A key part of the America system of voting is that we use a "secret" ballot. This important to prevent vote buying and voter intimidation.
I like the rest of the proposal.
Right, it's important that no one else would be able to know how you voted.
Perhaps the election commission would also have a paper receipt with a different unique key.
Then both your receipt and the county's receipt would be necessary to locate your vote on the blockchain. Then vote verification could be restricted to the same level of privacy as when voting takes place.
It's not just vote buying, it's pressuring. If you don't want your employees to unionize, insist they vote for right-to-work laws. You don't have to insist very openly. Just take them out to drinks and mention the election in passing, see who voluntarily shows you their receipt on their phone, and prioritize them for bonuses and promotions.
How does this solve the problem? Previously, if I wanted to verify someone else's vote, I would need their SSN and Voter ID. Now I also need the county's receipt.
If someone would so readily hand over their SSN and Voter ID, what will stop them from handing over the county receipt?
Perhaps this could be combined with a zero-knowledge proof? From wikipedia[1] with context:
zero-knowledge protocol is a method by which one party (the voting machine) can prove to another party (the voter) that a given statement is true (their ballot was cast, untampered), without conveying any information apart from the fact that the statement is indeed true. ... the definition implies that the voter will not be able to prove the statement in turn to anyone else (a vote buyer/intimidator), since the voter does not possess the secret information.
We know how to make a simple, verifiable, understandable voting system: paper ballot, maybe with an electronic counter.
You can explain in about 30 seconds that the ballots shouldn't be individually identifiable, you have a record that is difficult to tamper with, etc.
How many people have a rigorous understanding of Zero Knowledge proofs? How many people would be able to audit the implementation of such a system?
The benefits that come from electronic voting are small, and we can get them in other ways. Why are people so eager to add so much complexity to such an important civic function?
I live in Colorado, where we recently (a few cycles ago) introduced nearly 100% mail-in voting. In my opinion, we should move the whole country to this system; participation will likely go up, lines for folks who show up on election day are manageable and there is significantly less human error when you don't have to rush it all in one day.
I agree that a blockchain solution may be overly complex, but I think the spirit of what they're after is in the right place.
The problem with mail-in voting is voter influence. When you vote at a polling place, you're guaranteed to be able to vote in a booth on your own, without other people or party advertising to influence you. With mail-in voting there's no way to stop voters' controlling spouse and/or cult leader from influencing their vote or even voting for them.
Yeah, there's a fundamental tension between secrecy and verifiability. The main way I've seen this resolved is immediate verification, eg displaying the vote in a paper receipt kept by the elections board for recounts.
This idea encrypts your ballot with your voter ID + some secret key that you know and creates encrypted data E. It, then, publishes a (E, your ballot) pair. Since only you can decrypt E, others won't know how you vote.
A third party can now pressure you to produce your secrets to verify who you voted for. This is not possible in the current system: as long as the final tally reports at least 1 vote for the person you claim to have voted for, no one can prove your claim wrong.
"$5 off your next purchase if you can produce a receipt for candidate X!"
"You must vote for X if you wish to join my organization."
Some states in US allow you to take a photo of your ballot. This means they can already do the things you mention. But they don't, because it is illegal. It will continue to remain illegal.
If you are very worried about such a scenario, verify that your vote is on the blockchain, then destroy your receipt.
The fact that a receipt exists means that you can be pressured to provide it. If my boss wants me to vote for pro-business-owner anti-union candidates, he's not going to take "Yeah I promise I voted for your guy, but I destroyed my receipt" for an answer.
I don't really buy "it's illegal" as a counterargument. There are a lot of things employers pressure their employees to do that are illegal, but the employees don't really have the ability to do anything about it, because they're taking a risk on the legal system working out for them, and in the meantime they'll probably lose their job and be known as an employee who litigates against their employers. As a wise man once said, if you're a single-digit millionaire, you have no effective access to our legal system.
But doesn't this protocol make it impossible to prove what your secret key is? i.e. there are multiple (user-derivable) keys that look valid, as in deniable encryption?
(And I'm sure everyone's in agreement with the importance of making the ballot secret.)
There's a lot of academic work in this area, some of it going back 20 years. The keyword to look for when searching for papers is "receipt-free" voting.
Perhaps the election commission would also have a paper receipt with a different unique key.
Then both your receipt and the county's receipt would be necessary to locate your vote on the blockchain. Then vote verification could be restricted to the same level of privacy as when voting takes place.