National | CTVotersCount.org

Colorado Completes Nation’s first Risk Limiting Audit

Now it’s in the history books: Colorado has become the first state to complete a “risk-limiting audit” designed to catch mistakes when ballots are tabulated…

“Colorado is a national leader in exploring innovative solutions for accessible, secure and auditable elections,” [Matt} Masterson [Chair of the U.S. Election Assistance Commission] said. “Colorado’s risk-limiting audit provided great insights into how to conduct more efficient and effective post-election audits. The EAC is eager to share some of the lessons learned with election officials across America.”

NPR, All Things Considered: Colorado Launches First In The Nation Post-Election Audits <read>

Press Release, Colorado Secretary of State: A new kind of election audit: Colorado is the first to complete it <read>

From the Press Release:

DENVER, Nov. 22, 2017 — Now it’s in the history books: Colorado has become the first state to complete a “risk-limiting audit” designed to catch mistakes when ballots are tabulated.

The Colorado legislature ordered the use of risk-limiting audits in 2009 — long before widespread media coverage of fears about hacking election equipment and interference by foreigners — but the timeline to implement the RLAs was delayed until this year’s Nov. 7 coordinated election.

“I think it’s fair to say that both state and county election officials were a little anxious because this has never been done before,” Colorado Secretary of State Wayne Williams said. “But it turned out to be an amazing success, and that’s because our staff and our county clerks have done a phenomenal job. I am thankful for their hard work and dedication.”

The process attracted attention nationwide. Matt Masterson, chairman of the U.S. Election Assistance Commission, and fellow commissioner Thomas Hicks were among those who witnessed the procedure.

“Colorado is a national leader in exploring innovative solutions for accessible, secure and auditable elections,” Masterson said. “Colorado’s risk-limiting audit provided great insights into how to conduct more efficient and effective post-election audits. The EAC is eager to share some of the lessons learned with election officials across America.”

A risk-limiting audit is a procedure that provides strong statistical evidence that the election outcome is right and has a high probability of correcting a wrong outcome. Risk-limiting audits require human beings to examine and verify more ballots in close races (exactly when you want to examine more ballots), and fewer ballots in races with wide margins. The procedures for conducting risk-limiting audits are spelled out in Secretary of State Election Rule 25.

If you’re an in-the-weeds kind of election junkie or math wonk, you might be interested in the results the Secretary of State’s office posted on its Audit Center. Under the subheads “Round # 1” and “Round # 2” click on “State report (XLSX)” for a county-by-county review.

I am pleased to have played a very small part in this project, moderating weekly conference calls for the State Audit Working Group. Members of the group assisted with extensive comments and contributions to the regulations to implement the law, contributing to the Free and Fair software, and observation of the audit in progress, on the ground in Colorado. It represents months and years of effort by several members of the group, along with enthusiastic support by many Colorado election officials.

A Year After, Our Elections Aren’t Much More Secure

From Buzzfeed’s Cyber Security Correspondent, Kevin Collier: A Year After Trump’s Victory, Our Elections Aren’t Much More Secure

But the focus on how Facebook and Twitter were used to sow division in the US electorate has diverted attention from one of the weakest spots in the system: … a simple cyberattack can be effective against weak infrastructure and unprepared IT workers. Whether that can be fixed by 2018 or even 2020 is an open question…

“We’re not doing very well,” Alex Halderman, a renowned election security expert, told BuzzFeed News. “Most of the problems that existed in 2016 are as bad or worse now, and in fact unless there is some action at a national policy level, I don’t expect things will change very much before the 2018 election.”

From Buzzfeed’s Cyber Security Correspondent, Kevin Collier: A Year After Trump’s Victory, Our Elections Aren’t Much More Secure <read>

The halfway point between the election of President Donald Trump and the 2018 midterms has come and gone, and it still isn’t fully clear what Russian hackers did to America’s state and county voter registration systems. Or what has been done to make sure a future hacking effort won’t succeed.

US officials, obsessed for now with evidence that Russia’s intelligence services exploited social media to sway US voters, have taken solace in the idea that the integrity of the country’s voting is protected by the system’s acknowledged clunkiness. With its decentralized assortment of different machines, procedures, and contractors, who could possibly hack into all those many systems to change vote totals?

But the focus on how Facebook and Twitter were used to sow division in the US electorate has diverted attention from one of the weakest spots in the system: the gap between those locally operated voting systems that are well-protected by sophisticated technology teams and those that are less prepared. Russia knows those gaps exist and that a simple cyberattack can be effective against weak infrastructure and unprepared IT workers. Whether that can be fixed by 2018 or even 2020 is an open question.

Most states’ elections officials still don’t have the security clearances necessary to have a thorough discussion with federal officials about what’s known about Russian, or others’, efforts to hack into their systems.

Seven states still use all-electronic voting systems whose results cannot be verified because there is no paper trail.

And hundreds of US counties rely on outside contractors to maintain their registration records and update the software on voting machines. Some of those contractors are small operations with few employees and minimal computer security skills.

Here we caution that it is not just Russia to be concerned with. Those same vulnerabilities are open to other foreign actors, foreign and U.S. hackers, along with elements of the the U.S. Government. Beyond that open to official and contractor insiders. Not being connected to the Internet does not preclude attack from any of these actors, especially insiders.

Seven states still use all-electronic voting systems whose results cannot be verified because there is no paper trail.

And hundreds of US counties rely on outside contractors to maintain their registration records and update the software on voting machines. Some of those contractors are small operations with few employees and minimal computer security skills.

Many local officials are reluctant to seek federal help, worried about ceding authority to outside agencies.

“We’re not doing very well,” Alex Halderman, a renowned election security expert, told BuzzFeed News. “Most of the problems that existed in 2016 are as bad or worse now, and in fact unless there is some action at a national policy level, I don’t expect things will change very much before the 2018 election.”…

But in the aftermath of last year’s vote, it has become clear that the sheer complexity of the system is no reassurance that it can’t be exploited by a determined hostile power. Halderman, the election security expert, says that just because it didn’t happen last time — or in the voting completed Tuesday — doesn’t mean it won’t.

“It’s only a matter of time, if we don’t have coordinated national action, until a major US election is disrupted, or even its outcome changed, by a foreign nation-state in a cyberattack,” [former FBI director James Comey] said.

To this day, DHS points to the fact that it’s never found evidence that vote tallies were changed

We add that DHS, as far as we know has not looked for such evidence anywhere, let alone everywhere.

As we have said before. Protecting databases and votes requires Prevention, Detection, and Recovery.

Protection alone is insufficient. Large corporations, the Federal Government agencies, and technology companies are regularly hacked. State and Local officials can’t come close to those ultimately limited efforts.
Detection is necessary to provide assurance that hacking did not occur.
Recovery is necessary for all sorts of potential errors, hacks, and fraud.

Paper ballots, properly secured, are the first requirement for detection and recovery of votes. Strong pre-election voter database backup and audits along with paper voter checkin lists are part, just a part, of recovery from corrupted or electronic voter lists, or election day power failure, equipment failure, and cyber attack.

Samantha Bee: The Matrix has your vote

Election hacking, especially the risks in Georgia explained to Samantha Bee.

More specific details on Brad Cast with Marilyn Marks, starting at 5min in <BradCast>
(Thanks to Wanda for the tip)

Rhode Island poised to lead New England in Post-Election Audits

Press Release: Rhode Island Takes Important Step to Secure Elections with Post-Election Audits – Adopts New Procedure to Check Election Results as Threats Increase

“Post-election audits are the best safeguard to making sure that votes are being counted as cast,” said Representative Edith Ajello (D-Providence), the House sponsor. “My community saw a simple administrative error almost turn into an incorrect election result,” added Senate sponsor, Senator James Sheehan (D-North Kingstown), “and this legislation will help assure voters that a system is in place to catch and correct future problems.”

The audits will begin as soon as September 2018. Rhode Island becomes the 32nd state to require post-election audits, and only the second state to require risk-limiting audits.

Press Release: Rhode Island Takes Important Step to Secure Elections with Post-Election Audits – Adopts New Procedure to Check Election Results as Threats Increase <read>

“Post-election audits are the best safeguard to making sure that votes are being counted as cast,” said Representative Edith Ajello (D-Providence), the House sponsor. “My community saw a simple administrative error almost turn into an incorrect election result,” added Senate sponsor, Senator James Sheehan (D-North Kingstown), “and this legislation will help assure voters that a system is in place to catch and correct future problems.”

The audits will begin as soon as September 2018. Rhode Island becomes the 32nd state to require post-election audits, and only the second state to require risk-limiting audits.

Passage came after two Rhode Island communities suffered from administrative errors in the November 2016 election that led to incorrect machine counts on election night. Because the results were obviously wrong, election officials reprogrammed the scanners and recounted the ballots. The correct results were reported, but the situation demonstrated the need for a manual check on the results of machine-counted ballots.

Connecticut was the first New England State with post-election audits. Unfortunately we are among the vast majority of states with post-election audits that do not provide sufficient public confidence. Connecticut’s audits suffer from an insufficient design, poor execution, and ll but no oversight. <See the Citizen Audit Reports>

To be fair, most experts only regard the post-election audits in two states, Minnesota and New Mexico, as adequate. Yet, the Risk Limiting Audits to be implemented this year in Colorado and over the next couple of years in Rhode Island are likely to lead the Nation in deserved confidence and efficiency.

PS: I have played a minor supporting role working with other advocates and computer scientists in assisting the development of rules in Colorado and in honing the Rhode Island law. From that ongoing experience it is clear that it takes a lot of detailed work, patience, commitment and participation to create good laws and see them through. Participation from willing and reluctant officials, legislators, advocates, and scientists. Expect some bumps along the way as these new laws are implemented – patience will be required over several election cycles to smooth out those bumps.

RoundUp: Spy vs Spy, while Officials and Voters lose

Almost every day lately there is news on the potential of future and past hacking, including election hacking. Today we suggest three recent articles and a report.

The N.S.A. bans its analysts from using Kaspersky antivirus at the agency, in large part because the agency has exploited antivirus software for its own foreign hacking operations and knows the same technique is used by its adversaries.

If Russia can attack our election, so can others: Iran, North Korea, ISIS, or even criminal or extremist groups.

Exactly a year after U.S. intelligence issued a stern warning about Russian interference in the 2016 presidential election, the Trump administration has failed to fill key homeland security posts responsible for preventing another Kremlin assault on the voting system…

It sounds like science fiction, or at least “Ocean’s 11,” but cybersecurity experts are frantically waving their hands, trying to get Americans to see that in foreign capitals, the American voting system just looks like easy opportunity.

Almost every day lately there is news on the potential of future and past hacking, including election hacking. Today we suggest three recent articles and a report.

Lets start with the story of a hack involving software from Kaspersky Labs in the New York Times: How Israel Caught Russian Hackers Scouring the World for U.S. Secrets <read>

Before we read the story, remember there is some history here. Russia is the enemy of choice for the U.S. these days. The media and Government are biased to attribute any attack to Russia, exaggerate any attack from Russia, and to conflate anything Russian with the Russian Government. The infamous Stuxnet attack which disabled some of Iran’s nuclear centrifuges was allegedly carried out by Israel and the United States – Kaspersky Labs was one of the main contributors in the discovery and investigation of the attack. We remain skeptical of claims that are not highly documented, yet aware undocumented claims may be true.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules…

Kaspersky Lab denied any knowledge of, or involvement in, the Russian hacking. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said in a statement Tuesday afternoon. Kaspersky Lab also said it “respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity.”…

The N.S.A. bans its analysts from using Kaspersky antivirus at the agency, in large part because the agency has exploited antivirus software for its own foreign hacking operations and knows the same technique is used by its adversaries.

Nobody knows who actually exploited the Kaspersky software, yet it could have been Israel:

The report did not name Israel as the intruder but noted that the breach bore striking similarities to a previous attack, known as “Duqu,” which researchers had attributed to the same nation states responsible for the infamous Stuxnet cyberweapon. Stuxnet was a joint American-Israeli operation that successfully infiltrated Iran’s Natanz nuclear facility, and used malicious code to destroy a fifth of Iran’s uranium centrifuges in 2010.

Kaspersky reported that its attackers had used the same algorithm and some of the same code as Duqu, but noted that in many ways it was even more sophisticated. So the company researchers named the new attack Duqu 2.0, noting that other victims of the attack were prime Israeli targets.

This week the DEFCON report on its Election Hacking Village was published: Report on Cyber Vulnerabilities in
U.S. Election Equipment, Databases, and Infrastructure <read>

It is a significant event with a short 18 page report. Well worth reading. The Forward summarizes it well:

last year’s attack on America’s voting process is as serious a threat to our democracy as any I have ever seen in the last 40+ years–potentially more serious than any physical attack on our Nation. Loss of life and damage to property are tragic, but we are resilient and can recover. Losing confidence in the
security of our voting process–the fundamental link between the American people and our government–could be much more damaging. Inshort, this is a serious national security issue that strikes at the core of our democracy…

If Russia can attack our election, so can others: Iran, North Korea, ISIS, or even criminal or extremist groups. Time is short: our 2018 and 2020 elections are just around the corner and they are lucrative targets for any cyber opponent. We need a sense of urgency now. Finally, this is a national security issue because other democracies–our key allies and partners–are also vulnerable…

For over 40 years I voted by mailing an absentee ballot from wherever I was stationed around the world. I assumed voting security was someone else’s job; I didn’t worry about it. After reading this report, I don’t feel that way anymore. Now I am convinced that I must get involved. I hope you will read this report and come to the same conclusion.

Douglas E. Lute

Former U.S. Ambassador to NATO

Lieutenant General, U.S. Army, Retired

From Newsweek: Russians Still Have An Open Path to U.S. Election Subversion <read>

Although some of the references to Russian interference in the following story have been withdrawn and questioned, the basic theme that Congress and the Administration are basically not in action is cause for concern that noting of substance will be accomplished.

Exactly a year after U.S. intelligence issued a stern warning about Russian interference in the 2016 presidential election, the Trump administration has failed to fill key homeland security posts responsible for preventing another Kremlin assault on the voting system…

“The second thing is, the administration doesn’t seem to want to have anybody head up to the Hill and testify on issues that would be hot-button issues, namely anything to do with election security, cyber security, or the Russian acts from last year.”

Unless the administration puts its own political appointees in place at DHS, analysts say, the department will struggle to get protective systems up and running in time for the 2017 primaries and state and local races, let alone the 2018 elections.

And from Politico: Hacker study: Russia could get into U.S. voting machines <read> Not just Russia, however:

American voting machines are full of foreign-made hardware and software, including from China, and a top group of hackers and national security officials says that means they could have been infiltrated last year and into the future. American voting machines are full of foreign-made hardware and software, including from China, and a top group of hackers and national security officials says that means they could have been infiltrated last year and into the future…

“From a technological point of view, this is something that is clearly doable,” said Sherri Ramsay, the former director of the federal Central Security Service Threat Operations Center, which handles cyber threats for the military and the National Security Agency. “For us to turn a blind eye to this, I think that would be very irresponsible on our part.”

Often, voting machine companies argue that their supply chain is secure or that the parts are American-made or that the number of different and disconnected officials administering elections would make a widespread hack impossible. The companies also regularly say that since many machines are not connected to the internet, hackers’ ability to get in is limited.

But at the DEFCON event in Las Vegas, hackers took over voting machines, remotely and exposed personal information in voter files and more…

It sounds like science fiction, or at least “Ocean’s 11,” but cybersecurity experts are frantically waving their hands, trying to get Americans to see that in foreign capitals, the American voting system just looks like easy opportunity.

Skepticism now, Skepticism tomorrow, Skepticism forever

Recent events are a reminder that we must be eternally skeptical. We need to be especially skeptical of the mainstream media as well as other sources.

Today we add the most recent flurry about the “21 states hacked by Russia before the 2016 election”, and more. The story continues to fall apart, bit by bit. Yet, we suspect the truth is far from common knowledge.

And an Intercept story by Kim Zetter reviewing a report by Kaspersky Lab Masquerading Hackers Are Forcing a Rethink of How Attacks Are Traced. The title pretty much says it all. Attribution is difficult, yet often possible.

Not expecting to paraphrase George Wallace, a person about as far me politically or as a humanist as one can be. Yet, recent events are a reminder that we must be eternally skeptical. We need to be especially skeptical of the mainstream media as well as other sources. <here> <here>

There is no solid evidence available to the public and experts to verify
Its not necessarily Russia but people who may be Russian
Two years ago the context would have been fears of China, so then many hacks were allegedly Chinese
At most one state had data changed, at most otherwise it was attempting to find vulnerabilities — that occurs multiple times a day to almost every server from multiple individuals and groups.
The latest is that, so far, two of the states were in correctly included. Yet Another Major Russia Story Falls Apart. Is Skepticism Permissible Yet? <read> As we commented on the link:

Our skepticism was justified, it would be even if the story proved true.

I am not a fan of the Russian government system, we should be concerned about China, Russia, and our own actions. Yet, I often read and learn from RT articles. I find them biased toward publishing factual articles supporting their point of view, yet no more so than FOX, CNN, MSNBC or many other players in the U.S. media. Like Al Jazeera, RT is journalism and largely accurate, often covering important stories not available elsewhere. RT and Al Jazerra are hardly Radio Free Europe or Tokyo Rose. The U.S. is far from innocent when it comes to manipulating elections. Right now I am in the middle of reading “In the Shadows of the 20th Century” Here is a quote:

According to a compilation at Carnegie Mellon University, between 1946 and 2000 the rival superpowers intervened in 117 elections, or 11 percent of all the competitive national-level contests held worldwide, via campaign cash and media disinformation. Significantly, the United States was responsible for eighty-one of these attempts (70 percent of the total) – including eight instances in Italy, five in Japan, and several in Chile and Nicaragua stiffened by CIA paramilitary action.

Now an Intercept story by Kim Zetter reviewing a report by Kaspersky Lab (another company recently trashed because it is Russian) Masquerading Hackers Are Forcing a Rethink of How Attacks Are Traced <read>

The title pretty much says it all. Attribution is difficult, yet often possible.

We add yes, but without trusted, multiple, third-parties reviewing the evidence and, even better, generating the evidence independently there is little basis for blind trust, while strong skepticism is justified – especially if the claims match the bias and agenda of the source.

We need recounts for more than fair elections, for more than Russian risks.

CNN: For fair elections … can we get a recount?

We should not ignore calls for audits, recounts, and paper ballots just because the motivator for those calls may be simplistic. There are a multitude of risks beyond Russians, beyond foreigners, beyond skullduggery. Its not just fairness, it is accuracy and democracy.

CNN: For fair elections … can we get a recount? <read>

The latest reporting regarding the scope of attempted Russian cyber-interference in the 2016 presidential election suggests election officials made a mistake in ending efforts to recount the contest in key states. Those recounts offered the best opportunity to identify and resolve issues that are now coming to light. We should study our errors to avoid repeating them — and to make sure recounts in the future are better at detecting hacking and other threats.

Post-election efforts to recount the 2016 presidential vote did not get far. For example, the Michigan recount was shut down after just three days; a federal judge rejected a request to recount paper ballots in Pennsylvania; and while Wisconsin did conduct a recount, in many counties, officials neglected to hand-count paper ballots and did not examine vulnerable software in electronic voting machines.

Just as Donald Trump continues to resist the finding that Russia manipulated our democratic process, he furiously contested the need to investigate the vote…

One clear area of vulnerability then and now is our reliance on electronic voting machines and vote tabulating machines without conducting any meaningful post-election audits. Like any other technology, these devices can fail in unexpected ways. They can have bugs that might produce an incorrect result. When irregularities occur in an election — such as the approximately 84,000 ballots in Michigan on which there were reportedly no selections marked for president — we need to see if an error is to blame.

Nonscience Nonsense, insults our intelligence and the Granite State

Coverage by Alternet: The GOP Is Plowing Ahead with an Audacious Effort to Hijack the Vote and Rig Elections <read>

“Plowing” is apt. They are really piling it on. It could be worse. They may hide their emails, yet their agenda is transparent. Instead they could have a hidden agenda and succeed in reducing voting rights by a thousand cuts.

The Republican Party’s efforts to disrupt voting and thwart representative government was on full display this past week, when despite ridicule in the press, the GOP’s leading proponents of undermining voters and rigging elections were unbowed and forged ahead.

Coverage by Alternet: The GOP Is Plowing Ahead with an Audacious Effort to Hijack the Vote and Rig Elections <read>

The Republican Party’s efforts to disrupt voting and thwart representative government was on full display this past week, when despite ridicule in the press, the GOP’s leading proponents of undermining voters and rigging elections were unbowed and forged ahead.

First came Kris Kobach’s willfully incorrect—but headline-grabbing—accusation on Breitbart.com that more than 5,000 people illegally voted last fall in New Hampshire, delivering an Electoral College majority to Hillary Clinton and a U.S. senate seat to a Democrat. Kobach, an attorney whose anti-immigrant activism launched his career, is the Kansas secretary of state, a current gubernatorial candidate, and co-chair of President Trump’s Orwellian-titled “election integrity” commission. Kobach was caught mangling some Republican-produced data about New Hampshire college students who were perfectly legal voters to make his false claim about presumed Democrats voting illegally…

Trump’s election commission keeps getting clownish grades for its antics. This week’s New Hampshire field hearing invited only white men to testify, prompting ridicule. Members were caught communicating via private emails for official business—the same thing right-wingers went crazy about when Hillary Clinton did it. But Kobach didn’t backtrack on his voter fraud claims and von Spakovsky didn’t resign. No, they forged ahead with the panel’s real goal: to impede any citizen who doesn’t support the GOP from voting, even as fellow panel members publicly chastised them for it.

That brings us to this week’s most notorious witness who testified before the panel in a New Hampshire field hearing. In recent years, John Lott has made more of a name as a firearms fanatic than as a voting rights crusader. But he testified that anyone registering to vote should undergo the same background checks as are needed to get a firearms permit. That too, was ridiculed in the press as a false equivalency, because the legal requirements to be an eligible voter are not the same as for being a gun owner.

However, what nobody mentioned in news reports was perhaps the most salient detail about Lott’s proposal that would appeal to Republican vote suppressors. Gun licenses aren’t issued to people with criminal records, which if applied to voting, could greatly expand today’s current landscape of felon disenfranchisement.

Since our founding, we have a consistent history of opposing the appointments of Mr. von Spakovsky: Senator Dodd: Keep Bush’s Hans Off Our Elections

States (and foreign governments) moving half way toward verifiable election results

From Governing: After 2016 Election Hacks, Some States Return to Paper Ballots

The Independent, via VerifiedVoting: Norway: Votes to be counted manually in fear of election hacking

We applaud these developments. Yet, what is needed beyond paper ballots are effective post-election audits, those that verify result and can lead to changing incorrect initial outcomes. Audits that also verify the accumulation of results across jurisdictions; Audits that check other aspects of the process as checkin, checkin to ballots counts, and ballot security.

From Governing: After 2016 Election Hacks, Some States Return to Paper Ballots<read>

Across the U.S., about a quarter of registered voters live in election districts with electronic ballots, but Virginia’s decision “could suggest that the DRE era in American elections is approaching its end,” wrote Doug Chapin, an elections expert from the Humphrey School of Public Affairs, on his blog.

Five states — Delaware, Georgia, Louisiana, New Jersey and South Carolina — still use only electronic machines. Another handful of states have a mix of electronic and paper-based machines, depending on the local jurisdiction.

“I do hope that they’ll notice what happened in Virginia,” says Barbara Simons, president of Verified Voting, a national group that supports paper ballots and regular audits of election results. “No elected official wants to be accused of using insecure voting technology, especially with all of the questions raised in 2016.”

The threat of cyberhacks, however, is not the only problem facing election agencies.

The Independent, via VerifiedVoting: Norway: Votes to be counted manually in fear of election hacking <read>

Norway is the second country in Europe to change the way it counts votes. The Netherlands decided to count its March 15 parliamentary elections manually after broadcaster RTL interviewed security experts and hackers who said software security was weak. One hacker claimed an average iPad is better protected than the Dutch electoral system.

Beware the vendor/technologist offering a panacea

The general public, legislators, business people, and many technologists – all of us – often miss-estimate the potential and applicability of technologies. I remember in 2004, my congressman, told an audience we did not have to worry about electronic voting because of encryption.

The latest “new” technology is Blockchains, the technology that underlies BitCoin. It has some valuable applicability, yet I suspect not that much.

Using blockchains for voting has been considered by academics for decades, but only as a thought experiment. If you ask any cryptographer who knows the basics of cryptocurrencies (remember, blockchains were invented by cryptographers) if elections should be conducted using blockchains, they would laugh and say, “Hell no, that doesn’t even make sense!”

Spending much of my career being called upon to evaluate various new technology, my experience is that many get the applicability and time frames wrong. In the early eighties I was assigned to evaluate personal computer technologies. In general, corporations thought they were late to the table in applying personal computers. In retrospect most were pretty much on time with evaluating the technology. I was called into my boss’s office in the summer of 1985 – higher ups had decided to pursue artificial intelligence in a big way, they did not want to be late, I would lead the effort. Its over thirty years and over the last few years some really good applications have been implemented. Maybe we don’t notice so much, but voice simulation and recognition were initially though next to impossible. We are still hearing about AI breakthroughs coming soon. I am sure they have been and will continue. So it is and continues to be with various technologies such as database, data communications, email, voice mail, and the Internet.

The latest “new” technology is Blockchains, the technology that underlies BitCoin. It has some valuable applicability, yet I suspect not that much. There was a recent Newshour show, (15min in) a Blockchain Caucus in the U.S. House, this recent article that claims election panacea status Blockchain voting app puts democracy in the hands of the people <read>

BITCOIN changed the way we think about money forever. Now a type of political cryptocurrency wants to do the same for votes, reinventing how we participate in democracy.

Sovereign is being unveiled this week by Democracy Earth, a not-for-profit organisation in Palo Alto, California. It combines liquid democracy – which gives individuals more flexibility in how they use their votes – with blockchains, digital ledgers of transactions that keep cryptocurrencies like bitcoin secure. Sovereign’s developers hope it could signal the beginning of a democratic system that transcends national borders.

“There’s an intrinsic incompatibility between the internet and nation states,” says Santiago Siri, one of Democracy Earth’s co-founders. “If we’re going to think about digital governance, we need to think in a borderless, global way.”

The basic concept of liquid democracy is that voters can express their wishes on an issue directly or delegate their vote to someone else they think is better-placed to decide on their behalf. In turn, those delegates can also pass those votes upwards through the chain. Crucially, users can see how their delegate voted and reclaim their vote to use themselves.

This is not the first claim we have heard that blockchains can solve the ills of electronic voting. It won’t be the last. The antidote to going overboard is understanding the natural tendency to get it wrong, look for panaceas, and knowledge. Take this from our friends at Free and Fair: BLOCKCHAINS AND ELECTIONS <read>

As people and companies seek new ways to conduct elections that make better sense in our high tech world, several startups have proposed using blockchains, or even Bitcoin itself, to conduct elections.

Using Bitcoin (or a blockchain) as an election system is a bad idea that really doesn’t make sense. While blockchains can be useful in the election process, they are only appropriate for use in one small part of a larger election system…

Using blockchains for voting has been considered by academics for decades, but only as a thought experiment. If you ask any cryptographer who knows the basics of cryptocurrencies (remember, blockchains were invented by cryptographers) if elections should be conducted using blockchains, they would laugh and say, “Hell no, that doesn’t even make sense!” While blockchains are great at securely storing information, they do literally nothing to solve the many, many challenges that elections face, like the necessity for voter anonymity, the ability to determine that only eligible voters cast votes, that only legal votes are tabulated, and that ballots and ballot boxes cannot be manipulated by anyone, etc… and the list goes on. Blockchains do nothing to address any of these critical issues.

We do believe blockchains can be useful. But like many technologies they are not a panacea. There will be applicability, yet I would not expect much from a bitchain caucus and hope my representative spends his time elsewhere. Yet, I could always be wrong.