Jump to content
Sign in to follow this  
macropolo

Democracy and the Blockchain

Recommended Posts

I wrote an article called Democracy and the Blockchain on coil inspired by Andrew Yang's endorsement of blockchain voting systems.  I couldn't find anything about Ripple or Codius expansion into this potential use-case other than a comment on XRPChat:

 

I've always thought systems like Etherum and Codius would be perfect for online voting.  I think it's an area Ripple should delve into.  It provides an application beyond simply making money.  Running a nations electoral system on a smart contract or dapp platform would be great PR.

Edited by macropolo

Share this post


Link to post
Share on other sites

I see little to no reason for Ripple to follow this path. They're "laser focused" on cross border remittances. Let them focus and get that right first. Why would they chase something that doesn't make the company money?

Share this post


Link to post
Share on other sites
4 hours ago, aye-epp said:

Great topic.  Agree with everything except I believe that another entity besides Ripple should take this on.

True. It could be something akin to Coil.

3 hours ago, SquaryBone said:

I see little to no reason for Ripple to follow this path. They're "laser focused" on cross border remittances. Let them focus and get that right first. Why would they chase something that doesn't make the company money?

It would make them money. I don't see any reason why the technology wouldn't come with some kind of licensing fee.  Then they'd be able to say the US electoral system runs on Ripple tech.  It'd be great advertising.

Share this post


Link to post
Share on other sites

Apologies - I thought the thread should be moved to the smart contract sub as this isn't related to XRP but is still an interesting topic nonetheless.

Firstly - congratulations @macropolo for an important contribution to this field. This has enormous ramifications for the exercise of free elections, particularly in developing countries as well as more commercial applications across a whole range of fields. As I've mentioned before, the field of smart contracts is uncharted territory from a jurisprudential, ethical and political standpoint so there's lots of work to do. :)

There has been some academic research done in this space as the jury is still out on the safety of using a blockchain solution for voting. I don't just mean the security of the network itself but rather the risk associated with on-chain vote buying along the lines explored by this important paper by the team at Cornell University: http://hackingdistributed.com/2018/07/02/on-chain-vote-buying/

 

Share this post


Link to post
Share on other sites

As appealing as the concept is at first glance...   I’m against any electronic form of voting.  

Having a life long interest in technology,  I spent many years longing for an efficiency upgrade when sometimes waiting days or weeks for electoral results in tight races.  Eventually however I read an OpdEd article in the Guardian(?) which changed my mind.

Although the article was much more eloquent than I can be,   the crux of the matter is the risk equation.  An observed paper-ballot election can not be tampered with on a significant (result changing) scale without that tampering being obvious to observers.  An electronic one can be.

And if you consider that the electronic form will always have multiple attack vectors,  any one of which can reverse the whole election...  the risk is not worth the reward.

So although the paper versions are often tampered with in various countries around the world,  in the cases where independent observers say the election was legitimate then we can have a fairly high degree of confidence that is correct.  No such confidence can ever be ascribed to any electronic system.  There are too many vulnerable attack points and there is not any way to be certain they were not compromised.

I’m sure someone is about to scream ‘but trustless, immutable blockchain!’   However the problems are not in the blockchain but in the long chain of links prior to the transaction.  Anyway...   I’m sure that’s not a popular view,  but I’m also convinced it is the correct one.

Share this post


Link to post
Share on other sites
12 hours ago, Pablo said:

Apologies - I thought the thread should be moved to the smart contract sub as this isn't related to XRP but is still an interesting topic nonetheless.

Firstly - congratulations @macropolo for an important contribution to this field. This has enormous ramifications for the exercise of free elections, particularly in developing countries as well as more commercial applications across a whole range of fields. As I've mentioned before, the field of smart contracts is uncharted territory from a jurisprudential, ethical and political standpoint so there's lots of work to do. :)

There has been some academic research done in this space as the jury is still out on the safety of using a blockchain solution for voting. I don't just mean the security of the network itself but rather the risk associated with on-chain vote buying along the lines explored by this important paper by the team at Cornell University: http://hackingdistributed.com/2018/07/02/on-chain-vote-buying/

 

This is such a cool paper.  A vote buying smart contract is something I hadn't even thought about.  I'm only partway through the article, but thank you for linking.

8 hours ago, Tinyaccount said:

As appealing as the concept is at first glance...   I’m against any electronic form of voting.  

Having a life long interest in technology,  I spent many years longing for an efficiency upgrade when sometimes waiting days or weeks for electoral results in tight races.  Eventually however I read an OpdEd article in the Guardian(?) which changed my mind.

Although the article was much more eloquent than I can be,   the crux of the matter is the risk equation.  An observed paper-ballot election can not be tampered with on a significant (result changing) scale without that tampering being obvious to observers.  An electronic one can be.

And if you consider that the electronic form will always have multiple attack vectors,  any one of which can reverse the whole election...  the risk is not worth the reward.

So although the paper versions are often tampered with in various countries around the world,  in the cases where independent observers say the election was legitimate then we can have a fairly high degree of confidence that is correct.  No such confidence can ever be ascribed to any electronic system.  There are too many vulnerable attack points and there is not any way to be certain they were not compromised.

I’m sure someone is about to scream ‘but trustless, immutable blockchain!’   However the problems are not in the blockchain but in the long chain of links prior to the transaction.  Anyway...   I’m sure that’s not a popular view,  but I’m also convinced it is the correct one.

You're right, the danger with online voting systems is that the vote can be changed on mass without detecting that this has happened.  The example I used in my article about voter intimidation is a rather obvious and flashy form of ballot manipulation.  Some can be more subtle https://foreignpolicy.com/2012/06/18/the-science-of-ballot-box-stuffing/.  This is more of a problem when you're trying carry out a vote in a place where the institutions are very corrupt.  Not hegemonically corrupt, wherein an entity with political power is deliberately trying to fudge the elections, but where cheating or fraud is so pervasive you might want to implement a system that is trust-less because you can't trust anybody.  

Edited by macropolo

Share this post


Link to post
Share on other sites
On 9/3/2019 at 10:01 AM, Tinyaccount said:

And if you consider that the electronic form will always have multiple attack vectors,  any one of which can reverse the whole election...  the risk is not worth the reward.

I would argue there are solutions to the problems associated with e-voting, with some of the solutions being born from the next generation of how things are monetised.

One example off the top of my head that I have just thought of so it could have holes so ya know...bear with me....would be to reward voters (using a small % of our taxes) in perpetuity for their participation in government related elections.  This solves quite a few problems.  The government could make it law that any individual caught either buying votes or being bought and abusing their voting privilege has their reward payment frozen for X-years.  It would then be a case of making the reward payment from our tax money attractive enough that it out-weighs the risk of a once off payment from a bad actor.  It also makes the bad actor's costs go through the roof similar to the double digit IQ bellend from the other week who tried to over-run the XRPL.  The transaction fee shot up to 6k drops and eventually the bad actor finds it an economically questionable decision to attack the system.

Let's say you get $100 a year from the government for participating in all their votes and you receive a ten year ban for selling your vote.  That's $1,000 worth of leverage.  Someone will maybe risk selling their vote for $200-250?  Well OK they sell their votes for $200 but the bad actor who is buying these votes is going to have turn how many voters to secure any given election?  100,000 voters?  That's $20 million lol.

Even then......there are ~250,000,000 eligible voters in USA which means you're buying 0.04% of the vote for $20,000,000 which is fkn insane.

Also incentives will definitely increase voter turn out because who doesn't like free money?  Add the fact e-voting will probably be app related means you're getting paid to open an app and click yay/nay.  That's some easy money right there and I'm confident USA sees the popular vote go from 40-45% up to AT LEAST 80%.

As for hacking, as mentioned in MacroPolo's blog entry it would be incredibly easy to just re-do the election.  You send out the notifications *BEEP BOOP* open app, click button, election has been rerun and the nefarious dumbos have just blown $20,000,000.  You could also include this function at random.  So every second, third or fourth vote is deliberately re-run to ensure the results are what they really are and also to deter bad actors.

This is just one solution off the top of my head that seems reasonable and I'm sure there will be others as the space evolves.  We have sped up the movement of information, we're currently speeding up the movement of value, it's just a matter of time before we speed up democratic decisions.

Share this post


Link to post
Share on other sites
1 hour ago, CaligulazBaby said:

This is just one solution off the top of my head that seems reasonable and I'm sure there will be others as the space evolves.

I too used to feel that there were so many solutions and options made available if e-voting was adopted.  But however good your various solutions are to hacking risks,  there is a core vulnerability in the concept.

Please let me explain...   sorry it’s going to be long-winded.  :) 

If a paper election has a magician at a booth and her slight-of-hand physical magic can make your choice ‘B’ become ‘A’ then that is significant to you but perhaps not to the whole election.  Imagine she does that to each vote at the booth.  Imagine she does it to each vote at that whole polling station.  The vast bulk of the time that will not affect the course of the election.

If it’s simply a non-magical but nefarious electoral worker...  they can do things that will change or delete votes but...   not at scale,  unless large numbers of people are involved.

That’s the crux...  you can’t affect a paper election without having many co-conspirators.

Or imagine if there is a military escort that stops the returns convoy and modifies the votes by dumping them and replacing with pre-filled Dictator votes.  If they do this at scale the observers will be aware.  If they do it only in one instance, it’s likely not result affecting.

So we can see that paper elections have the property of inertia...  it takes a lot of interventions to substantially modify a result.  That makes any effective intervention visible to the observers.

 

Now let’s consider electronic voting.  Prior to Satoshi there was no system that could be considered invulnerable to hacking.  Votes could be changed invisibly en-mass at multiple points in the voting chain and the result inverted and there was no way that anyone could audit it effectively.  

Existing computer systems could be made very secure...    but not widely available to users.  If you have wide availability then there is also wide access to hack.

The silent,  totally effective,  hack of a result could not ever be ruled out.

But blockchain changes all that.  Blockchain results cannot be hacked and have total audit ability.  Sounds ideal.

The problem is in that earlier security dilemma in computer systems...  very secure, not widely available, or less secure and widely available.  Before the vote reaches the blockchain there are various man-in-the-middle hack options available to change the vote at source.  They can invisibly and silently totally change the election result,  and no one can ever say with absolute certainty that a hack didn’t happen.

This uncertainty in itself is a large problem for a democracy even if no actual hacks ever happen.

 

TLDR:

So although the paper ballot is messy and slow and annoying, it has the same robust reliability as a plum bob ...  it’s clear that it works,  and it can’t be corrupted without obvious signs.  

Thanks for your time reading this.

Share this post


Link to post
Share on other sites
1 hour ago, Tinyaccount said:

 

If it’s simply a non-magical but nefarious electoral worker...  they can do things that will change or delete votes but...   not at scale,  unless large numbers of people are involved.

That’s the crux...  you can’t affect a paper election without having many co-conspirators.

Or imagine if there is a military escort that stops the returns convoy and modifies the votes by dumping them and replacing with pre-filled Dictator votes.  If they do this at scale the observers will be aware.  If they do it only in one instance, it’s likely not result affecting.

So we can see that paper elections have the property of inertia...  it takes a lot of interventions to substantially modify a result.  That makes any effective intervention visible to the observers.

The problem is in that earlier security dilemma in computer systems...  very secure, not widely available, or less secure and widely available.  Before the vote reaches the blockchain there are various man-in-the-middle hack options available to change the vote at source.  They can invisibly and silently totally change the election result,  and no one can ever say with absolute certainty that a hack didn’t happen.

This uncertainty in itself is a large problem for a democracy even if no actual hacks ever happen.

 

 

Quote

 

"It can't be corrupted without obvious signs."

 

That depends on a lot.  Do you really know what happens to the ballots when the polls close?  In Canada they're counted by the deputy returning officer, the poll clerk, candidate representatives if they decided to show up, and if they don't at least two electors.  That's a very small list of people to bribe to change votes.  It depends on how much you trust these people to count the vote with veracity because, as a citizen, you typically have no idea if someones fudging the counting.  Even if an attacker cannot change the ballots en masse they can still tip the scales by targeting key swing districts. Some of these races are very close.  The Don Valley West riding in the Ontario provincial election was only won by a difference of two hundred votes.  So you realistically only need to have a corrupt election counter to change roughly 200 votes to flip the district.  And as I indicated in my article, outright voter intimidation at polling stations has provably happened, but nothing was done about it.  The results still stood.  With the link in my post above there were serious irregularities in the voting distribution which would indicate that some of the counters were filling the ballots out themselves to change the result, and none of the observers caught them:

"The study also looked at Senegal’s controversial 2007 election, which returned President Abdoulaye Wade to power and in which fraud was alleged but not proven. Suspicious digits — particularly the abundance of zeros — again appeared in these returns, suggesting that Wade’s reelection might have been partially rigged. (He was finally removed from power after another controversial election this year.)"


 

Quote

 

"Before the vote reaches the blockchain there are various man-in-the-middle hack options available to change the vote at source.  They can invisibly and silently totally change the election result,  and no one can ever say with absolute certainty that a hack didn’t happen."

 

 

 

Is a man-in-the-middle attack possible on a crypto transaction?  My understanding is that the transaction is signed with the users public key.  If someone sent a fake transaction it wouldn't be signed with the correct key and it'd be discarded.  And if it's a device compromise or malware, a public attack of that nature would be difficult to pull off without being detected.  You could again target the swing districts, but with the blockchain, and unlike paper ballots, the electorate could check their votes to make sure they were being counted correctly.

Edited by macropolo

Share this post


Link to post
Share on other sites
48 minutes ago, macropolo said:

That depends on a lot.  Do you really know what happens to the ballots when the polls close? 

If the election is monitored then yeah...  there are robust physical, statistical and verifiably re-countable results available if that is put in place.  Whether that’s in place or not is somewhat dependent on the relative significance of the decision being resolved,  and the degree of societal and political tension.

 

52 minutes ago, macropolo said:

Even if an attacker cannot change the ballots en masse they can still tip the scales by targeting key swing districts. Some of these races are very close. 

Which is why scrutiny can be tightened if the need arises.

 

54 minutes ago, macropolo said:

Is a man-in-the-middle attack possible on a crypto transaction?

Yes it is.  

It’s only a crypto transaction once it hits the validators.  Prior to that it’s in the normal digital realm where all sorts of attacks are possible.  And significantly if such an attack happens there is no audit trail available to ‘re-count’ the election.  If the intent was altered then so too can be any record of it.  

And that lack of inspection and recounting ability is one of the key weaknesses compared to paper ballots where the ballots are a physical, tangible, checkable thing.

Anyway...  my view was changed when all this was pointed out to me (albeit in better detail and format).  So thank you for the discussion,  I think I will bow out now that I’ve made my case as best I can...  I doubt I convinced anyone but felt honour bound to try.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...