Australia's Postal Service Mulls e-Voting Using BlockchainExperts Question Whether the Technology Is Appropriate
E-voting, justifiably, scares a lot of computer security experts. If a hacker steals your payment card details, it's a time-consuming annoyance - but it doesn't influence democracy. That's, in part, why experts are casting doubt on a plan by Australia's postal service - yes, that's right, the postal service - to research e-voting technology based on blockchain, the distributed computing technology powering bitcoin.
Australia Post floated the idea in a paper presented to a parliamentary Electoral Matters Committee in the state of Victoria, which has been holding a public e-voting inquiry this week. Victoria, New South Wales and the federal government have already conducted limited e-voting trials, and Victoria is seeking better ways to ensure the security of the systems.
"Key management is - pardon the pun - key to e-voting."
Details are slim, but Australia Post believes that an e-voting system using blockchain could be a solution. In the context of bitcoin, the blockchain is a public ledger that records transactions that have been cryptographically verified by computers running the bitcoin software.
Some financial services companies and technology vendors have been experimenting with blockchain. The technology cryptographically and irrefutably verifies that some action happened at some point in time. The Australian Securities Exchange, which runs the country's main securities trading platform, has been developing a blockchain-based clearing and settlement system (see Could Blockchain Play Broader Role in Payments?).
Electronically casting votes offers many advantages. Over the long-term, it could be cheaper than using paper-based ballots. The accessibility benefits mean voters wouldn't have to wait in long lines in polling places. That's an issue in Australia, where citizens are required by law to vote or face fines.
But the security problems are numerous. Voters have to be authenticated and blocked from voting more than once. Ballots need to be able to be verified by voters but also not made public. The whole process also needs to be secure but still transparent enough to be verifiable by election authorities or third parties.
Australia Post says blockchain would be used to store a cryptographic representation of ballots, a system that would be verifiable by voters but also preserve their privacy.
"We envisage a vote being an electronic transaction whereby a number of voting 'credits' can be 'spent' by the voter to attribute preferences," according to Australia Post's letter. "Permission to vote would be secured through the use of secure digital access keys sent securely to each voter."
That's where it starts to get sticky, and looking to how bitcoin works highlights some of the problems. A bitcoin is transferred using a private encryption key. Bitcoin exchanges - which offer marketplaces to buy the virtual currency - as well as average users have had lots of problems protecting those private keys from hackers. If the key is stolen, the attacker controls the bitcoin (see Bitcoin Hack Highlights Cryptocurrency Challenges).
For voting, sending those access keys - either through the postal service or over the internet - poses all kinds of security concerns. Thieves could pluck election mailings out of post boxes. Delivering them electronically over the internet exposes the keys to all of the usual web-based attack vectors. Malware on personal computers remains an ever-present threat as well, which could grab the keys.
"Key management is - pardon the pun - key to e-voting," says Steve Wilson, a vice president and principal analyst with Constellation Research in Sydney. "You need to make sure that one person gets one key for one vote. If you solve that problem, the ledger onto which the votes are lodged is really not important."
Better Alternative Systems
The fervor around blockchain technology has fueled the ideas for e-voting applications. But there are far simpler and more mature e-voting systems, says Vanessa Teague, senior lecturer in the computing and information systems department at the University of Melbourne.
Victoria's Electoral Commission used the vVote system in the state's 2014 elections. The software is open source, and it is "end-to-end" verifiable, meaning that no human or electronic components have to be trusted to ensure vote integrity. The vVote system also incorporates a public ledger of encrypted votes.
Blockchain ticks the box for a public ledger, but it doesn't address any of the other main e-voting problems, Teague contends. Those problems include how voters verify their ballot without publicly exposing it, how authorities authenticate only eligible voters and how the process of decrypting and tallying votes is verifiable and accurate.
The most secure voting systems involving computers are those positioned inside a polling station, Teague says. Australia Post references the ability to do remote voting over the internet. But, Teague says, "nobody actually knows how to make an internet voting system that meets the security requirements of a real election."
Helios is another open-source, end-to-end verifiable online e-voting system. But even that project's developers, while confident in the system, do not recommend using it in elections where large-scale fraud is a possibility. There's also the issue of the generally poor security state of consumer computers.
"For some elections, notably U.S. federal and state elections, the stakes are too high, and we recommend against capturing votes over the internet," according to a Helios FAQ. "This has nothing to do with Helios itself: we just don't trust that people's home computers are secure enough to withstand significant attacks."
Australia Post's proposal is catchy, given the blockchain buzz, but it's an ambitious project for an organization that focuses primarily on delivering parcels. It also comes after the Australian Bureau of Statistics failed in setting up a robust system for its largest online census earlier this month, causing a scandal that has thrown doubt on the government's ability to execute large-scale technology projects (see IBM Faces Heat Over Aussie Census Stumble).
Wilson suggests blockchain may simply not be appropriate. "As with all non-cryptocurrency use cases, I urge people to be clear about what problem they have, what its security characteristics really are and to think clearly about whether blockchain technology fits the bill," he says.