In the wake of Utah making history with blockchain voting during the 2020 presidential election, some security experts have ramped up their criticism of the idea.
Earlier this week, a team at the Massachusetts Institute of Technology released a draft of a paper titled Going from Bad to Worse: From Internet Voting to Blockchain Voting. The paper follows the release of an MIT report in February that explored the vulnerabilities of the Voatz blockchain voting app.
The new paper acknowledges the concerns that citizens and officials may have about current election security, but the authors argue that even if a blockchain voting option would translate into higher turnout, the method is not safe enough.
“Online voting systems are vulnerable to serious failures: attacks that are larger scale, harder to detect, and easier to execute than analogous attacks against paper-ballot-based voting systems,” the paper reads. “Furthermore, online voting systems will suffer from such vulnerabilities for the foreseeable future given the state of computer security and the high stakes in political elections.”
The paper rejects the idea that a blockchain component would make online voting more secure. The authors admit that, on the surface, the characteristics of blockchain appear to make it a good solution. However, too many potential weaknesses remain.
“Blockchains use consensus protocols to avoid a single point of failure; these protocols can tolerate a small number of participants acting maliciously,” the paper said. “These ideas seem as though they might be helpful for electronic voting: e.g., using cryptographic signatures to make forging votes difficult, and using hashing and distributed consensus to maintain a ledger of votes that attackers cannot tamper with unless they co-opt much of the network. However, it is extremely challenging to make these techniques work reliably in practice.”
One of the key limitations in blockchain voting is that, despite the promise of its more secure structure, it still requires the use of “potentially vulnerable devices and network infrastructure.” Furthermore, the paper outlines a number of “new problems” that blockchain introduces. For example, the authors point out that it would take “more time and effort to deploy security fixes” in a decentralized blockchain-based system, should new software updates be necessary to combat potential attacks.
Later this week, the paper’s argument received some pushback from Pete Martin, CEO of Votem, a company that deals in blockchain voting. Martin expressed his disagreements with the paper during a Decrypt Daily podcast.
Martin said that academics, like the scientists at MIT, can poke holes in anything. In doing so, academics can forget that “there’s a real world out there.”
Martin also took aim at specific claims within the paper. One of his criticisms relates to ballot verification.
“[The researchers] believe that a hand-marked paper ballot is the most voter-verifiable type of ballot,” Martin said. “The problem is there’s a concept in voting called chain of custody. The minute you drop it in the mail, the minute you drop that in a pull box, you have lost chain of custody.”
With this in mind, Martin explained that most 2020 ballots lacked “true end-to-end verifiability.” He then said blockchain can enable such a thing.
Such debates will likely continue in the near future, especially if governments look to potentially expand the use of blockchain voting. Utah now has a legislative proposal for opening up mobile voting within its borders.
Amelia Powers Gardner, a county clerk/auditor who has overseen the use of blockchain voting in Utah County, Utah, and one of Government Technology’s Top 25 Doers, Dreamers and Drivers for 2020, spoke about the proposed bill to Utah’s Government Operations Interim Committee on Tuesday.
“This allows us to do a small, controlled pilot so we can prove out this technology,” Gardner said, according to The Salt Lake Tribune. “So that 10 years from now when we have the vast majority of our voters demand it, that we’ve had the opportunity to test it, to try it, to poke it, to prod it and to ensure that Utah stays the gold standard in the nation.”
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.