Thursday, August 9, 2018

#77: Why security experts hate the idea of “blockchain voting”

Cart before horse
MIT Technology Review
Sponsored by Oracle
Chain
Letter
Blockchains, cryptocurrencies, and why they matter
08.09: Cart before horse

Welcome to Chain Letter! Great to have you. On Thursdays we take a closer look at one key concept in the world of blockchains and cryptocurrencies. Feel free to suggest topics you think we should discuss in the future.

Voting in West Virginia just got a lot more high tech—and experts focused on election security aren’t happy about it.

This fall, the state will become the first in the US to allow some voters to submit their federal general election ballots using a smartphone app, part of a pilot project primarily involving members of the military serving overseas. The decision seems to fly in the face of years of dire warnings about the risks of online voting issued by cybersecurity researchers and advocacy groups focused on election integrity. But even more surprising is how West Virginia officials say they plan to address those risks: by using a blockchain.

The project has drawn harsh criticism from election security experts, who argue that as designed, the system does little to fix the problems inherent in online voting. 

We first heard of the West Virginia pilot in May, when the state tested a mobile app, developed by a startup called Voatz, during primary elections. The test was limited to overseas voters registered in two counties. Now, citing third-party audits of those results, officials plan to offer the option to overseas voters from whole state. Their argument is that a more convenient and secure way to vote online will increase turnout—and that a blockchain, which can be used to create records that are extremely difficult to tamper with, can protect the process against meddling.

But that premise has been controversial from the start. After two fellows from the Brookings Institution penned an essay praising West Virginia for pioneering the use of blockchain technology in an election, Matt Blaze, a cryptography and security researcher at the University of Pennsylvania, pushed back hard. It’s not that blockchains are bad, said Blaze, who testified (PDF) before Congress last year on election cybersecurity. It’s that they introduce new security vulnerabilities, and securing the vote tally against fraud “is more easily, simply, and securely done with other approaches,” he said.

Blaze and many other election cybersecurity experts oppose online voting of any kind because, they feel, it’s fundamentally insecure. Although a number of countries have embraced the practice, in 2015 a team of cryptographers, computer scientists, and political scientists looked closely (PDF) at the prospect of internet voting in the US and concluded that it was not yet technically feasible. Protecting connected devices against hacking is hard enough, and, even if that could be achieved, developing an online system that preserves all the attributes we expect from democratic elections would be incredibly difficult to pull off.

The Voatz system uses biometric authentication to identify individual users before allowing them to mark an electronic ballot, and the votes are then recorded in a private blockchain. The company says that in a general election pilot, its system will use eight “verified validating nodes,” or computers (all controlled by the company) that algorithmically check that the data is valid before adding it to the chain.

The system isn’t so much a blockchain-based app as it is a mobile app with a blockchain attached, says Marian K. Schneider, president of Verified Voting. The blockchain can’t protect the information as it travels over the internet, and doesn’t guarantee that a user’s choices will be reflected accurately. “I think they’ve made a lot of claims that really don’t justify any increased confidence in what they are doing versus any other internet voting system,” Schneider says.

Sponsor Message

e1b3a91d-61f6-47bf-a264-97a311c01dce.png

May/June 2018 - The Blockchain Issue

08560ab6-6bcb-4f8c-bb05-5eff9e322120.png

The future of blockchain, cryptocurrencies and whether ICOs can be truly useful; a graphical guide to blockchain and an examination of why there are so few women in this new technology; these are just a few of the topics we examine as we look beyond the hype in our May/June digital edition of MIT Technology Review. made free courtesy of @Oracle

Free download courtesy of Oracle

Loose Change

Fill your pockets with these newsy tidbits.

IBM and Maersk say they’ve convinced 94 organizations to participate in a blockchain platform meant to improve the efficiency and transparency of the shipping industry. (Reuters)
Startup Audius has raised $5.5 million in venture capital to develop a blockchain-based competitor to SoundCloud. (TechCrunch)
The SEC will decide whether to approve several Bitcoin ETFs during the next two months. (CoinDesk)
Mentions of “blockchain” during corporate earnings calls are on the decline. (Quartz)
Japan’s financial regulators have announced plans to impose more strict rules on speculative cryptocurrency investments. (Finance Magnates)

Wishing you could pick the brains of the most brilliant minds in technology?
 

Network with senior-level business and technology decision makers who drive the global innovation economy. Secure your seat today!

The Money Quote

The narrative of democratization has hit quite a few snags—no question about it.”

— Lex Sokolin, global director of fintech strategy at London-based Autonomous Research. Enthusiasts argued that public initial coin offerings would democratize the traditional venture funding system, which is dominated by wealthy investors. But instances of fraud and increased regulatory scrutiny have led many coin issuers to instead focus on private sales to accredited investors. (Bloomberg)

Mike Orcutt
We hope you enjoyed today's tour of what's new in the world of blockchains and cryptocurrencies. Send us some feedback, or follow me @mike_orcutt.
Know someone who might enjoy reading Chain Letter?
Forward this email
Was this forwarded to you, and you'd like to see more?
Sign up for free

Discover the emerging tech that will change the world.

Attend EmTech 2018
September 11-14, MIT Media Lab
Cambridge, MA

Register Now
You received this newsletter because you subscribed with the email address: contacto1745.send-mail@blogger.com
edit preferences   |   unsubscribe   |   follow us     
Facebook      Twitter      Instagram
MIT Technology Review
One Main Street
Cambridge, MA 02142
TR