|
Disclaimer: In no way do I claim to be an infosec engineer, security expert, elections expert or any kind of expert that is relevant for this discussion. My knowledge limits itself to distributed systems, cryptography and development in general as a software engineer and elections as a voter. From the point of view of a voter, I can summarize what I care about in an election as follows: - My vote is counted in the final tally ("verifiability") - Every vote counted was cast by an eligible citizen, with no duplicates (validity & uniqueness) - Every vote cast was properly counted into its correspondent candidate tally (integrity) - The final count results from the sum of all the votes that meet the above requirements Now, paper ballets do all of this pretty well. But I should stress the "pretty" part, as plenty of shenanigans can happen at a local level that put these properties at risk.
The thinking goes that since voting, especially in the US, is pretty decentralized, the final tally ends up trending towards a true result. Also, records are kept so that if the results are put into question, they can be verified.
However, that has not stopped elections from being rigged in many parts of the world. In fact, even in the US this has happened previously [1], albeit not public elections per-se (but still politically-relevant ones). Now, I'm not saying that the magical blockchain can fix all of this. Clearly, when it comes to validity, things can quickly get increasingly difficult to tackle. For instance, proving your citizenship provides a single point of failure vulnerable to government malfeasance if such is desired. If a government entity is responsible for issuing voting rights, they can simply make up a law or straight up strip you of your voting rights, therefore censoring you. I would tackle this by making voting an inalienable right, but clearly that is not the case in some countries (e.g. felony disenfranchisement in the US and other places).
Another problem is the recovery of lost/stolen/phished voting "keys"/id (in a hypothetical blockchain environment). I would tackle this with a revoke/reissue mechanism, but again, the central entity that can revoke and reissue a key/id for you can be a point of failure. So clearly blockchain does not fix everything. Now there are some things that I believe "the blockchain", or some system that is "cryptographically" secured and verifiable, can help. Mainly, in the insurance of the integrity and uniqueness of the vote and the final tally. I would love to be able to check, if I had the private key, that my vote counted towards a particular candidate/party, whilst retaining my voting privacy. In this particular use-case, there are concerns of stolen keys being used to lookup voting histories, but I much rather tackle this problem than simply disregard such a system altogether. Clearly, there is a level of trust that I have to have on the current top brass at my local institutions if I want to cast a vote to throw them out. I'm simply not confortable with paper ballets in such instances, although I obviously prefer them to "voting machines" that have no devised threat model whatsoever. I know cryptocurrencies have created a space that relishes on get-rich-quick stories, scams, buzzword parties and other sad sights, but I like to always chose the cautious path of not throwing the baby out with the bathwater. To extend the saying, we might need both the baby and the bathwater badly in the future... [1] - http://www.sun-sentinel.com/local/broward/fl-sb-broward-elec... |