The United States has entered the age of blockchain voting. West Virginia recently deployed a mobile blockchain-based voting system allowing overseas service-members to cast absentee ballots in the November elections. Other countries—including Japan, Sweden, and Norway—have experimented with such infrastructure, but West Virginia’s pilot program is the first of its kind in the U.S. Up to now, blockchain voting in this country has mostly been tried in non-political arenas: to elect corporate boards, or to enable sports fans to call football plays or elect musicians to the Rock and Roll Hall of Fame.
Some of the thorniest problems facing America’s electoral process—voter suppression, gerrymandering, malapportionment, the weakening of the Voting Rights Act—are mostly immune to blockchain-based solutions. And there is a growing consensus—including a recent report by the National Academy of Sciences, Engineering, and Medicine—that internet voting, including methods that use blockchain, hasn’t matured enough to be used widely. But could and should blockchain technology play a bigger part in the future?
BREAKER assembled a panel of experts—Bina Ramamurthy, a computer science professor and director of the Blockchain ThinkLab at SUNY Buffalo; Douglas Schmidt, a computer science professor and co-director of Vanderbilt University’s Data Science Institute; and Stephanie Singer, project lead at Free & Fair, a company that designs open-source software to improve the security of elections—to help us separate the promise from the hype.
Trying to vote a second time is like trying to double-spend with bitcoin.
Ramamurthy: Blockchain is meant [for things that require] validation, verification, and recording, so voting is a good use case. You can have a system where everybody gets one vote, everybody has an identity, and it can register that you voted once and can’t double-vote. Trying to vote a second time is like trying to double-spend with bitcoin. And you can find out everything that happened, along with the time-stamp.
Singer: There is a role for blockchain in making time-stamps, for instance in protecting voter registration lists. You take your voter registration file, hash it, and post the hash on the blockchain.
Ramamurthy: What state you’re eligible to vote in, what party you’re registered with, whether you can vote in the primary—all these things can be automated and it’s right there in the immutable ledger.
Schmidt: The primary benefit of a blockchain-based approach is the distributed ledger. The transactions that occur on the system are recorded in a way that’s tamper-aware. If anybody tries to change the transaction, it’s fairly obvious. In a non-blockchain system, there is always a central authority, and it comes down to how much you trust it. If the system administrator tries to zero out the candidate they don’t like, they can do it in a way that would be pretty hard to track. With blockchain, that’s much more difficult to do.
On the other hand
Singer: Two of the big problems that blockchain doesn’t solve, which anybody needs to solve for any kind of internet-based voting or smartphone voting [to take off], are malware on a user’s own device and denial-of-service attacks.
Who is it that pushed the button to cast the vote? Was it a bot army run by the Russians?
Schmidt: With a blockchain-based system, once a vote is recorded, it’s going to be difficult to change. That’s good—but it doesn’t solve the identity problem. Who is it that pushed the button to cast the vote? Was it a bot army run by the Russians? Was it someone who stole a bunch of phones and voted 15 times with 15 different phones? That’s the Achilles heel. With [standard] voting [systems], there are a lot of checks and balances. You have to register, you have to go to a polling place, and once you’ve voted they check off that you’ve voted.
Singer: A lot of people say if you can’t conceive of voting on the internet, that’s a failure of imagination. If you can bank on the internet, you can do anything on it, and anyone who says otherwise is a Luddite. But what makes voting really hard is that you need people to have confidence in the outcome of an election—it has to be absolutely transparent—while at the same time not allowing anyone to prove who they voted for. It’s really different when you move money around, because you have two parties with eyes on the transaction. You can go back later and tell the bank it left off a zero, and find out who was right. You simply can’t do that for voting.
Schmidt: The other issue is double-voting or multiple-voting. In the 2005 elections in Iraq, they put purple ink on your finger. That’s how they solved the double-voting problem—you had a purple finger for the next three days. With something electronic, if someone got access to a bunch of keys that represent several people, they could vote on their behalf and nobody would be the wiser.
Singer: Here’s another thing about blockchains. If the majority of blockchain miners [who validate transactions] want to go back and rewrite history, they can. It’s not really [accurate to say] the ledger is “trustworthy.” It’s that it’s trusted by a majority of the miners.
Blockchain works best in situations where the need for disintermediation is greater than the need for confidentiality.
Schmidt: Gideon Greenspan, [CEO of blockchain company Coin Sciences CEO], points out that blockchain works best in situations where the need for disintermediation is greater than the need for confidentiality. With blockchain voting, you could conceivably figure out who someone voted for. Even if you don’t know who a person is, you know that someone with this ID voted for Mickey Mouse, and someone with that ID voted for Donald Duck. It’s increasingly easy to track these people down and [identify them as] physical people. [With standard voting], there’s no way of knowing who cast the ballot. The ballot is the record of a vote, and someone else has a record that each person who voted was identified. But there’s no identifying trace on the ballot itself. There’s absolutely no traceability, whereas with blockchain there’s tons of traceability.
Ramamurthy: Voting is a fantastic application for blockchain, but a lot will need to be done to make it work, and a lot of people will have to buy into the idea that it can work.
Singer: Maybe we’ll get to the place where the population has enough confidence in certain kinds of cryptography to do the extra work it’ll take to make a cryptographic scheme work for voting. It’s not impossible, but it’s really hard, and my bet is we’re not going to get there in the next ten years. [For now], everyone should vote on paper, and this paper should be audited after tabulation to make sure the tabulation is correct. There is a role for blockchain in elections—but not for casting your vote. The heartbreaking thing is that people always want to try it on deployed military first. And I get it. Someone is on a submarine risking their life for this country and our democracy. I want that person to vote. But I also want that person’s vote to count.
Schmidt: The people who should be most excited about this are any foreign governments that want to tamper with our elections. For them, it’s a dream come true.