Back in Ron Rivest's 6.857 computer security class, we spent some time on electronic voting. If you're not careful to get the privacy right, you open up more opportunities for coercion.
With anonymous paper ballots, coercion can and does happen, but it basically requires physical control of the polling station / voting booth to pull off.
In this case, anonymized ballots are put on a blockchain. Hopefully the system is auditable, but provides no way for someone to prove which anonymized ballot serial number belongs to them. Otherwise, the thugs can come to your house and either beat you or pay you your bribe after forcing you to reveal how you voted.
All prior crypto-based voting systems I've studied rely on hash collisions, algorithmically simulating the secure one-way hash of physically dropping a ballot into a box, for an individual's ballot to get lost in the herd. But for this to work, ballots have to be simple and elections have to be large (enough).
In the USA, ballots are complicated and precincts are small. Appropriate for elections administration based on the Australian Ballot, bad for crypto-based balloting system.
--
I'm very surprised this is the first I've heard about Neff shuffling.
But I know a lot about VoteHere. Even though they are a proven bad actor in this space, I'll suspend disbelief and see if something good came out of their efforts. The Agora people appear smart, earnest. So maybe there's something here.
If Neff shuffling (or something similar) actually works for this application, it'd be remarkable. Least importantly, I'd have to update my world view. Specifically: no fully digital voting system can both protect the secret ballot and ensure a public vote count. (In practice, electronic voting systems do neither.)
--
PS- Scanning the other comments, feel compelled to point out:
Design the whole system. Understand election administration. Protecting the ballot is not enough. Information also leaks from poll books, voting history, etc., which then deanonymizes the secret ballot.
For Sierra Leone, Agora might be a great idea. Maybe the benefit of extending the franchise (reduced costs, increasing access) outweighs the loss of individual privacy.
> With anonymous paper ballots, coercion can and does happen, but it basically requires physical control of the polling station / voting booth to pull off.
> In this case, anonymized ballots are put on a blockchain. Hopefully the system is auditable, but provides no way for someone to prove which anonymized ballot serial number belongs to them. Otherwise, the thugs can come to your house and either beat you or pay you your bribe after forcing you to reveal how you voted.
I don't agree. The amount of damage to the voting mechanism a malicious group can do when physically controlling a polling station (which in itself proves a huge amount of reach and political power) is way greater than thugs coming to someone's house to check the right person was on a 'virtual ballot'.
I agree that with this approach you can do voter information data gathering 'at scale' but if you can't really do coercion 'at scale' if you can't afford either violence 'at scale' or similar enforcement via the public system (no benefits, pension cut, etc..) then it's all for nothing. But if you can do all in the first place then there's no sense in talking about the method of voting, neither will be less secure or less private than the other.
It wasn't a statement about the amount of relative damage. It was a statement that a voting system that leaks privacy beyond the polling station strictly increases the number of parties capable of coercion vs. a voting system that only requires securing the polling stations.
There's a big "if" in trusting the government to run honest polling stations (and keep phones/cameras/etc. out). That's not in question. However, if a blockchain voting system leaks voter privacy, then random online criminals halfway around the globe with no capability of controlling polling stations can still coerce voters without needing to physically control even a single polling station.
Electronic voting done right can be a force for good and transparency, but getting privacy right is absolutely critical. If you screw up privacy, you enormously increase the number of adversaries you need to worry about.
And there are many kinds of coercion. What's the price per vote in the poorest half of the population in Sierra Leone?
I also wonder if the blockchain means votes are cast publicly. Typically you vote, then tally. With every vote in public on the block chain, I could see mining companies bidding against each other for votes in real-time...
Why not just a voters ransomware? Lockdown the computer except for access to the voting tool, activate day-of, and it lays the stakes out: vote for our guy or say goodbye to your data.
You don't need a physical presence to coerce, it's simple to click and deploy, and even easier to Target phishing sites when you know what people are looking for.
I easily believe that an interested party would drop big cash on a good exploit for such an event.
Granted, but people already report ransomware to the police with little to no effect. Businesses held hostage with their entire livelihood report it and still end up paying most of the time. The resolutions come month later typically.
I'm not against the idea of trying to modernize voting or blockchain in general, but there are extremely practical and real problems that come with it which are a magnitude easier to accomplish than it is with paper ballots at the moment.
I'm sure there is a procedural medium which alleviates this but I'm not bright enough to think of it at the moment.
The effect would be to hopefully have the election rescheduled. In this case actually catching the people isn't necessary to make the attack useless because the final goal is to compromise the election which can be prevented without trying to break the ransomware or find the perpetrators at all which is why reporting it to the police usually does nothing. Also the stakes are a lot higher than the usual ransomware so unless the government itself is trying to break the election the police have a much large incentive to get involved.
> Small scale coercion, however, is easier to execute and easier to get away with
And it's something that, if standards of voting privacy are sufficiently eroded, could easily emerge even without any big conspiracy behind it. Just think of something as grass-roots as spouses not being amused about a certain vote, that alone could have a huge influence on the outcome in some settings. This potential for casual coercion is why I even consider it an erosion of democratic values when people abuse absentee votes for convenience. A mild erosion, but an erosion nonetheless.
Electronic voting could maybe improve on the issue of casual coercion if they allow individual votes to be recast until last minute, maybe even with some mix of deadline customization/randomization (with silent failure if already past the deadline) to add friction to less casual coercion attempts.
It is common for roadblocks to be erected on election days in order to stop/search cars with bundles of cash in the back to pay the non-enfranchised to vote for a particular candidate. Sadly, lack of political awareness means many are ok to give their vote for cash.
The point of a secret ballot is that there is nothing to stop them taking the cash, then going to the polling station and voting for someone else. Are the ballots not secret in India?
They are. People sometimes take money from multiple parties at the same time. However many times largest spenders get the max votes. It is just not money, gifts including alcohol jewellery etc are given, so it mix of relationships with grassroots party representative(inc caste equations) and the gifts. If the sentiment is really against candidate no amount of money help.
Low-level coercion can have high level effects. Coercion doesn't have to be at the national level, either. Most elections aren't at scale, and the ones that are, are decided on a relatively few elections around the nation.
Coercion doesn't have to take on the form of violence, social and financial reprecussions can be incentive enough to vote a certain way with the proof that you did.
Think about this: "I don't want to associate/hire/do business with anyone who voted for Candidate X or Referendum A"
How do you provide anonymized ballots while at the same time guaranteeing that fraudulant voting is not taking place? It seems that being able to verify that a ballot came from an actual person authorized to vote (and not some bot) is key, but I'm not sure how to satisfy both.
The trick to the 3-ballot voting protocol is that not everyone can validate their vote. However, when a group of voters band together, they should be able to validate that a subset of their votes (1/3) were registered with high probability.
With a sufficiently large group of voters checking results, the law of large numbers comes into play and they can statistically detect the presence of voting fraud.
It's an interesting idea whose utility depends on whether you think turning casting a valid vote for the intended candidate into a logic puzzle is a good thing
Perhaps with asymmetric key encryption? So someone can validate that a vote was theirs, but you can't pin a vote to a person without them doing so. It would require that everyone understood key management, which is probably untenable
That doesn't guard against the lead pipe decryption strategy. The point is that you need a way to prove that a vote was yours, without any possible way to prove which vote was yours, whether you want to or not. I'm not a cryptography expert, but that sounds difficult if not logically impossible.
How about this: when you get into the booth you're given an ID. You then cast your vote for Ms A and you can see on the block chain that it was recorded for A. After you cast, the system shows you a bunch of ids on the chain which voted for other candidates and you can memorise the id shown that voted for Mr B. When people come round, you tell them that other id. When they look it up they see that it voted for B and leave you alone.
That doesn't solve the potential problem of vote stuffing... Still thinking about that one.
However in this setup, anyone can bring a smartphone in and take a picture of the screen when it displays anything that separates your id from a fake one.
Sounds like you might be on the right track if you can get over that hurdle somehow.
The smartphone problem exists currently with paper ballots. You're not supposed to be allowed to bring a camera into the voting booth, but this is not enforced particularly well.
One approach to this problem is to make it easy to cancel a previous ballot and submit a new one, so you can get your evidence that you voted the way e.g. your employer wanted you to, but then you can cancel it and vote with your conscience.
In the Brazilian voting machine this is often done. You type the numbers and it loads the candidate info in the screen. Once you click [Confirm] the screen gets blank with the message of success. Therefore the only way to take a picture is before the vote is actually processed. You have a [Reset] button to re-enter the numbers.
As far as I can remember from the instructions last time I voted, in Britain you can do this, just return the ballot to the person handing them out and say that you made a mistake, and they should issue you a replacement.
There is no way to prove you voted one way or another with anonymous ballots, so there is no incentive to bribing or threatening violence to influence your vote.
The desired outcome is to prove that each vote came from a valid voter, while being impossible to prove which vote came from whom.
There is a cryptographic primitive that does just this allowing of plausible deniability whilst ensuring that only persons able to vote voted: Using Linked Ring Signatures.
> There is no way to prove you voted one way or another with anonymous ballots.
The coercing party can insist that you take a mobile phone picture of your ballot. This kind of coercion is common in some regions of Russia where civil servants and teachers are told by their superiors that they must vote for the preferred party “or else”, and a mobile phone picture is demanded as proof.
We try to combat this in two ways in Germany (not that it currently poses a problem but still): 1. Voters can destroy their ballot before putting it into the box and get a new one for any reason thus making it possible to create fake proof. 2. Taking pictures inside the booth is explicitly prohibited (which stated on signs in the booth) and if the poll workers notice you taking a picture they require you to destroy the ballot and fill out a new one. I actually had to do this to a women last election who wanted to post a picture on social media – and didn't turn off the shutter sound.
This requires the poll workers to be somewhat impartial. If they are not all bets are off. In the German Democratic Republic voters where socially pressured (by official policy) to not use the booths at all.
Taking pictures in the booth isn't actually prohibited. You can do it but the helpers will probably take your ballot and destroy it, then give you another one.
(An exception is when you are a government delegate voting for chancellor, in which case you pay a fine of 1000€, especially after the president has clarified this rule to new delegates repeatedly)
We've actually had members of parliament in the Netherlands proudly show of the selfies they took in the ballot booth with their ballot on Twitter, encouraging people to take selfies (nicknamed 'stemfies'; a portmanteau of vote ('stem') and selfie) to show that (and how!) you voted on social media.
The election council and a lot of privacy-conscious citizens weren't amused to say the least, but a subsequent ruling by a judge turned out that it isn't strictly speaking illegal, because the law doesn't explicitly prohibit photography in the ballot booth. So until parliament enacts a law that forbids it (like Germany), we are stuck with this rather dubious phenomenon.
At least we've banned voting computers for a good while — the ones we had ran closed source software and the votes cast couldn't be verified by the voters or the election council — so there's that.
It depends on your definition (there is no fine or anything) but it's now explicitly prohibited and poll workers are required to reject such voters (and give them a new ballot), see § 56 Abs. 2, 6 Nr. 5a BWO.
The way around this is to give each person 1 ballot for each of N candidates. 1 ballot goes into an envelope and into the vote box. N-1 ballots go into envelopes and into the discard box. It's trivial to show a photo of your ballot for Dr. Evil, but it would take a video of you going into the voting booth, closely following your hands to prevent three-card-monty, and continuing to follow you into the public lobby containing the vote and discard boxes. If you strictly enforce no recording in the public lobby, then there's no way for you to prove to your boss which box got your ballot for Dr. Evil in the end.
Edit: Perhaps I wasn't clear. Each of the N ballots is already filled out for a different candidate. The envelopes are all identical and sealed by you inside the voting booth. That way an existence proof of a ballot for the given candidate leaks absolutely no information. There are no empty paper ballots, and none of the paper ballots can leave the polling station. Ballots need to be counted both from the "vote" and from the "discard" boxes. Ballots missing from the discard box prove vote tampering.
Well there's no need for an elaborate scheme like this, certainly no need for video. The buyer gives a paper ballot that's already marked for Dr. Evil, and asks the vote seller to bring back the empty paper ballot to get paid. It's that simple :( and being done in the places which still uses paper ballots.
There are no empty paper ballots, and if a ballot is brought back, then it's not in the discard box. Since votes in the discard box are still tallied, if someone leaves the polling station with a ballot, it will be obvious that someone has tampered with the election.
But each ballot is pre-filled out for a different candidate. The vote fixer already knows what's on all of your ballots, they just don't know which goes into which box. Photos showing what's on the ballot don't disclose any information. The attacker already knows that you have one ballot pre-filled for each candidate. The only secret is which ballot goes in which box.
You go into the voting booth, seal the N ballots in the N identical envelopes, being sure to keep track of where the ballot for your desired candidate is. You leave the voting booth and drop the one envelope in the vote box, and the N-1 envelopes in the discard box.
Even if you're forced to videotape inside the voting booth of your sealing the N ballots in the N identical envelopes, you could pull a quick 3-card-monty when leaving the voting booth. Even a quick random shuffle would be sufficient to statistically nullify your vote, or if you're only able to keep track of where the Dr. Evil ballot is, a quick deal from the bottom of the deck would guarantee a vote for a random opposition candidate. As long as there's some spot between the polling both and the ballot boxes that isn't covered by video, there's no way for a third party to know which ballot went where.
You aren't allowed to leave the polling station with any of the envelopes, and a tally of the ballots in the discard box will show what percentage of people have left the polling station with their discarded ballots. Any non-negligible percentage of "discard" ballots leaving the polling station will make the whole vote suspect. (The discard ballot count will also provide circumstantial evidence for which way the tampering is going, although Dr. Evil will always claim it's false flag vote tampering to make him look bad).
If someone is really coerced in sneaking their discard ballots out of the polling station, they could sneak N-1 ballots out and either put the ballot for Dr. Evil in the discard box or burn it right outside the polling station. They then show the jackbooted thugs the other N-1 ballots. They end up not voting, but at least Dr. Evil is denied the vote.
I suspect the envelope with the good ballot is sealed in some way. All they would have to do in that case is force you to take a picture of the sealed ballot with the non-desired ballots next to it.
All of the envelopes are identical. Absolutely the only difference is which envelope goes into which ballot box. Taking a photo of N-1 ballots for non-Dr. Evil next to one sealed envelope only discloses that the Dr. Evil ballot was put into an envelope first. It gives no information as to which box that envelope was placed into later, and therefore leaks no information about how the vote was cast.
Presumably you'd want a deniable system. So, something where you have a private key 'k', some function 'f', and the public chain 'p'. So, you compute:
r = f(k, p)
Suppose r may be 1 or 0. The meaning of 1/0 will be randomly distributed among the population, and will be made known to you when you place your vote, but at no other time. So, later on, you understand that a value of 1 means your vote counted for candidate A, but if someone tries to coerce you, you can realistically claim the opposite.
How do you know that the people tallying the vote have the same meaning for r?
(That is, how do you prevent a butterfly-ballot-style situation where people think they're voting for Gore, accurately cast a ballot that appears to them to be a vote for Gore, and actually end up casting an objectively valid vote for Buchanan?)
Maybe you could do a block tallying with verification scheme.
1. Enter your vote and receive an identifier
2. Group n identifiers into a batch ensuring not all votes in the batch are for the same candidate. Record the n identifiers into a block then randomly order the identifiers but don’t record the randomized sort order. Display the index of their identifier to each user but don’t record it. Record the actual vote in this (random) order to the block. Allow each voter to see all votes recorded in the block at each location (including the one only they know represents their vote). Allow the voter to manually tally the block to ensure the sum of symbols reflects their vote intent. Present to each voter cryptographic proof of the existence of the block and the net affect the block as a whole has on the vote tally for each candidate.
Each voter leaves with:
1. cryptographic proof of having voted
2. Cryptographic verification of the effect their vote had on vote tally
3. Ability to claim having voted for any candidate represented in their voting block/inability to prove to others who they voted for while being sure of how their vote was counted themselves.
Presumably you could generate some proof that the vote was correctly cast at the moment you cast it, and that 1 corresponds to A and 0 corresponds to B. But that proof would not be accessible after you leave the polling booth (because it'd require some ephemeral value that you could retain or throw away).
Preventing non-registered voters is the easy problem. Some signature systems allow blind signatures: I can create a ballot and encrypt the ballot. The government can sign the ballot, and then knowing my secret encryption key, I can decrypt the ballot and transform the government signature so that it matches the decrypted ballot. The signed but decrypted ballots can then be published using mixnets, Tor, or some other anonymous publishing mechanism.
As I remember, it's still an open problem to set things up (without requiring trusted hardware or trusting the government to destroy a private homomorphic encryption key) so that I can't later prove to Dr. Evil's jackbooted thugs that I voted for Dr. Evil.
Though, maybe there's some mechanism where I actually generate ballots for all candidates and only submit one of the ballots and it's impossible for me to prove which one I actually submitted, and I could cheat by submitting more than one ballot but there's a zero-knowledge proof that my ballots were for all of the N candidates, so in an American-style first-past-the-post voting system, submitting all of my ballots has the same effect as submitting none of my ballots.
One simple way (basically using Zerocoin/ZCash) is the following.
Every voter is issued one "vote coin" at registration time. There are special addresses for each candidate. Each voter sends their "vote coin" using a zero-knowledge/private transaction to the candidate of their choice. It's totally auditable, not possible to vote more than once, etc.
The main issue is in making it potentially easy to sell your vote, which as the OP was getting at is at the heart of the tension.
Politicians are already buying votes by promising future policies for specific groups before the election. This is supposed to be forbidden yet this occurs constantly.
Voters can sell their votes now. While unethical, it's not illegal and probably not worth combatting since, technically, that is the will of the voter.
But if properly implemented (use metal detectors to keep cameras and phones out of the voting booths), it's difficult to prove how you voted using paper ballots / old fashioned mechanical voting machines.
I don't see much problem in selling your vote if there's no way to verify that you're not ripping off the person buying the vote.
Most people don't vote at all. Find a big group of poor people, give them 10$ each for voting for your candidate and hope that they do what they were paid for.
No need for expensive high tech solutions. Just provide one of each possible ballot and a pen in the privacy of a booth. Fold the ballot, step out of the booth and give it to one of two officials which puts it in the ballot box for you.
Now you can take as many pictures you like of whatever ballot which proves nothing.
Elsewhere in this discussion, I suggested the same thing, except using envelopes instead of folding. You also need to separately tally the other N-1 discarded ballots to make sure they're not being brought out of the polling station. (Discarded ballots brought out of the polling station prove to jackbooted thugs that you didn't vote for the opposition.)
Though, I don't understand the purpose of the pen in the proposal. There's already one of every possible ballot, so you don't use the pen to mark candidates. You don't write your name on the ballot, as that would ruin anonymity. You don't cross-out the ballots that you don't cast, as that would open back up the weakness to photography. So, how is the pen used?
Also, what's the purpose of having the official put the ballot in the box instead of having the voter put the ballot in the box? Is it to prevent multiple votes from being cast? You need to have a discard box for the unused ballots and tally those discarded ballots in order to detect when the jackbooted thugs force people to walk out of the polls with their discarded ballots in order to prove how they didn't vote. Once you have this, you've also got multi-vote detection.
If voters can sell their vote, they can also be COERCED to sell their vote at an unfair price. Coercion can disguise itself as "free will" when combined with privacy.
So this basically reduces democracy to "moneycrasy". Whoever has/can promise most money, wins. And then when they in power guess from where (whom) they will get back all the money that they spent? It's like saying, well it's your kidney, it should not be illegal to sell it...
Physical control of polling station is not required. Voters are getting the filled ballot outside the polling station from organizers, tossing it into the box and bringing the empty ballot back.
Both systems have their disadvantages. Electronic voting, especially when it's not completely anonymous, opens up the voting process for all kinds of vote buying, coercion and intimidation.
Take Turkey or Russia for example. Voters know exactly that the current radical governments can track their ballot numbers, so they'll think twice before voting against them.
“Anonymized votes/ballots are being recorded on Agora’s blockchain, which will be publicly available for any interested party to review, count and validate,” said Gammar.
The details on this vote have been extremely scarce. The use of the future tense to describe access is worrying.
"Blockchain Technology" has attracted scoundrels of every stripe. If Agora really cares about this as a test case, it needs to make the voting records public, and articles like this one need to make it clear how the reader can examine the results.
That said, I'm very skeptical about the utility of "Blockchain Technology" in voting. For one thing, what secures this block chain and makes fraud detectable?
In Bitcoin, the answer is crystal clear: Proof-of-Work coupled to an economic incentive. This system has well-known scope and limitations. We can reason, mathematically, about a multitude of attacks and outcomes.
Not so with the Agora system. And I'm afraid that journalists consistently refuse (or are not equipped) to ask the right questions - as in this article.
What I don't understand about this is that even if it is mathematically and technologically perfect (which I assume will be really hard) how can non-technical people understand something so complex.
I am a software developer and to be honest I don't fully understand bitcoin and blockchains.
Then my next question will be how can I trust something that I don't understand.
Maybe as a counter-argument someone will say how people uses online banking without fully understanding software, internet, etc. But I think is a completely different problem with different challenges.
Regulatory bodies, an engaged community of experts to provide scrutiny and reach out to journalists when there are problems.
Like with cars, planes, and online banking, the key determinant is that nontechnical people have a _sufficient_ degree of trust in _someone_else_, who does have the appropriate expertise, to provide oversight.
I have no idea if Agora is good or not, or if blockchain-based voting is viable. I'm just saying that there are demonstrated cases (and certainly also other demonstrated failures) in which nontechnical people trust experts and trust organizations to provide a sufficient degree of oversight.
In a sense, you could say that a classroom, or a democracy, is like this too.
Voting is one area where people do not and definitely should not trust some “expert group” to authenticate their choices as a black box. The process needs to be simple enough to be easily reconstructed.
Charitably: Journalists don't know what questions to ask.
I was called a "paranoid sweaty kook" by a local paper for having the audacity to explain how our central count works. (TL;DR: It's very hard to protect voter privacy when using postal ballots.)
Election administration is hard, with many subtle, counter intuitive corner cases.
--
I scanned Agora's website, papers, etc.
Two things bothered me.
First, they spend too much time saying what they're not, comparing themselves to other known bad electronic voting systems. Yayaya. We all know those systems suck. Tell us how Agora is awesome.
Second, none of these proposals start with first principles, starting assumptions. Tell us what forms of election administration, voting system, and ballots your system supports. For example, paper ballots cast at poll sites in the USA is predicated on the Australian Ballot, aka private voting and public counting. Scanning thru Agora's materials, I have no idea what type of elections it's appropriate for.
I was heavily downvoted for expressing this exact concern regarding Keybase using Stellar (a centralized token system forked from Ripple) and the common traps that leaders buy into regarding blockchain-hype.
(Aside: forgot to turn off my extension and so it appeared as, 'Sierra Leone just ran the first "Multiple copies of a giant Excel spreadsheet"-based election')
Well, it's a reasonable translation - what precisely makes this vote a "blockchain" and not just a giant Excel spreadsheet?
There's no double-spend problem. There's a correct way to merge two ballots cast by the same private key: discard them both. Since all operations are mergeable in an arbitrary order, there's no need for proof-of-work or anything like that to determine which chain is the "correct" chain - any pile of ballots that contains all valid ballots is correct, and any partial pile can get the remaining ballots appended at the end.
From the whitepaper it looks like they're running their own "skipchain," which they refer to as a form of blockchain, but looks to me like a cross between a Merkle tree and a skip list with no proof-of-work mechanism. (It seems like a genuinely useful / novel data structure, I just wouldn't call it a blockchain.) And they're running some sort of proof-of-work consensus to gate additions onto this skipchain, and periodically storing the state of the skipchain in the Bitcoin blockchain.
I don't really understand why the latter two parts are necessary: the record of ballots should be self-authenticating, and it should be easy to tell if someone has removed a ballot, right? Is the idea that people are not likely to watch the skipchain a la CT log monitors, so they want to use Bitcoin because people already watch that?
On the one hand, they appear to have real cryptographers nad real research behind this. On the other, saying "blockchain" seems like a great way for someone running an unfair election to make it appear more legitimate....
> Well, it's a reasonable translation - what precisely makes this vote a "blockchain" and not just a giant Excel spreadsheet?
This was my thought also. I could implement what I understand they did just using git. One vote = one line appended. With an append-only merge driver and Github push for publication. No blockchain needed for equivalent functionality and equivalent resistance properties.
In Estonia they allow you to vote multiple times and only the latest vote counts. They even allow you to then go and vote in the booth which renders your e-vote invalid. I don’t know the internals of how they store the votes but I can’t think of a way to do this without the side effect of knowing who voted for whom.
If you do this with two systems, the e-vote could be encrypted to the second system, but submitted to the first system. During voting hours, the first system would collect the votes and apply the latest value wins rules. Then, once voting is complete, it sends the votes (without envelope information) to the second system to tally. In order to know who voted for whom, you need collusion between the systems.
Hm, do they intend to solve that problem? (Can't the person with a gun just force you to destroy your private key after voting?)
One answer would be to just include the old ballot in the new one, so it's clear which one to invalidate if you see both.
I guess now that I'm thinking about it you also want to prevent ballots from being cast once the election is over, and timestamping an event as having happened before a given point is a valid use of an actual blockchain.
1. Votes can replace older votes - although this has issues because they could just make sure you don't vote again by pulling the trigger.
2. Let the voter assign 1 and 2 to A and B himself when receiving the private key - which means that when the time to click 1 or 2 comes - only the voter knows if 1 => A or 1 => B which makes it impossible to know who he is voting for.
How is voter authentication to the system done? I think with blockchain voting there's still a huge issue surrounding validating that voter is an actual voter/citizen, and not someone else voting on their behalf (or on behalf of dead people).
Migrating elections to a technology one needs mathematics/CS PhD to understand just a part of from technology that can be understood by a middle schooler doesn't seem all that great.
The article talks about "fully-transparent voting solution for this future", yet I somehow don't see any transparency when it all relies on magic only a negligible part of the population understands.
This is the part of the conversation when a Canadian points out that federal elections are conducted on straightforward paper ballots where you mark an X next to the person’s name. They are hand-counted with reps from all of the parties and election officials present, and it can take hours before the results are ready. No machines and no reason to screw up a process that every one understands.
There are a lot of things in our lives that would benefit from greater efficiency, this isn’t one of them.
As for the blockchain, do computer books for kids not start with a lesson on GIGO anymore? You still need to trust the information that gets written to the chain is valid.
Voter lists (allowing for on-site registration with ID or proof of address), tear-away serial numbers, and checks throughout the process, including the election official initialing the back of the ballot they hand you and confirming their initials are authentic when you come back with it filled out. In reality you usually don’t go more than a dozen feet from them to mark it anyway. There’s a good rundown here:
It helps that it is very rare to have a referendum question so you are usually just voting for your local member of parliament. The ballots are very clear:
It doesn’t take that long to count by hand, and it’s rare that people don’t accept a result or engage in conspiracy theories and court battles for months after an election. Recounts happen if the results are very close but there is usually very little movement in totals.
It is apparently a bit more expensive than using machines but I think it’s worth it. There’s something meaningful and beneficial for a civic culture when everyone votes with a tangible physical act in largely the same way it has been done for 150 years. It’s an unusual but radically inclusive act.
Voting by mail is possible by request, but less common, and uses a double envelope system to achieve a similar outcome.
Canada's elections are quite amenable to manual tabulation. Color me envious.
Years ago, a group of us activists in the USA tried to understand manual counting better. We timed ourselves on mock elections using the "sort and stack" system. It goes about as fast as you'd expect (and reminded me of being a junior bookkeeper reconciling accounts at the end of period, ahhh nostalgia).
We also self-funded some official manual recounts, just to get better metrics. It wasn't pretty.
USA's elections are generally over complicated, with many races/issues per ballot. To enable efficient manual counting, we'd have to redesign our ballots so that they could be physically separately into federal, state, local sub-ballots, for separate processing.
Replacing FPTP with Approval Voting and Proportional Representation would also help.
> To enable efficient manual counting, we'd have to redesign our ballots so that they could be physically separately into federal, state, local sub-ballots, for separate processing.
What if it just took 3 days to count the votes? People looking over each ballot and calling out the results, seconding them, and having someone keep a tally on a big chalkboard. They could even close the markets during the counting process to prevent the rampant speculation from causing wide swings. Does it need to be that efficient? If America can wait 2 months to swear in the new president, surely it can wait 3 days for the results to be counted. It's not like the world stopped spinning in 2000 when it took several weeks to finish the Florida count.
Florida is a pretty bad example because the Supreme Court ruling was that (1) Bush had to be declared the winner because if the original declared winner was overturned people would lose their faith in the voting system, and (2) resolving the case was taking too long so Florida had to stop trying.
There are a lot of examples of incompetence. eg the butterfly ballots where the candidates and the circles don't line up.
With the "hanging chads", the administrators hadn't cleaned the machines for years (after each election, turn over the machines and shake out the chads), so the holes filled up with chads, preventing new votes. Otherwise, the punch ballots weren't the worst option.
Sorry to geek out about this stuff. It was my thing for a while.
Plenty of idiots use an ATM and work with the financial system and all of its quirks without much issue, why would a blockchain-based system be any different?
It's not about using the system as an "user". It's about the fact that it bases democracy on principles which are way beyond the mathematical capabilities of 99%+ of the electorate!
I mean, if my government decides to use some crypto/blockhain magic, there is no way I can figure out if using hash algorithm H in a method X is valid choice or if it is a backdoor/negligence.
This is an issue which simply does not happen with paper ballots (backdooring these is of course possible, but really expensive especially at scale). The attack surface is easy to reason out, unlike with cryptography.
Maybe it does not matter though (and maybe I am afraid of mathematicians secretly taking over the world, ha!)
Accounting uses double entry (credits & debits), election administration does not. Compulsory voting could make election administration look more like accounting.
Blockchains explicitly remove privacy, whereas voting should be the Australian Ballot, aka private voting & public counting.
> Migrating elections to a technology one needs mathematics/CS PhD to understand
"Black box" abstraction is utilized everywhere in the world and has been a core part of many functional systems. That's a silly basis to dismiss any technology.
"Migrating elections to a technology one needs mathematics/CS PhD to understand just a part of from technology that can be understood by a middle schooler doesn't seem all that great."
I for one am quite happy that a migration from horse carriages, understandable by a middle schooler, to cars and trains has happened.
I don't have a position on using the blockchain for elections, I'm just not convinced by your point.
This probably means you're confused about what voting is for. Voting does not produce better results. What it does is give the voters confidence in the decision process. This confidence is damaged by difficult to understand technology. The boring paper ballot with an X on it is understandable to almost every citizen and so the legitimacy of results from that process is clearer.
Democracy is a good idea not because it results in good government, you have only to look around and see the hopeless incompetents elected around the world, but because it averts violent regime change. Why march on the capital with pitchforks when we can just vote for somebody else?
by 'blockchain-based' they mean, a normal election happened with traditional voting, and then some of the vote counters uploaded the tally of the votes they counted to a private blockchain
"The process, which aimed to prevent voter fraud in Sierra Leone, was powered by Agora, a blockchain voting solutions provider. The company used a permissioned blockchain to ensure that recorded data remained protected while also being transparent to the stakeholders, all of whom were given permitted access to the blockchain in order to tally the votes.
During the process, initial votes that are recorded on ballot papers are to be counted by neutral observers. The procedure, being watched by Agora, is the key step to entering that data on to the blockchain."
In cryptography, a ring signature is a type of digital signature that can be performed by any member of a group of users that each have keys. Therefore, a message signed with a ring signature is endorsed by someone in a particular group of people. One of the security properties of a ring signature is that it should be computationally infeasible to determine which of the group members' keys was used to produce the signature. Ring signatures are similar to group signatures but differ in two key ways: first, there is no way to revoke the anonymity of an individual signature, and second, any group of users can be used as a group without additional setup. Ring signatures were invented by Ron Rivest, Adi Shamir, and Yael Tauman, and introduced at ASIACRYPT in 2001.[1] The name, ring signature, comes from the ring-like structure of the signature algorithm.
Linkable ring signatures
[4] The property of linkability allows one to determine whether any two signatures have been produced by the same member (under the same private key). The identity of the signer is nevertheless preserved. One of the possible applications can be an offline e-cash system.
[link: https://en.wikipedia.org/wiki/Ring_signature]
If it's just electronic ballots recorded in a proprietary system by a private company, the system is as vulnerable as any other e-voting system.
If we were to properly distribute the process by running a public key database and giving each citizen a private key by which to sign a message in the blockchain casting their vote, it introduces a new and far more insidious problem: the system now provides a receipt for each vote that a malicious actor could use to reliably buy votes on a massive scale with complete automation: visit a website, use your private key to prove you voted for their candidate, receive a bitcoin payout.
"... electronic ballots recorded in a proprietary system by a private company..."
This is the second biggest threat to elections. And probably the most timely.
--
My tour of duty as an election integrity activist radically changed my worldview on these things. I previously thought the gear was the biggest problem.
Now I know that the biggest threat is disruption. While well intentioned, HAVA caused a lot of disruption. Resulting in no one knows what the rules are. Ditto the continuous ongoing "reforms". Like changes in voter ID laws, rules, procedures. Moving poll sites. Etc. Any changes that must be made should be done incrementally, methodically.
The second biggest threat is the privatization of our election administration. Like you observe. No private entity any where should be responsible for verifying eligibility, issuing ballots, counting votes. Election administration is the most fundamental function a democratic government performs, its prime responsibility. It must be performed by citizens working for the government to have any legitimacy whatsoever.
The third biggest threat to our elections is our form of voting. The USA's FPTP (winner takes all) elections are very brittle, intolerant of the inevitable margin of error. Much better, for both democracy and election administration, would be to use Approval Voting and Proportional Representation.
Yes, I still believe the gear we continue to use remains a big open untreated wound.
I think what actually happened is that no candidate won enough votes, so a runoff is required.
"The National Electoral Commission (NEC) declared a runoff after none of the 16 presidential hopefuls on the March 7 ballot paper secured the 55% needed to secure an outright victory."
Even when only 70% of the votes are counted, it should be pretty clear who got more votes than another. The problem in this case is that no candidate got a majority, so the top two will need to have a run-off election.
Some dictator will run the first blockchain-based death sentence via a distributed big data popular jury to guarantee a fair and auditable trial?
PS : forgot to mention this was a cloud based, severless solution developed by a scrum agile team while pair programming in a 6th generation language for extra scalability and safety.
I hope people there don’t automatically imply trust everytime they hear blockchain. If controlled by central authorities the blocks can be changed like text on a file.
1. Can it be said that the election was electronic?
If so, why is the headline saying they used blockchain and not elections was first time electronic. (I consider blockchain here only as implementation detail).
2. Could voters vote from home over wire or they had to come to some kind of booth that had electronic voting device in it?
It can be said that the election was electronic, however other countries have used electronic polling stations (notably the USA) and those have since been proven to be easily hacked and the results modified.
The headline here stating the use of blockchain is important because its the first election on the planet that has used the implementation and its an implementation that can't be modified without trace.
As for point two I have no idea, I am assuming it required people using voting booths but given the technology used, nothing is stopping it from allowing decentralized voting.
Found no description of how exactly people vote with Agora https://agora.vote/: do they come to a place and press a button or do they download an app(or go to a web page) and press a button?
Either way, I can't see how fraud is prevented even with a blockchain in place.
"blockchain-based election" is a bit of a stretch. A third party recorded part of the election results using a blockchain. The election itself was still a paper ballot.
Perhaps if the company had used Postgres to store the results there would have been an article called "Sierra Leone just ran the first RDBMS-based election"? Probably not, since relational DBs are not buzzword material.
In future, anybody with sufficient support can propose any change in legal system and have it backed up directly by individuals instead of elite parliamentary class. Will that happen ? That can remove whole election criteria.
There’s nothing technical preventing this today, or anytime before. What’s been lacking is the political will and the class consciousness to implement it.
Can someone explain to me how this works? Who are the miners? Where is the competition to mine blocks? How is the system distributed such that one entity can't back-propagate fabricated blocks into the chain?
In their whitepaper [1] they mention storing cryptographic proofs on the Bitcoin blockchain (Section 3). However they do not seem to specify what proofs exactly.
"Agora relies on voting administrators to select an identity management system and provide a mechanism to authenticate voters. At the same time, Agora intends to work with digital identity providers to provide governments and institutions with digital identity solutions
compatible with Agora’s voting system. We will place an emphasis on investigating solutions
compatible with the latest advances in digital identity technology, notably decentralized and sovereign identity solutions such as uPort [48] and Civic. [57]"
Does this basically mean authentication is centralized?
So, this is a great way for a major states to actually brute-force hack elections: have several millions of computers do proof-of-work for false ballot data.
Can anyone comment on specifics of how the Agora system used here work in practical terms? For instance do ballots have a QR code? How are the entered into the ledger at polling stations, etc?
I'm happy to see articles on the practical benefits of blockchains. I feel like they been drowned out by the media hysteria of cryptocurrencies lately.
Blockchain-based elections seemed inevitable but I never saw it coming from a national election proxy-ballot first. I thought maybe stockholders at an AGM for a blue-chip company would be the first large-scale example.
I don’t think anyone is saying blockchain tech is “tulip bulbs”. The concern is Bitcoin (an instance of blockchain tech), et al., are not all the proponents claim them to be.
I’m convinced the blockchain is here to stay. Bitcoin? Not so much.
Personally, I'm saying Bitcoin is tulip bulbs (or, in Sarah Jeong's excellent phrase, "math Beanie Babies").
The blockchain, on the other hand, I think is more like XML/XSLT: a really interesting technology that has almost no real-world use that couldn't be done more easily with some other technology. And that 15-20 years after its popularity will be similarly obscure.
I've been looking for years, but, digital speculative pseudo-commodities aside, I still have not found an in-production, value-delivering use of blockchain technology that couldn't be done as well or better with some more well understood technology.
XSLT is one of those things where an XSLT ninja can be super productive in transforming XML and do things much quicker than the coder using a general purpose language. But most of us don't use XSLT enough to get that good, so for most of us XSLT is harder than just coding something.
Kind of off topic, but just want to chip in to say that XSLT is awesome. The average programmer can learn it quite quickly. For me, the "killer application" for XSLT is screen scraping HTML. If you want to aggregate data that is spread across a whole bunch of websites, it absolutely rocks. It is especially good if your organisation uses a SaaS that doesn't give you access to an API. Even if you have an API, it is often an order of magnitude easier to do what you need to do in XSLT. Which reminds me, I've been meaning to generate burn down charts for Trello for a long time now...
But for those who don't know the history, the vision was that XML would be this amazing interchange technology, and XSLT would be used to transform the XML as needed between and within apps, without needing real programmers.
For example, I know of one top-10 website circa 2004 that had their Java programmers producing only XML output. Then, XSLT specialists would transform that into HTML for rendering.
In theory, this provided a clear separation between back-end and front-end programmers. In practice, it was a giant clusterfuck, because any real work required coordinated changes at multiple levels. Although in theory the front-end work was independent, the reality was absurdly convoluted XSLT trying to turn not-very-good XML into something that rendered well on screen. Nobody sensible does this today.
At the time, XML/XSLT was expected to be central to a new, better way of making software. But now it's a weird niche thing, because although it was technologically cool, it was not actually better for 99% of use cases.
I just noticed your reply now. That's really interesting, because I don't think that this was ever what XSLT was for. However, now that you mention it, the company I was working for thought the exact same thing. I thought it was just they who were crazy. I guess the idea was more wide spread than I realised.
FWIW, there was a time when many people (embarrassingly, even myself) who thought that XML was a good way to represent data in a language agnostic way (these days, JSON fills that void -- there are even people trying to recreate SOAP and CORBA with JSON ;-) ). I won't go into the details of that, but even now I can probably make a pretty convincing argument that it's a good idea (which is why people are trying to recreate SOAP and CORBA with JSON ;-) ). But the point is that once you have data in XML, it's kind of a PITA to parse it (well, JSON is slightly better off there). If I just want a subset of the data, or I want to take bits of it and insert it into a different XML data set it's quite a lot of code to write. XSLT was for that.
But where we agree is that XML is not a great way to represent data (and, jokes aside, while JSON is much better it's also being overused). So without XML, there is no need for XSLT. But given that HTML can often be parsed as XML, it's still really useful for its intended purpose: to extract and transform data.
However I have seen one neat use in a previous job. We we dealing with a crappy API from a vendor. Crappy because it was a weird XML format, partially specified by a DTD but did unexpected things.
So we created an XSLT for the XML returned by their API. .NET allows you to generate classes from XSLT, so now we had a handy way to parse the data and process it. If we made any mistakes in the XSLT, just fix and regenerate the code. If the build breaks fix up any issues. The strong typing end to end meant we knew we had most of the cases covered.
In my opinion, distributed ledgers and mutable blockchains based around trusted actors are business as usual and frankly not very interesting. Bitcoin could actually make everyone's life a little better. Isn't that what technology was meant to be?
actually a lot of people are saying that, mostly non-technical who have very little analogue for understanding why distributed consensus algorithms could have merit. I've been presented that analogy by several friends and my father, for instance.
I don’t think I’ve seen any of that, just a sense of weariness and disgust with their applications in cryptocurrency. I think that the raw excitement over blockchain tech has been damped from the initial fire, given the issues around scalability, but it still seems to enjoy a lot of respect. The problem is usually that like AI, “blockchain” just gets slapped onto a lot of dogs in an attempt to get money.
I wouldn’t confuse that with rejection of the blockchain tech, just the cynical implementations that have mostly emerged.
Call me a Luddite but I still don't see it. It's still effectively a good old database rebranded as "blockchain" to sound cool and innovative. The tools to do something like that have existed for a long time.
The big issue these days is that the word "blockchain" is so broad that it's almost meaningless. I'm sure cryptocurrency advocates see this election as a win for instance, but in essence what do cryptocurrencies and this voting architecture share besides this rather nebulous concept of "blockchain"? Clearly the election is neither trustless, nor particularly decentralized.
Blockchain is not "tulip bulbs" (cryptocurrencies might be). Blockchain is like "cloud computing", "web 2.0", "web scale" or "full stack". It's a fancy marketing name that doesn't mean much on its own.
Whether it's a valid PoC or otherwise, it reminds me how the US is mired in hyper-political arguments about voter fraud/Diebold machine issues when time could be spent genuinely looking for improved processes of election.
I think this is really cool. A trendy buzzword tech may bring more people to the polls, and the unforgable blockchain technology seems to have a use case here. I wonder how they prevent people from making multiple accounts. The fact that generally I find block chains slow, doesn't negatively affect this type of system. Great!
I don't think that decentralized voting is a good thing at all. Voting will lose its significance when a vote can be issued with barely more than just a click. Elections and votes will become increasingly meaningless and much more frequent.
Social interaction suffers greatly today, because of the success of Social Media, which was praised as a new and easy way to socially interact without going outside.
Blockchain might be the right choice of technology for the voting process, people still need to be obliged to go to the city hall to issue their vote, in person!
Don't worry; in the United States, it largely already has. Blockchain tech can't make it much worse.
>> people still need to be obliged to go to the city hall to issue their vote, in person!
Yeah, that's not ableist at all. Don't worry about those with limited transportation options. And piling tons of people into city hall will totally make people social again.... ???
The Swiss have very frequent votes, with direct votes on several issues 3 or 4 times a year. That’s in addition to electing representatives. Of course they are the oldest continuous modern democracy.
You could argue from the Swiss example that more voting occasions wouldn’t change the main issues of modern democracies, but it doesn’t seems to lower the importance of voting either, with a similar turn out that elsewhere.
(Also, a technical solution to constant voting and flexible, transferable delegation of voting power is the main goal of the fluid democracy movement.)
Back in Ron Rivest's 6.857 computer security class, we spent some time on electronic voting. If you're not careful to get the privacy right, you open up more opportunities for coercion.
With anonymous paper ballots, coercion can and does happen, but it basically requires physical control of the polling station / voting booth to pull off.
In this case, anonymized ballots are put on a blockchain. Hopefully the system is auditable, but provides no way for someone to prove which anonymized ballot serial number belongs to them. Otherwise, the thugs can come to your house and either beat you or pay you your bribe after forcing you to reveal how you voted.