I live in West Virginia and anything dealing with the state government has to start with an assumption that it is being done for corrupt reasons. Ask first how a contract or project financially benefits key state officials or their family. I can't emphasize enough how predatory and corrupt the government is here. Both leading Republican candidates for governor are under federal corruption investigations. There's a reason West Virginia is losing population and remains among the poorest states in the USA. Where West Virginia isn't corrupt, it is incompetent. The state can't even provide safe drinking water for its people, or even create a framework for official electronic signatures-- it has no business innovating in voting tech. West Virginia is the last place you want as your laboratory for voting technology.
I will say that your state is beautiful though. Driving from Harper's Ferry to Charleston via the Monogahela National Forest remains one of my trips. My favorite memory was discovering a 13,000 square mile radio quiet zone with a gigantic, black hole hunting, radio telescope smack dab in the middle of it.
After stopping to play tourist, I continued driving and stumbled upon a stranded 3 person group, a hetero couple and the wife's sister, the and that probably weighed 1500 pounds between the 3 of them (no judgements). Their minivan was out of commission, and there was no cellphone reception cuz quiet zone. I offered to help, but I could physically only fit one of them in my Ford Focus hatchback, which could normally fit up to 5 people (uncomfortably). Husband asked if I could get him to Durbin, about 30 minutes down the road, and I said yes. All 500 pounds of him squeezed into the front seat, which itself was an adventure because I am 6'5" and was a heftier 300 pounds myself, and he was spilling a bit into the driver's seat. I was basically squished between the car door and a human wall.
I loved every minute of it. Husband was an awesome dude. We chatted about his career bas a coal miner (complete with a mild case of black lung disease and pending heart failure), life in a sleepy area, and all sorts of stuff. When we got to Durbin, he just asked me to let him own, where he planned to find a phone to call his preacher, who also happened to be the "local" tow truck driver. He walked/waddled off towards some buildings off the main road, and I continued my journey.
Anyone interesting some history of coal country, a great book is "Night Comes to the Cumberlands: A Biography of a Depressed Area" By Harry M. Caudill. Published 1962.
While the focus of the book is eastern Kentucky, a lot of the content applies to WV and coal country in general.
"At the time it was written, Night Comes to the Cumberlands framed an urgent appeal to the American Conscience. Today it details Appalachia's difficult past, and at the same time, presents an accurate historical backdrop for a contemporary understanding of the Appalachian region."
I suspect the incompetence is by design to some extent. If you like small government, cripple it and then you've got an excuse to limit its reach and continue to cut.
If it makes you feel any better, California is also failing to provide safe tap drinking water for everyone. In a few places, the wells are dry. In others the water is contaminated.
>Ask first how a contract or project financially benefits key state officials or their family.
Typical flyover state simpletons. If they were were thinking long term like the enlightened people in the urban coastal states they would direct the proceeds of their corruption at their party. After doing this for a couple decades they can have a de-facto one party state and doll out government jobs and contracts to a much wider cross section than just their friends and family further cementing their party's (i.e. their professional network) grip on power.
(this is sarcasm, in case that isn't immediately obvious)
Blockchain for voting sounds like a terrible invitation to a terrible party. Voting is already a delicate subject which is really hard to secure on information systems. Researchers have spent decades to figure out a perfect solution but came short.
Blockchain has already surpassed its boundaries for multiple reasons. However, voting should be beyond that line. There are many questions that need to be answered before even thinking about using blockchain for voting.
- How will identification work?
- What is the proof-of-work scheme?
- How can you be sure that every vote ends up in the ledger? Transactions usually get lost and sometimes takes few tries to reach to miner.
- Most important property is that not a single vote should be traced back to its caster. Blockchain is all public, how are you going to anonymize everything? IP addresses of transaction owners are already open.
That's the whole problem, and always unsolved (because it's hard). You need to be able to ensure that votes are made by real people, that votes aren't duplicated, and that votes are included in a count. Some of this is easy, some of this is near impossible. None of this is solved by a blockchain, which is at its core simply a remarkably inefficient, if decentralized, timestamping system. When a "blockchain" is presented as a solution, ask why the trustworthiness of timestamping was holding back a particular technology before now.
It doesn't necessarily need to be proof-of-work and I'd think it makes sense to piggyback off a different trusted network of some kind.
> - How can you be sure that every vote ends up in the ledger? Transactions usually get lost and sometimes takes few tries to reach to miner.
Do transactions actually get lost all that often? In my experience, transactions propagate the network pretty reliably and quickly. You can then look at the number of confirmed blocks to reliably check if its in the ledger.
> - Most important property is that not a single vote should be traced back to its caster. Blockchain is all public, how are you going to anonymize everything? IP addresses of transaction owners are already open.
IP addresses aren't stored, and the actual transaction could be layered on something like Tor to prevent tracing. You could also have physical voting centers. The important thing is that individual voters can verify their own vote.
One big concern I'd have that you didn't really touch on is around management of keys. In addition to identity verification, how do you handle theft of keys? If a key is stolen, how do you handle disputes to whats in the ledger? I would trust tech savvy people to keep their keys safe, but what about people who don't understand technology?
> Blockchain for voting sounds like a terrible invitation to a terrible party.
I'm expecting a ton of down-votes into oblivion for the following...
Because you can "chip it" doesn't mean you should.
And, just because you can apply technology to something, also doesn't mean you should.
Time and time again we are shown how vulnerable computers and digital data are.
Voting should be done on paper in local areas overseen by people from each party. They all watch the ballot box. They all see who comes in. Together, they count the votes in front of everyone else and tally them on a piece of paper. Then, they call to their higher-ups these numbers, and so on and so forth.
I'm not convinced voting on a blockchain is a good idea, but here are some thoughts:
> Researchers have spent decades to figure out a perfect solution but came short.
That doesn't mean improvements can't be made. Researchers have spent decades to figure out peer-to-peer money as well, before Bitcoin was invented. But there are many other examples.
> How will identification work?
Presumably in a similar way voting already works. Tokens are given out after IDs have been checked.
> What is the proof-of-work scheme?
You can easily piggy-back on any existing cryptocurrency if you want.
> How can you be sure that every vote ends up in the ledger? Transactions usually get lost and sometimes takes few tries to reach to miner.
You can easily verify that your vote ended up in the ledger. You can verify in seconds that a transaction has propagated in the network as well. Transactions very seldom get lost, unless you're specifically thinking of Bitcoin which suffer from transaction backlogs from time to time.
> Most important property is that not a single vote should be traced back to its caster.
This is the hard technical problem. There are anonymous cryptocurrencies like Monero or ZCash (although there shielded transactions are opt-in) which obscures where transactions come from. Therefore it should be possible to create a system where a single vote cannot be traced back to its caster while you can still count the total number of votes and that a vote is only cast once (this is exactly the properties Monero and ZCash have).
>Researchers have spent decades to figure out a perfect solution but came short.
The problem is not with knowing how make a secure voting system. We already know how to do that and it's been in production in various states and counties for decades. I was lucky enough to grow up in one. It's not difficult.
The problem is that election administrators in many places aren't tech savvy enough to know the difference between a Diebold machine with no paper trail and weird hooks (like the ability to invert the results), and actually secure, reliable, easy-to-use systems.
Those folks are susceptible to skilled salesmen from big companies peddling insecure voting systems. As are politicians who have a say in which election machines are purchased, and who are looking for kickbacks, donations and revolving door jobs. That's the problem that needs solving.
DARPA and Galois are working on a standard that I hope the Federal Govt will eventually require for all Federal elections. Create the best possible, open, verifiable voting machine standard, allow any company to implement the standard, and then teach election administrators how to verify the implementation correctly adheres to the standard regardless who the manufacture was.
Perhaps I'm wrong, but it sounds like your main argument is that current blockchain does presently do these things with the goal of voting in mind, not that it can't do these things.
One benefit of blockchain is allowing extreme accountability, which seems to be a greater and greater requirement of democracy with large populations.
I'm always confused how I can apply for a mortgage / loan (aka a legally binding financial contract) online with just some details like my name + social security number, but this method of identification seems to not be acceptable when discussing voting?
The federal government should issue a nationally recognized identity card to every person which contains a digital certificate around which anyone (especially government services) can build their authentication & authorization systems.
1. Identification is not needed, only presenting a token, everyone gets exactly one token during the occasional registration. If you lose a token, you can get another one, deactivating the last ones.
2. There should not be any proof of work. Really, PoW is one of the worst things to secure a blockchain. In fact, you don’t need a blockchain. You just need a Merkle Tree. Blockchains are about ordering of transactions - the order here is irrelevant! (see caveat below)
3. How can you be sure every vote is counted in ANY system? As long as you can communicate your vote to a network, the gossip protocol takes care of it. Everyone gossips every vote to their neighbors, so just send it to a few nodes. Again - NO BLOCKCHAIN.
4. For each election, you fork a token to use. Then you simply participate in token mixers, like Monero rings. Put all your derived tokens into a hat, then each takes a token and uses it to cast a vote.
You may be wondering, what if someone votes with an “old” token version that hasn’t been mixed. First of all, we can require mixing. And secondly, they cryptographically signed over their token to someone else so when that someone votes with that token, it will override your vote for that token. Since they present your signature in the token history, that you signed it over.
This also allows us to have forms of democracy where you sign over tokens to other people for a timestamp range of, say, the next 1-2 years, to make decisions on your behalf. Better than representative democracy. More like a giant parliamentary system. You may pick a science expert to vote for scientific bills, and a criminal justice reform activist to vote for criminal justice bills.
We can get to near total participation in the democracy this way.
Caveat: although honest validators in each district can construct an eventually consistent Merkle tree by simply finding all validly signed tokens, ordering them lexicographically, and signing them, we DO need a “cutoff” time that they stop accepting offers. This is a Buridan’s ass problem, and it gets even hairier in a Byzantine Generals setting. We need to know that no one submitted a vote after the cutoff time. Thus, we need a two phase commit — each node has to gossip the cutoff time and other nodes have to acknowledge a widely gossipped message or get kicked out of the consensus. There are always edge cases to this — see Ripple’s consensus process for instance — and theoretically in very unlikely cases a “fork” can propagate to the population at large, one person thinking a vote was cast before the cutoff and the other thinking the vote was cast after the cutoff. But unless that handful of votes determines the entire election, that won’t matter. And frankly the same thing can happen even more with current systems.
What little has been described offers plenty of attack surface. The white paper has this to say about how paper copies of votes are printed out:
> When the polls close, members of each county clerk’s staff insert two cryptographically secure thumb drives into the vendor’s administrative portal laptop. Once the two thumb drives are verified, votes on the blockchain are automatically assembled as PDF files for each county. The Secretary of State’s office sends each county one PDF file containing all the marked ballots submitted by voters of that county. The clerk’s staff prints the ballots on cardstock with a ballot printer capable of printing up to 20” two-sided ballots (see Fig. 4). Each printed ballot contains the anonymous ID of the voter (see highlight in Fig. 5). Tabulation and the consolidation of results is done automatically by scanning the paper ballot into the precinct tabulator of the primary voting system (see Fig. 6).
How do the clerks get these thumb drives? What's the protocol for storage until used? Who has access to them? What physical security features do the drives implement?
If I were going to attack this system, the thumb drives seem like a juicy target with plenty of social engineering opportunities.
I fill out the paper ballot, so no matter what I've voted. It is really clear how to use the system, and I'm not waiting on technology no matter what happens next.
Then I roll it into the machine itself and it goes into a locked box attached to the machine.
There is always a paper record.
The machines and votes are tied together so auditing is straightforward.
> It isn't even a solution in search of a problem it's a problem in search of a place to explode.
I won't knock blockchain completely, because I don't believe I'm smart enough to, and it likely has many useful applications, but I feel like half the time I hear about blockchain, this quote is applicable.
1. like paper money, anonymous - my vote should be secret.
2. Hard to do large scale fraud or manipulation - not being efficient or automatable is a feature guys...
3. Physically going to the polls, voting in public, yet private at the end really makes it hard to put pressure on people to vote one way or another. Compare that to voting electronically at home or in church or at work....
This is a solution to the problem of more pork for vendors.
Any one wanting to understand why any of these changes occurs will be illuminated by better understanding the business models of the vendors and the appropriations (budgets) of the jurisdictions.
During the HAVA bonanza, which brought us the touchscreens, vendors envied high tech valuations, so repackaged themselves as product companies.
When that fad went bust (market saturation), vendors repackaged themselves as service companies. With a big difference from their prior incarnation. Changing from time & materials to charging a fee for every task for every voter every election.
Before, you'd buy ballots for expected turnout plus 10%.
Now, (with vote-by-mail) you buy the whole ballot packet, for every voter every election.
Before, you'd pay 10 cents for every voter signature verified.
Now, you pay for signature verification services for every voter every election.
It's astonishing how each and every step of the process has been monetized (rent seeking).
--
Huh. It just now occurs to me there's probably a better way to summarize the business practices of the vendors:
Just imagine what IT vendors like Oracle do to maximize revenue applied to election administration.
Many people can't afford to take the day off for voting. And even mail ballots are allowed, making the process easier would encourage more participation. Is this not a problem worth solving?
Doesn't work either. In some districts, one candidate got more votes than actual ballots because some were 'accidentally scanned more than once.' In those situations, since the counts are off, the original vote stands.
So, just make sure you throw out all your extra ballots and you're fine.
Why simply deride electronic voting as a solution in search a problem? There are many problems it solves.
1. How about low voter turnout, so elections aren’t representative of what the people want. An app would increase voter turnout by a lot, especially the younger vote.
3. How about being able to count elections in time to call them, instead of things where Bush gets elected because some guys ran out of time, and then it turns put Gore would have won?
Aren’t these important enough problems for a democracy to solve?
Instead of simply downvoting, why not actually address what I am saying! I am going to go point by point.
Sure, absentee ballots are a thing, but guess what. People like apps. If it’s secure enough for everyone’s banking needs, why not for a vote?
You can make the same argument about money — that banking apps are a honeypot for thieves etc. And yet we have made banking apps so so secure that you’d use them to move thousands of dollars.
If everyone voted from their phone, it could be anonymous and cryptographically secure. And a Merkle tree would record all results.
What is the issue? Every problem you point out with electronics can be done with paper ballots, too.
The interface can lie to you? Has been done with butterfly ballots and others.
The vote counting process is rigged? Have different groups audit the process.
In fact, having cryptographically secure receipts makes it extra easy and fast to verify votes. Al Gore would have won, because they wouldn’t have has to take so much time for a recount:
Erm sorry. The solution. Token mixing. You get one token per person, but then they go through a cryptographically securd mixer before being used to sign your vote. Kind of like with Monero rings.
5. Accountability
How can we prove the votes happened the way you wanted them to?
Well, YOU still have your token on YOUR phone (no one else does) so your app can audit the Merkle tree.
Zero-Knowledge Proofs would be overkill here because proving how you voted to someone else is important (See #3, above). In addition, ZK proofs are a bit ivory-tower idealistic since most people don’t have the knowhow to “produce a fake alternative vote”.
The Merkle Tree can consist of smaller branches, one for each district. The results can be tallied in near real time, and verified by anyone. Results would be known in real-time.
6. But realtime reporting will affect voters!
Yes, and it currently already does, with Ohio, Michigan, and so on. The current system makes some states way more important than others:
Why not require all states to have primaries at the same time and not reveal the results til the end? This is a political, not technological, solution.
The only one major problem I see with electronic voting is #3, the trusted computing base. I listed the main solution above, but I am sure there will be many improvements on it.
well here is the rub, paper ballots are useless unless you can prove who is voting and yet we have nearly the same people yelling about how unfair it is to require people to prove who they are to vote.
you cannot have one without the other if your intent is to protect the system and to be honest you only need paper ballots as a receipt to allow verification in case of suspected interference. we have already seen that some paper ballot designs are more prone to fraud than others.
> Voatz’s website states that “a paper ballot is generated on election night” and is tallied “using the standard counting process at each participating county.” What that means is the voter’s vote is sent to the county clerk staff as a PDF, and the county clerk staff prints it out and puts it into the scanning tabulator.
?So at some point your vote is printed out on a paper, and scanned? Doesn't seem all that anonymous, for one thing.
An anonymous id is attached to the pdf. Not the users specific name/information.
"The county clerks were able to conduct a pre-tabulation audit (unprecedented in US election history) by comparing anonymized copies of the voter verified digital receipts with the marked paper ballots prior to feeding the paper ballots into the scanners for seamless tabulation alongside the primary voting system."
Blockchain is a buzzword, but we've already had strong cryptographic protocols for voting that predate Satoshi.
We've known for decades how to conduct elections where every vote is provably counted, any individual vote is completely anonymous, and the identity of every voter participant is provable (i.e. preventing ballot stuffing).
The initial point of a blockchain was to provide a mechanism for consensus in a system with multiple parties that lack trust for each other and with no Central arbiter.
Can we access this blockchain to view the votes? No? Then it's opaque to us. It's a private blockchain.
Well you can't really know even if you go and submit a paper ballot. If you could verify your vote, you could sell it. I don't know if that's still a realistic scenario these days when Tammany Hall isn't literally beating people for votes, but it's a reason why you can't tie a vote to yourself individually.
"But how secure and accurate was the 2018 vote? It’s impossible to tell because the state and the company aren’t sharing the basic information experts say is necessary to properly evaluate whether the blockchain voting pilot was actually a resounding success."
This seems so preposterous I have a hard time believing the story is being reported correctly. The state or Voatz are apparently unwilling to prove their system is secure. What are they going to do if someone disputes the results of the election?
Transparency/verifiability seems like almost the only half-way decent reason to use a blockchain for voting. And then they do it using a closed source undocumented proprietary blockchain.
[+] [-] mobilefriendly|6 years ago|reply
[+] [-] PopeDotNinja|6 years ago|reply
After stopping to play tourist, I continued driving and stumbled upon a stranded 3 person group, a hetero couple and the wife's sister, the and that probably weighed 1500 pounds between the 3 of them (no judgements). Their minivan was out of commission, and there was no cellphone reception cuz quiet zone. I offered to help, but I could physically only fit one of them in my Ford Focus hatchback, which could normally fit up to 5 people (uncomfortably). Husband asked if I could get him to Durbin, about 30 minutes down the road, and I said yes. All 500 pounds of him squeezed into the front seat, which itself was an adventure because I am 6'5" and was a heftier 300 pounds myself, and he was spilling a bit into the driver's seat. I was basically squished between the car door and a human wall.
I loved every minute of it. Husband was an awesome dude. We chatted about his career bas a coal miner (complete with a mild case of black lung disease and pending heart failure), life in a sleepy area, and all sorts of stuff. When we got to Durbin, he just asked me to let him own, where he planned to find a phone to call his preacher, who also happened to be the "local" tow truck driver. He walked/waddled off towards some buildings off the main road, and I continued my journey.
[+] [-] matty22|6 years ago|reply
[+] [-] sdinsn|6 years ago|reply
[1] https://statescoop.com/meet-the-guy-paying-for-west-virginia...
[+] [-] nemacol|6 years ago|reply
Anyone interesting some history of coal country, a great book is "Night Comes to the Cumberlands: A Biography of a Depressed Area" By Harry M. Caudill. Published 1962.
https://www.amazon.com/Night-Comes-Cumberlands-Biography-Dep...
https://archive.org/stream/nightcomestocumb1963caud/nightcom...
While the focus of the book is eastern Kentucky, a lot of the content applies to WV and coal country in general.
"At the time it was written, Night Comes to the Cumberlands framed an urgent appeal to the American Conscience. Today it details Appalachia's difficult past, and at the same time, presents an accurate historical backdrop for a contemporary understanding of the Appalachian region."
[+] [-] elwell|6 years ago|reply
Blockchain's shining strength is transparency, so if done somewhat properly, a corrupt government could be the perfect test ground.
[+] [-] diveloper|6 years ago|reply
[+] [-] duxup|6 years ago|reply
[+] [-] thebeefytaco|6 years ago|reply
[+] [-] HillaryBriss|6 years ago|reply
[+] [-] dsfyu404ed|6 years ago|reply
Typical flyover state simpletons. If they were were thinking long term like the enlightened people in the urban coastal states they would direct the proceeds of their corruption at their party. After doing this for a couple decades they can have a de-facto one party state and doll out government jobs and contracts to a much wider cross section than just their friends and family further cementing their party's (i.e. their professional network) grip on power.
(this is sarcasm, in case that isn't immediately obvious)
[+] [-] h4l0|6 years ago|reply
Blockchain has already surpassed its boundaries for multiple reasons. However, voting should be beyond that line. There are many questions that need to be answered before even thinking about using blockchain for voting.
- How will identification work?
- What is the proof-of-work scheme?
- How can you be sure that every vote ends up in the ledger? Transactions usually get lost and sometimes takes few tries to reach to miner.
- Most important property is that not a single vote should be traced back to its caster. Blockchain is all public, how are you going to anonymize everything? IP addresses of transaction owners are already open.
Edit: Formatting.
[+] [-] RL_Quine|6 years ago|reply
That's the whole problem, and always unsolved (because it's hard). You need to be able to ensure that votes are made by real people, that votes aren't duplicated, and that votes are included in a count. Some of this is easy, some of this is near impossible. None of this is solved by a blockchain, which is at its core simply a remarkably inefficient, if decentralized, timestamping system. When a "blockchain" is presented as a solution, ask why the trustworthiness of timestamping was holding back a particular technology before now.
[+] [-] lojack|6 years ago|reply
In my mind this is the hardest problem to solve.
> - What is the proof-of-work scheme?
It doesn't necessarily need to be proof-of-work and I'd think it makes sense to piggyback off a different trusted network of some kind.
> - How can you be sure that every vote ends up in the ledger? Transactions usually get lost and sometimes takes few tries to reach to miner.
Do transactions actually get lost all that often? In my experience, transactions propagate the network pretty reliably and quickly. You can then look at the number of confirmed blocks to reliably check if its in the ledger.
> - Most important property is that not a single vote should be traced back to its caster. Blockchain is all public, how are you going to anonymize everything? IP addresses of transaction owners are already open.
IP addresses aren't stored, and the actual transaction could be layered on something like Tor to prevent tracing. You could also have physical voting centers. The important thing is that individual voters can verify their own vote.
One big concern I'd have that you didn't really touch on is around management of keys. In addition to identity verification, how do you handle theft of keys? If a key is stolen, how do you handle disputes to whats in the ledger? I would trust tech savvy people to keep their keys safe, but what about people who don't understand technology?
[+] [-] qrbLPHiKpiux|6 years ago|reply
I'm expecting a ton of down-votes into oblivion for the following...
Because you can "chip it" doesn't mean you should.
And, just because you can apply technology to something, also doesn't mean you should.
Time and time again we are shown how vulnerable computers and digital data are.
Voting should be done on paper in local areas overseen by people from each party. They all watch the ballot box. They all see who comes in. Together, they count the votes in front of everyone else and tally them on a piece of paper. Then, they call to their higher-ups these numbers, and so on and so forth.
This is the safest way for anyone to vote.
[+] [-] lawn|6 years ago|reply
> Researchers have spent decades to figure out a perfect solution but came short.
That doesn't mean improvements can't be made. Researchers have spent decades to figure out peer-to-peer money as well, before Bitcoin was invented. But there are many other examples.
> How will identification work?
Presumably in a similar way voting already works. Tokens are given out after IDs have been checked.
> What is the proof-of-work scheme?
You can easily piggy-back on any existing cryptocurrency if you want.
> How can you be sure that every vote ends up in the ledger? Transactions usually get lost and sometimes takes few tries to reach to miner.
You can easily verify that your vote ended up in the ledger. You can verify in seconds that a transaction has propagated in the network as well. Transactions very seldom get lost, unless you're specifically thinking of Bitcoin which suffer from transaction backlogs from time to time.
> Most important property is that not a single vote should be traced back to its caster.
This is the hard technical problem. There are anonymous cryptocurrencies like Monero or ZCash (although there shielded transactions are opt-in) which obscures where transactions come from. Therefore it should be possible to create a system where a single vote cannot be traced back to its caster while you can still count the total number of votes and that a vote is only cast once (this is exactly the properties Monero and ZCash have).
[+] [-] SkyMarshal|6 years ago|reply
The problem is not with knowing how make a secure voting system. We already know how to do that and it's been in production in various states and counties for decades. I was lucky enough to grow up in one. It's not difficult.
The problem is that election administrators in many places aren't tech savvy enough to know the difference between a Diebold machine with no paper trail and weird hooks (like the ability to invert the results), and actually secure, reliable, easy-to-use systems.
Those folks are susceptible to skilled salesmen from big companies peddling insecure voting systems. As are politicians who have a say in which election machines are purchased, and who are looking for kickbacks, donations and revolving door jobs. That's the problem that needs solving.
DARPA and Galois are working on a standard that I hope the Federal Govt will eventually require for all Federal elections. Create the best possible, open, verifiable voting machine standard, allow any company to implement the standard, and then teach election administrators how to verify the implementation correctly adheres to the standard regardless who the manufacture was.
[+] [-] not_a_cop75|6 years ago|reply
One benefit of blockchain is allowing extreme accountability, which seems to be a greater and greater requirement of democracy with large populations.
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] Spooky23|6 years ago|reply
[+] [-] MuffinFlavored|6 years ago|reply
I'm always confused how I can apply for a mortgage / loan (aka a legally binding financial contract) online with just some details like my name + social security number, but this method of identification seems to not be acceptable when discussing voting?
[+] [-] sarbaz|6 years ago|reply
[+] [-] packet_nerd|6 years ago|reply
The federal government should issue a nationally recognized identity card to every person which contains a digital certificate around which anyone (especially government services) can build their authentication & authorization systems.
[+] [-] EGreg|6 years ago|reply
2. There should not be any proof of work. Really, PoW is one of the worst things to secure a blockchain. In fact, you don’t need a blockchain. You just need a Merkle Tree. Blockchains are about ordering of transactions - the order here is irrelevant! (see caveat below)
3. How can you be sure every vote is counted in ANY system? As long as you can communicate your vote to a network, the gossip protocol takes care of it. Everyone gossips every vote to their neighbors, so just send it to a few nodes. Again - NO BLOCKCHAIN.
4. For each election, you fork a token to use. Then you simply participate in token mixers, like Monero rings. Put all your derived tokens into a hat, then each takes a token and uses it to cast a vote.
You may be wondering, what if someone votes with an “old” token version that hasn’t been mixed. First of all, we can require mixing. And secondly, they cryptographically signed over their token to someone else so when that someone votes with that token, it will override your vote for that token. Since they present your signature in the token history, that you signed it over.
This also allows us to have forms of democracy where you sign over tokens to other people for a timestamp range of, say, the next 1-2 years, to make decisions on your behalf. Better than representative democracy. More like a giant parliamentary system. You may pick a science expert to vote for scientific bills, and a criminal justice reform activist to vote for criminal justice bills.
We can get to near total participation in the democracy this way.
Caveat: although honest validators in each district can construct an eventually consistent Merkle tree by simply finding all validly signed tokens, ordering them lexicographically, and signing them, we DO need a “cutoff” time that they stop accepting offers. This is a Buridan’s ass problem, and it gets even hairier in a Byzantine Generals setting. We need to know that no one submitted a vote after the cutoff time. Thus, we need a two phase commit — each node has to gossip the cutoff time and other nodes have to acknowledge a widely gossipped message or get kicked out of the consensus. There are always edge cases to this — see Ripple’s consensus process for instance — and theoretically in very unlikely cases a “fork” can propagate to the population at large, one person thinking a vote was cast before the cutoff and the other thinking the vote was cast after the cutoff. But unless that handful of votes determines the entire election, that won’t matter. And frankly the same thing can happen even more with current systems.
[+] [-] mjparrott|6 years ago|reply
[+] [-] apo|6 years ago|reply
> When the polls close, members of each county clerk’s staff insert two cryptographically secure thumb drives into the vendor’s administrative portal laptop. Once the two thumb drives are verified, votes on the blockchain are automatically assembled as PDF files for each county. The Secretary of State’s office sends each county one PDF file containing all the marked ballots submitted by voters of that county. The clerk’s staff prints the ballots on cardstock with a ballot printer capable of printing up to 20” two-sided ballots (see Fig. 4). Each printed ballot contains the anonymous ID of the voter (see highlight in Fig. 5). Tabulation and the consolidation of results is done automatically by scanning the paper ballot into the precinct tabulator of the primary voting system (see Fig. 6).
https://sos.wv.gov/FormSearch/Elections/Informational/West-V...
How do the clerks get these thumb drives? What's the protocol for storage until used? Who has access to them? What physical security features do the drives implement?
If I were going to attack this system, the thumb drives seem like a juicy target with plenty of social engineering opportunities.
[+] [-] jrumbut|6 years ago|reply
We do not need this. It isn't even a solution in search of a problem it's a problem in search of a place to explode.
A rundown on some of their security: https://mobile.twitter.com/GossiTheDog/status/10266038003653...
[+] [-] JohnJamesRambo|6 years ago|reply
It seems like blockchain would allow everyone to be able to check that their vote counted, in an anonymous yet totally transparent and verifiable way.
[+] [-] duxup|6 years ago|reply
I fill out the paper ballot, so no matter what I've voted. It is really clear how to use the system, and I'm not waiting on technology no matter what happens next.
Then I roll it into the machine itself and it goes into a locked box attached to the machine.
There is always a paper record.
The machines and votes are tied together so auditing is straightforward.
[+] [-] non-entity|6 years ago|reply
I won't knock blockchain completely, because I don't believe I'm smart enough to, and it likely has many useful applications, but I feel like half the time I hear about blockchain, this quote is applicable.
[+] [-] DrScientist|6 years ago|reply
1. like paper money, anonymous - my vote should be secret.
2. Hard to do large scale fraud or manipulation - not being efficient or automatable is a feature guys...
3. Physically going to the polls, voting in public, yet private at the end really makes it hard to put pressure on people to vote one way or another. Compare that to voting electronically at home or in church or at work....
[+] [-] specialist|6 years ago|reply
Any one wanting to understand why any of these changes occurs will be illuminated by better understanding the business models of the vendors and the appropriations (budgets) of the jurisdictions.
During the HAVA bonanza, which brought us the touchscreens, vendors envied high tech valuations, so repackaged themselves as product companies.
When that fad went bust (market saturation), vendors repackaged themselves as service companies. With a big difference from their prior incarnation. Changing from time & materials to charging a fee for every task for every voter every election.
Before, you'd buy ballots for expected turnout plus 10%.
Now, (with vote-by-mail) you buy the whole ballot packet, for every voter every election.
Before, you'd pay 10 cents for every voter signature verified.
Now, you pay for signature verification services for every voter every election.
It's astonishing how each and every step of the process has been monetized (rent seeking).
--
Huh. It just now occurs to me there's probably a better way to summarize the business practices of the vendors:
Just imagine what IT vendors like Oracle do to maximize revenue applied to election administration.
[+] [-] theseadroid|6 years ago|reply
[+] [-] linuxftw|6 years ago|reply
So, just make sure you throw out all your extra ballots and you're fine.
Edit: 2016 US General
[+] [-] EGreg|6 years ago|reply
1. How about low voter turnout, so elections aren’t representative of what the people want. An app would increase voter turnout by a lot, especially the younger vote.
2. How about letting less mobile people to vote. Or people who are not able to take off work that day. (https://www.vice.com/en_us/article/zm9j85/i-couldnt-vote-bec...)
3. How about being able to count elections in time to call them, instead of things where Bush gets elected because some guys ran out of time, and then it turns put Gore would have won?
Aren’t these important enough problems for a democracy to solve?
Instead of simply downvoting, why not actually address what I am saying! I am going to go point by point.
Sure, absentee ballots are a thing, but guess what. People like apps. If it’s secure enough for everyone’s banking needs, why not for a vote?
You can make the same argument about money — that banking apps are a honeypot for thieves etc. And yet we have made banking apps so so secure that you’d use them to move thousands of dollars.
If everyone voted from their phone, it could be anonymous and cryptographically secure. And a Merkle tree would record all results.
What is the issue? Every problem you point out with electronics can be done with paper ballots, too.
The interface can lie to you? Has been done with butterfly ballots and others.
The vote counting process is rigged? Have different groups audit the process.
In fact, having cryptographically secure receipts makes it extra easy and fast to verify votes. Al Gore would have won, because they wouldn’t have has to take so much time for a recount:
https://m.youtube.com/watch?v=qcz6NSyxrfQ
Instead of throwing our hands up and saying “oh, X is an issue!” why not simply work on fixing the issue?
So let’s run down the issues:
1. Not enough access to phones and computers
Fine, people without phones can still vote the old fashioned way.
2. Stealing a phone
A very inefficient way to fake a vote
3. Interfaces that lie to you
Ignoring the fact that machines already do this (https://youtu.be/EV_c1-YTk8M) the interfaces would need to be audited by different groups using each other’s interfaces in an anonymous manner (not like when Uber’s greyball https://amp.theguardian.com/technology/2017/mar/03/uber-secr... ). This is the general problem of the Trusted Computing Base.
4. Anonymity
Listen, should we know how every person voted?? We do now! Thanks Government. Best Voting System Ever (https://www.forbes.com/sites/leemathews/2018/10/16/millions-...)
Erm sorry. The solution. Token mixing. You get one token per person, but then they go through a cryptographically securd mixer before being used to sign your vote. Kind of like with Monero rings.
5. Accountability
How can we prove the votes happened the way you wanted them to?
Well, YOU still have your token on YOUR phone (no one else does) so your app can audit the Merkle tree.
Zero-Knowledge Proofs would be overkill here because proving how you voted to someone else is important (See #3, above). In addition, ZK proofs are a bit ivory-tower idealistic since most people don’t have the knowhow to “produce a fake alternative vote”.
The Merkle Tree can consist of smaller branches, one for each district. The results can be tallied in near real time, and verified by anyone. Results would be known in real-time.
6. But realtime reporting will affect voters!
Yes, and it currently already does, with Ohio, Michigan, and so on. The current system makes some states way more important than others:
https://www.nationalpopularvote.com/campaign-events-2016
Why not require all states to have primaries at the same time and not reveal the results til the end? This is a political, not technological, solution.
The only one major problem I see with electronic voting is #3, the trusted computing base. I listed the main solution above, but I am sure there will be many improvements on it.
[+] [-] Shivetya|6 years ago|reply
you cannot have one without the other if your intent is to protect the system and to be honest you only need paper ballots as a receipt to allow verification in case of suspected interference. we have already seen that some paper ballot designs are more prone to fraud than others.
[+] [-] jimhefferon|6 years ago|reply
?So at some point your vote is printed out on a paper, and scanned? Doesn't seem all that anonymous, for one thing.
[+] [-] yum_tasty|6 years ago|reply
"The county clerks were able to conduct a pre-tabulation audit (unprecedented in US election history) by comparing anonymized copies of the voter verified digital receipts with the marked paper ballots prior to feeding the paper ballots into the scanners for seamless tabulation alongside the primary voting system."
[+] [-] dcolkitt|6 years ago|reply
We've known for decades how to conduct elections where every vote is provably counted, any individual vote is completely anonymous, and the identity of every voter participant is provable (i.e. preventing ballot stuffing).
[1]https://en.wikipedia.org/wiki/End-to-end_auditable_voting_sy...
[+] [-] DanCarvajal|6 years ago|reply
[+] [-] blaser-waffle|6 years ago|reply
Isn't the point of the blockchain that you always know?
[+] [-] maeln|6 years ago|reply
As far as we know, Voatz could control all the peers in their blockchain making them able to change the vote as they please.
[+] [-] JauntyHatAngle|6 years ago|reply
The initial point of a blockchain was to provide a mechanism for consensus in a system with multiple parties that lack trust for each other and with no Central arbiter.
Can we access this blockchain to view the votes? No? Then it's opaque to us. It's a private blockchain.
[+] [-] magashna|6 years ago|reply
[+] [-] robomartin|6 years ago|reply
...and that's when I stopped reading.
[+] [-] rebuilder|6 years ago|reply
[+] [-] otabdeveloper4|6 years ago|reply
[+] [-] nebulous1|6 years ago|reply
[+] [-] lucasrabreu|6 years ago|reply
[+] [-] egypturnash|6 years ago|reply
Voatz.
Yes, let's trust a bunch of people who think "Voatz" is a good, adult name for a tool for a crucial part of the process of democracy.