Some of you know that in addition to my day job I volunteer as the CTO for US Vote Foundation, a nonpartisan civic tech organization dedicated to ensuring that every citizen is a voter with access to the right information in order to cast their ballot. US Vote recently joined an ad hoc coalition of election security experts, voting integrity organizations, local and state voting officials, and others to try to stop the use of blockchain technology in the voting world. While I’ve been pretty vociferous about the inanity of most of the enterprise blockchain initiatives I’ve seen and reviewed (here and, in verse form, here), using blockchain for voting is a seriously dangerous proposition for democracies such as our own. Recently, the city of Denver announced its intent to use technology that claims it is based on blockchain for an upcoming vote. The vendor, Voatz, is deliberately opaque about its technology and its processes to the point that it has raised significant suspicions in the election security community about its intentions and the safety and security of its offering.
This post outlines some of the reasons why experts in the field are largely unanimous in stopping blockchain from infecting our already complicated and troubled voting systems. My post below is one of a series of posts the coalition is calling “The Blockchain Papers.”
So-called “blockchain voting” systems are exceedingly risky and vulnerable to a host of dangerous cybersecurity attacks. The growing hype around the implementation of this technology in elections is a distraction from fundamental election issues that beg for common sense solutions and resources to improve US election systems. Instead of working to solve this existing landscape of issues surrounding secure, verifiable, and auditable voting for all citizens, private companies and individuals are hyping an unknown and unproven technology that is more of a grifter’s dream than anything that could truly alleviate the many roadblocks that exist in our electoral systems.
In addition to providing an unwelcome distraction from the real work needed to help secure our voting systems from a variety of threats, the reality is that blockchain voting systems are at best no more secure than any other type of web-based voting system, which themselves are rife with security and integrity issues. Indeed, blockchain voting systems are vulnerable to a multitude of profoundly serious threats that could easily allow cyber-attackers to control the outcome of an election. The potential for fraud and malfeasance makes blockchain voting a grave national security danger to our voting systems.
The threats inherent in blockchain-based voting systems include:
- The prospect of silent and undetectable
modification of votes
- The ability of rogue actors to initiate widespread and undetectable disenfranchisement through the prevention of voting by eligible voters
- The possibility of large scale, undetectable violations of voter privacy that could lead to harassment, coercion, or retaliatory action
- The ability to usher in a new era of widespread vote buying and selling
The insidious nature of blockchain voting doesn’t just end with the possibility for systematic commission of vote fraud. Importantly, many of the potential attacks that could result from the deployment of blockchain-based voting are virtually undetectable and, for the most part, none of the damage done by such attacks would be correctable after the fact. These attacks can be perpetrated remotely by anyone in the world, including domestic partisans, international criminal organizations, and the intelligence agencies of adversarial nations, many of which, like Russia, China, North Korea, and Iran, have already perpetrated election fraud on the United States.
The fact that blockchain voting could make widespread fraud undetectable means that it may never be possible to pinpoint with any precision the source of blockchain-enabled cyberattacks. This additional vulnerability ensures that blockchain voting will only exacerbate a set of problems we in the election security and integrity community are desperately striving to eliminate. It’s interesting to note that the Moscow’s regional parliament is planning to test blockchain voting techniques – should we be following the lead of a country that has made the opacity of its civic processes a “feature” of its version of democracy?
The bottom line is that, at this point in history, when voting systems nationwide are seen as under attack and in desperate need of increasing levels of support for security and privacy, the current hype around blockchain-based voting is more than a distraction. It’s a dangerous diversion of resources, time and effort towards what is fundamentally no more than a vanity project promulgated by actors whose credentials are dubious and whose motives are hard to discern. It’s time to quash this potentially dangerous effort and refocus election reform on technologies and processes that are both safer and more reliable than anything blockchain could possibly offer.
For further detail and information about the insecurity of blockchain voting, please see, The Myth of “Secure” Blockchain Voting, by David J. Jefferson.
Josh,
The concern I have is that we are implementing technology to address fundamental issues that doesn’t do the job. You can’t have good blockchain without good supporting technologies and processes. All you do otherwise is make bad decisions immutable for the time being.
100% agree. The hype machine behind blockchain is unrelenting. I would be open to hearing about a blockchain solution that addressed an entirely new problem in an entirely new way, but using it to chase old problems that can and should be fixed with existing tech just accentuates the “garbage in, garbage out” problem.