THE DIGITAL GOLD RUSH
The week of January 11, 2015
bitcoin_voting

Can Bitcoin save democracy?

By Aaron Sankin

For a brief period in November 2000, it looked as if the future of the United States was going to be decided by chads—hanging door chads, swinging door chads, perforated chads, and yes, even the occasional dimpled chad.

When the electoral contest between George W. Bush and Al Gore came down to only a few hundred votes in the state of Florida, all anyone could talk about were the tiny perforated circles on election ballots voters pushed to indicate their selections.

The entire thing was, unquestionably, an epic mess—the voting system of the most technologically advanced country on the planet melting down for all the world to see. It was a wake-up call that the U.S. needed to take drastic measures to transform the way people voted in the 21st century.

This newfound focus on improving the country’s elections didn’t just extend to looking for more reliable balloting machines. With an increasing number of people using the Internet on a daily basis, the 2000 election sparked an interest in developing technologies that would let people vote online with their own personal computers in the comfort of their own homes.

If implemented correctly, the proliferation of online voting could solve one of the biggest problems in American democracy: low voter turnout. The 2014 midterms boasted the lowest voter turnout in 72 years. In the three most populous states in the country, less than one-third of voters submitted ballots. For off-year and primary elections, the percentage of Americans who go to the polls is even lower. During Texas’s primary election in March of last year, only one out of every 10 registered voters bothered to show up.

Low turnout leads to political polarization because the most ideologically extreme voters on either side are the most likely to participate. When politicians know they’re mainly accountable to rigid partisans, the country gets politicians more interested in shutting down the government to win political points than making compromises in good faith. Making it easier to vote by moving the action from a polling station to your pocket could only increase turnout, especially in the primaries.

Yet 15 years after the 2000 debacle, online voting in the United States has barely advanced.

The state of Alaska’s Department of Elections set up an online voting system, but no one else has replicated it. A program backed by the Department of Defense to enable online voting for Americans living overseas was scrapped in 2004, eight months before it was scheduled for deployment, due to security concerns.

Making online voting work is infinitely harder than it initially seems. However, in the past few years, there’s been a renewed effort to solve the conundrum of online voting using a most unexpected tool: Bitcoin.

The proof is in the blockchain

The most important thing to know about Bitcoin is that, despite the popular perception, it’s not just a currency. Bitcoin’s ability to hold monetary value is necessary for the network on which it runs to function, but Bitcoin’s full potential goes far beyond that.

Created by the pseudonymous inventor (or group of inventors) Satoshi Nakamoto in 2008, Bitcoin is a cryptographic protocol that allows its users to transfer tokens from one virtual place to another without the need for an external third-party to facilitate or verify that transaction.

Bitcoin was created to solve a very specific problem: how to avoid double-spending with an online currency. Let’s say everyone in the world agrees that a picture of a dollar on a computer is worth the same amount as a regular dollar. Bob wants to buy a chair from Alice in exchange for a dollar picture; however, Alice is worried that Bob may have already sent that same dollar picture to Carlos (it is just a file on a computer, after all).

If implemented correctly, the proliferation of online voting could solve one of the biggest problems in American democracy: low voter turnout.

Nakamoto’s solution was a giant public ledger containing a record of all Bitcoin transactions called the blockchain. The blockchain traces the history of every bitcoin from the moment it was created. The blockchain gives Alice the confidence that Bob can only send her bitcoins that he actually has because the network, which consists of computers around the world running Bitcoin nodes, checks for double-spending and automatically stops users from sending bitcoins they don’t actually have.

The system may have initially been built for for monetary transactions, but it’s not difficult to see how the blockchain could be useful in online voting.

The main job in online voting is ensuring that the election system records someone’s vote the way they intended. Running votes over the blockchain, which is public, creates an auditable trail linking a person and their vote. Bitcoin-enabled voters don’t have to place their trust in Florida ballot counters trying to discern the difference a hanging chad and a dimpled chad—nor in black box online voting systems from private companies where what’s happening inside is a mystery. The proof is right there on the blockchain.

“The thing about Bitcoin is that you don’t have to trust any single entity with your money or with your identity,” insisted Maximiliaan van Kuyk of the Bitcoin-based online voting company  V-Initiative.

Verifying identity

Van Kuyk started V-Initiative about two years ago as platform for streamlining group decision-making, which at the end of the day, is what all voting boils down to. Most of the organization’s work had been targeted toward elections at universities. The system is still taking baby steps, both in regard to creating functional technologies as well as getting student and university administrators to trust an election system based on a technology that hasn’t always had a sterling track record when it comes to security.

“We were always up against the general public perception that closed systems are secure and that voting requires the ultimate security,” he said, noting that Bitcoin’s open, decentralized nature is the core of its strength.

The V-Initiative isn’t alone when its comes to cryptocurrency voting. Similar efforts to use Bitcoin to enhance online elections have been put forth by organizations like BitCongress, Liquid Feedback, and Agora Voting.

The V-Initiative’s system has gone through a handful of iterations. The first used colored coins, a protocol running on top of the Bitcoin network that embeds additional information on each coin (such as a vote for Alice). Each coin was distributed to a voter, who then sent it to a Bitcoin wallet representing one vote for Alice.

Van Kuyk then realized it was possible to build a script tracking coins backward through the blockchain. “We’d create an original wallet, send coins from it to people’s voting wallets, and then they’d send that coin to the wallet representing what they wanted to vote for,” he explained. “This system completely streamlined voting so that someone could download an app for voting and vote without needing to know anything about Bitcoin or even that their voting system worked using the Bitcoin protocol.”

From there, van Kuyk created a version of the system that didn’t technically run on the blockchain. Instead, it used the network to maintain an auditable record of votes—thereby eliminating the approximately $0.15 per vote transaction fee required to prove to the network you’re not using it to send spam.

However, before any of the actual voting can happen, the V-Initiative and others working in the space have to ensure that the person casting a vote is who they say they are. To that end, the V-Initiative is partnering with OneName.io for identity verification.

The most important thing to know about Bitcoin is that, despite the popular perception, it’s not just a currency.

OneName’s system, called OpenName, serves as a provable connection between an individual’s Bitcoin address, which can be set up anonymously, and their real-world identity. It works on the basis of a zero-knowledge proof.

Let’s say Bob wanted to prove to Alice that he knows a password that only he would know (therefore proving his identity), but he doesn’t want tell her that password because it’s his grandmother’s secret chicken pot pie recipe and he made her a solemn deathbed promise to never let it get outside of the family. (Bob’s family is weird.) The zero-knowledge proof solution is to effectively set up a cave with two entrances and a locked door in the middle that can only be opened with Bob’s password. Alice can stand outside and watch Bob enter one side of the cave and exit the other, proving that Bob is really Bob.

OneName does something similar, only substituting the hypothetical cave for extremely complicated math.

“Users get a private key [which is essentially a really long and complicated password] that no one else has access to,” explained OneName cofounder Ryan Shea. “We can ensure that any action that requires that private key can only have been taken by them. You can do cryptographic message signing with a private key. If you trust that I’m the only person with access to the private key, you trust that I’m the only person who could have signed that message.”

All of this may make it seem like online voting is relatively straightforward. Millions of people around the world use the Internet every day for online shopping. Why should voting be any different?

Preventing voter fraud

Stanford professor David Dill has spent decades using computer science to find holes in various systems. In 2002, he learned about the push for paperless, electronic voting in the wake of the election drama in Florida two years prior.

“At the time there was a certain amount of paranoid Internet discussion about how these machines were just black boxes and there was no way to check if they were accurately recording votes,” he said. “I looked into it, and I couldn’t figure out as a computer scientist why these paranoid theories were actually incorrect.”

While Bitcoin voting systems could do an admirable job of ensuring that a vote is recorded accurately after it leaves a computer or smartphone, what happens before that is a huge black hole. Dill, who founded the Verified Voting Foundation in 2003, pointed out that the biggest problem facing online voting is the security of the devices themselves.

“There’s no way to verify if the votes are actually being recorded accurately on these machines because the complexity of computer systems is so great no one knows what’s going on in full detail,” Dill insisted. “There are just so many ways for somebody to put malicious software on them.”

A hacker could install malware on a voter’s computer undetectably changing their vote. Done en masse, a single virus spreading its way through an area’s Internet users could easily swing an election from one side to the other—especially in close races. The Bitcoin system technically allows for a voter to double-check their vote has been registered the way they intended. However, that brings up a whole mess of new problems.

One of the cornerstones of any anonymous voting system, like the one in the United States, is ensuring the voter isn’t left with a record of how they voted. Voting records can easily turned into the currency for vote-selling, workplace intimidation from managers, or even deadly retaliation if the wrong person finds out you voted or someone they didn’t like.

The system may have initially been built for for monetary transactions, but it’s not difficult to see how the blockchain could be useful in online voting.

The anonymity issue is one of the things that makes online voting fundamentally different from online shopping. Your bank account is necessarily tied to your real-world identity in a way your online voting account wouldn’t be. There’s a considerable amount of fraud in the ecommerce world. You only occasionally hear about it because online retailers not only do whatever they can to keep such security breaches quiet, but they’re also able to just absorb those losses themselves.

“Fraud in online banking can be quantified—they know how much is getting ripped off so they can adjust the usability vs. security knob to get it to the point where the risk is acceptable,” Dill noted. “But there’s no way to quantify that level of risk in elections. There’s no way to rationally set that knob because there’s no way of knowing if we can accept a 1 percent or 3 percent fraud rate in elections.”

One way to split this Gordian Knot is to allow people to check their votes, but only if those votes are then immediately invalidated. In such a scenario, you would have to sacrifice a few votes to ensure the security of them all. For example, an online voting system could send each voter a message after submitting their ballot that picked out one race or ballot measure and asked if the vote that was ultimately recorded matched their intended selection.

It’s an elegant solution, but it still leaves some enormous questions: What happens if votes don’t line up? Does it necessitate scrapping the entire election and holding a re-vote? How many inconsistent votes does it take before everyone goes into panic mode? How should the system deal with the possibility of troublemakers fraudulently reporting funny business for their own twisted entertainment or other nefarious purposes?

Fully auditing an election under this system may necessitate invalidating that election and starting from scratch. Re-doing an election may not be so hard if it was all online, but it would be considerably harder for the nearly 25 percent of Americans who don’t have access to the Internet at home and would have to take time off work to stand in line at the polling station.

“There’s no evidence of wide-scale fraud on electronic voting systems so far,” said Dill. “But we need more than that.”

Building trust

Despite the myriad issues, online voting has been tried in various forms.

In 2013, Spanish Green Party parliamentarian Joan Baldoví used an online voting system to poll his constituents on how he should vote on a controversial government transparency bill. Last year, a Danish political party used a blockchain voting system to handle internal votes at its annual party conference. A multiyear Norwegian trial program for online voting recently shut down due to public fears about secret votes somehow becoming public.

The most successful online voting system anywhere in the world is in Estonia. The small country in the Baltic region of northern Europe has been running an online voting system since 2005. The first year out, about 2 percent of all Estonian voters cast ballots online. By 2014, that number had jumped up to 31 percent.

Even so, there have been some very serious questions raised about the security of Estonia’s online voting infrastructure. A recent study led by University of Michigan computer scientist J. Alex Halderman showed that the system is riddled with security flaws that could allow an attacker to change the result of an election without leaving a trace.

Millions of people around the world use the Internet every day for online shopping. Why should voting be any different?

“Internet voting relies basically on a single factor: trust,” Priit Vinkel, an adviser to Estonia’s National Electoral Committee, told CNN. “Building and stabilizing this trust is the most important but also the most difficult task of the state.”

 

Vinkel has a point. Even if online voting systems were able to effectively deal with litany of security and anonymity issues, election officials would still have to contend with getting the public used to the idea of voting over the Internet.”If you put it all online where people think there are some magical hands in control, they get scared of putting their vote into this magical hands where they can’t see it,” van Kuyk said. “Even though paper ballots have a similar danger of being corrupted, people feel like they have the ability to walk into the counting station and count themselves. Just knowing they could go in there and do it is enough for the mass public to feel like they have some control.”

He recalled working a political party in the U.K to develop a system where the party’s constituents give their opinions about what their elected representatives should do. Everyone involved eventually gave up on the project, largely due to usability concerns. “Majority of voters in the U.K. are over the age of 40,” van Kuyk said. “Just getting people to download the app was difficult enough, let alone explaining to them to how Bitcoin works.”

Despite the litany of obstacles to overcome, as seemingly everything in the world is moving more and more online, it’s likely only a matter of time before online voting becomes mainstream, whether it involves Bitcoin or not. When that happens, we’ll be wondering how we ever voted without it.

Illustration by Max Fleishman