MIT Cybersecurity Experts Warn Against Use of Blockchain Voting Systems
Cybersecurity experts from the Massachusetts Institute of Technology (MIT) have warned against the use of blockchain-based mobile voting systems as they cite the technology is innately insecure and a potential danger to democracy. The security researchers said that the online voting system is more vulnerable to be hacked than mail-in-voting or in-person voting methods.
The team stated that the physical properties of mail-in ballots (vote by mail elections) make them less vulnerable to getting hacked than online voting, where cyber attackers could electronically exploit a single point to disrupt voting or affect the voting process.
The security experts mentioned that the blockchain-based e-voting system is vulnerable to serious failures as attacks are larger scale and easier to execute, but more difficult to detect compared to attacks against paper-ballot voting systems. MIT professor Ron Rivest said:
“While current election systems are far from perfect, blockchain would greatly increase the risk of undetectable, nation-scale election failures.”
Although blockchain-enabled mobile voting apps such as Voatz have been deployed in county and state elections, the MIT cybersecurity team of Neha Narula, Mike Specter, Sunoo Park, and Ron Rivest have previously found that such blockchain e-voting apps suffer from serious security issues and flaws enabling attackers to monitor poll sites and vote casting and even alter or block provisional ballots. Rivest said:
“If vote-casting is entirely software-based, a malicious system could fool the voter about how the vote was actually recorded.”
The researchers claim that only paper ballots voting is the best method that allows voters to directly verify that their marked ballots reflect their intended selection.
Meanwhile, many proponents of blockchain-based online voting argue at the system functions well just like industries like banking and retails that have had significant success with the application of online security for several decades. However, MIT experts claim that online banking and retail systems have had higher fault tolerance that could be accommodated such as cases of credit card fraud. But an election is a different story that such tolerance cannot be accepted. Rivest added:
“For elections, there is no insurance or recourse against a failure of democracy. There is no means to ‘make voters whole again’ after a compromised election.”
While banks can look at receipts to detect and fix fraudulent purchases, voting is a different case as electoral staffs cannot prove the way voters voted.
Blockchain and Internet Voting Security
The internet and computers have brought significant benefits like improving convenience, scalability, reliability, and efficiency of several aspects of daily life. Voting online appears convenient as people simply tap on their smartphone and vote from anywhere. However, voting online faces a serious flaw.
On June 27, Russia state-owned media company TASS announced that unknown attackers hacked the country‘s blockchain electronic voting system after exploited technical vulnerabilities within the system. Cybersecurity experts tried to restore access to the attacked node, but it remained unclear how far their efforts achieved success.
While efficiency and convenience are important properties of election systems, security is another essential property that must be optimized with other elements. An election system is inefficient if any of the three properties are compromised.