Incorporation of blockchain tech would give a false sense of security to Internet voting, which is a fundamentally insecure proposal, say researchers from Cornell University’s Initiative for Cryptocurrencies and Contracts.
Blockchain has been touted as an excellent way to diminish fraud in supply chains and in voting, and some pilots, such as one in West Virginia, are now testing blockchain systems to allow overseas military personnel to remotely cast ballots on their mobile devices.
And while the Cornell researchers Ari Juels, Ittay Eyal and Oded Naor have written in Business Insider that they, “believe in the transformative potential of blockchain systems in a number of industries,” voting is not one of them.
While the tech is promising for making, “educational credentials, land ownership and food origins more transparent and harder to forge,” online voting is fraught with so many security risks that even blockchain cannot overcome them:
“A key method by which blockchain voting could worsen election integrity is by claiming to increase trustworthiness without actually doing so.”
“Blockchain panacea” critics like Tone Vays and Jimmy Song have long questioned whether privately-owned and -commanded blockchains really bear the same features of immutability as public blockchains like Bitcoin.
They claim that because Bitcoin can only be amended by complex, time-consuming and expensive consensus, it is secure. Any other “blockchain” or distributed ledger with central oversight, they warn, can be gamed and re-written with relative ease.
They have also claimed that the private keys needed to upload or download data from a blockchain are difficult to manage for most people, and every point where a human is used to input data is a potentially corruptible point.
The whole prospect of privately-commanded blockchains just means a whole host of points of failure within a system where trust cannot be effectively automated, Vays and Song say.
The Cornell researchers take issue more with the corruptibility of any election held online, blockchain or no:
“Blockchains might sound like an ideal remedy for the trust problems caused by internet voting…Yet as scholars who have studied traditional and blockchain-based voting, we believe that while blockchains may help with some specific issues, they can’t fix the basic problems with internet voting. In fact, they could make things worse.”
Internet voting itself, say the researchers, should be eschewed:
“For years, experts on election security have warned that the internet is too dangerous for such socially crucial and time-sensitive functions as voting. Renowned cryptographer Ronald Rivest, for instance, has remarked that ‘Best practices for internet voting are like best practices for drunk driving’ – there’s no safe way to do either one.”
The internet is a sea of bug-infested code, they say, and should not be used for crucial public events like elections:
“Most hardware and software are rife with hidden security flaws, and are not regularly updated. Devices are vulnerable, and so are networks. Internet outages – even caused by trivialities like gamers trying to get a leg up on their competitors – could prevent people from voting. Intentional, targeted attacks against internet traffic could cause major disruptions to democratic institutions on a national scale.”
Data on a blockchain might be secure, they say, but the transmission of voting data over the Internet is just as vulnerable as any other online data.
Nations and citizens should realize, say the researchers, that an online voting system would constitute an irresistible honeypot for enemy states interested, like Russia was, in influencing election outcomes:
“They’ll find – and fully exploit – any technical weaknesses available to them. Without a paper trail, the very possibility that someone could have secretly changed votes will further erode public trust in democratic elections.”
That blockchains can overcome security issues in the Internet that hosts them is an naive and fallacious prospect, a notion that should be contested in the name of national security:
“The stability and integrity of democratic society itself are too important to be relegated to flawed computer systems.”