@jedb We just had someone enquire about Blockchain voting
Would you support Australia Post’s efforts to introduce blockchain voting to our electoral system?
I told them that I will pass this idea on for consideration of the Electoral System Reform Policy Working Group
Watch Tom Scott explain why we should be wary of electronic voting … https://youtu.be/w3_0x6oaDmI
It’s quite approachable as an explanation.
Block chain solves some but by no means all of the problems he cites.
My personal opinion is not to have full electronic voting, but rather “electronic-assisted” voting where we have voting machines which are open-source, cryptographically secure end-to-end (hardware, software & communication) and verifiable to help cast, collect and process votes. I think that block-chain technology has a part to play in that.
I don’t think that Australia Post has any business running an election, but if they want to run voting for say Public Company board of directors and Private organisations where there is no conflict of interest I have no problem with that, nor if they wanted to contribute their R&D to open source or other organisations, or even supply their services under tender to the Government (as a public-private entity) to compete with private companies.
on that note: Add me to the WG too, to work on the technology side (I know you are looking more at the methods, etc)
As Tom Scott said, that’s a really expensive and insecure alternative to a pencil.
Really though, they won’t be open source (AEC’s existing vote counting is still proprietary, and copyrighted to them, and considered commercially sensitive in some weird public/private loophole).
Even if we got that, how will we know the software in the machines is really the software we think it is? How would even official scrutineers do this, in a way that they can trust each others access to the machine happening such that they have no other opportunity to alter anything, while checking every aspect of the machine that could affect voting?
What about the rest of the machine itself? It almost certainly has some flavour of vulnerability, that governments will be storing up and not talking about, so they can exploit it on the day of an important election. Viruses etc., can have been lying dormant for years, or have been subtly introduced during the open source development work, years before. This the sort of thing that intelligence agencies are known to have done in recent years.
What does block chain add to a voting machine network, that can’t already be achieved using much simpler arrangements of point to point crypto?
How does it help voter confidence, if 99% of them can’t even understand how the security of this works?
And what’s the upside of this?
Touch screens instead of pencils? Is that it?
I soooo hate being the luddite in this argument, but there it is.
I’d forgotten about that. It’s certainly something to consider but may be a better fit in the Citizen’s Initiatives policy. Personally I’m with Antony Green on the issue - you need to be able to show the legitimacy of the result, otherwise it’s all pointless. For electing governments, a task that’s done infrequently, there’s value in sticking to low tech, well tested, easy to verify solutions. But for citizen initiated votes and other direct democracy measures that could happen a lot more often, convenience rises in importance.
(Not a fan of Aust Post’s analogies about it, btw.)
Yeah, the main problem I want to see addressed is how the results of who gets into parliament don’t match up very well with how people vote. Along with whatever peripheral issues get brought up.
More people thinking on the subject is always good.
Started sketching out notes on the subject on Etherpad just now, additions welcome and all that:
https://pad.pirateparty.org.au/p/Electoral_System_Reform (@Jesse_Hermans)
That reminds me, still have to email them over that…
I’d be happy with that (well it’s not insecure).
I know that the realities would probably be different to the Ideals, but if we have a Policy out on the Ideals, if the issue comes up then it is easier for us to point to it, get some media attention and say this is really what should be done to make it harder for them to put their evil plans into action.
We should make a point about that
If it is a glorified pencil, the user can just read the print out.
If it is an anonymous blockchain, the entire blockchain can be made available to the public where anyone can cross-check their voting receipt to see that it has been recorded correctly
Block chain makes it almost cryptographically impossible to tamper with the results. I say almost because you can never say unbreakable when it comes to cryptography, but the logic is sound and if you were able to break blockchain crypto you probably wouldn’t waste your time on politics but rather make yourself insanely rich with crypto currencies. Bitcoin’s viability and value is built off Block Chain.
With point to point crypto, you tamper with one result and probably nobody would notice. With Blockchain, you tamper with 1 bit and the entire chain falls apart because nobody’s verification hash after that change will match anymore.
I don’t think that matters as long as the idea can be communicated in simple terms (as I’ve done here) and they are able to actually check the data for themselves. The data is open so they could even check it with a trusted 3rd party who also has a copy of the blockchain to make sure there is no shenanigans on the AEC side returning the correct result only when they check it.
Also which has not been mentioned - Physical voting places need to stay to ensure that nobody is under duress in their vote and a chain of command being monitored by the scrutineers to make sure that everything is being done correctly, and this scrutiny process should happen even on a machine level.
As an extension, blockchain could make it to the home for less important issues, but make the vote need to be verified in a second method (i.e. email or SMS) before it’s accepted in case the device used to vote has been compromised. They would also need to physically visit a place or receive a random access code by mail (overseen by scrutineers) to make sure that the tokens are anonymised. I can not think of a single way to check an ID and then guarantee anonymity online without the overcoming possibility that a system has been compromised to secretly tie your ID to your access code. I’d love it if anyone had any idea on that problem.
Can these electoral system reforms be split into another topic please?
done 
I think blockchain voting should be left as a separate issue, general education about the technology is low outside of IT circles and talking about it makes most people’s eyes glaze over. It might be a vote winner for Flux, but they have the market cornered at the moment, if we start going on about it, it will suck oxygen away from other stuff we want to talk about.
Getting blockchain technology to a point where it is both understood and accepted by the Australian public is something we could totally contribute to. Once that was done, it might be viable as a voting method, but it will take time.
You don’t need a blockchain to obtain that, you just need robust cryptographic tools with strong algorithms for verification and strict key control protocols.
Sure, it can be done without blockchain, but a blockchain makes it so much easier to maintain integrity of all the votes. In fact, easier than paper-based.
Paper based relies upon a lot of physical security and trust.
Democracy relies on trust in the electoral system, people don’t yet trust blockchain, therefore it can’t be used in the electoral system.
Right. It can also be manually verified without requiring complex computation of various algorithms, all electronic and cryptographic solutions cannot make that claim.
You’d be hard pressed to find a bigger crypto afficionado than me in the Party and even I’m saying that paper ballots are still a Good Thing™.
Paper voting relies on physical security, which is great. It’s much, much easier to get that right than infosec. The only trust comes in with postal votes, which I have some reservations about but Switzerland seems to make work. For actually electing a government all the parties with a stake in the outcome can physically watch all the other parties with a stake in the outcome.
Any form of electronic voting involves a huge amount more trust. In the voting machines, if applicable. In people’s computers (HA!) if from home. In all the software involved in making the vote (double HA! verifiably correct software is fucking difficult). Blockchain voting solves… the transport portion of the problem, I believe? At the expense of introducing a bunch of magiccrypto that you need a lot of specialised knowledge to verify?
Few voters truly understanding the workings of things is actually a point I count against Single Transferable Vote. Even a lot of people who think they understand STV likely don’t. The minutae of the transfers gets very complicated very quickly when you’re working with large elections.
Depends on the implementation. Trust does not need to placed on the mystic “block chain” to do it’s job, when the data is open and verifiable, it is a mathematical certainty.
Here is an example implementation I’ve been thinking about
As it is now they only option is to ‘trust’ the count with no way to actually verify.
With a block chain, you can literally recount the entire election yourself. Any tampering would be easy to detect because all the paper copies after the change won’t match the block chain anymore if even a single bit has been changed .
The AEC is already using computer counting behind closed doors without it’s accuracy being verified, you can’t fight vote technology it’s already here, might as well make it accountable.
Using technology which increases count speed is more than just knowing the outcome sooner, it paves the way for more complicated algorithms which are not easy to count by hand, and access to see every single vote cast is good data to do some modelling off
Imagine if you had a copy of every single vote made, you could run a simulation of every single voting algorithm to see the result.
Requires the software in the voting machine to be verified as both secure and doing what it’s supposed to be doing. Also requires the voters to trust the verification, and for the voters to trust that that is the software that’s actually running on the machine.
The only reason you can’t do that now is because instant runoff ballots aren’t ever digitised. STV ones typically are due to the counting being so complicated, and you can recalculate elections on that data. I’ve even done so myself.
Not actually an issue. There are voting systems that are fair, quick and easy to count, at least when parties dominate everything like all state/federal elections barring Tas Legislative Council. We just don’t use those systems.
Not actually viable, much to my annoyance. Different voting systems need different sorts of information to calculate, and that doesn’t always transfer over well if you want to redo something in another system.
Ahh, today is @Simon’s lucky 10000 day to learn about cardinal voting systems — and of course the input to those can’t necessarily be determined from an ordinal ballot.
It would certainly be “nice” to have the software/hardware stack to be 100% verified but the truth is that if it you could run it off a Malware infested Windows XP PC and the worst which could be done is invalidate the vote. Any attempt to change the actual voting data and pass it off as legit would be futile (so hopefully nobody tries). The biggest threat is sabotage, that’s the only reason why security is necessary.
The analogy would be like having someone compromise a ballot box, but instead of them being able to actually change anything, they could only destroy the box or some of the votes inside, and it would be extremely noticeable.
Worst case scenarios:
The only level of trust involved is on the Scrutineer… surely they would trust the political party they go for? Or even 3rd party scrutineers unaffiliated with a party, or even publish the data as a whole on the web and they can check it for themselves. It doesn’t matter about trust if it is a mathematical truth.
I believe that they count a certain amount until a result is known and then don’t worry about the rest. Or maybe they OCR the rest for data purposes these days. Still, counters make mistakes, it’s quite an error-prone process because of the big human element.
Well that’s why we don’t use these systems because favouring major political parties make it easier to count. Imagine if everyone voted differently and below the line, it would be a nightmare to count. If counting process wasn’t a factor, then you don’t need to limit yourself to systems which need simplicity for counting in your Policy. Sure you could still do so, but you have more options. It is favourable to Pirate Party and other minor parties to have voting systems which give smaller players a fairer chance because the voting system hasn’t been gimped to make it easier to count.
Below the line is hard on purpose because they want you to do it above the line so they can count it easier.
Electronic Input makes Below the Line easier to use.
Fair enough, I exaggerated on that. Not ALL Systems. But Many. And it would still useful to play around with (i.e. instead of putting preferences 1,2,3 who are all under the same party, you could treat them as equal 1,1,1 and feed it into your algorithm that way) or cross check with demographics of the area and electoral boundaries.
By the same virtue, anybody that wants to can coerce you into revealing your vote and/or making a particular vote that they can force you to verify for them. This is a really bad feature. It could also be used to sell your vote.
So then when you don’t like the result of an election, you organise a bunch of people in various electorates to front up with fake bits of paper, to claim that “look, my vote wasn’t registered on the block chain, or was incorrect”. You can invalidate entire elections with minor effort.