Can Blockchain-Enabled Voting Meet Security and Secrecy Standards?

In 2018, West Virginia became the first state in the U.S. to test blockchain-enabled internet voting on mobile devices for a federal-level general election. Overseas voters from 24 West Virginia counties were able to cast their votes via an app instead of requesting absentee ballots. Despite the easier access to ballots that this innovation offers, the use of mobile voting technology raises concerns about ballot security, particularly in light of the electronic foreign interference in the 2016 presidential election.

In a recent study, Jordi Cucurull et al. considered whether blockchain-enabled e-voting technologies comply with international standards for elections, as put forth by the Council of Europe. Blockchains store data, such as a person’s identity and how they vote, and ensure the data cannot be altered by an external party.

Public blockchains allow open access to data stored on them, potentially increasing the transparency and auditability of election results. However, blockchain technology may compromise the confidentiality of votes, endangering a vital element of the democratic process. The study examined seven different e-voting systems—FollowMyVote, XO.1 Secure Vote, Votem CastIron, Polys, Voatz, Agora, and Horizon State—to see how well they met the Council of Europe’s voting standards. None of the tested systems met all of the Council’s criteria.

The first Council of Europe standard, “safe aggregation,” requires that votes cast through a blockchain-based system can be accurately combined with those cast using other methods to obtain the final result of an election. However, most of the seven systems failed to abide by this standard, because mechanisms protecting the anonymity of voters made it impossible to determine if any individuals had already cast votes non-electronically (and to eliminate any second votes). This challenge severely limits the possibility of adopting e-voting technologies on a large scale because it precludes implementing such technologies in conjunction with other voting methods.

Every tested system provided some capacity to audit voting records, a key argument cited by proponents of e-voting, but not all included the specific verification mechanisms set forth by the study. The authors’ criteria required that voters can confirm that their vote 1) represented their intention, 2) entered the electronic ballot box without being changed, and 3) was recorded correctly in the final tally. FollowMyVote met these standards fully, but at a cost: the system recorded votes in a way that made them publicly available immediately. This violates the Council of Europe’s “election fairness” standard, which requires that results not be available to anyone while the election is ongoing.

Two additional standards tested by the authors present interesting policy considerations. The first is scalability: the ability of each system to be adopted in large, nation-wide elections. Scalability is a major concern for e-voting because public blockchains are severely limited in the number of transactions per minute they can sustain. Whether or not the tested systems were judged to be scalable depended on their design. Those that are scalable used private or permissioned blockchains, or else stored individual votes off the chain, imposing limits on their auditability and transparency.

An even larger concern than scalability, however, is long-term privacy. The encryption that protects voters’ confidentiality and anonymity in most systems cannot be easily cracked by currently available technologies. However, as quantum computing develops, the permanent records of e-votes—saved forever in their blockchains—will become vulnerable to decryption, potentially revealing the individual choices of voters and thus violating the anonymity essential for free choice in democratic elections.

Even as e-voting systems continue to be the subject of research and development, election officials in the United States, responding to foreign attempts to intervene in the 2016 general election, are now calling for the removal of all paperless election technologies in favor of physical systems that allow for hand-checking of results. While blockchain-enabled technologies seek to address hacking concerns with auditable, inalterable records of votes, they must overcome their own set of challenges before they can meet the high standards required to preserve free and fair elections.

Article source: Cucurull, Jordi, Adrià Rodríguez-Pérez, Tamara Finogina, and Jordi Puiggalí. “Blockchain-Based Internet Voting: Systems’ Compliance with International Standards.” Lecture Notes in Business Information Processing, (2019): 300-12.

Featured photo: cc/(Richard Villalonundefined undefined, photo ID: 1004025984, from iStock by Getty Images)