Blockchain has been one of the most talked-about technologies of the last decade, but infosec professionals are divided about whether it can effectively improve election security.
In recent years, several states implemented pilot programs that offered online voting through applications that featured blockchain technology. Such internet-enabled election systems were promoted as effective alternatives to in-person voting during the COVID-19 pandemic, and public ledgers were touted as a way to protect the integrity of votes against errors, system failures and cyberattacks. Even the federal government has jumped aboard the blockchain train: In August, the U.S. Postal Service filed a patent application for a “secure voting system” that combines mail-in ballots with blockchain technology.
“A registered voter receives a computer-readable code in the mail and confirms identity and confirms correct ballot information in an election,” the application reads. “The system separates voter identification and vote to ensure vote anonymity, and stores votes on a distributed ledger in a blockchain.”
But many infosec experts have questioned the use of blockchain for elections — most notably Matt Blaze, the McDevitt chair in computer science and law at Georgetown University. One of the most well-known authorities on election security issues, Blaze mocked blockchain voting technology during his keynote address at Black Hat USA 2020 in August.
“We’ve all heard of the blockchain,” he said. “It somehow is a way of producing money out of thin air.”
Blaze isn’t the only blockchain critic. Other experts feel the technology cart has been put ahead of the election security horse, despite the potential of public ledgers. For example, Voatz, which helmed pilot programs in West Virginia and Denver and is arguably the biggest vendor of blockchain voting products, has come under fire this year; security researchers reported significant vulnerabilities and weaknesses in the Voatz mobile app, while also casting doubt on the vendor’s use of blockchain.
And while some in the infosec community see enormous value in applying public ledgers to identity and access management (IAM), they’re apprehensive about applying blockchain to U.S. election infrastructure and fundamentally altering it, for better or for worse.
Blockchain bonanza
While blockchain has received considerable hype across the technology industry, it’s also emerged as a proven moneymaker. IDC estimated spending on overall blockchain products and services to reach $4.1 billion this year, a 50% increase from 2019. Gartner analysts forecast that by 2025, the total business value added by blockchain will reach more than $176 billion.
Distributed ledger technology has seen significant traction in several security markets. Vendors such as IBM have implemented blockchain in their identity management offerings, while numerous startups have embraced distributed ledgers for a variety of data security applications.
Ping Identity recently completed its acquisition of ShoCard, a startup that provides consumer identity management via a blockchain-based platform. ShoCard founder Armin Ebrahimi, now head of distributed identity at Ping, said on one hand, blockchain has been overhyped in terms of its appeal and relevance.
“People just started throwing blockchain in everything they were doing because you could get money and funding that way,” he said. “To say blockchain is good for everything, as some enthusiasts do, well, that’s not really the case.”
On the other hand, Ebrahimi said, distributed ledgers have demonstrated strong value for identity management for both enterprise users and consumers, and there’s potential for its use in election systems.
Frederic Kerrest, co-founder and COO of IAM provider Okta, agreed and said blockchain is no longer a “cutting-edge technology. It’s pretty much leading edge now.”
Kerrest said there’s a huge opportunity for blockchain-based voting technology that allows citizens to cast votes via the internet or mobile devices and preserves the results on a distributed, public ledger that can’t be tampered with by threat actors. “The immutability of blockchain has all sorts of upside,” he said. “But I think there are a lot of risks there, too.”
Drawbacks, risks and limitations
Distributed ledgers have been proven effective for cryptocurrencies, but many security experts are skeptical about how blockchain can be applied to election systems in a way that improves security without introducing other issues.
In his Black Hat keynote, Blaze said blockchain-based e-voting just adds more software — and complexity — to the election process and makes ballot secrecy nearly impossible. In addition, he said such implementations are heavily dependent on the integrity of client software and the data entered into the ledger in the first place.
Client software has become a major sticking point for critics of blockchain voting, particularly with Voatz. In February, a research team from MIT revealed they had reverse engineered the vendor’s Android application and discovered serious vulnerabilities that could compromise voters’ private data and change or even prevent users’ votes. The researchers also found that blockchain wasn’t applied to voting results until after the app transmitted votes to the vendor’s validation servers, meaning the app’s data could be compromised before it was entered into the distributed ledger.
Voatz disputed the MIT research, claiming the results were tainted by the use of a reverse-engineered application, and accused the researchers of deliberately sowing fear and confusion to disrupt the electoral process. In response, Voatz commissioned infosec consultancy Trail of Bits to review the vendor’s mobile app and back-end servers. But Trail of Bits’ report not only supported the MIT research but found other issues as well, while also confirming there was no evidence of blockchain code on the client app.
(Earlier this year, a Voatz spokesperson requested SearchSecurity refer to the findings as “claims” and not confirmed vulnerabilities. SearchSecurity declined and asked for Voatz to explain in detail what was incorrect about the MIT research and Trail of Bits report but did not hear back from the company.)
Karl Sigler, senior security research manager at Trustwave’s SpiderLabs, said the immutability of blockchain makes it attractive for recording votes. But blockchain doesn’t exist in a vacuum, he said. “Security is all about implementation,” he said in an email to SearchSecurity. “While votes recorded in a blockchain would be extremely tamper-proof, the devil is in the details, and security concerns will arise from the implementation.”
Chris HowellCTO, Wickr
One of those concerns, Sigler said, is how the votes are cast and entered into the distributed ledger. Chris Howell, CTO and co-founder of Wickr, a videoconferencing and collaboration platform that features end-to-end encryption, shared that concern and said managing the data entry and cryptography on a mobile client or e-voting machine can be extremely challenging.
“Blockchain can be very precise, but it requires precision from square one,” Howell said. “If it’s not done correctly at the local level, then the data going into the ledger may not be accurate and then your immutable data is just immutable rubbish.”
Howell also said it’s debatable whether blockchain voting actually solves the biggest problems for today’s election infrastructure. “Blockchain can store votes on a distributed, decentralized ledger,” he said. “But the country’s election infrastructure is already fairly decentralized, and that makes widespread attacks on voting systems pretty challenging.”
In addition, while blockchain could conceivably protect voting results from tampering, Howell said it would do very little to reduce some of today’s common problems such as voter registration errors, ballots mistakes and technical failures with voting systems. At the same time, blockchain-based voting could introduce privacy issues and new kinds of technical and security issues. “At this point, you’re just ending up with different problems than you had before,” he said.
In terms of threats to election infrastructure, Israel Barak, CISO at Cybereason, said blockchain doesn’t eliminate some of the more devastating types of cyberattacks that could be launched by adversaries. Those include server penetration attacks where threat actors could potentially compromise the availability and integrity of the data; client attacks, which could block or alter votes before they reach the distributed ledger; and DOS attacks, which could prevent voters from accessing the technology or election officials from tallying the results.
“Blockchain-based voting applications represent a valid path forward in enabling e-voting,” Barak said via email. “However, there are multiple unresolved risks that are inherent to the e-voting process, even when using blockchain-based technology.”
Security news writer Arielle Waldman contributed to this report.