Split Thread Electronic voting

[psionl0]

If it's possible to do electronic voting and have the process as high security as paper ballots are today then I'm all for that.
. . . . . . .

@Ambrosia, I understand your skepticism. Up until a few years ago I also would have thought that this was not possible.

Yet it has been achieved in the banking industry. If you think that gaming elections is worth money then imagine if you could game banking. Yet thanks to encryption technology and other security measures, online banking is about as safe as writing a paper check or visiting the local branch of your bank. This has been achieved despite the hostile nature of the internet.

What makes blockchain different is that it is fully decentralized. There may be 1000s or even 100000s of nodes all working on verifying votes and adding them to the blockchain. One individual can not control that many nodes. A node can not add a block to the chain without doing a "proof of work" process (essentially guessing the correct number - known as a nonce). Once a block has been added, it can't be altered or at least, it can't be altered without recalculating the nonce of all future blocks that have been added and that difficulty increases exponentially high after a few blocks.

The software that does all of this is open source so that anybody can examine it. However, that is not as important as the fact that the entire blockchain is publically available for anybody who wishes to find any "flaws". Any voter would be able to examine the blockchain and verify that their votes were not tampered with.

I'm not saying that it is foolproof but "hanging chad" fisacos or ballot box tampering is much less likely to occur with this technology.

No, it can only assure that data wasn't altered after it was inserted in the blockchain.

That is not true either. It is virtually impossible for somebody to do a transaction against a wallet or alter a wallet transaction without possessing the user's private "key". The same goes for tampering with votes and digital voting cards.

 

[WilliamSeger]

@Ambrosia, I understand your skepticism. Up until a few years ago I also would have thought that this was not possible.

Yet it has been achieved in the banking industry. If you think that gaming elections is worth money then imagine if you could game banking. Yet thanks to encryption technology and other security measures, online banking is about as safe as writing a paper check or visiting the local branch of your bank. This has been achieved despite the hostile nature of the internet.

What makes blockchain different is that it is fully decentralized. There may be 1000s or even 100000s of nodes all working on verifying votes and adding them to the blockchain. One individual can not control that many nodes. A node can not add a block to the chain without doing a "proof of work" process (essentially guessing the correct number - known as a nonce). Once a block has been added, it can't be altered or at least, it can't be altered without recalculating the nonce of all future blocks that have been added and that difficulty increases exponentially high after a few blocks.

The software that does all of this is open source so that anybody can examine it. However, that is not as important as the fact that the entire blockchain is publically available for anybody who wishes to find any "flaws". Any voter would be able to examine the blockchain and verify that their votes were not tampered with.

I'm not saying that it is foolproof but "hanging chad" fisacos or ballot box tampering is much less likely to occur with this technology.


That is not true either. It is virtually impossible for somebody to do a transaction against a wallet or alter a wallet transaction without possessing the user's private "key". The same goes for tampering with votes and digital voting cards.

It takes software to get input from some device and build a blockchain entry. My online banking is not safe if my PC has been hacked with a key logger.

 

[lomiller]

It is not just an older video, it is out of date.

Blockchain technology has the potential to make electronic voting unhackable. It even has the ability to maintain voter privacy (Monero style).

It could also hide meddling with voting results and make voter fraud untraceable.

 

[psionl0]

It takes software to get input from some device and build a blockchain entry. My online banking is not safe if my PC has been hacked with a key logger.

Malware infected computers can be a security hazard for an online bank user or voter but so can impersonating another voter at the ballot box.

You missed the point that a hostile computer can not overcome the "proof of work" that the blockchain requires.

 

[psionl0]

It could also hide meddling with voting results and make voter fraud untraceable.

Why don't you learn about the blockchain then tell us how this works.

 

[psionl0]

Bitcoin exchanges have been compromised on a fairly regular basis, with losses at todays prices that amount to tens of billions of dollars.

There have been more since this was written.
https://arstechnica.com/tech-policy/2017/12/a-brief-history-of-bitcoin-hacks-and-frauds/

What has any of that got to do with a blockchain? You do know the difference between an exchange and a blockchain don't you?

 

[lomiller]

What has any of that got to do with a blockchain?

Where do you think blockchain came from?

 

[Segnosaur]

@Ambrosia, I understand your skepticism. Up until a few years ago I also would have thought that this was not possible.

Yet it has been achieved in the banking industry.

The main difference between an election and banking transactions is that usually banking transactions are not time-dependent. If the bank's computer is down, you may not be able to pay your bills today, but there is a chance things will be up and running tomorrow. On the other hand, an election is much more dependent on a calendar, with a huge number of transactions to be processed in a short (1 day) time frame. If something goes down, your election is in doubt.

Yet thanks to encryption technology and other security measures, online banking is about as safe as writing a paper check or visiting the local branch of your bank.

Banking is relatively safe, but banking systems are breached on a fairly regular basis. (Sometimes the breaches are internal, sometimes they are the result of external hackers.)

https://en.wikipedia.org/wiki/List_of_data_breaches (note: not all the listed entries are banks, but several are)

Now, because there are multiple banks (and no one person will have an account at all of them), a data breach won't affect everyone. On the other hand, in an election a security breach can involve the entire population.

What makes blockchain different is that it is fully decentralized. There may be 1000s or even 100000s of nodes all working on verifying votes and adding them to the blockchain.

Not sure why that's all that useful/relevant. By its nature, a voting system doesn't necessarily need to be decentralized... just the opposite: it needs a central server to act as a vote counter/repository.

An SSL connection from the user's browser to the government server will probably provide the needed host-to-server security. The problem is, you still have other major points of attack: The user's computer (which is susceptible to viruses, key loggers), voter 'identification' (some sort of way to uniquely identify voters), and the government's servers (which could be manually hacked in to.) Yes, you can use blockchain or other technology for data transmission/storage, but it doesn't really solve any of the major problems (and may add substantially to the complexity).

 

[WilliamSeger]

Malware infected computers can be a security hazard for an online bank user or voter but so can impersonating another voter at the ballot box.

You missed the point that a hostile computer can not overcome the "proof of work" that the blockchain requires.

I didn't miss anything; I said the data is safe after it's in the blockchain. It's that process that's still hackable. You're right that money attracts bad guys, (Ninja'd: BTW: Over a billion dollars have been stolen from cryptocurrency wallets by hacking exchange servers and stealing passwords, and it's untraceable where it went.)

 

[Segnosaur]

Malware infected computers can be a security hazard for an online bank user or voter but so can impersonating another voter at the ballot box.

The difference is I can write a virus/Trojan horse that has the ability to compromise hundreds (if not thousands) of voters, which each new infected system requiring no additional work. Granted, not everyone will be affected (some may use different operating systems, others may have really good virus scanners/firewalls). But even if you can infect 0.01% of computers, that could impact hundreds of thousands of voters.

On the other hand, attempting voter fraud by posing as another voter will have far less impact. (It means you have to physically go to the polling station, perhaps stand in line for a while, and hope that the person you are impersonating hasn't already voted.) And you could likely only do that a few times; after all, if you go to the same polling station multiple times, you may get identified.

 

[psionl0]

Where do you think blockchain came from?

From bitcoin exchanges?

 

[psionl0]

Not sure why that's all that useful/relevant. By its nature, a voting system doesn't necessarily need to be decentralized... just the opposite: it needs a central server to act as a vote counter/repository.

You have just listed all of the problems and potential problems with centralized electronic voting and can't see the relevance of a decentralized system?

 

[Segnosaur]

Where do you think blockchain came from?

From bitcoin exchanges?

I think his point was:

Bitcoin (and other cryptocurrencies) uses blockchain. Bitcoin often gets hacked (with the loss of millions of dollars). So even if blockchain may provide a certain amount of security, it is no guarantee that the data will remain safe/secure.

If blockchain is used for voting, it may provide security against some types of cyberattacks, but there will be more than enough security vulnerabilities to make it too risky to use as the basis for a voting system.

 

[lomiller]

From bitcoin exchanges?

The first functioning Blockchain was developed for and with bitcoin. Most current implementation of blockchain is adapted from the version used in bitcoin or other cryptocurrency’s.

It could be useful in an electronic voting system, as it allows you to verify the data and keep the source anonymous. It does not insure the entire system is secure, and because of the anonymity it affords it makes tracing any compromise difficult or impossible, just like it made tracing stolen cryptocurrency all but impossible after exchanges were compromised.

 

[Segnosaur]

Not sure why that's all that useful/relevant. By its nature, a voting system doesn't necessarily need to be decentralized... just the opposite: it needs a central server to act as a vote counter/repository.

You have just listed all of the problems and potential problems with centralized electronic voting and can't see the relevance of a decentralized system?

Uhhhh... no.

Most of the problems I highlighted (vulnerability of user computers to viruses affecting voting, problems with whatever means are used to identify voters) are ones that affect both centralized and decentralized voting systems.

And as I stated before, ultimately the votes WILL have to be tallied by the government.

Seriously, what problem do you think blockchain will overcome? How exactly will it prevent a keylogging virus on a user's machine from corrupting their vote? How will it make sure secure delivery of whatever voting identifier is used?

 

[psionl0]

. . . . just like it made tracing stolen cryptocurrency all but impossible after exchanges were compromised.

Until you learn the difference between the blockchain and an exchange you are just posting utter rubbish.

 

[lomiller]

Seriously, what problem do you think blockchain will overcome?

Per my post above, my immediate though was that it could be used to protect the data, while still providing anonymity for the source. The anonymity seems like an important requirement in a voting system, but it’s also going to be a source of problems when the system/process around the blcokchain is inevitably compromised.

 

[psionl0]

Bitcoin (and other cryptocurrencies) uses blockchain. Bitcoin EXCHANGES often gets hacked (with the loss of millions of dollars).

ftfy. Get the difference yet? There are no voting exchanges.

Seriously, what problem do you think blockchain will overcome? How exactly will it prevent a keylogging virus on a user's machine from corrupting their vote? How will it make sure secure delivery of whatever voting identifier is used?

Assuming that some malware exists that is able to change the keystrokes a user pushes when constructing a transaction or vote, the fact remains that without the user's private key, a node can not alter the contents of the message (vote) that it received.

The point of the blockchain is that it is not some super secret voting file stored on government computers. It is available to everyone. Anybody can go through the blockchain and verify that the election results are as announced. That is its protection. You don't have to trust anybody. You can see for yourself.

 

[lomiller]

Until you learn the difference between the blockchain and an exchange you are just posting utter rubbish.

Woosh. Right over your head.

The point is/was that systems build on blockchain are still compromised on a regular basis, and by their nature it can be difficult and perhaps impossible to identify and remediate such compromises.

 

[psionl0]

The point is/was that systems build on blockchain are still compromised on a regular basis . . ..

No it is not! That is just your ignorance talking.

Bitcoin exchanges are a weak point in the currency exchange system but the blockchain itself is the most secure, immutable thing invented in cyberspace. Start learning about these things.