Many Vulnerabilities on Using Blockchains in Electronic Voting
- The much discussed and debated Electronic Voting Machine in India has survived intense scrutiny over its use largely because of one strong reason — the fact that this standalone single-chip device is not connected to any network.
- This is besides several technological and administrative safeguards to ensure that the machine is not tampered with.
- With the addition of the Voter Verifiable Paper Audit Trail (VVPAT) to the EVM, “audit-ability” was added to the process even as the machine has suffered glitches, which the Election Commission of India (ECI) has managed to tackle reasonably well.
- The ECI should definitely seek solutions to make the EVM more robust even as it must reject calls for a return to paper balloting — which experienced malpractices such as ballot stuffing and booth capturing.
- That being said, the announcement by Chief Election Commissioner that the ECI is commencing trials of a “remote voting project” is sure to bring back scrutiny.
- ECI have not elaborated or released any detailed document, but have mentioned that the system, being developed by IIT-Madras, uses the blockchain method for “two-way remote voting” at designated centres.
- Remote voting, as an option, has gained some priority during the COVID-19 pandemic in order to address social distancing.
- In the U.S., the mail-in ballot system, where registered voters received ballots and returned it via post or dropped it off at secure “drop boxes” or voting centers, was widely used, but this was entirely paper based.
- The blockchain method implements an online public bulletin board that allows for a linear ordering of data to which a user can only further append data.
- The board itself is public and available for anyone to read and verify.
- The technology has been put in use for cryptocurrencies — the Bitcoin blockchain records a list of transactions that can be read to find out who owns which bitcoins without any centralised authority.
- In the case of a blockchain-based voting system, the voting authority will have to authenticate this bulletin board in which users sign in using cryptographic signatures to register their votes in a ledger.
- While this system, with its cryptographic features, promises data security and verifiability, the fact that it will depend upon a network and devices could introduce vulnerabilities that are present in any Internet-based system.
- A draft paper by MIT and Harvard researchers, in November 2020, has raised concerns about the designs of a remote block-chain-based voting system and pointed to serious vulnerabilities in some instances where it was tried out.
- The paper also points out that beyond the vulnerabilities faced by any Internet-based system, blockchains also introduce issues related to complexity and their management.
- The ECI would do well to exercise caution before deploying this method in elections, besides subjecting it to a rigorous public appraisal.