With accusations of election rigging and an unprecedented hack of a political party’s emails, voting security has not been this hot of an issue since Bush v. Gore and the Florida recount of 2000. Adding fuel to the fire is the FBI’s latest revelation of foreign hacking into two states’ election databases.
Now, Washington officials are increasingly concerned that hackers will seek to infiltrate the decades-out-of-date voting machines with very little technical sophistication and manipulate votes cast for the next U.S. president in November.
Some cybersecurity experts have advocated for the ultimate security measure to protect U.S. elections from foreign tampering—that is, offline paper-based elections.
Yet in Virginia, the state that famously decommissioned its terrifyingly hackable voting machines last year, the startup Follow My Vote believes the solution to safeguard against vote rigging isn’t to revert to no or low-tech, but through the adoption of blockchain technology.
Aside from the obvious issue of scale, Follow My Vote’s cofounder and CTO Nathan Hourt considers paper-based voting systems precariously reliant on the procedural security of officials conducting their jobs correctly and honestly. In offline systems, “there is no way to detect a breach of security… no way to determine if all of the original ballots are still present, if any extra ballots have been added, or if any ballots have been tampered with,” Hourt argues. The risks are amplified in national elections. “The more voters a paper-based system attempts to accommodate, the easier it becomes for a fraudster to corrupt.”
Envisioning a future for e-voting
Follow My Vote aims to combat electoral fraud and protect user credentials by developing a convenient and secure end-to-end voting system that is also open-source and auditable. In their model, voters would skip the lines to cast votes online from home using a webcam and government-issued ID. The virtual electorate could then theoretically watch the election in real-time entrusting the veracity of results to the underlying blockchain auditability features.
How can a voting platform that touts transparency also be secure? Cryptography protects each ballot against tampering from end to end, keeping votes anonymous and immutable though tamper-evident on the blockchain ledger. Each voter can change his or her vote at any time during the election using a private key and unique voter ID.
Dr. Feng Hao co-lead of the Secure & Resilient Systems group at Newcastle University’s School of Computing Science argues that “end to end verifiable voting systems have the merit of allowing a voter to verify if their vote is correctly recorded and correctly included into the tallying process—and if ballots are missing in transit or modified, it can be detected by voters.”
But blockchain doesn’t have everyone’s vote of confidence
Hao, who is also currently testing the feasibility of a small-scale e-voting application over blockchain, tempers his expectations of the technology at this stage. “Until we have concrete experimental results, we can’t tell for sure if the blockchain-based voting is really a viable idea.”
The president of Verified Voting Foundation, a non-governmental organization dedicated to the reliability and security of election results in the digital age, offered a restrained assessment of the technology. “Blockchain is interesting but does not solve many of the issues relating to Internet voting,” responded Pamela Smith.
Dr. Jeremy Clark who specializes in cryptographic voting systems at Concordia University, acknowledges the potential merits of blockchain in certifying election integrity, but cautions that it might introduce new risks. “If voters generate or are provided cryptographic keys to use in the voting process, hackers will concentrate on compromising these keys through interception or malware.”
Hackers have successfully compromised cryptocurrency keys which could be possible with election keys as well, especially in a system where voters vote from their own devices. “Requiring users to manage cryptographic keys has been shown through usability experiments to be difficult,” continues Clark. He instead vouches for a hybrid alternative. “An end-to-end verifiable voting system that uses a blockchain as a public ledger but requires voters to show up and vote in person is an excellent option for elections today,” Clark says, “but reaching beyond that is too risky.”
Industries still banking on blockchain
To be sure, the promise of blockchain’s disruptive technology has had its share of, well, disruptions. But researchers are quick to point out that the high-profile and high-payout heists hitting cryptocurrencies this year have much more to do with negligence or the misfortune of insider threats or bugs in the underlying code than with the blockchain itself. “These ‘bugs,’” says Patrick McCorry, a researcher under Hao, “are the biggest danger for any application on the blockchain—including voting.” It is worth noting that even as Hao and his team develop a blockchain e-voting platform, they also dedicate extensive research identifying potential misuse cases in order take preemptive measures. (For example, ZombieCoin explores the potential of next-generation botnets on the Bitcoin network).
The bad press has not deterred the world’s largest financial institutions, investing over an estimated $1 billion in exploring applications, and many adopting blockchain testing platforms. The financial industry has shied away from full-scale adoption at this point, however, in what could be best described as “rational exuberance” as in Don and Alex Tapscott’s Blockchain Revolution.
Follow My Vote too recognizes the necessity for further investigation and has issued an open invitation to hackers to test their platform during Follow My Vote’s online mock U.S. Presidential election this November. “While we have complete designs for a secure blockchain-based voting system operating in isolation, there will be more work required to deploy that system in any real-world voting scenario without opening up new vulnerabilities,” Hourt says.
Convenience has a way of Winning out over Security.
Hourt also views the mock election as an opportunity to give voters a chance to experience an alternative way of voting. As every politician knows, voter trust is critical to a campaign; likewise, the most challenging obstacle for e-voting end-to-end verified platforms may not be a technical one, but in winning over a would-be electorate to entrust their credentials to a platform commonly associated with cryptocurrency theft and the blackmarket. But if history is any indication, convenience usually has a way of winning out over security.
One thing that is for certain, is that even with the onset of more secure voting systems like the one Follow My Vote envisions, it won’t spell the end of politically-motivated cyberattacks. With an increasingly-hyperconnected and hence more hyperresponsive electorate than ever before, the strategically-timed hack and data leak is all the more potent and undoubtedly more customary for political rivals both foreign and domestic.
Courtesy of Jackie Burns Koven
0 comments:
Post a Comment