Paper Ballots: More Secure Than E-voting or Blockchain

A brace of experts opined at the weekend that voting using paper ballots is best. Letting computers help is bound to lead to trouble, they both say—independently of each other, it seems.

But even the U.S. Postal Service is trying to add technology. In this case, using a blockchain for authentication and tamper-proofing. But yet more experts say that’s a dumb idea, too.

Keep it simple, stupid! In today’s SB Blogwatch, we K.I.S.S. and make up.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Pond⅕.


Vote Early, Vote Often

What’s the craic? Yueqi Yang reports—“Paper Ballots Are Still the Safest Way to Vote”:

 The looming threat of foreign interference in the U.S. election process hinges on electronic systems to tally votes. One expert says many of the threats are mitigated with a return to paper ballots.

Election voting is the cybersecurity industry’s most difficult challenge, and casting ballots on paper is the safest option against any digital disruptions, says … Dmitri Alperovitch. [He] said he hasn’t seen evidence of Russian hacking into campaigns or political organizations and leaking information so far this year. [But] he warned of “influence operations” by China, Iran, and Russia.

The number of Americans voting by mail is expected to jump this year because of the coronavirus pandemic.

And Teresa Lawlor and Karen Miller pour over more expert sauce—“Relying on electronic voting machines puts us at risk”:

 How do we make elections secure? Try paper. Professor J. Alex Halderman … explains why.

There’s been a lot of attention on Russia’s efforts to use social media to influence the 2016 election, but their interference didn’t end there. Halderman says that Russia probed the electronic election infrastructure of all 50 states and successfully gained access to several voter registration systems.

Subsequent investigations found that they did not manipulate registrations or votes, [but] they may have had the capacity to do so. … “[It was] because Vladimir Putin decided not to pull the trigger,” says Halderman. “And that’s what really worries me: … The technology still isn’t there to guarantee that they won’t be able to do damage in 2020.”

“If Russia or other attackers can break into a state’s election management system, they can spread malicious software to voting machines throughout that jurisdiction, and potentially change all of the digital records. That’s the threat that really keeps me up at night.”

He [says] machines that are entirely paperless [are] the most vulnerable to hacking. … Paper ballots are elections’ “physical fail-safe.”

It’s all polarized though, right? Mark Joseph Marks’ words—“The Cybersecurity 202”:

 At Democrats’ online convention … delegates will cast ballots by email on a handful of issues. … That mildly increases the risk that hackers or technical snafus could undermine the voting process, but it protects delegates from the virus.

By contrast, while Republicans’ convention next week will be dramatically scaled down, all of the voting will happen in person at the Charlotte convention site with a maximum of 336 delegates. In some cases, the party will allow the delegates in Charlotte to cast [proxy] votes.

Convention voting security is important to signal Americans are able to vote safely. The topic of election security is likely to play an outsize role in both conventions.

But isn’t blockchain the fix for all ills? Enter Jason Brett—“U.S. Postal Service Counters … Attacks On Mail-In Voting With A New Blockchain Patent”:

 The U.S. Patent and Trademark Office [last week] made public a patent application from the USPS titled ‘Secure Voting System’ that describes using blockchain technology. … Complaints against mail-in voting [include] whether or not the person whose name is on the ballot actually cast the vote, and whether or not the ballot was tampered with after it was sent. In both instances blockchain offers tantalizing possible solutions.

“A voting system that can use the security of blockchain and the mail to provide a reliable voting system. A registered voter receives a computer readable code in the mail and confirms identity and confirms correct ballot information in an election. The system separates voter identification and votes to ensure vote anonymity, and stores votes on a distributed ledger in a blockchain.”

The USPS Office of Inspector General (OIG) encouraged the Post Office to start looking at the benefits of blockchain technology back in 2016. … The Postal Service is not alone in exploring the benefits of blockchain technology when it comes to voting – the U.S. Senate’s Permanent Select Committee on Investigations issued a report earlier this year that recommended blockchain technology for potential use in votes by Congress.

The Postal Service had no comment at the time of publication.

It’s a terrible idea, say some researchers. Fr’instance, Sunoo Park et al—“Going from Bad to Worse: From Internet Voting to Blockchain Voting”:

 Voters are understandably concerned about election security. News reports of possible election interference … unauthorized voting … and of technological failures call into question the integrity of elections worldwide.

[But] the suggestions that “voting over the Internet” or “voting on the blockchain” would increase election security [are] wanting and misleading. … Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures.

Online voting systems are vulnerable to serious failures: attacks that are larger scale, harder to detect, and easier to execute than analogous attacks against paper-ballot-based voting systems. [Those] security risks … not only persist in blockchain-based voting systems, but blockchains may introduce additional problems.

New technologies should be approached with particular caution when a mistake could undermine the democratic process. … Elections are high-value targets for sophisticated (nation-state) attackers, whose objective is not fraudulent financial transactions but changing or undermining confidence in election outcomes.

Any system that is electronic only, even if end-to-end verifiable, seems unsuitable for political elections. … In particular, blockchain voting systems are still vulnerable to serious failures, and the … consensus guarantees of blockchains do not prevent serious failures. … Additional complexity means more likelihood that things will go wrong.

It’s complicated. Or soo saiis aoowii:

 Another thing I think is worth working on is educating people on what blockchain actually is. … I think paper voting works primarily because people know and trust how the votes are counted and how they get to the counters.

It’s near impossible to rig or suppress a physical election without a lot of effort, but one person can DDoS an entire network and no one can vote and the whole election needs to be scrapped. … Not even the strongest cryptographic or software systems are free from exploits … and there’s no way to be sure the open source code for the system is the same code actually being served on the system.

Such words. Many opinion. Wow. LenKagetsu cuts to the chase:

 Anyone who tries to “modernize” … something as simple and straightforward as “Take a ballot, tick your preferences, and place in the ballot box for counting” is up to no good.

Nothing to see here? barbegal lives in a barbeworld:

 You could easily replace the word Blockchain … with the word database and it would all still make sense.

Merkle trees were invented 40 years ago. The interesting part about cryptocurrency based Blockchains that makes them unforgeable is that they contain proof of work.

Without proof of work Blockchains are easily forgeable. … The jury is still out on proof-of-stake blockchains like Casper.

But ewibble reminds us it’s really about scale:

 The reason paper voting is safer is not that you can’t defraud the system—you can, easily—[but] because no single person can perform a fraud that can have any significant effect on the election. I would need a mass conspiracy in order to carry out anything with any real impact.

Wait. Pause. Why hasn’t anyone mentioned Estonia yet? sebmellen mentions Estonia: [You’re fired—Ed.]

 My whole startup is built on blockchain, and I’m an Estonian e-Resident (Estonia allows their citizens to vote digitally), so I find blockchain voting fascinating.

This is a very cool idea: combining the USPS vote-by-mail infrastructure with a blockchain layer … on top, used mainly to provide anonymous provenance. We’ll see if this ever gets implemented, but I think it’s a great example of the non-hype uses for blockchains being explored.

Meanwhile, quonset wonders if we’re attacking the wrong problem:

 We’re still using the same system of voting wherein the person who receives the most votes may not win. How about we progress beyond that?

And Finally:

Do you hate stock footage? Enjoy this video:

Hat tip: Andrea James

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Element5 Digital (via Pexels)

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 595 posts and counting.See all posts by richi