Blockchain for Voting: A Warning From MITResearchers Say Blockchain Introduces More Problems Than It Solves
Blockchain technology, for all of its cryptographic cleverness, has often been mocked as the solution that's looking for a problem.
Bitcoin, which is built on blockchain, thrives as a kind of alt-underground currency. And flavors of blockchain technology are being applied to enterprise use cases, such as supply-chain tracking. But it's still a wandering nomad technology, never quite perfect but alluring and magical enough to draw attention.
Introducing a new system in an era of rampant misinformation and mistrust may be risky even if it works perfectly and securely.
Some have suggested that blockchain, a decentralized, distributed ledger, may be useful for voting. But in a new paper, researchers at Massachusetts Institute of Technology affirm a humorous cartoon from XKCD about potential blockchain voting products: "Whatever they sold you, don't touch it. Bury it in the desert. Wear gloves."
"While current election systems are far from perfect, internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures," according to the paper. "Perhaps counterintuitively, getting rid of not only outdated voting equipment but also paper ballots risks 'throwing the baby out with the bathwater' and making elections much less secure."
One main aim of an election is to convince the loser that they, in fact, lost. Using blockchain-based technology for voting would muddy the waters further, the paper argues.
One of the papers co-authors is Ron Rivest, one of the three famed cryptographers credited with inventing the RSA algorithm, which revolutionized the public key cryptography that underpins much of transactional security on the internet. The paper is co-authored by MIT's Michael Spector, Neha Narula and Sunoo Park, who is also with Harvard.
"While current election systems are far from perfect, blockchain would greatly increase the risk of undetectable, nation-scale election failures," Rivest says in a statement. "Any turnout increase would come at the cost of losing meaningful assurance that votes have been counted as they were cast."
With a paper ballot, voters can see if their ballot is correct. But votes cast entirely through software pose risks that a single bug could make it appear that a vote has been recorded correctly even if it was changed.
Modernizing voting is an appropriate discussion to have in the wake of the U.S. election. For decades, technologists have pondered how to use software for voting in a way that protects sacred voting tenets: secrecy yet verifiability by voters and auditability by election authorities.
It's a hard nut to crack, but there are viable end-to-end encrypted systems, including STAR-Vote, that protect ballot secrecy but ensure transparent tallies and provide assurance to voters. But adoption of STAR-Vote has been held back for commercial reasons, as a story in Wired magazine notes.
Blockchain's Voting Problems
There are obvious, first-line problems with blockchain. Key management is one.
Bitcoin, for example, can be transferred using a private key. But if a private key is compromised - and there are plenty of examples of tear-inducing cryptocurrency thefts - that mean, in voting terms, someone else could cast a ballot. There's not just the problem of protecting keys, but also distributing them securely.
While stolen cryptocurrency is unfortunate, "elections have much higher stakes than cryptocurrency. An attack on many cryptocurrency users would cause monetary loss, an attack on many voters can cause government change," according to the paper.
Blockchains can also be compromised. They're powered in some systems by "miners," or nodes that do the brute-force calculations needed to complete a new block in the chain. But if a proportion of those participants turn malicious, it can result in mayhem.
Permissioned blockchains - which by design don't let unvetted participants join - are the logical solution. But permissioned blockchains have both fewer and more homogenous servers, enhancing the "possibility that they could all be compromised," the paper says.
"Permissioned blockchains also do not address the issues of key management or the security of software and hardware on user devices," the MIT experts write.
There are also new problems that blockchains introduce, they write. One is coordinating fixing bugs and deploying new software, which in a decentralized system may never be quick. More than a quarter of the bitcoin network is still vulnerable to CVE-2018-17145, which was discovered in 2018.
Blockchains simply have not been around long enough to be used for mission-critical applications. Privacy-centered cryptocurrencies, such as Zcash and Monero, have novel ways to protect transactional privacy - which could have applications to voting as well - but both have endured critical bugs, the researchers write.
"Another independent concern with using some blockchains for voting is the inadvisability of using new distributed consensus protocols or new cryptographic primitives for critical infrastructure until they have been well-tested in industry for many years," they write.
Paper Ballots: Tried and True
I'd also argue there's a large public perception barrier that's now been exacerbated by the latest presidential election.
Cybersecurity, at least this time around, wasn't a problem in the election. The Cybersecurity and Infrastructure Security Agency and a group of other agencies, nonpartisan groups and voting equipment vendors said last week that the U.S. election was the most secure in U.S. history.
There were minor software errors and anomalies, as is usual in any election. But most states use paper-based voting systems or electronic systems that produce a paper record, which can be audited. And recounts are under way in some states.
Nonetheless, allegations of widespread fraud continue to proliferate two weeks after the election. That's despite judges around the U.S. repeatedly dismissing lawsuits alleging fraud for a lack of evidence.
Ponder how these discussions about voting integrity would go with the intricacies of arcane technology such as blockchain or any new e-voting system that is a significant departure from the status quo. Introducing a new system in an era of rampant misinformation and mistrust may be risky even if it works perfectly and securely.
Paper ballots are slow to process and slow to count. But it's the best we have for both public trust and security.