Can Crypto Save Our Elections?
This article is the first in a two-part series about securing votes with cryptography. For the second part, click here .
The recent election fiasco in Iowa has renewed the debate on whether technology can ever become reliable enough for societies to start trusting our elections to apps.
Oh sure, if we could all choose to vote from an app, there would be many benefits. Greater convenience would lead to higher voter turnout, better representation and more civic engagement. Electronic platforms open up new opportunities to deploy innovative new ballots and ways of counting votes, each with its own statistical pros and cons.
But to be reliable, any such system would have to guarantee privacy and security at least comparable to the paper ballots and voting booths we have been using for hundreds of years. For now, this has not happened. Instead, we’ve had scandal after scandal as technology trusted to hold massive amounts of important data failed in spectacular ways. It’s 2020, and tech still haven’t reliably solved this problem.
There are far worse things than an app delaying a voting result. A few days after the Iowa debacle, we learned that the dominant Likud party in Israel suffered a data leak from a contractor exposing personal details of 6 million Israeli voters. Ron Bar Zik, a programmer who reported the leak, said:
“I’ve seen many breaches in my life, but I’ve never seen such a ridiculous breach like this that did this much damage… Like Ecuador, India and other Third World countries, Israel has joined the club of dubious countries that the database of their citizens was leaked to the Internet"
But actually, the situation is not just limited to “dubious countries”. In 2017 in the USA, the RNC voter database was similarly leaked online, exposing details of a staggering 198 million voters. A year later, many of those details were being openly sold on the Internet. And even without leaks or hacks, it’s normal for states in the US to publish information about voters online for everyone to see.
Even larger leaks and hacks have been reported the last few years, ranging from 230 million at Equifax to 1 billion at Yahoo! If even the largest organizations can’t secure the data, what can the rest of us do?
Diagnosing The Problem
If we look closer, the reason for these failures becomes evident. It is the very concentration of money or data in one place that creates the need to protect it. This is why banks built physical vaults to keep out robbers, and electronic firewalls to to keep out hackers. But with great power comes great responsibility, and what can be done about the very custodians to whom we have entrusted to manage our money supply, our personal data, our votes? Should we trust them to respect our transactions, our privacy settings, and our wishes when it comes to governance?
Progress Thus Far
Technology is a funny thing. It can concentrate data and power in the hands of a few corporations, who — if they wanted — could easily influence our democratic institutions. But then comes a wave of decentralization, as open source software disrupts the rent-seeking feudal lords and ushers in a free market. Desktop printers and copiers gradually let anyone distribute anything. Blogs and social networks disrupted the old media. VOIP disrupted the old telecoms and drove the cost of long distance communication toward zero.
Once upon a time, America Online was the Facebook of the day and Steve Case was the Mark Zuckerberg. Companies wishing to do business online had to pay them to have an “AOL keyword”. AOL made so much from all this rent-seeking, they mailed up to 20s CDs to every person in the USA, promising “10 free hours”, then 50, then 1000. Why was the price dropping? People were switching to the Web, an open, decentralized network based on protocols like DNS and HTTP where anyone could get their own “domain” and start hosting a business on their own web server. The Web unleashed trillions of dollars in value, with business models ranging from e-commerce to ad-supported social networks, and transformed our society. In fact, without its disruption of AOL, our new feudal lords like Facebook, Amazon and Google could never have gotten their start.
But the Web has not solved the underlying problems of concentrating trust in potentially malicious centers of power. Its client-server architecture merely let us choose our landlords, but a new generation had to come along and build a more benign sort of landlord — autonomous networks that were provably resilient and prohibitively expensive for any one group to control. In 2009 we got Bitcoin, and 6 years later, Ethereum. Blockchain was going to usher in a “peer-to-peer cash system”, an economy where any number of people could engage in transactions without needing to trust a third party, or presumably, each other.
That economy has produced impressively resilient systems, secured by proof of work, and tens of billions have been invested to build applications atop them. But they have been held back by the very architecture these systems were rooted in: monolithic global blockchains, where full nodes must store all transactions ever completed, and where at every moment, every transaction in the world must be broadcast to each potential miner, vying to be included in a “block” that secures all transactions “on chain”, and thus extends the ledger for the next minute or so. Described this way, we can see why Bitcoin and Ethereum would face massive scalability problems handling elections or economies involving millions of people acting at the same time.
In the second part of this series, we explore the new breed of crypto projects and the approaches that, when working in concert, finally allow elections to be secured by advances in crypto.