We would like to think that the election systems we use today are provably honest and do the job for democracy in a virtuous manner. However when we take a deeper look into the methods and mechanics of these systems we can see there are parts that keep voting from being provably honest.
Many states use paper systems to vote currently. Paper ballots are not provably honest because there needs to be constant observance. As elections increase in size, it becomes harder to observe all the ballots being cast. People have to trust others to do their observance for them. One cannot prove that a paper ballot election is honest and true.
Another issue that prohibits voting from being provably honest is the fact that voting machines cannot be trusted. Every voter should be asking, do I know what kind of software is in that device? Usually it is very hard to tell, adding to the black box elections are hosted within today. A professor from Princeton did some interesting research on a popular voting machine from Diebold. The professor proved that it only takes but a few seconds to hack or insert a computer virus into one of these machines. Neither a voter or elected official can prove that no machines were hacked in an election.
Daniel Larimer, Founder of BitShares wrote an excellent blog on the topic of online voting. He listed out the ways that online voting can not only be more cost effective and convenient, but also provably honest.
Provably Honest Online Elections
Once we eliminate the requirement that voters be unable to prove their vote to anyone, the process of designing a provably honest online election system becomes trivial. It can be broken down into the following basic steps:
Step 1: Uniquely Identify Eligible Voters
In this step an individual will generate their own private key and then present the corresponding public key to an identify verifier which will sign their public key along with pertinent information such as where the voter lives. The voter will have the same key verified by each candidate in the election along with some independent verifiers.
Step 2: Distribute Ballots Anonymously
In this step an individual submits their identity public key along with the signatures of multiple verifiers certifying their location to a registrar along with a blinded token that will be signed by the registrar. The blinded token is a cryptographic technique that allows someone to sign something without knowing what it is they signed and then later verify their signature on the token. If the location and identity are unique then the registrar signs the blinded token.
After getting their blinded token signed, the voter can generate a new private key for their ballot. They then submit their new key and the unblinded token back to the registrar which will verify that they did sign the token. The registrar will then sign the ballot.
At this point in time the voter has a signed ballot key that no one can tie to their real world identity. Neither the ID verifier nor the registrar can tie the voters ballot key to their real world identity.
A voter would get their ballot key signed by one registrar representing each candidate. Each registrar (and therefore candidate) will know that all ballots are unique and belong to a verified and authorized voter but they do not know which voter.
Step 3: Sign and Broadcast Vote
The voter will take their signed ballot key and use it to sign a message indicating whom they would like to vote for. This message will then be broadcast to computers all over the internet which could include everyone in the world interested in validating the results.
Step 4: Count the Results
Every user will now have the ability to independently verify that every ballot is signed by the proper registrars and that every vote is properly signed and counted. Every voter can prove that their vote is properly counted because they have the power to sign a message that would change the vote. If every single vote was broadcast and committed to the public record using block chain based time-stamping then it will become impossible for anyone to exclude votes or to come to an ambiguous conclusion.
Secure at the Informational Level
I have only scratched the surface on provably honest elections and will probably provide some follow up posts that addresses this topic in greater depth. For starters I would like to explore the notion that this voting system isn’t about open source, it is about open information. You don’t need to trust the hardware, software, or any other product provided by a third party because the publicly available information is enough to validate the election. You could build your own hardware, write your own software, and verify every byte of information yourself. This goes far beyond open source because there are no “secrets” that need to be guarded for the system to be secure.
Hacking Individual Computers
Many people worry about the security of their computers and the effect that would have on an election. This system would be subject to ballot private keys being compromised which would allow the attacker to change individual votes. This is no different than the security considerations that people must consider when using crypto currencies. It is easy to see that crypto currency targets are far more valuable than compromising someones vote. The crypto-currency community is rapidly advancing the ability for individuals to securely manage their keys.
If a private key were to be compromised a voter would be able to observe their vote change AND be able to change it back. People would be able to measure the degree of compromise and assess for themselves if it was greater than the margin of error in the election. This is far better than todays system where it is impossible to detect a compromise or the extent of the compromise.
When a hacker attacks an individuals computer, the likely outcome is that one vote is not counted. A voter would detect that they have been compromised when they see their vote change and they will revoke their ballot.
When a hacker attacks a polling place, the likely outcome is thousands of votes compromised without detection. The cost per vote of attacking a polling place is much cheaper than the cost of attacking thousands of individual computers.
Each and every year millions of votes are not counted because of mistakes made by voters. Unfortunately voters don’t have any way of knowing that their vote was excluded because they filled out the ballot wrong. With online voting there are no malformed ballots and everyone can double check that they did it right.
When you increase voter turnout by making voting easier you also increase the number of people you have to manipulate, buy off, hack, or otherwise compromise. The increase in turnout as a result of increased convenience would likely outweigh the number of votes “lost” because of a hack. The end result is that the result is more accurate.
Read the full article on online voting by Daniel Larimer.