cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Blockchain for online voting? Yay or Nay?

Hi All

 

Given the discussion going on in Computerworld; it leads to some interesting outcomes:

 

https://www.computerworld.com/article/3430697/why-blockchain-could-be-a-threat-to-democracy.html?pag...

 

Would you trust today's voting systems, either intentionally being online or unintentionally?

 

How much trust would you put in them?

 

Regards

 

 

Caute_cautim

15 Replies
CraginS
Defender I


@Caute_cautim wrote:

Hi All

 

Given the discussion going on in Computerworld; it leads to some interesting outcomes:

 

https://www.computerworld.com/article/3430697/why-blockchain-could-be-a-threat-to-democracy.html?pag...

 

Would you trust today's voting systems, either intentionally being online or unintentionally?

 


OMG, NOOOO!

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Caute_cautim
Community Champion

@CraginSFully expected this reaction, but obviously there are others fully involved in the technology, and they are stuck in their "lobster pot" by default.   The Russians and Chinese Hacking groups are simply going to make good on manipulation promises on those who go have gone down this road already.

 

Regards

 

Caute_cautim

rslade
Influencer II

> Caute_cautim (Community Champion) posted a new topic in Tech Talk on 08-13-2019

>   Would you trust today's voting systems, either
> intentionally being online or unintentionally?   How much trust would you put in
> them?

I would trust them (either non-paper machine voting or online voting systems) as
far as I could throw a wet mattress up a spiral staircase.

If someone implemented online voting "protected" by blockchain I'm sure they'd
cut so many corners you could corner the scrap paper market.

Repeat after me: blockchain is NOT the answer.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
The artist is nothing without the gift, but the gift is nothing
without work. - Emile Zola
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
dcontesti
Community Champion

Rob summarized my feelings on this one....

 

Shannon
Community Champion

 


@Caute_cautim wrote:

 

 

Would you trust today's voting systems, either intentionally being online or unintentionally?

 

How much trust would you put in them?


I would trust such systems / scenarios just as much as I trust Facebook....

 

 

In my country --- India --- voting isn't done online yet, instead they make use of Electronic Voting Machines (EVMs), which manufacturers claim are secure. (I don't buy that)

 

Being based in the Gulf, I'm not usually present during elections, but I got a taste of it some years back --- and it didn't taste good.

 

Before casting my vote, I had to sign on a register, confirming that the details --- name, ID, photograph and address --- there were correct. Well, everything was, save the photo, which was that of someone else!

 

When I told the officer that I couldn't proceed to sign, his reply was: "It's okay; just sign & cast your vote; the photograph error will be corrected later."

 

(Needless to say, I opted not to sign the register or vote)

 

Seeing them overlook an inconsistency like that, all I can say is that it makes little sense to secure systems that cater to a flawed process.

 

 

P.S. What I described was what I saw in India; I suppose it's done properly in the Western world.

 

 

 

 

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
DAlexander
Newcomer III

I'd be interested to hear what anyone thinks IS the answer. 

 

I am not an election history expert but I would venture to go out on a limb here and say that there has likely never been a fully trustworthy voting system.  @Shannon highlights some issues with EVM and how insecurity can be inherent in that process.  I must say though, one particular Western country I know of would find it nearly impossible to mandate voters sign a register (much less produce an ID card) without opening themselves up to claims of some sort of -ism.

 

Paper ballots seem like a popular way to avoid the evil hackers and ensure a fair election but, as I understand, China and Russia both still use paper ballots so, enough said there...

 

I look at it much like information security where nothing is foolproof and one should assume the enemy is already "inside the wire."  The challenge here is to manage the risks so you can better defend against the threats.  Can we leverage technology to do that better than the traditional paper methods?  I believe we can and I also think block chain has a lot of potential to reduce single points of manipulation.  There are aspects that need to be addressed before it can go mainstream but I think the larger issue will be ensuring every voter has access to the technology to begin with.

rslade
Influencer II

> DAlexander (Newcomer III) posted a new reply in Tech Talk on 08-16-2019 06:53 AM

> I'd be interested to hear what anyone thinks IS the answer.

Having been a poll clerk and deputy returning officer, I'd say that everything safe
involves paper in some way. I know that Americans say their elections are much
more complex than ours, but there are systems wheree you mark the paper ballot,
the machine reads and counts the votes, but it keeps the (paper) ballots in a bin so
that there can be a recount or a check.

>    I am not an
> election history expert but I would venture to go out on a limb here and say
> that there has likely never been a fully trustworthy voting system.

Probably true, in the sense that we can never guarantee 100% security in pretty
much anything, but the extent voting machines and online voting systems are
massively insecure. Check out http://catless.ncl.ac.uk/Risks/search?query=voting
for some studies and discussions.

>   Paper
> ballots seem like a popular way to avoid the evil hackers and ensure a fair
> election but, as I understand, China and Russia both still use paper ballots

Well, yes, you *do* have to have just a wee bit of independent scrutiny and
oversight ...

>   Can we leverage technology to do that better than the traditional
> paper methods?

As noted, there are machines to do the counting, but retain the ballots for
recounts. There are also some interesting paper ballots where the voter retains
part of the ballot which can prove what the original vote was.

>  I believe we can and I also think block chain has a lot of
> potential to reduce single points of manipulation.

Oh, dear, he's drunk the blockchain koolaid ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
As one gets older, one discovers everything is going to be
exactly the same with different hats on. - Noel Coward
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
CraginS
Defender I


@DAlexander wrote:

I'd be interested to hear what anyone thinks IS the answer. 

 

I am not an election history expert but I would venture to go out on a limb here and say that there has likely never been a fully trustworthy voting system.  ...

...

 The challenge here is to manage the risks so you can better defend against the threats.  Can we leverage technology to do that better than the traditional paper methods?  I believe we can and I also think block chain has a lot of potential to reduce single points of manipulation.  There are aspects that need to be addressed before it can go mainstream but I think the larger issue will be ensuring every voter has access to the technology to begin with.


Daniel,

If we are to approach the idea of a "voting system," we must understand that it is in reality a system of systems, which involve a complex set of paper and electronic systems and processes. To see my quick list of that set, please review my blog post

DHS Security Tip 19-001, Best Practices for Securing Election Systems

 

When you understand the interconnected processes and multiple very different paper and computer systems, you will see that there is no single computer system capable of managing a safe and secure election. 

As for believing you can "solve" election security with a blockchain solution, please tell us the framework you think blockchain might fit into.

 

As @rslade Grandpa Rob noted, I, too, am concerned t you may have drunk the blockchain koolaide. However, if you can describe a meaningful use of blockchain for any one of the 10 processes I list in my blog post, I will correct that concern.

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
DAlexander
Newcomer III

Gentlemen, I must admit, I like Kool Aid.  They have some interesting new flavors including Sharkleberry Fin (which, I’m shocked the PETA folks haven’t called for a world-wide boycott of yet due to the similarity to “shark fin” rather than Huck Fin) but my favorite has always been Tropical Punch.  Easy now, back away from the keyboard slowly so you don’t break a hip…that was a joke and I am fully aware that the phrase refers to Jim Jones and his Jonestown followers.  Save yourselves the effort of typing out a history lesson for us.

 

Now, your Kool Aid comments do exemplify a major problem with our cyber security field and worse, with current trends in general.  See, the world is not binary.  Not everything is good/bad, yes/no, blue/red, etc.  Likewise, not all innovation is done by an evil enterprise out to steal our souls like the technophobes want us to believe.  You may remember back when Socrates spoke out against writing because it would instill “forgetfulness in the learners’ souls, because they will not use their memories.”  The same sort of doom-and-gloom statements were also made regarding the printing press, radio, television, and the Internet yet, here we are, alive and well.

 

Douglas Adams once described a set of rules that describe our reactions to technologies:

1.       Anything that is in the world when you’re born is normal and ordinary and is just a natural part of the way the world works.

2.       Anything that’s invented between when you’re fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it.

3.       Anything invented after you’re thirty-five is against the natural order of things.

 

To be clear, I was very deliberate in saying that blockchain has a lot of POTENTIAL; not that it is the answer today.  It no doubt has areas of insecurity that must be addressed before applying it blindly to a system (or systems within a system as if that matters) that is as important as the voting process.  It does seem to me that things like transparency and auditability in our elections would be a good thing to strive for.  All I am saying is that blockchain is something that should be explored.  It is based on cryptography meaning, based on math, so in theory, a solution would be able to be proven mathematically.  Wouldn’t it be great to PROVE an election is accurate?

 

@CraginS, I can think of at least one of your 10 processes that could benefit from this.  Think of a case where a voter is issued a token (think “coin”) upon registration and the global blockchain record then gets updated with that transaction.  Regardless of location, this person could vote electronically after “depositing” the token.  This could provide better accessibility for people that may not have the means to physically travel to the voting station due to cost, security, health, or any other reason.  It could also ensure every voter only cast one vote.  Just my two cents (pun intended).

 

@rslade, I find it difficult to make the connection that your duties as a poll clerk and deputy returning officer correlate directly to the claim that “everything safe involves paper in some way.”  Seems a bit of a stretch to make that claim with such a small sample size.  I suppose paper ballots are sufficient in countries with populations less than the state of California (don’t apologize Canada, it’s not your fault; people just tend to avoid cold climates and those moose are huge!!!) but it doesn’t scale well when accuracy or speed matter.  It also goes without saying that the more human hands you add to any process, the more opportunity you provide for human emotions, motives, incompetence, or plain old mistakes to contaminate the results.

 

In the end, am I drinking the Kool Aid?  No, but I am guilty of taking a few sips to see how it tastes.