Elections, Blockchain Voting, Election2020

As media outlets waited to announce a winner until the Saturday following the U.S. presidential election, calls for how blockchains would have made this process easier emerged, most prominently perhaps by  Changpeng Zhao, CEO of Binance, as well as Vitalik Buterin, who added that, though there are technical challenges, the call for a blockchain-based, mobile voting app “is directionally 100% correct.â€

A new report from MIT, however, strongly argues against the idea of blockchain-based e-voting, largely on the basis that it will increase cybersecurity vulnerabilities that already exist, it fails meet the unique needs of voting in political elections and it adds more issues than it fixes. 

The report’s authors are Ron Rivest, MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) professor and one of the creators of RSA encryption; Michael Specter; Sunoo Park; and Director of MIT’s Digital Currency Initiative (DCI) Neha Narula. The paper will be published in the Journal of Cybersecurity later this month. 

“I haven’t yet seen a blockchain system that I would trust with a county-fair jellybean count, much less a presidential election,†said Rivest in a blog post accompanying the report.

Why online voting isn’t like digital banking

The report recognizes the desire for people to want the voting process to be faster and more efficient, but pushes back on the idea that just because we do things like shop or bank online, that means elections should be done in the same way.

One reason is that those systems have “higher tolerances for failure.†For example, if an issue were to occur, such as credit card fraud, you could block your card and a bank might even reimburse you. But when it comes to election, there is little remedy if a vote is altered or not delivered, particularly given that online voting systems might not always recognize when one of these actions occurred.

Read more: Overstock Touts Voatz ReBlockchain Voting App as Solution to US Election Fracas

Another is that anonymity, or at least detaching the way you voted from your identity, is an important part of any electoral process. While a bank or shop can offer you a receipt, proving you did something to detect or prevent fraud, with voting, it’s important no such receipt exists so votes can’t be coerced or sold.

“For elections there is no insurance or recourse against a failure of democracy,†Rivest says. “There is no means to ‘make voters whole again’ after a compromised election.â€

And the cybersecurity issues are numerous.

Issues with cybersecurity in online voting

One issue with online voting is that it opens itself up to attacks that are both scalable and undetectable.

In terms of scale, according to the report, a zero-day Android vulnerability only cost $60,000 to acquire in 2012. A zero-day vulnerability is a security flaw that is known about but for which a patch isn’t yet available.

The authors estimate that testing and weaponizing such a vulnerability would increase the associated costs by two orders of magnitude, meaning an election exploit could cost $6 million. While that may seem like a large sum, it’s little for a nation-state adversary, especially in comparison with the roughly $768 million that was spent on the 2016 U.S. presidential election. This makes a scalable attack on an election system attractive, in terms of getting a bang for your buck. 

Such an attack could also be undetectable, resulting in large numbers of votes being exploited. This is, in part, due to the number of vendors and devices that would have to be involved.

“Voting system flaws might be introduced by the voting software vendor, the hardware vendor, the manufacturer or any third party that maintains or supplies code for these organizations,†reads the report. 

“A voter using a phone to vote depends not only on the phone vendor, but on the hardware companies providing drivers for the device, the baseband processor, the authors of third-party code in the voting software, the manufacturer of the physical device and the network or any other systems that the device relies upon to cast the vote.â€

No concrete solutions to non-hypothetical problems

Even important tools like encryption don’t offer a concrete solution. While encryption does offer some protections, it doesn’t prevent system bugs. Plus, implementing it is difficult, not to mention there are numerous examples of flaws in a system allowing cryptographic protocols to become compromised.

These concerns aren’t just hypotheticals. The report notes that  electronic-only voting devices at polling stations used in Georgia and Maryland, for example, have previously been shown to be vulnerable, and internet voting systems in cities like Washington, D.C., and countries including Estonia and Switzerland were found to be vulnerable to serious failures. 

Read more: Downvoted: Security Researchers Slam Voatz Over Stance on White-Hat Hackers

For comparison, tried-and-true methods such as mail-in ballots make a large-scale attack on them incredibly difficult to conduct with any ease because of substantial friction points, like needing physical access to the ballots. 

When asked whether there were lessons the U.S. could take from other countries when it comes to voting online, an MIT CSAIL spokesperson said, “None that are positive. Online voting systems will suffer from major vulnerabilities for the foreseeable future, given the state of computer security and the high stakes in political elections.â€

The arguments for blockchain-based voting – and why they don’t hold up

The report lays out a number of arguments that have been held up by blockchain proponents. These include using coins as votes, using a permissioned blockchain and employing zero-knowledge proofs for secret ballots. 

Voting with coins

Coins as votes is one model the report identifies as problematic. In it, a registered voter has a public/private key pair created by the voting authority, with each voter sending their public key to the voting registry.

“Then, the voter registry spends one coin to each public key. To vote, each user spends their coin to the candidate of their choice. After a period, everyone can look at the blockchain, total up each candidate’s coins, and select the one with the most coins as the winner,†reads the report.

Read more: Trump’s Post-Election Purge Reaches US Cybersecurity Agency

The issue here is that it doesn’t provide a secret ballot – all the votes are on a public blockchain. It also relies on users being able to get their votes on the blockchain in a certain amount of time, something that could be compromised through distributed denial-of-service attack, making the network unavailable to users.

An adversary could drive up transaction fees on a public blockchain, further hampering the “vote.†Or the blockchain could be compromised if a majority of the miners or validators collude, creating multiple versions of the blockchain.

Finally, it relies on private key management, something that is user-dependent and, as cryptocurrencies have shown, something people are often bad at implementing.

Permissioned blockchains

Another proposal the report challenges is using a permissioned blockchain. A permissioned blockchain is one in which a central actor approves who can be a part of it. There is also usually a control layer that governs what actions participants have permission to perform.

Like voting with coins, use of this strategy would still suffer from key management vulnerabilities. Furthermore, permission parameters would also keep users from reading the blockchain to verify their votes were counted in order to preserve the secrecy of people’s votes.

A permissioned blockchain would also likely run on a smaller number of servers, with most of them running the same operating system, meaning it would be easier to compromise.

Zero-knowledge proofs

A final proposal that MIT examines is the use of zero-knowledge proofs (ZKPs). ZKPs are a cryptographic technique that allows two parties on the internet, such as an app and a user, to verify information with each other without sharing the underlying data related to this information. This would seemingly help ease the tension between secrecy and making a vote publicly verifiable.

But the report notes that, aside from the potential bugs in ZKPs and challenging cryptographic processes, it also doesn’t prevent physical monitoring by “coercers or vote buyers.â€

Additionally, the report argues that “zero-knowledge proofs are designed for a setting where the party with secret information wants to keep it secret (that’s why they’re using zero-knowledge proofs) – they generally do not prevent that party from revealing information voluntarily.â€

Read more: ‘Snake Oil and Overpriced Junk’: Why Blockchain Doesn’t Fix Online Voting

A final and fundamental concern about any digital processes such as these, however, is that they rely on various vendors, hardware and software, all of which add additional complexities and likely vulnerabilities to the voting process.

“The biggest issue is that blockchain-based approaches require that voters use software in which a single bug could undetectably change what they see – for example, showing them that their vote was cast for a certain candidate when it actually wasn’t,†said a MIT CSAIL spokesperson. “Blockchain is ripe for situations where election results could be changed in ways that are undetectable, or, even if detected, would be irreparable without running an entire new election.â€

The report also plays up that elections have stakes beyond just losing money, as would be the case if these online voting tools were compromised in regards to cryptocurrencies.

Blockchain has lots of potential, just not for actual voting

The report notes it isn’t addressing voting within a blockchain, such as EOS holders voting for validators in consensus networks, or Augur users using REP to vote on contract outcomes. These may fulfill some aspects of voting, but don’t map onto the system of political elections well, and leave many vulnerabilities that can’t be accounted for. 

The report also recognizes it’s focusing on voting, not areas such as voter registration management or auditing.

In conclusion, the report notes that blockchain and online voting don’t address fundamental security concerns; instead, they introduce more vulnerabilities than are present in current in-person and mail-in ballot systems.

“If vote-casting is entirely software-based, a malicious system could fool the voter about how the vote was actually recorded,†said Rivest in an accompanying blog. “Democracy – and the consent of the governed – cannot be made contingent on whether some software correctly recorded voters’ choices.â€

Du lịch nhật bản, hướng dẫn du lịch Nhật và đánh giá địa điểm Nhật Bản Japan travel news, japan travel guides, japan holiday destinations and japan reviews

RELATED NEWS

Election Candidates in Russia to Disclose Crypto Investments, New Bill Suggests

A new bill obliging candidates running for election in Russia to declare their spending on digital assets has hit the floor of the State Duma. According to the draft, Russian politicians will be required to disclose details about every crypto purchase they and their families make, if the total exceeds a certain amount. Candidates to […]

Xem chi tiết: Election Candidates in Russia to Disclose Crypto Investments, New Bill Suggests

First Mover: Bitcoin Hits Record as `Blue Wave’ and `Kimchi Premium’ Look Bullish

Bitcoin (BTC) rose for a second day, surging to a new all-time high price of $35,751, based on CoinDesk’s Bitcoin Price Index. The jump came as votes were tallied from Tuesday’s special U.S. Senate runoff elections in the state of Georgia, where Democrats appeared on the cusp of gaining two seats that would deliver President-elect […]

Xem chi tiết: First Mover: Bitcoin Hits Record as `Blue Wave’ and `Kimchi Premium’ Look Bullish

Concordium Debuts its Business-Oriented Blockchain Mainnet

After years of development, Concordium has unveiled its permissionless blockchain and MVP that is designed to meet the needs of enterprises by delivering transparency and governance, all with an orientation towards protecting user privacy. Identity-Centric Network to Promote Broader Business Adoption Although blockchain’s novel characteristics are not in dispute, corporate adoption of distributed ledger technology […]

Xem chi tiết: Concordium Debuts its Business-Oriented Blockchain Mainnet

Doge in Brooklyn: A Local Apparel Store Starts Accepting the Famed Crypto

On the heels of the SpaceX announcement that the company accepted dogecoin as payment, an apparel store on Brooklyn’s colorful Flatbush Avenue took the jump as well into the deep, cold Doge waters. Brick-and-Mortar Is Another Brick in the Crypto Adoption Wall Crypto adoption has been widely and thoroughly discussed in the media and on […]

Xem chi tiết: Doge in Brooklyn: A Local Apparel Store Starts Accepting the Famed Crypto

Iran’s President Wants Crypto ‘Laws and Instructions’ Implemented as Soon as Possible

Iranian president Hassan Rouhani discussed cryptocurrencies at the most recent meeting of the government’s Economic Coordination Board and told participants that regulatory policy is needed to protect consumers. Rouhani believes the Iranian government should “communicate the necessary laws and instructions†as soon as possible so dishonorable crypto businesses are avoided. Regulation Necessary to Keep ‘Unprofessional’ […]

Xem chi tiết: Iran’s President Wants Crypto ‘Laws and Instructions’ Implemented as Soon as Possible

South African Court Submissions Expose Lies and Deceptive Tactics Used to Perpetuate MTI Bitcoin Ponzi Scheme

New submissions by a South African regulator, the Financial Sector Conduct Authority (FSCA) and liquidators have exposed the web of lies and deceptive tactics that were used by Mirror Trading International (MTI) CEO Johann Steynberg and others to perpetuate the Ponzi scheme. Undeclared Losses In its report filed with the South African court, the regulator […]

Xem chi tiết: South African Court Submissions Expose Lies and Deceptive Tactics Used to Perpetuate MTI Bitcoin Ponzi Scheme

Denmark to Revise Tax Law to Target Cryptocurrencies

The Danish tax ministry is reportedly mulling over revising the country’s tax law to deal with the challenges posed by cryptocurrencies. Denmark’s tax authority is concerned about the rising risk of fraud and widespread filing errors involving cryptocurrencies. Denmark to Revamp Tax Law to Deal With Cryptocurrency Denmark is considering revamping its tax code in […]

Xem chi tiết: Denmark to Revise Tax Law to Target Cryptocurrencies

Report: Document Shows Specific Bitcoin Miners in Xinjiang Instructed to Shut Down

An official notice stemming from the Changji prefecture government in Xinjiang details that officials from the Zhundong Economic-Technological Development Park must instruct bitcoin miners to shut down. China’s province of Xinjiang is a highly concentrated region of bitcoin miners and bitcoin activities at the park must cease by June 9, according to the document. Nevertheless, […]

Xem chi tiết: Report: Document Shows Specific Bitcoin Miners in Xinjiang Instructed to Shut Down

$160 Billion Asset Manager Entering Crypto Market in Collaboration With Nasdaq

Coinbase Says Interest From Pension Funds and Hedge Funds Has Skyrocketed, Institutional Holdings Soar 170%

Hong Kong to Connect Digital Yuan With Domestic Payments System in Cross-Border Trials

Mystery Whale Returns by Moving $35 Million — Miner Transfers 1,000 ‘Sleeping Bitcoins’ from 2010

The First DeFi & NFT Social Media Project, Torum Announces NFT Launchpad

Uganda Museum Collaborates With Software Development Firm to Create NFTs for Display on Binance Marketplace

Warren Buffett’s Berkshire Hathaway Invests in Bitcoin-Friendly Digital Bank

Commodity Strategist Mike McGlone Says $40K BTC Target ‘More Likely’ Than $20K