Going from bad to worse: from Internet voting to blockchain voting
Voters are understandably concerned about election security. News reports of possible election interference by foreign powers, of unauthorized voting, of voter disenfranchisement, and of technological failures call into question the integrity of elections worldwide. This article examines the suggestions that “voting over the Internet” or “voting on the blockchain” would increase election security, and finds such claims to be wanting and misleading. While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures. Online voting may seem appealing: voting from a computer or smartphone may seem convenient and accessible. However, studies have been inconclusive, showing that online voting may have little to no effect on turnout in practice, and it may even increase disenfranchisement. More importantly, given the current state of computer security, any turnout increase derived from Internet- or blockchain-based voting would come at the cost of losing meaningful assurance that votes have been counted as they were cast, and not undetectably altered or discarded. This state of affairs will continue as long as standard tactics such as malware, zero day, and denial-of-service attacks continue to be effective. This article analyzes and systematizes prior research on the security risks of online and electronic voting, and shows that not only do these risks persist in blockchain-based voting systems, but blockchains may introduce ‘additional’ problems for voting systems. Finally, we suggest questions for critically assessing security risks of new voting system proposals. [...] # Critical questions This section provides a list of worthwhile questions that should be asked about any future online or blockchain-based election system proposal in order to better understand its security implications, before considering its adoption for high-stakes elections. Much of this list is inspired by previous examples of failures in Internet voting schemes [15, 20, 54, 56, 100], questions asked by experts involving past blockchain-based systems [7], as well as the survey of open problems E2E-V systems by Bernhard et al. [101]. This list is not intended to be comprehensive, as a short article like this cannot provide a complete guide to all of the issues that might be raised about “voting on the blockchain,” or electronic-only voting as a whole. First, the questions raised here relate to voting system security, rather than other important aspects of voting systems (e.g., usability, cost, accessibility, etc.). Second, security cannot be achieved simply by “passing a checklist” — even given good answers to all of the questions here, a system could still be insecure. However, a good set of questions illuminates gaps in reasoning, poor assumptions, and implementation problems. We believe that satisfactory answers to these questions are a worthwhile demand: a valuable starting point to evaluate voting system proposals, and a basic level of transparency to which the public is entitled. Continua, proponendo alcune OTTIME domande, su https://academic.oup.com/cybersecurity/article/7/1/tyaa025/6137886 Giacomo
Grazie Giacomo, è la versione su rivista di quanto anticipato a novembre scorso qua https://www.csail.mit.edu/news/mit-experts-no-dont-use-blockchain-vote Ciao, Enrico Il 11/03/2021 15:37, Giacomo Tesio ha scritto:
Voters are understandably concerned about election security. News reports of possible election interference by foreign powers, of unauthorized voting, of voter disenfranchisement, and of technological failures call into question the integrity of elections worldwide.
This article examines the suggestions that “voting over the Internet” or “voting on the blockchain” would increase election security, and finds such claims to be wanting and misleading. While current election systems are far from perfect, Internet- and blockchain-based voting would greatly increase the risk of undetectable, nation-scale election failures. Online voting may seem appealing: voting from a computer or smartphone may seem convenient and accessible.
However, studies have been inconclusive, showing that online voting may have little to no effect on turnout in practice, and it may even increase disenfranchisement. More importantly, given the current state of computer security, any turnout increase derived from Internet- or blockchain-based voting would come at the cost of losing meaningful assurance that votes have been counted as they were cast, and not undetectably altered or discarded. This state of affairs will continue as long as standard tactics such as malware, zero day, and denial-of-service attacks continue to be effective.
This article analyzes and systematizes prior research on the security risks of online and electronic voting, and shows that not only do these risks persist in blockchain-based voting systems, but blockchains may introduce ‘additional’ problems for voting systems. Finally, we suggest questions for critically assessing security risks of new voting system proposals. [...]
# Critical questions
This section provides a list of worthwhile questions that should be asked about any future online or blockchain-based election system proposal in order to better understand its security implications, before considering its adoption for high-stakes elections. Much of this list is inspired by previous examples of failures in Internet voting schemes [15, 20, 54, 56, 100], questions asked by experts involving past blockchain-based systems [7], as well as the survey of open problems E2E-V systems by Bernhard et al. [101].
This list is not intended to be comprehensive, as a short article like this cannot provide a complete guide to all of the issues that might be raised about “voting on the blockchain,” or electronic-only voting as a whole.
First, the questions raised here relate to voting system security, rather than other important aspects of voting systems (e.g., usability, cost, accessibility, etc.).
Second, security cannot be achieved simply by “passing a checklist” — even given good answers to all of the questions here, a system could still be insecure. However, a good set of questions illuminates gaps in reasoning, poor assumptions, and implementation problems. We believe that satisfactory answers to these questions are a worthwhile demand: a valuable starting point to evaluate voting system proposals, and a basic level of transparency to which the public is entitled.
Continua, proponendo alcune OTTIME domande, su https://academic.oup.com/cybersecurity/article/7/1/tyaa025/6137886
Giacomo _______________________________________________ nexa mailing list nexa@server-nexa.polito.it https://server-nexa.polito.it/cgi-bin/mailman/listinfo/nexa
-- EN ===================================================================== Prof. Enrico Nardelli Dipartimento di Matematica - Universita' di Roma "Tor Vergata" Via della Ricerca Scientifica snc - 00133 Roma tel: +39 06 7259.4204 fax: +39 06 7259.4699 mobile: +39 335 590.2331 e-mail: nardelli@mat.uniroma2.it home page: http://www.mat.uniroma2.it/~nardelli blog: http://www.ilfattoquotidiano.it/blog/enardelli/ http://link-and-think.blogspot.it/ ===================================================================== --
participants (2)
-
Enrico Nardelli -
Giacomo Tesio