Computer notebook keyboard with Vote key showing concerns with blockchain technology for electronic voting

MIT Security Experts Issue Warning About Electronic Voting; Blockchain-Based Systems Are Not Ready for Prime Time

While much of the media focus was on the expansion of mail-in voting in the 2020 US election, there was also a smaller and quieter increase in internet-based electronic voting. While this option is presently reserved for a relatively small subset of absentee voters, some of these new options are viewed as pilot programs with the potential for future expansion. A group of security researchers from MIT and Lawrence Livermore National Laboratory are warning that this could be a catastrophic move. Researchers believe that even when these voting methods are secured by blockchain technology, they are still far too vulnerable to outside attack.

Why blockchain can’t guarantee secure online elections

The 2020 election saw record voter turnout, no doubt due to the expansion of mail-in voting eligibility. A consistent inability to increase voter turnout has long been a problem for the United States, with the country trailing most other developed nations. Even the most hotly contested presidential elections struggle to turn out over 60% of eligible voters, with 50-55% being a more typical range. Midterm elections fare even worse with a usual 35-40% turnout.

Ease of voting correlating with improved turnout might thus tempt a skeptical population to take a closer look at moving toward electronic voting, buoyed by what appeared to be successful experiments in 32 states since 2016. Thus far these systems are almost exclusively limited to people who fall into the general category of “permanent absentee” due to inability to physically make it to a polling place and added obstacles to using mail-in ballots: military deployed overseas, dual citizens or expats who live in other countries, or residents of the US with severe disabilities.

Four states allow some of these voters to use a web-based portal, and 19 states (plus the District of Columbia) allow for some form of voting by email. West Virginia is the farthest along this path, offering a mobile voting app secured by blockchain technology that can only be used by certain types of overseas voters. The city of Denver and Utah County of the state of Utah (where Provo is located) began a trial of the same app in 2019. At least 100,000 ballots were returned via one of these electronic voting methods in the 2016 election.

While there is some belief that the blockchain is a highly secured application, the MIT security researchers are warning that it is simply not up to the task of safeguarding a national election. The researchers point primarily to all of the vulnerabilities that surround the blockchain itself and connect to it: potential malware on voter devices, denial-of-service (DDoS) attacks on voting systems, and penetration of the servers and individual computers at polling places and elections offices. Even if the blockchain itself cannot be compromised, there are a number of different points in the process that are far less secure. This chain of security relies on a multitude of different vendors and third parties that each represent a potential point of compromise or unintentional failure.

The researchers believe that a widespread national rollout of electronic voting processes would be an immediate and highly vulnerable target of foreign interference. The paper opines that the vulnerability is so great that these methods probably should not even be used in the present limited capacity for overseas military voters, and that mailed paper ballots have a lower security risk profile even when sent from troubled overseas areas that present chain-of-custody challenges. Paper ballots must be attacked one at a time, whereas the compromise of a server could lead to instant ability to tamper with massive amounts of votes. A hack of an electronic voting system could also be done in such a way that it would be much more difficult to detect after the fact than paper ballot tampering.

“I haven’t yet seen a blockchain system that I would trust with a county-fair jellybean count, much less a presidential election,” says Ron Rivest, MIT CSAIL professor and senior author of the paper. Rivest is co-creator of the RSA public-key encryption.

The push for electronic voting

Nevertheless, there is sentiment in West Virginia and the other voting app cities that the online voting experiment was a success; the metric of “success” being that a third-party audit by the National Cybersecurity Center (NCC) concluded that all of the blockchain-based votes in 2016 were recorded and tabulated accurately. But that trial encompasses fewer than 200 votes in total, with no consideration for security issues that could develop from a massive scaling-up of the electronic voting system.

The Voatz app used in West Virginia also has limitations that could potentially disenfranchise many people were it the only option available to them. It requires specific types of recent-model smartphones that have adequate security features, and it will not allow voting if the device has been rooted or jailbroken.

Some cryptographers and security researchers feel that the interest in electronic voting technology should be directed towards “end-to-end verifiable voting” rather than a blockchain based system. These end-to-end systems would craft an encrypted receipt that preserves voter privacy while also providing them with a means to verify that the ballot was read and recorded accurately. Voting systems of this nature have not yet been used in a state or federal election, but a number have been tried in city and university elections throughout the country in the past decade.