internet voting safe andy c

The appeal has been strong enough for countries from Switzerland to Canada and India to Scotland to explore it. The key question is; would we be able to trust the election result?

It is not so long ago that everyone filed paper tax returns and you don’t have to go much further back to a time when internet banking was still novel. Electronic voting has been around for a number of years too but hasn’t gone mainstream yet, with one exception; Estonia.

The small nation has used e-voting since the 2005 local elections and 2007 general election. It’s a fixture now and nearly a third of votes are cast that way; quite an achievement. However, there are vulnerabilities in the system, according to J. Alex Halderman, Professor of Computer Science & Engineering, University of Michigan, who was part of a team of election observers in 2013.

The team was invited by the Tallinn city authorities, which was in opposition nationally, so some controversy was inevitable and duly arrived. Suffice to say that while there isn’t evidence of fraud in Estonian elections to date, that isn’t necessarily the same thing as saying there hasn’t been any.

The enabler in the Estonian system is a smart ID card which stores a voter’s private cryptographic keys. Last year, these cards were found to be vulnerable, with a flaw in the chip. Halderman explains that a sophisticated attacker would have been able to reverse engineer the keys. Estonia scrambled to fix the problem. As Halderman points out, they “lucked out” with the timing, being comfortably clear of elections.

Estonia’s system has a chain running from voting device to counting server, with potential threats along the way. For example, an individual’s device might have malware on it, which could either record who the person voted for. At the other end of the voting chain and on a much greater scale, a denial of service attack could prevent an election going ahead on schedule. There are age old problems like coercion of voters and new ones like fake web sites. So what could blockchain actually do to improve the process?

Not that much, according to Halderman. He says there are “misconceptions about blockchain’s applicability to internet voting” but does believe that the “technology can be useful to address a small but important part of the problem.

“Where blockchain is useful is in creating a global, public ledger that can record encrypted ballots, publicly visible to make sure they are not retroactively changed.”

Halderman is happy to concede that internet voting has niche applications, such as an election for the leadership of a small union. Blockchain-based voting has been used in the “fan vote” for the 2017 Rock and Roll Hall of Fame and by Republican Party members in Utah during the last presidential primary.

The stakes in a general election are far higher and Halderman is adamant that internet voting is a decade or more away from being safe. “The balance of power between attackers and defenders needs to tilt towards defenders.” Blockchain can play a part but it isn’t “anywhere near enough. Maybe in the long term, as part of a solution.”

“Estonia has been an interesting experiment. I worry it’s on a collision course with global cyber attacks”. A few years ago, attacks, including state-sponsored ones, were spy novel stuff. Now they are a daily reality. “I’ve come to have a deep respect for the problem” he concludes wryly.

There are many companies and many nations working towards internet voting. Bitloco will explore some of these in the near future.