Blockchain-enabled voting: revolutionary for democracy or a recipe for disaster?
The debate over blockchain-based political voting re-emerged recently as Democratic US presidential hopeful Andrew Yang backs the technology to boost voter numbers and security, while a French researcher has hacked into the blockchain-based voting system which officials plan to use next month for the 2019 Moscow City Duma election.
On his campaign website, Yang states that voting should be available via mobile devices with verification through blockchain. He argues that modernising voting with decentralised ledger technology could increase security, reduce inconsistent processes between states and restore confidence in democracy.
Philip Boucher, a European Policy Research Service (EPRS) policy analyst, explains the theory behind blockchain voting: “In elections, we usually have a central authority that records, checks and counts all of the votes. With blockchain, the process is decentralised so everyone can hold a copy of the full voting record on their own devices. The data is encrypted to protect the identity of individual voters. Illegitimate votes cannot be added and the historical record cannot be changed because everyone holds a copy and can check that all of the votes comply with the rules and are counted properly.”
Some have even suggested that in future, blockchain votes could be encoded into ‘smart contracts’ so that the results automatically take effect “like a self-implementing manifesto”.
With blockchain, the process is decentralised so everyone can hold a copy of the full voting record on their own devices.
Several countries and local authorities have explored or experimented with the idea of digital voting.
Recent research from the University of Chicago concluded that the ability to vote with a mobile device increased turnout by three to five percentage points in the 2018 federal election in West Virginia, suggesting that mobile voting has the potential to significantly boost participation in future elections.
Anthony Fowler, Associate Professor, Harris School of Public Policy, University of Chicago, said: “The ability to cast votes on a mobile device could potentially have a powerful effect on voter turnout while drastically lowering the cost of voting." But, he added: "At the same time, current survey data shows that many Americans are wary of online voting."
In Estonian parliamentary elections in March this year, 44 per cent of the ballot was cast using e-voting.
However, security fears have typically held back the wider deployment of digital voting. Blockchain has been touted by some as the answer.
"It’s ridiculous that in 2020 we are still standing in line for hours to vote in antiquated voting booths,” Yang says on his site. “It is 100 per cent technically possible to have fraud-proof voting on our mobile phones today using the blockchain.
“This would revolutionise true democracy and increase participation to include all Americans – those without smartphones could use the legacy system and lines would be very short."
Others, though, are not so sure. Cesar Cerrudo, CTO at IOActive Labs, a security research firm, told SmartCitiesWorld he believed implementing digital voting in this way would be “just craziness”.
He said he sees more risks than opportunities, explaining: “You need to have an extremely secure system from end to end, which is very difficult to do in a practical way. For example, malware is present in most devices nowadays so a compromised device will mean that any vote coming from that device can’t be trusted. [You can’t always know whether] a device is compromised or not, so how do you trust the votes?”
He added that if someone’s device was hacked, their vote could be changed without their knowledge. “The vote would be saved on blockchain and won’t be able to be changed anymore. Secure e-voting is very complex and blockchain alone is not a solution,” he said.
Some of these risks have now been demonstrated by Pierrick Gaudry, a researcher at CNRS, the French National Centre for Scientific Research. Less than a month before Moscow tries out online voting as part of the city’s election of a new parliament, the French cryptographer has exposed a security flaw in the system.
Gaudry took up the challenge after the source code for the voting system was published on GitHub and security experts were encouraged to test it out. The system was developed in-house by the Moscow Department of Information Technology and uses Ethereum blockchain and smart contract capabilities.
Gaudry said he was able to compute the voting system’s private keys based on its public keys. Private keys are used together with public keys to encrypt votes. It took Gaudry 20 minutes to obtain the private key using a standard personal computer.
“Once [private keys] are known, any encrypted data can be decrypted as quickly as they are created,” he said.
The protocol is not available in English yet so Gaudry couldn’t say exactly what the consequences of being able to hack the system this way could be but he noted: “We believe that this weak encryption scheme is used to encrypt the ballots. It is unclear how easy it is for an attacker to [access] the correspondence between the ballots and the voters but in the worst-case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote.”
In the worst-case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote.
The Moscow mayor’s office told Gaudry he would receive an award of €13,500 for his research. Since the publication of his article on the arXiv platform, a new protocol with a longer public key has been proposed by Moscow but a Harvard researcher said he has now found a flaw in that too.
Since 2014, Moscow has been using the Active Citizen e-voting platform and blockchain was introduced in 2017 but September will be the first time the technology is used in legally binding elections in Moscow.
The voting system is set to go live on September 8 and will run for 12 hours throughout the official voting session. The electronic voting option will be available in three electoral districts in Moscow. These districts were chosen by citizens via the Active Citizen platform.
Cerrudo, who has published several papers about smart city security risks, said there is a concern that many in the public sector may not understand more than "simple concepts" about blockchain, and may, therefore, ignore some of the challenges and risks associated.
Last year, research by SmartCitiesWorld found that 40 per cent of city respondents said they had ‘no idea’ how they could use blockchain to solve urban challenges. Although 80 per cent said they understand blockchain well or fairly well, 13 per cent said they don’t get it at all and only 6 per cent consider themselves experts. Respondents that were interested in using blockchain said they saw potential around governance/city administration (63 per cent); citizen engagement/e-voting (52 per cent); transport (44 per cent) energy; (38 per cent); health (38 per cent); and public safety (32 per cent).
“Blockchain is just a secure way to store information that is very difficult to modify without being detected. That’s it,” Cerrudo said. “E-voting is much more complex than just using blockchain.”
"E-voting is much more complex than just using blockchain."
Boucher notes that “public confidence is crucial” in any voting system.
“It has to be understandable and trustworthy enough so that even if a person is disappointed with the result, they can accept that it was fair and valid,” he said, adding that since blockchain is more complicated than other paper and e-voting systems, he doesn’t expect it to be used in votes such as the European elections even as far ahead as 2024.
“It remains an interesting choice for decision-making in smaller organisations,” he said.
The City of Moscow had not responded to a request for comment at the time of publication. It is understood that the planned online voting system will still go ahead in September.
You might also like: