4904

I was going to summarize but better just to post it all:

While the notion of using a blockchain as an immutable ballot box may seem promising, blockchain technology does little to solve the fundamental security issues of elections, and indeed, blockchains introduce additional security vulnerabilities. In particular, if malware on a voter’s device alters a vote before it ever reaches a blockchain, the immutability of the blockchainfails to provide the desired integrity, and the voter may never know of the alteration.

Blockchains are decentralized, but elections are inherently centralized. Although blockchains can be effective for decentralized applications, public elections are inherently centralized—requiring election administrators define the contents of ballots, identify the list of eligible voters, and establish the duration of voting. They are responsible for resolving balloting issues, managing vote tabulation, and announcing results. Secure voting requires that these operations be performed verifiably, not that they be performed in a decentralized manner.

While it is true that blockchains offer observability and immutability, in a centralized election scenario, observability and immutability may be achieved more simply by other means. Election officials need only, for example, post digitally signed versions of relevant election-related reports for public observation and download.

Ballots stored on a blockchain are electronic. While paper ballots are directly verifiable by voters, electronic ballots (i.e., ballots on a blockchain) can be more difficult to verify. Software is required to examine postings on blockchain. If such software is corrupted, then verifiability may be illusory. Software independence is not, therefore, achieved through posting ballots on a blockchain: as ballots are represented electronically, software independence may be more difficult to achieve.

The blockchain abstraction, once implemented, provides added points of attack for malicious actors. For example, blockchain “miners” or “stakeholders” (those who add items to the blockchain) have discretionary control over what items are added. Miners/stakeholders might collude to suppress votes from certain populations or regions. Furthermore, blockchain protocols generally yield results that are a consensus of the miners/stakeholders. This consensus may not represent the consensus of the voting public. Miners/stakeholders with sufficient power might also cause confusion and uncertainty about the state of a blockchain by raising doubts about whether a consensus has been reached.

Blockchains do not provide the anonymity often ascribed to them.33 In the particular context of elections, voters need to be authorized as eligible to vote and as not having cast more than one ballot in the particular election. Blockchains do not offer means for providing the necessary authorization.

Blockchains do not provide ballot secrecy. If a blockchain is used, then cast ballots must be encrypted or otherwise anonymized to prevent coercion andvote-selling. While E2E-V voting methods may provide the necessary cryptographic tools for this, ordinary blockchain methods do not.

It may be possible to employ blockchains within an election system by addressing the security issues associated with blockchains through the use of additional mechanisms (such as, for example, those provided by E2E-verifiability), but the credit for addressing such problems would lie with the additional mechanisms, not with the use of blockchains.

From the National Academy of Sciences

4905

Even if it’s true that blockchain voting is not perfectly secure, what matters is whether it’s more secure than the alternatives. Which as we know by now, are also imperfect.

And some of those objections do seem a little odd. Like “voters need to be authorized as eligible to vote and as not having cast more than one ballot.” If we can use blockchains to send a list of voters $1 and know that they can’t spend the dollar twice, then presumably we can do the same with a vote.

Finally, there is a huge advantage to voting-by-phone: increased voter participation. That’s not a trivial benefit, and is worth at least exploring the technology.

4906

Except you can’t. How are you going to ensure that you’ve sent every eligible voter $1? Are you going to get every voter to create a “wallet” and then somehow tell you what their wallet ID is? How are you going to verify that the wallet ID you got really came from the voter you think it came from? Short answer you can’t.

Plus, you know not everybody has a smart phone, right?

4907

The answer is no, you need blind trust on the manufacturers.

Only by giving up anonimity. Or using plain old centralized encryption anyway (not that blockchains are decentralized in practice), making blockchain it a waste of money that adds nothing.

4908

Thanks for the post. I really do feel like digital voting security is an extremely solvable problem that we should probably dedicate resources to. If blockchain isn’t the answer, some other accountability method must be possible. Paper ballots are also, as we’ve seen, inherently problematic for a variety of reasons.

4909

People still have to register to vote. You can authorize a wallet at the time of registration.

Of course. Voting by phone should never be the only option.

As opposed to blind trust in the makers of voting machines?

Or you could use open source code, for both physical and blockchain devices.

It adds a way to vote that can’t be suppressed by suddenly closing a bunch of polling places. That’s not nothing.

4910

I generally agree with this. My objection to the thing from Yang is that it sounds like mindless blockchain cheerleading from techbros, and that turns me off so much that I really don’t want to hear another thing he says.

4911

Sure, but e.g online voting challenges aren’t solved by blockchain. That’s the point. I’m not objecting to the idea that we should try to make secure online voting. I’m objecting to the blockchain is a hammer so everything is a nail approach to the problem.

4912

No, paper ballots. Open source can’t save you, it still has bugs and you can’t verify what’s actually running in a voting machine.

It adds nothing that regular cryptography that is already present in the browser can’t do, and you don’t provide another failure point by having voters be mislead into downloading a compromised version. So, use a website.

Really, blockchain is technicaly interesting, but it has no practical use whatsoever. You can’t guarantee decentralization and it doesn’t add any security.

4913

I do think it’s worth considering that at least part of the reason we don’t have online voting is that some people want voting to be hard, onerous, and time-consuming so that the wrong people don’t bother. With sufficient will, I don’t know why it would so hard to produce online voting technology that was ‘secure enough’. But you don’t need blockchain for that.

4914

Gillibrand is out:

4915

Good. And I say that as someone who liked Gillibrand and hoped she’d fare better in the race.

But, the culling, it needs to happen.

4916

I’m just trying to go grab some ranch.

4917

IMG_20190828_212645
IMG_20190828_212645.png875×492 508 KB

4918

Is he getting fatter?

4919

It looks like he’s manipulating his member under his desk while he talks to her.

Also, can’t imagine why Tulsi might be the only Democrat who gets a sympathetic ear from Carlson and Fox. Hmmm, strange!

4920

I mean the truth is that the question ‘is Tulsi being intentionally excluded’ has an answer, and the answer is yes.

But thats because she is a bad candidate with no broad support and falls below the thresholds.

Kinda like half the field is. Curious that.

4921

I think he’s going for the Rush “Pillhead” Limbaugh look.

I guess “Fathead” would work too, in both the literal and figurative senses.

4922

I thought the DNC came up with set thresholds on polls/donations to be eligible to debate, and if a candidate doesn’t meet them that’s the DNC not purposely excluding someone (unless they create the thresholds to be just above what a specific candidate gets)?

If the question was ‘should Tulsi be intentionally excluded’, then I would agree with your post 100%.

4923

Tulsi thinks that tweeting Tucker Carlson on Fox is the way to win hearts and minds.

… Which goes to show exactly which hearts and minds she was after the whole time.