Usability of Key Distribution in BlockChain Backed Electronic Voting
I went to an event a few weeks ago where some leading BlockChain organisations were showing off the power of Distributed Ledgers and how they will transform society. Not one of them mentioned users.
There was talk of investors, stakeholders, corporations, smart-contract-backed entities. But no users. No real people who have to interact with their services. That's par for the course at this stage of an emerging technology - everyone is running away, shiny-eyed, into the future tech utopia, without any real understanding of how normal people behave.
I'm going to keep this rant discussion high-level. The event was under the Chatham House Rule - so I'll avoid getting into specifics.
An organisation wants to use "BlockChain" to secure elections. Their theory is that our current electoral systems are too easily hacked and there is no way to verify or audit the votes. I disagree with their supposition, but for the time being let's take their claims at face value.
In order to cast my vote under their proposals - I need to cryptographically sign a transaction which is then fed into a Distributed Ledger.
How do I get a public/private key-pair to allow me to do that?
Diffie-Hellman Key Exchange
The great cryptographic breakthrough of the 20th century was a way to distribute security keys without having to rely on a trusted courier. You can watch my short explainer video of it online.
So a user can securely generate a key and then securely share it. How? Most normal users can't do this.
As soon as you put responsibility into the hands of the user, you leave them ripe for exploitation. Recently, a website which claimed to help you generate a secure key for your cryptocurrency wallet stole $4 million from its users.
Do a web search for "tax refund" or similar and you'll find that the top adverts are for scummy companies which offer no real value. How is the average user supposed to find a secure and reputable way to generate the key that they need to vote online?
The State Distributes The Keys
There is a charming naïveté to this. The state currently distributes passports and voting cards - so why not cryptographic keys?
There are two fundamental problems.
Trust
How do I audit the votes on a BlockChain? I can easily verify that my vote has been correctly recorded by *waves hands* technology. But that's only half the problem.
How do I know that all the other votes on the ledger are genuine? If it is the state which generates the keys, what's to stop them from generating surplus, fraudulent keys? If they can see who hasn't yet voted - they can use a copy of their key to manipulate the vote.
As we've seen, centralised certificate issuers can be staggeringly incompetent. They issue blatantly incorrect certificates on a disturbingly regular basis.
What happens when the organisation responsible for generating the voting keys "accidentally" lets one of their sub-contractors do something which calls in to question the integrity of the voting process?
Securing The Supply Chain
But, let's assume that through the magic of technology, we can solve this problem. How do we get the keys to people?
If we use the postal service, there's a strong risk of theft.
I guess that means we have to distribute the keys electronically?
Securing The Individual
How do I secure my voting key once I've got it? I have a degree in computer science and spend my days working on technology. I still don't know if I set up my YubiKey correctly.
But perhaps we can use people's phones. OK, so half the Androids in the country are running outdated software, are vulnerable to attack, and don't have a secure password on them. But... errr... THE BLOCKCHAIN WILL SOLVE ALL THESE PROBLEMS!!!!
...Sorry... Their zeal sometimes affects me...
Where Next?
Here's how I vote at the moment.
- Register online
- Receive a paper card in the post confirming the registration
- Wander down the street to the polling place
- Queue for two-minutes
- Confirm my name and address
- Draw an X on a piece of paper
There are several drawbacks with this, it may be prone to fraud, it's not readily accessible, I can't audit my specific vote.
But it is quick and it is easy. The current voting process - for all its flaws - is pretty damn usable and fairly cheap.
What's the user story for blockchain thinking? Will it be easier than the current method?
One of the reasons why Plurality Voting (like First-Past-The-Post) is so popular is that people understand it.
Perhaps there are forms of proportional representation which are fairer - but trying to understand how the Condorcet method produces a winner is difficult.
Telling a story
Humans are Pan narrans - the storytelling ape. And we like simple stories. Goodies and baddies. Winners and losers.
What's the story for BlockChain voting? How easy is it to explain to someone who doesn't know or care about technology?
Everything has to start with the user - not with the technology.
What links here from around this blog?