1. Fraud-less Voting
Blockchain Use Case
John Mathon
VP, Enterprise Product Strategy and Evangelism, WSO2
Blog: CloudRamblings
Twitter: @john_mathon
11/3/2014
2. 1. Malicious voting processes mean that in many countries
voting is a joke. Nobody trusts the results of elections and
therefore there is no trust in the system or democracy
leaving many people to feel there is no point to democracy
since they live in a totalitarian system anyway.
2. Even in stable democracies poor voting systems result in
lots of people not voting, inefficiencies and intimidation are
possible to make voting less than perfect. Sometimes the
time to mail a vote can mean votes don’t get counted,
sometimes problems getting to a voting station are a
problem, when the voting station is open, problems with
the equipment make it unclear who you voted for and no
way to find out if your vote was counted. Finally
intimidation can happen at the voting place.
3. Democracies not perfect. It’s just the best of the
alternatives.
Democracy suffers as a system for
numerous reasons.
3. The fact is that even in the US there have
been allegations made that voting is rigged in
some places.
Some politicians may expect that certain
tactics they have used in the past should
remain part of the system
Some politicians may be scared of “easy”
highly accurate voting – depending on some
difficulty to dissuade voters who are less than
100% motivated to get to the polling place or
have some problem
A foolproof voting system would
panic even some pretty stable
democracies
4. Is a revolutionary technology applied initially to Bitcoin
(the currency) that enables trust based applications. It is
now being used in other applications
Blockchain is independent of Bitcoin and is open source.
Blockchain guarantees that an open ledger of transactions
cannot be modified and that people who do transactions
are trusted individuals
Blockchain is so good that there is no need for a
government, banks or any central authority to guarantee
the transactions. The ledger is public but impossible to
fudge even by governments so it is potentially possible to
build apps for things that have typically required
government before.
Blockchain
5. Some may worry that Bitcoin had some hiccups
in the last 18 months or so.
◦ The losses were because of physical theft of bitcoins not
because of anything wrong with the system
◦ One facility in Thailand burned to the ground, because
they had a fire due to bad IT practices
None of these had anything to do with
Blockchain technology or the points being made
here
Any physical fire or theft would harm any other
system. Because the Blockchain is distributed
and copied to hundreds of computers even if
theft and fire occurred the voting ballots and log
would never be compromised.
Blockchain blowups
6. 1. Each person can only vote once and only once
2. Each person is a “valid” voter authorized by the controlling authority
3. We are 100% sure that a ballot that is cast is exactly the ballot of an authorized voter
without having to know the identity of the voter
4. The ballot box cannot be stuffed with fake id’s, ballots lost or ballots modified
5. The votes of each person are confidential and anonymous
6. The anonymous registration list and anonymous election results are on block chains
visible to anyone
7. The ballot cast is 100% guaranteed to be an uncorrupted ballot from a registered voter.
8. The Voter will know the ballot they submitted is the vote actually recorded and tallied
with surety being able to see the ballot itself recorded on the blockchain with their
selections
9. The entire system is open source
10. The entire system is independent of any government or agency although the
government can authorize who is allowed to vote and who can vote for what issues
11. A ballot cannot be voted twice nor can a voter vote multiple ballots
12. All ballots can be counted by anyone since they are all public visible but not associable
with any voter
Properties of my Blockchain
Voting system
7. Open Source for key components
Public/private key system used
BlockChain technology used
Ballots are visible to everyone
Any form of ballot is possible
The key element is irrefutability about the
transaction, that the transaction was
performed by an authorized entity and that
the content of the transaction itself is un-modifiable
and permanent
Key Elements of the system
8. Controlling authority is the organization that authenticates voters and
provides them with a voting token. The voting token says that the holder is a
valid voter with the ability to vote for specific issues.
A Ballot token is a token the voter gets independently of the government
which enables him to cast a ballot anonymously
A ballot in this system can be any digital asset from a picture to a form. It is
signed by the voter using a ballot token but not the voting token.
The registration log is a blockchain with all the voters who have registered to
vote with the controlling authority. It specifies what issues each voter can vote
for but it does not have identifying information to identify the voter
The ballot log is a blockchain of all the votes in an election. It could be
carried over many elections if desired.
Citizens can provide oversight to insure that websites, apps built or other
technology used is free from corrupting influence. The system provides easy
ways for voters to validate that their vote is un-tampered
Key Concepts
9. The nature of the blockchain insures that votes are seen by all
and can be counted by anybody. That simple fraud of tampering
with a ballot, stuffing the ballot box, disappearing votes are
impossible.
A cryptography approach has been taken to insure that
anonymity is maintained and that the governing authority can still
grant voting to voters based on the system it chooses.
It is still possible for a malicious government to do things like
invent voters, not allow you to register although these things
would be detectable if they were performed in significant
numbers.
It is still possible for people to register dead people if they can
fool the “controlling authority” or for people to pretend to be
multiple individuals however with more and more online
information, two factor authentication it is hoped that finding and
preventing such fraud will be easier and easier. It is not thought
that such mechanisms account for significant amount of fraud.
Tampering Impossible
10. In some cases candidates will engage in
malicious practices such as paying people to
vote, intimidating people with threats or
physically voting their ballot for them occur.
◦ I hope that since the log of ballots is publicly
available and any voter can see their vote and
organization can see all the anonymous filled out
ballots in the log that a combination of consumer
response, big data analysis will enable people to
discover tactics of this sort and eliminate them
Coercion, Intimidation
11. You have to register with a controlling authority and provide authentication
sufficient for that authority.
You will receive a token that is your right to vote. It is tied to you and to this
specific election and what you are allowed to vote for.
You can vote at the time of your choosing using any number of techniques
including going to a voting place, doing it on your cell phone.
The ballot can consist of any digital form including an image or photograph.
Before you vote you will obtain a ballot token with your voting token that you
acquire from independent agencies unaffiliated with the controlling authority.
This is necessary so that anonymity is maintained.
Your vote will be anonymous but logged to the blockchain so that you can
inspect it to make sure no tampering occurred in registering your vote. No
personal information will be visible to the government or auditing agencies to
determine whose vote is whose yet you will be able to find your specific vote
and see it.
The vote itself once on the blockchain is indelible, unalterable, impossible to
remove. It is copied to hundreds of computers and even a determined
government could not alter it without everyone knowing. There is sufficient
information with the log entry to insure audits of voting are possible.
How this system works at a high
level:
12. When going to government website to register voter will answer whatever
authentication questions the government approves and then they are given a
special key for them and them only for this election. This is their voting token.
The government keeps its private version of this key for the voter for this vote.
This is a one-time only voting key authorizing that voter to vote in this
election. The government expects to receive one and only one request to
authorize a ballot token based on that voting key. They will not know the
ballot key issued to the voter, only that a ballot key was issued. If the
government issues more than one ballot key for a voting key that will be
apparent in the registration blockchain.
The government puts on a registration block chain that a registration has
occurred an anonymous record of the registration. The government will include
an encrypted version of the voters identification using its private vote token
key. Any information confining the voters ballot to a specific set of vote-able
issues will be included in this registration entry without encryption so that any
vote counter will be able to determine how many voters there are for any
ballot issue.
The voters vote token and ballot tokens include information about which issues
they may vote for
Registration
13. The voter can go to numerous places to get a ballot token which is a
private/public key pair to be used for voting a specific ballot. Any number of
sites may serve as ballot token dispensers although it is preferable that it not
be a government site as they may be able to infer whose ballot has which
voting token and thus identify the voter. This can be done with independent
3rd party authorities not even in the country.
When the voter asks for a ballot token the independent agency will send the
voters vote token to the controlling authority to obtain permission to issue a
ballot token. If the voter has already been issued a ballot token then the
voter can relinquish their previous ballot token and any vote will be invalidated
and they will be able to vote again.
The voters ballot token public key is put on the voting log so that his ballot
may be deciphered. However, the identity of the holder of the ballot key is
never disclosed. All that the voting log will have on it is a series of valid ballot
public keys and a list of all the actual ballots encrypted with the voters private
ballot key
Getting a ballot token
14. Voting by Cell Phone, computer or other device
owned by the voter:
◦ There may be apps which enable easy voting. These
apps will be open source and validated against public
checking services that will validate you have a
uncorrupted version of the app
◦ If you use a web site your ballot token can be used as
authentication of who you are
If you go to someone else’s facility, i.e.
government polling station, internet café,
someone else’s home
◦ There will have to be monitoring as is done today to
insure the equipment is safe and the tools are legitimate.
Where and How to vote?
15. If you have a valid ballot token then when you vote your ballot is
encrypted with your private key version of that ballot token. That
means that vote is done.
The encrypted ballot is put on the blockchain with your public
ballot key. It is therefore indelibly recorded. Any person or
agency including yourself can see your anonymous vote without
knowing it was you that voted. All they will see is that a valid
ballot key that can only be obtained by having a valid voting key
has voted and here is their ballot.
If that ballot is in any way changed or is not there you or anyone
can see that fact. A checksum can be provided to insure that the
ballot has not been tampered with in any way even though that is
impossible because of the blockchain. You can use that
checksum to insure that your vote was not somehow changed in
the passage from your voting to recording or anytime thereafter.
How do you know the vote is
locked in?
16. At any time during the election process the ballot blockchains and
registration blockchains are visible to any party and are copied to hundreds
or thousands of computers. If desired the votes could be double encrypted
with a special “time-based” public key that will expire at a certain time.
When that time happens the private key to unlock the blockchains and read
them could be released so that the voting could be made invisible until a
certain time.
The counting of the ballots depends on the ballot technology used. If paper
ballots are allowed then OTC or some automated recognition process will be
required.
If ballots are more form based it may be more deterministic to count votes
and less problematic. If the ballot is a photograph and the voter messes his
ballot then common problems will occur endemic to all such ballots.
Each count should take account of the issues the voter is allowed to vote for
which is included in the ballot blockchain with the vote.
Counting the ballots
17. The blockchain provides a permanent
indelible record that can be looked at
years from now. It will be interesting
from historians perspectives to have this
information and be able to analyze it for
centuries.
Studies may be done on how ballots were
worded and analysis to determine lots of
interesting facts no doubt about voting
and wording.
Permanent Record
18. A voting system that is foolproof and
auditable with such alacrity is transformative.
Many democracies will be fundamentally
altered by the existence of an indisputable
record of voting.
This may be the single biggest thing anyone
can do to promote democracy in the world is
to support a blockchain based voting system
that is uncorruptable by governments,
politicians, powerful people or that is simply
accurate and not susceptible to the vagaries
of existing voting methods
Democracy would be enhanced by
a foolproof voting system
19. The blockchain could have an enormous
impact on government and the life of people
around the world in transformative ways
What will it take to implement such a
system?
Will there be opposition? Can the opposition
be defeated? Can we have true democracy
guaranteed by the blockchain?
Conclusion