Split Thread Electronic voting

[Segnosaur]

Per my post above, my immediate though was that it could be used to protect the data, while still providing anonymity for the source. The anonymity seems like an important requirement in a voting system, but it’s also going to be a source of problems when the system/process around the blcokchain is inevitably compromised.

Not only that, you can't have TOTAL anonymity, since you still need to record who has already voted to prevent multiple votes (as well as determining who is actually registered). So somewhere along the line you need some sort of records: "Voter X done. Voter Y, not voted yet".

 

[Upchurch]

No it is not! That is just your ignorance talking.

Bitcoin exchanges are a weak point in the currency exchange system but the blockchain itself is the most secure, immutable thing invented in cyberspace. Start learning about these things.

...do you see the problem for using blockchain for voting?

 

[psionl0]

Not only that, you can't have TOTAL anonymity, since you still need to record who has already voted to prevent multiple votes (as well as determining who is actually registered). So somewhere along the line you need some sort of records: "Voter X done. Voter Y, not voted yet".

This has already been solved and is in practical use. Did you look at Monero (mentioned above) or did you just say, "I haven't heard of a solution so no solution exists"?

...do you see the problem for using blockchain for voting?

No. Nobody has mentioned any problems with using blockchain.

Some pseudo-experts have said that "bitcoin EXCHANGES have been hacked" but that is about as relevant as saying that "flies spread disease".

 

[lomiller]

Not only that, you can't have TOTAL anonymity, since you still need to record who has already voted to prevent multiple votes (as well as determining who is actually registered). So somewhere along the line you need some sort of records: "Voter X done. Voter Y, not voted yet".

I don’t think so. Again using bitcoin as an example, their blockchain doesn’t allow duplicate bitcoins but doesn’t know about all possible bitcoins in advance. In a voting system you’d know it was a valid ballot and who the vote was cast for. What you couldn’t do is figure out who actually cast it or if it were stolen, forged etc.

 

[Segnosaur]

Bitcoin (and other cryptocurrencies) uses blockchain. Bitcoin EXCHANGES often gets hacked (with the loss of millions of dollars).

ftfy. Get the difference yet? There are no voting exchanges.

Actually there will be exchanges of a sort.

Some record of who is registered to vote, and who has already voted needs to be maintained. That will be the equivalent of an 'exchange'. There will also need to be some sort of data gathering process.

Assuming that some malware exists that is able to change the keystrokes a user pushes when constructing a transaction or vote, the fact remains that without the user's private key, a node can not alter the contents of the message (vote) that it received.

Which is of course irrelevant if any malware infects the voting software itself, intercepts the message before it is sent, and either 1) doesn't send it at all (giving a false response) or 2) modifies the message to change the vote in the computer's memory before a key is applied.

The point of the blockchain is that it is not some super secret voting file stored on government computers. It is available to everyone. Anybody can go through the blockchain and verify that the election results are as announced. That is its protection. You don't have to trust anybody. You can see for yourself.

Which of course may be true, but is totally irrelevant, if either the User's computer is compromised by malware, or the system for distributing voter ids is compromised, etc. Doesn't really help much to have access to the source code if some little old lady who's been using her computer only to view pictures of cats gets infected by a virus that prevents her vote from being registered properly. Doesn't help much if someone gets access to a list of registered voters and/or their IDs and uses it to "stuff" the electronic ballot box. The ability to verify the counts are reported correctly is of no value if the counts include thousands of fraudulent votes (or is missing valid votes).

Oh, and by the way... while Blockchain may be secure, that does not mean that it is 100% completely invulnerable.

Maybe I'm missing something here.... please, give us a rundown of how you think this mythical voting system might work. How will you identify what voters have voted? What software will people use to vote? How do you ensure security in the data collection process? It sounds like you're just taking the word 'blockchain' and assuming its some magic talisman that can cure all security problems.

(I actually tried bitcoin before... setting up various software that was needed, buying a small amount of bitcoin, etc. just to see what it was like. It would likely be outside the ability of a large segment of the population to use bitcoin. Yes, I know... bitcoin is not blockchain, but bitcoin does use blockchain, and if the same technology is used in a voting, the setup procedure would have to be made wayyyy simpler.)

 

[lomiller]

"bitcoin EXCHANGES have been hacked"

Which demonstrates that blockchain did not keep the bitcoins secure. What the blockchain did keep secure is the identity of the thief.

It’s a practical example of why you can’t just say “we can use blockchain to make it secure!!!”

 

[lomiller]

Actually there will be exchanges of a sort.

Some record of who is registered to vote, and who has already voted needs to be maintained. That will be the equivalent of an 'exchange'. There will also need to be some sort of data gathering process.

Which is of course irrelevant if any malware infects the voting software itself, intercepts the message before it is sent, and either 1) doesn't send it at all (giving a false response) or 2) modifies the message to change the vote in the computer's memory before a key is applied.

Also, thecentral systems are by definition not secure for the government itself and unlike paper ballots the it’s almost impossible for third parties to audit.

 

[psionl0]

Which demonstrates that blockchain did not keep the bitcoins secure.

Woosh. Right over your head.

 

[WilliamSeger]

Woosh. Right over your head.

Perhaps you should describe your proposed voting system in more detail so we can examine it for vulnerabilities.

 

[Upchurch]

No. Nobody has mentioned any problems with using blockchain.

The hint is in your previous post. If the exchanges are the weak point in bitcoin, guess where the weak point is in using blockchain for voting.

 

[psionl0]

It sounds like you're just taking the word 'blockchain' and assuming its some magic talisman that can cure all security problems.

No, I have researched blockchain technology and found out how it can overcome the current concerns about security and hacking. All of the real and imagined problems with electronic voting listed here have nothing to do with blockchain itself.

I imagine that the voting process would work more in the internet banking style where one logs into a secure local server and casts their vote via that server. There may even be voting centres where one may go if they would rather not use a computer at all.

The real problem is not coming up with a suitable mechanism for voting but overcoming the objections of people who confidently say "blockchain is not secure" as if they know what they are talking about.

 

[psionl0]

The hint is in your previous post. If the exchanges are the weak point in bitcoin, guess where the weak point is in using blockchain for voting.

Voting exchanges?????

 

[Upchurch]

Voting exchanges?????

Voting machines. That's the point.

 

[psionl0]

Voting machines. That's the point.

I would like to say that voting centres aren't run by cowboys who would allow substandard voting machines to be used and that the machines would be tamper proof. Unfortunately, the "hanging chad" fiasco shows this is not always necessarily so.

BTW I thought voting machines were already universal in the US.

 

[Upchurch]

I would like to say that voting centres aren't run by cowboys who would allow substandard voting machines to be used and that the machines would be tamper proof.

Can you tell a substandard or tampered voting machine just by looking at it? More importantly, could your average poll worker?

Poll workers can identify when other poll workers are filling out ballots and stuffing the voting box. They cannot audit code to verify that it hasn't been modified to stuff the virtual voting box and/or blockchain.

BTW I thought voting machines were already universal in the US.

I don't know about universal, but there has been one at at my polling place for several years now. I used it once or twice and then stopped.

 

[Segnosaur]

It sounds like you're just taking the word 'blockchain' and assuming its some magic talisman that can cure all security problems.

No, I have researched blockchain technology and found out how it can overcome the current concerns about security and hacking.

Except of course for the concerns about malware on the client computer. And concerns about the integrity of voter identification methods.

So yeah, with the amount of handwaving you do, it still sounds like you are invoking "blockchain" as a magic talisman.

All of the real and imagined problems with electronic voting listed here have nothing to do with blockchain itself.

Which again is irrelevant. Problems have been posted that have nothing to do with blockchain, and that blockchain would not fix. You haven't addressed them.

I imagine that the voting process would work more in the internet banking style where one logs into a secure local server and casts their vote via that server.

You "imagine"? Could you get any more vague than that? Perhaps before you start running around suggesting "blockchain can solve all our problems" you should put a little more thought into implementation.

I access my bank through a web site. If your suggesting that the government would run a similar web site (and use block chain to store the results behind the scenes) then you are leaving yet another security vulnerability... the web server itself which can be compromised.

There may even be voting centres where one may go if they would rather not use a computer at all.

So, how would you prevent someone from voting on line, then running down to their local polling station to cast a second (paper) ballot?

The real problem is not coming up with a suitable mechanism for voting but overcoming the objections of people who confidently say "blockchain is not secure" as if they know what they are talking about.

No, the mechanism of enacting a voting system is actually a real problem, and can't be hand-waved away, regardless of how much you try. Even if blockchain is 100% secure, it does not mean that a system would be secure if there are vulnerabilities apart from blockchain.

So please, for the love of thor, quit talking about how secure blockchain is and tell us how you would build a voting system around it. I will even give you the benefit of the doubt and say that "blockchain is 100% secure", but you have to build a system that actually uses it. No handwaving away.

 

[psionl0]

Can you tell a substandard or tampered voting machine just by looking at it? More importantly, could your average poll worker?

A machine that had the proper official firmware installed, had the proper seals on it and was regularly tested would be hard to tamper with. Your video showing somebody inserting a thumb drive into a voting machine is fanciful.

But finding people who know what they are doing to set it up properly may not always be a priority in US politics.

 

[Ambrosia]

A machine that had the proper official firmware installed, had the proper seals on it and was regularly tested would be hard to tamper with. Your video showing somebody inserting a thumb drive into a voting machine is fanciful.

As requested by WilliamSeger and Segnosaur, could you please describe how you would setup such an electronic voting system so as to make it secure.

You do know that right now in the US the present crop of voting machines are in fact programmed using a USB thumb drive don't you.

If a machine has the proper official firmware installed, how is that tested? Why do we trust the people testing it? Or the people making it? It's not just malicious attackers we need to defend against, put a comma in the wrong place and the code could be borked enough to put votes for the GOP in the Green party column.

Who put the seals on the machine after the test? - why do we trust them?

I agree with you that using blockchain technology to secure the results makes a lot of sense, but again, it's only secure *after* it's entered into the blockchain.
Before then there are any number of ways to tamper with machines/servers to make sure that they record the votes that you want them to record, rather than what the voters meant to record, if you wanted to influence an election.

And again the stakes are high.
If you were, say, Vladimir Putin, and you absolutely, positively did not want Clinton elected, and the US used electronic voting machines that were attackable from within Russia, wouldn't you direct your agents to try everything they could to do that?
If you were an oil company exec, and one party promised to sign a deal allowing a massive oil pipelines construction, while the other party refused to do so. Or if one party wanted to do away with environmental protections?
Or say you ran a big construction company that specialised in building walls?
Maybe a defense company with one party planning to massively increase military spending, in exactly your companies area of expertise, while the other party planned to reduce defense expenditure.
It's not hard to find people that want to try hacking computer systems that are supposedly impenetrable. People try stuff like that just for the lolz.


Paper ballots have been used for decades, and just about every means to attack them has been tried already, and defended against.

Have I mentioned the stakes are high?

If it's not broken why fix it?

What is broken is the two party trending FPTP voting system we use that does not represent the people well and disenfranchises lots of people from actually voting.

By all means come up with a system that is as secure as paper ballots, and let us try to pick holes in it. Blockchain only solves half the security problem, how do you propose to secure the other half?

A truly secure online platform to cast votes would revolutionise voting and make the guy who comes up with it a multi-millionaire.

 

[psionl0]

You do know that right now in the US the present crop of voting machines are in fact programmed using a USB thumb drive don't you.

I didn't know that actually but it would not surprise me if it turns out that the voting machines are eminently tamperable. Maybe the Russians have already tampered with the machines.

On my own I can suggest a couple of methods to improve the security of voting machines but I am not a security expert and I wouldn't be able to make them foolproof.

What is broken is the two party trending FPTP voting system we use that does not represent the people well and disenfranchises lots of people from actually voting.

Yes, that was what this thread was originally about and this discussion about electronic voting would fall under the category of "thread drift".

By all means come up with a system that is as secure as paper ballots, and let us try to pick holes in it. Blockchain only solves half the security problem, how do you propose to secure the other half?

A truly secure online platform to cast votes would revolutionise voting and make the guy who comes up with it a multi-millionaire.

We may be close to that already. I don't have enough knowledge of the originating end of the voting process to make extravagant claims about it (but that doesn't stop others making extravagant claims against it). I know that you can create voting messages that are unalterable but I don't know how that process can be affected by a malware infested computer. Time will tell.

 

[Brainster]

The past ten years have soured me on the Two Party system. Time to move to a multi party system in the US.

We have quite a few parties. The problem is nobody except for the Democrats or the Republicans can draw a significant amount of votes. So people suggest IRV or some other scheme. The idea seems to be that lots of folks would vote for Green Party candidates but they're just too doggone concerned that would result in the Republican winning. I think the actual number of those people is pretty miniscule, but suppose Jill Stein gets 10% in the first round. What does that actually mean? She's still not going to become president, her party still isn't going to win any seats.

So people will suggest proportional representation: That if the Greens get 10% of the votes they should get 10% of the seats. But proportional representation inevitably means that some districts will be represented by candidates that were largely rejected by that district in the actual election. Effectively it means indirect elections--certainly less democratic.

I do note too that some of the recent voting "improvements" have a decidedly mixed record. California's jungle primary has brought together two unlikely allies in opposing it:

There isn’t much that unites Nancy Pelosi and Kevin McCarthy these days, but the two most powerful Californians in American politics agree wholeheartedly on this: They both despise their state’s “top two” primary, a system adopted by voters in 2010 that dispenses with party labels and has wreaked havoc for Democrats and Republicans alike.

“This is not a reform. It is terrible,” Pelosi, the House minority leader and former Democratic speaker, told reporters last month. She complained that the system costs too much money and shuts out smaller parties in the name of opening up the primary process to a broader population of voters.

“I hate the top-two,” McCarthy, the House majority leader and a potential successor to GOP Speaker Paul Ryan, told The New York Times last week.