Going from bad to worse: from Internet voting to blockchain voting

The public is worried about election security — understandably, and perhaps more today than in recent memory. The news teems with reports of possible election interference by foreign powers, of unauthorized voting on the one hand and voter disenfranchisement on the other, and of technological failures calling into question the integrity of elections in the U.S. and elsewhere in the world. Some have advocated “voting over the Internet” or “voting on the blockchain” as promising ways to increase election security. This paper examines such claims, and finds them both wanting and misleading. Even taking into account the many imperfections of election systems in use today, Internetand blockchain-based voting would drastically increase the potential for catastrophic, undetectable, nationscale election failures. The intuitive appeal of online voting arises partly from the perceived convenience and accessibility of voting from a computer or smartphone. But studies have been inconclusive, showing that online voting may have little to no effect on turnout in practice, and sometimes even increase disenfranchisement.1 More importantly: any increased turnout associated with Internetor blockchain-based voting would come at the pyrrhic cost of losing any credible assurance that votes have been counted as ∗Researcher, MIT Media Lab, Digital Currency Initiative; J.D. Candidate, Harvard Law School; and Affiliate, Berkman Klein Center for Internet and Society at Harvard University. †Ph.D. Candidate, MIT CSAIL (Computer Science and Artificial Intelligence Laboratory) and MIT IPRI (Internet Policy Research Initiative). ‡Director of Digital Currency Initiative, MIT Media Lab. Institute Professor, MIT CSAIL (Computer Science and Artificial Intelligence Laboratory). See, e.g., [28, 58, 63] and more discussion in Section 1. voters cast them, as opposed to undetectably altered or discarded. This is because electronic-only voting systems — including blockchain-based systems — will be highly vulnerable to catastrophic failures for the foreseeable future, given the state of the art in computer security. The bulk of this article’s analysis systematizes prior research about the security risks of online and electronic voting, and explains that these critiques apply equally to blockchain-based voting system proposals. The article also observes that blockchains may actually introduce new problems to voting systems, and provides a list of questions intended as a reference for critically assessing security risks of any new voting system proposals.

[1]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[2]  Ronald L Rivest,et al.  On the notion of ‘software independence’ in voting systems , 2008, Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences.

[3]  Scott Ruoti,et al.  Blockchain technology , 2020, Commun. ACM.

[4]  Philip B. Stark,et al.  Evidence-Based Elections , 2012, IEEE Security & Privacy.

[5]  Jack Peterson,et al.  Augur: a decentralized, open-source platform for prediction markets , 2015, ArXiv.

[6]  Pierrick Gaudry,et al.  Breaking the encryption scheme of the Moscow internet voting system , 2019, Financial Cryptography.

[7]  Philip B. Stark There is no Reliable Way to Detect Hacked Ballot-Marking Devices , 2019, ArXiv.

[8]  J. Alex Halderman,et al.  Security Analysis of the Democracy Live Online Voting System , 2021, USENIX Security Symposium.

[9]  D. Lowenstein Election Law: Cases and Materials , 1995 .

[10]  M. Germann,et al.  Internet voting and turnout: Evidence from Switzerland , 2017 .

[11]  Jeremy Clark,et al.  Bitcoin's academic pedigree , 2017, ACM Queue.

[12]  Nicole Goodman,et al.  Reducing the Cost of Voting: An Evaluation of Internet Voting’s Effect on Turnout , 2016 .

[13]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[14]  Eric Wustrow,et al.  Attacking the Washington, D.C. Internet Voting System , 2012, Financial Cryptography.

[15]  2018 Crypto Valley Conference on Blockchain Technology (CVCBT) , 2018 .

[16]  L. Stokes,et al.  Reducing the Cost of Voting: An Evaluation of Internet Voting’s Effect on Turnout , 2016, British Journal of Political Science.

[17]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[18]  Arkady Yerukhimovich,et al.  Blockchain Technology: What Is It Good for? , 2019, ACM Queue.

[19]  Jirka Taylor,et al.  Online Voting: The Solution to Declining Political Engagement? , 2018 .

[20]  Alexander Golovnev An Attack on the the Encryption Scheme of the Moscow Internet Voting System , 2019, ArXiv.

[21]  Vincenzo Iovino,et al.  Using Selene to Verify Your Vote in JCJ , 2017, Financial Cryptography Workshops.

[22]  Ben Adida,et al.  Advances in cryptographic voting systems , 2006 .

[23]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[24]  Arthur Gervais,et al.  Do you Need a Blockchain? , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[25]  J. Alex Halderman,et al.  Security Analysis of the Estonian Internet Voting System , 2014, CCS.

[26]  Roger Anderson,et al.  Homeland Security , 2004, Gov. Inf. Q..

[27]  Telecommunications Board,et al.  Securing the Vote , 2018 .

[28]  Vanessa Teague,et al.  How not to prove your election outcome , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[29]  Ariel J. Feldman,et al.  Security Analysis of the Diebold AccuVote-TS Voting Machine , 2007, EVT.

[30]  Ben Adida,et al.  Helios: Web-based Open-Audit Voting , 2008, USENIX Security Symposium.

[31]  Alan T. Sherman,et al.  TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules , 2009, IEEE Transactions on Information Forensics and Security.

[32]  David Brumley,et al.  Remote timing attacks are practical , 2003, Comput. Networks.

[33]  Ramakrishna Kotla,et al.  Revisiting Fast Practical Byzantine Fault Tolerance , 2017, ArXiv.

[34]  Jorge Delva,et al.  The presidential election. , 2008, Social work.

[35]  Michael A. Specter,et al.  The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections , 2020, USENIX Security Symposium.

[36]  Alicia,et al.  Who are the Internet Voters , 2015 .

[37]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[38]  Michael R. Clarkson,et al.  Civitas: Toward a Secure Voting System , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[39]  Silvio Micali,et al.  The Knowledge Complexity of Interactive Proof Systems , 1989, SIAM J. Comput..

[40]  Andrew W. Appel,et al.  Ballot-Marking Devices (BMDs) Cannot Assure the Will of the Voters , 2019 .

[41]  Markus Jakobsson,et al.  Coercion-resistant electronic elections , 2005, WPES '05.

[42]  Marko Vukolic,et al.  Blockchain Consensus Protocols in the Wild , 2017, DISC.

[43]  Brian A. Scriber A Framework for Determining Blockchain Applicability , 2018, IEEE Software.

[44]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[45]  Philip B. Stark,et al.  End-to-end verifiability , 2015, ArXiv.

[46]  Robert Mueller Report On The Investigation Into Russian Interference In The 2016 Presidential Election , 2019 .

[47]  Josef Kittler,et al.  Financial Cryptography and Data Security , 2012, Lecture Notes in Computer Science.

[48]  Matthew Green,et al.  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[49]  Philip B. Stark,et al.  Public Evidence from Secret Ballots , 2017, E-VOTE-ID.