16 January 2023
Blockchain Pilot Projects
The promise of blockchain technology has led governments across the world to launch research and pilot projects. South Korea spent the equivalent of 1.1 million US Dollars in 2022 on a group of researchers to explore blockchain based voting systems. Greenland started a similar research group, spending the equivalent of 0.5 million US Dollar. As the least densely populated territory on the planet, residents typically have to travel vast distances to vote, making an online solution especially appealing.
There is a range of for-profit companies already providing online election solutions, for example State Horizon, which has been piloted in small-scale elections and partnered with the governments of India and South Australia to audit the possibility of an online election system.
And back in 2018, the blockchain based application Voatz broke new ground when it ran a pilot in US federal elections. It was targeted at absentee voters and ran in West Virginia, Denver, Oregon, and Utah across federal, state, and municipal elections.
Voatz was the first blockchain-based voting system to be used in high stakes elections. Even before that, in 2016, it was used in leadership elections of both the Democratic Party and the Republican Party. Utah continued to use the system the 2022 general elections, directing the app towards absentee voters as well as disabled voters. The Philippines also tested the Voatz app in a trial run of an online election in 2021.
Decentralised, Transparent Elections with Blockchain
We introduced the concept of blockchain based voting in this article on the specific challenges of internet voting. Online elections constitute highly critical infrastructure, and blockchain presents a compelling solution to address the multitude of requirements. The two most prominent features of blockchain are its distributed nature and the immutability of information once committed to the chain.
Blockchain is a “distributed system” because it stores information on many different devices. This serves as a protection against hacks, and ensures that no one participant can manipulate the data. As long as the majority of peers are well intentioned, blockchain enables decentralized and transparent elections. Immutability is of course highly desirable for elections, as it prevents vote tampering. This is especially true when combined with end-to-end verification to allow voters to check that their vote was transmitted correctly.
However, blockchain as a technology is not formally defined, and any features depend on the specifics of a given implementation. Voting systems have been built on cryptocurrencies like Bitcoin and Ephereum, as well as dedicated blockchains created exclusively for voting, each designed to solve specific issues. Therefore, as with all technology, it is important to weigh each case independently.
Ongoing Security Issues
Voatz recently celebrated their 100th election, proving their product is suited to real world scenarios. However, there has been criticism of the system’s security. The app runs on proprietary software and doesn’t follow the open source standard, making it hard to assess how safe and robust it really is. When confronted with researchers’ questions before the first pilot, Voatz declined to provide answers, stating the need to protect their intellectual property. They also declined to provide proof about their security claims, including end-to-end verification.
Researchers from MIT meticulously reverse-engineered the app and found significant security risks. They discovered that malicious agents could gain private information or even change ballots before they were committed to the blockchain. With access to a voter’s device, a hacker could secretly alter a vote that had already been cast. Alongside these problems, attackers would have been able to interrupt target ballots based on their content.
The researchers were not able to fully assess the software, especially the server-side structure, since they did not have access to the code base. This type of assessment is referred to as black box assessment. The researchers criticized Voatz, as this lack of transparency undermines the integrity of the electoral process. Additionally, the app sent private information to third parties and did nothing to prevent voter coercion.
Voatz defended themselves, downplaying the outlined risks, and even reported another researcher to the FBI, for conducting dynamic analysis on the system, treating them as malicious actor.
In 2019, under pressure from the election security committee and representatives, Voatz partnered with the security assessment company Trail of Bits to perform a white-box test, giving them access to their code base. Trail of Bits provided an exhaustive report, confirming the risks outlined by the MIT researchers, as well as revealing new problems. They also found that Voatz was not end-to-end verifiable.
Trail of Bits stated that Voatz was competently programmed and the problems emerged from continuous development under time pressure, leaving large parts of the codebase under documented and undertested.
As a result of this report, West Virginia discontinued its collaboration with Voatz.
Current implementations of blockchain-based voting systems are ridden with problems. Some of these are errors resulting from the development process that have theoretical solutions. Some problems might be solved by specific implementations that open the system up to further weaknesses. And some problems haven’t even been solved by the academics.
Nonetheless, despite the concerns of experts, many countries are continuing to explore blockchain based internet voting.
One of the main hurdles facing blockchain-based election software is the issue of scalability. Since the system is distributed among many computers, all of which have to communicate each piece of information, the computational costs rise steeply with the amount of administrators. Estonia, the only country that has fully adopted i-voting, does not use blockchain. In October 2022, the journal Sensors published a review paper, examining the recent developments in scalability. The researchers stress the potential of blockchain technology for i-voting, but also outline multiple unresolved problems standing in the way of large-scale secure elections.