The gold standard in election security is "software independence," he added.

A voting system is software-independent if an undetected change or error in its code cannot cause an undetectable change or error in an election outcome.

Non-internet elections can and do achieve software independence while still using software to improve the election process, but "it is probably impossible to achieve software independence for internet voting," Hoffman-Andrews said.

Copyright © 2019 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
9 steps to lock down corporate browsers