Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Government United States Politics

USPS Built and Secretly Tested a Blockchain-Based Mobile Voting System Before 2020 (washingtonpost.com) 60

An anonymous reader quotes a report from The Washington Post: The U.S. Postal Service pursued a project to build and secretly test a blockchain-based mobile phone voting system before the 2020 election (Warning: may be paywalled; alternative source), experimenting with a technology that the government's own cybersecurity agency says can't be trusted to securely handle ballots. The system was never deployed in a live election and was abandoned in 2019, Postal Service spokesman David Partenheimer said. That was after cybersecurity researchers at the University of Colorado at Colorado Springs conducted a test of the system during a mock election and found numerous ways that it was vulnerable to hacking.

The project appears to have been conducted without the involvement of federal agencies more closely focused on elections, which were then scrambling to make voting more secure in the wake of Russian interference in the 2016 contest. Those efforts focused primarily on using paper ballot so the voter could verify their vote was recorded accurately and there would be a paper trail for auditors -- something missing from any mobile phone or Internet-based system. The project appears to have been conducted without the involvement of federal agencies more closely focused on elections, which were then scrambling to make voting more secure in the wake of Russian interference in the 2016 contest. Those efforts focused primarily on using paper ballot so the voter could verify their vote was recorded accurately and there would be a paper trail for auditors -- something missing from any mobile phone or Internet-based system.

The Postal Service system allowed people to cast votes on an Internet-connected mobile app similar to how they might add items to an online shopping cart or fill out an online survey. The votes were designed to be anonymous and to be recorded in multiple digital locations simultaneously. The idea is that each of those digital records would act as a check to verify the accuracy of the other records. This is essentially the same method that cryptocurrencies such as bitcoin use to ensure transactions are accurately recorded. But the system didn't protect against the numerous ways hackers might fake or corrupt votes, the University of Colorado researchers said. Those include impersonating voters, attacking the blockchain system itself so votes can't be trusted, flooding the system with information so it becomes too overwhelmed to function, and using techniques that undermine voters' privacy and the secrecy of the ballot. The researchers were able to successfully perform all those hacks during a mock election held on campus.
"The Postal Service was awarded a public patent for the concept in August 2020, but had not previously revealed that it built a prototype system or tested it," the report notes.
This discussion has been archived. No new comments can be posted.

USPS Built and Secretly Tested a Blockchain-Based Mobile Voting System Before 2020

Comments Filter:
  • This article is BS.

    https://www.jdsupra.com/legaln... [jdsupra.com]
    • by XXongo ( 3986865 )
      Did you even read the summary?
      "The Postal Service was awarded a public patent for the concept in August 2020, but had not previously revealed that it built a prototype system or tested it," the report notes.
  • Who needs hacking? (Score:3, Interesting)

    by quonset ( 4839537 ) on Tuesday December 14, 2021 @07:23PM (#62081147)

    Just vote multiple times for Republicans [marketwatch.com]. Again [newsweek.com], and again. [kxan.com]

  • Yeah, yeah but did they outsource the development to a shady company in China?
  • by drnb ( 2434720 ) on Tuesday December 14, 2021 @07:29PM (#62081171)
    Voting on your computer or phone is irredeemably flawed since it is not necessarily private. Someone can watch you vote and reward or punish. This is nothing new, non-secret balloting was a major source of fraud in the past. One of the reasons we moved voting to those private voting booths was to counter the corruption involved in publicly visible voting.

    One example of many from the past. The local political boss has his men stationed at some bars. Cast your ballot in front of them and they pay for drinks, if you voted "correctly".
    • Re: (Score:1, Troll)

      by jobslave ( 6255040 )

      All the more reason to mandate vote by mail. It's secure and secret. Not sure why the right is scared of vote by mail. I've been voting by mail since I registered to vote almost 30 years ago with absolutely zero problems. It's better too, I can sit down with my voter pamphlet and my computer and research as I vote, taking my time. From my perspective, a voting in person provides no benefit at all.

      • by drnb ( 2434720 ) on Tuesday December 14, 2021 @08:51PM (#62081391)

        All the more reason to mandate vote by mail. It's secure and secret.

        No its not. It has the exact same problem. You can be watched while you fill it out, reward or punished. Add to this the concept of bundlers who can return other peoples ballots and its a system tailor made for such schemes.

        • That's why you need a two party system...

          First you must pick a large random number. Maybe by shaking a container of dice into a funnel into a transparent tube. A camer takes a photo, and you take a photo. That becomes your ID number, you vote and the vote is tracked by ID number. The system doesn't know who you are but you have your ID number and you can:

          1) verify that your vote was tallied the way you wanted by the voting system

          2) Prove that you voted that way to anyone you would like, so pick the party th

        • Yes postal ballot has exactly the same problem - voters being punished or rewarded by someone making you mail that slip in front of them.

          Also its trivial to do bulk postal voltes on behalf of people who don't go to vote or are stopped from going.

          But the retard gang only sees "blockchain" and goes mad trying to shoot it down just in case it goes into bitcoin related territory

          • You guys have no idea at all how vote by mail works. Did you need help getting your shoes tied this morning?

            • You guys have no idea at all how vote by mail works. Did you need help getting your shoes tied this morning?

              Really? Explain it to me then.

              I'll go first. I get a ballot in the mail. I fill it out at my kitchen table. My wife could at any time ask to see it and either offer or withhold sex based on whether she approves of my choices. (In fact, she does neither because she's not a terrible person.)

              Alternatively, I could take my ballot to the local union hall/company office, fill it how, give it to the shop steward/Big Boss, and get a $50 gift card if I voted the right way. Not saying anything this blatant ever happe

              • by drnb ( 2434720 )
                Vote by mail works well enough when the ballots are requested. The voters are obviously motivated, abuse as described sufficiently small in scale as to not change outcomes.

                However with the mass mailouts of mail in ballots to all registered voters you suddenly have the scale where corruption can make a difference. Combine this with many voters who are disinterested in voting and you have a large population who might monetize their ballots. When you create such an opportunistic situation human nature will
                • Vote by mail works well enough when the ballots are requested. The voters are obviously motivated, abuse as described sufficiently small in scale as to not change outcomes.

                  However with the mass mailouts of mail in ballots to all registered voters you suddenly have the scale where corruption can make a difference. Combine this with many voters who are disinterested in voting and you have a large population who might monetize their ballots. When you create such an opportunistic situation human nature will sadly exploit it.

                  Interesting point. So the scenario you're thinking about is 20 million Californians got, but did not request, vote by mail ballots. Since they didn't request them, some percent get diverted and fraudulently submitted. Since the voter was planning on voting anyway, they don't notice, and the local voting district doesn't see two votes by the same person. And (assuming this wasn't California where most races seem to be overwhelmingly won by the incumbent), you only have to do this to a very small percent of t

                  • by drnb ( 2434720 )

                    Interesting point. So the scenario you're thinking about ...

                    is not the straw man you manufactured.

                    ... 20 million Californians got, but did not request, vote by mail ballots. Since they didn't request them, some percent get diverted ...

                    You misunderstood the GP's use of "divergence". That poster was referring to how the votes cast differ from the actual sentiment of the population. Voting is a sample of a population statistically. The GP was not referring to "diverted" as in someone takes someone else's ballot.

      • Re: (Score:3, Insightful)

        by gtall ( 79522 )

        The right is scared of it because they have convinced themselves that the reason they have not done better in past elections is because too many people vote democrat. . . duh, they are not very bright but they are logical. Many of their constituents are in sparsely populated rural districts. So depressing voting across the board, they impact cities more and cities tend to vote more democratic.

    • Someone can watch you vote and reward or punish.

      The same is true of mail-in ballots.

      The local political boss has his men stationed at some bars. Cast your ballot in front of them and they pay for drinks, if you voted "correctly".

      That is a serious felony. If you do this on a scale big enough to swing an election, you will get caught and go to prison.

      • by drnb ( 2434720 )

        Someone can watch you vote and reward or punish.

        The same is true of mail-in ballots.

        Absolutely, they have heir inherent flaws too.

        The local political boss has his men stationed at some bars. Cast your ballot in front of them and they pay for drinks, if you voted "correctly".

        That is a serious felony. If you do this on a scale big enough to swing an election, you will get caught and go to prison.

        The modern incarnations will be a little less obvious. With mass mailing of ballots to all those registered the number of ballots out there becomes statistically significant.

      • by XXongo ( 3986865 )

        That is a serious felony. If you do this on a scale big enough to swing an election, you will get caught and go to prison.

        Nevertheless, historically, yes, it happened.

        The basic technique is that your boss tells you that everybody working for him will vote, and to make sure, he will collect all the ballots from all his employees, and he will drop them in the mail. But... if you voted for the wrong person: you're not going anywhere in the company, and probably won't have a job..

        • by tlhIngan ( 30335 )

          The basic technique is that your boss tells you that everybody working for him will vote, and to make sure, he will collect all the ballots from all his employees, and he will drop them in the mail. But... if you voted for the wrong person: you're not going anywhere in the company, and probably won't have a job..

          The wonderful thing is, mail-in ballots can be cancelled. You can spoil the outer security envelopes so the ballots aren't processed, you can request a new mail-in ballot, or you can vote in person.

      • Also, since I started keeping this magic stone no tigers have attacked me.
        QED it works.

      • "That is a serious felony. If you do this on a scale big enough to swing an election, you will get caught and go to prison."

        I will not offer any of the plentiful examples from the past five years alone where it was proven that felonies were committed, 'serious felonies', publicly recognized, and neither prosecution nor punishment occurred. You should be able to recite these examples to yourself. It hardly matters who committed these felonies, right?

        Our justice system is failed. That doesn't make voting frau

    • Voting on your computer or phone is irredeemably flawed since it is not necessarily private. Someone can watch you vote and reward or punish.

      It just needs to be changeable up to a certain cutoff time. Someone can verify who you voted for, buy you a drink. And then you can walk around the corner and change it to someone else if you prefer.

      • by drnb ( 2434720 )

        Voting on your computer or phone is irredeemably flawed since it is not necessarily private. Someone can watch you vote and reward or punish.

        It just needs to be changeable up to a certain cutoff time. Someone can verify who you voted for, buy you a drink. And then you can walk around the corner and change it to someone else if you prefer.

        Any vote, first or second can be coerced, bought, etc. The abuser, buyer, etc just needs to force a vote near poll closing time and keep an eye on the voter until closing.

    • by ljw1004 ( 764174 )

      Voting on your computer or phone is irredeemably flawed since it is not necessarily private.

      One might say "voluntary voting in-person at booths is irredeemably flawed since it doesn't attract a high enough percentage of the electorate". I think talk about irredeemably flawed is misleading. You should start with your objective measure of success, e.g.

      1. A better voting system is one where the outcome is closest to the majority personal wish of all people who have the right to vote
      2. A better voting system is one where the outcome is closest to the majority personal wish of all people who (1) have t

      • My immediate response to your challenge is that a better voting system is one that provides an accurate measure of those who actually do vote, and limits participation to those who are eligible to vote, and if entitled to vote only once, do only vote once, and these votes are accurately tabulated.

        It just doesn't seem that hard, until you consider that any system, where fraud is both possible and rewarding, will see fraud attempted. this is true where money or property are involved, and certainly where polit

        • by ljw1004 ( 764174 )

          My immediate response to your challenge is that a better voting system is one that provides an accurate measure of those who actually do vote, and limits participation to those who are eligible to vote, and if entitled to vote only once, do only vote once, and these votes are accurately tabulated.

          A ridiculous voting system which makes it so hard to vote that no one eligible actually even ends up voting will satisfy your definition perfectly - it does indeed provide an accurate measure of those who vote, it does indeed limit participation to those who are eligible to vote (as a trivial consequence of limiting participation full stop), and it for sure stops duplicate votes.

          That makes me think there must be another criterion for a better voting system which we'd agree upon but which either wasn't in yo

          • Sadly, I assumed that a usable system would be required. But there's many who find fault with any proposal that omits the obvious.

            Besides, this is /. and the trolls are often so clever they cannot be distinguished from the sincere. I'll take you got that latter, and yes, any such system must be usable by those entitled to.

            • by ljw1004 ( 764174 )

              Sadly, I assumed that a usable system would be required. But there's many who find fault with any proposal that omits the obvious.

              The post was about a voting system designed to make it more usable, so I think it's very reasonable to evaluate voting systems based on usability; in my post indeed I listed two possible measures of usability and I think it's not at all obvious which is the right one. Here to recap are the two possible measures I suggested:

              1. We get an outcome that's as close as possible to the wishes of everyone who's eligible to vote
              2. We get an outcome that's as close as possible to the wishes of everyone who's (1) eligi

      • You're right that with a mobile app or postal vote, someone can stand over your shoulder. That is one factor that might make the outcome diverge from what it should be.

        When mail-in ballots are requested the divergence is less likely or smaller in scale. The people requesting a ballot are motivated to vote and relatively small in number.

        However when there is mass mailout to all registered voters there are many ballots in the hands of people who don't really care, are not terribly interested in voting. The opportunity to monetize the ballot or otherwise attain a benefit from it becomes a problem at a scale that might see divergences that can make a difference. This is wh

        • by ljw1004 ( 764174 )

          When mail-in ballots are requested the divergence is less likely or smaller in scale.

          The divergence between what and what? Here you're begging the question -- assuming some ideal, talking about how far we diverge from it, but not actually stating what you think that ideal is.

          (My hunch is that once you actually articulate that ideal, and put numbers do the divergence, then you'll find that it doesn't admit useful talk about "irredeemably flawed" because it'll be apparent that things are less black-and-white.)

          • by drnb ( 2434720 )

            When mail-in ballots are requested the divergence is less likely or smaller in scale.

            The divergence between what and what? Here you're begging the question -- assuming some ideal, talking about how far we diverge from it, but not actually stating what you think that ideal is.

            Actually I stated the ideal here: https://slashdot.org/comments.... [slashdot.org]

            (My hunch is that once you actually articulate that ideal, and put numbers do the divergence, then you'll find that it doesn't admit useful talk about "irredeemably flawed" because it'll be apparent that things are less black-and-white.)

            Actually if you bothered to think at all, you would recognize that requested mail in ballots are a fraction of all ballots. Now apply logic, when you have something that can be abused, when do you have more abuse? When you have more of something or less of something?

      • The better voting system will have
        (1) The state issue free ID cards (note driver's licenses need not be free, the basic ID card being free is a safety net).
        (2) Check ID at voter registration and at the polling station.
        (3) Voting is done in a private "booth".
        (4) Mail-in ballots are available on request by those who cannot vote in person (out of state, medical issue, etc).
        (5) Polls are open Saturday through Tuesday (Election Day).

        No voting system that does not prioritize integrity will be a "better" s
        • by ljw1004 ( 764174 )

          The better voting system will have... (1), (2), (3), (4), (5)

          The characteristics you listed beg the question, i.e. assume a definition of "betterness" that hasn't been provided. There must be some more ultimate measure by which you evaluate whether each of your characteristics does indeed make things better. For instance, why is it better that polls are open Saturday through Tuesday? There must be some deeper reason you think that's good, be it fairness or openness or accessibility. I think it'd be better to start from what that deeper truth is by which we think a vo

          • by drnb ( 2434720 )
            Its not quite that simple. You also need to design a process to avoid flaws, exploits. Because human nature will lead to exploitation.
  • by gweihir ( 88907 ) on Tuesday December 14, 2021 @07:47PM (#62081221)

    Can we please stop with this insanity. The mythical blockchain does not solve any problem that does not already have a better classical solution. It does have a lot of complete idiots cheering it on though. It is embarrassing.

    • by ledow ( 319597 )

      I'm not blockchain fan, I am a mathematician and find them mathematically interesting at best, but that's just not true.

      As an untampered ledger, blockchain is not only superior to all other ledger ideas, but very nearly ideal. It just needs a small bit of handling to make sure one majority cannot tamper with the prior blockchain (which is no more difficult, and would be easily spotted and set off automated alerts and for which blockchains tuned to that already exist and are in use).

      When every transaction s

      • by gweihir ( 88907 )

        A WORM distributed datastore that can alert when it detects attempts at historical modifications is a vastly useful thing.

        No, in actual reality it is not. The problem is upkeep and making sure you can continue to trust it. Unless you very carefully make sure it stays distributed enough and to the right parties (collusion attacks are a thing), it is open to manipulation. If you have a regulatory requirement to keep data in a revision-proof archive, a distributed blockchain will never do. Instead you buy revision-proof storage as a box or service. For lesser needs, something like a git repository serves nicely.

        Yes, I am well awa

  • Some guy named KillJoy? He's a saboteur, making the world safe for FedEx et al

  • by Pig Hogger ( 10379 ) <pig.hogger@gmail ... m minus caffeine> on Tuesday December 14, 2021 @08:37PM (#62081345) Journal

    I have been working in the IT field since 1979; So I saw a lot of technologies pass by Among these technologies, there are, as everywhere, fashions. The fashion lately has been for " blockchains ", which are said to solve everything from dysentery to returning late library books to clap.

    For the past twenty years, I have also been working on elections; most recently, I worked on the team planning municipal elections. And I, of course, worked in other elections, federal, school, provincial, where I held quite a lot of positions.

    In the case that interests us, namely elections by Internet (and therefore computerized), we want to apply to a given field technologies which have amply proven themselves without asking what is the real goal sought.

    In the case of banking transactions, for example, we need :

    • confidentiality
      (so that it remains between the bank and the customer),
    • positive identification
      (so that it concerns ONLY the bank and the customer - just as much as the bank. needs to know that the customer is really the customer and not a scammer, the customer needs to know that the bank is the bank and not a phisher)
    • traceability
      (in case of problem or simply audit, without taking into account what is required by the regulations).

    All these conditions are reasonably fulfilled by the means currently implemented, to the point where the banks do everything to discourage customers from having recourse to a cashier in the flesh...

    But in the event of an election, what are the needs? They are not at all the same as those of a bank.

    We also need

    • confidentiality
      (because the vote is secret),
    • positive identification
    • (to avoid fraudulent votes),
    • but no traceability
      (because the vote is secret).

    On the contrary, the vote cast must cease to be traceable from the moment it is placed in the ballot box. In addition, there must be a certain degree of transparency (which stops, of course, with the secrecy of the vote) to guarantee to any observer that the voters who vote are indeed entitled to vote, that their vote is indeed counted. and that it remains completely secret.

    A proven system

    These are conditions that conflict with others, but with which the current system has absolutely no problem with. As a reminder:

    • once the legitimate voter has been identified,
    • he is given a ballot paper initialed by the deputy returning officer and provided with a numbered detachable stub;
    • once this ballot is filled out, the correspondence of the number on the stub with that of the stub remaining on the notebook ensures that it is indeed the ballot given to the voter and not a "telegram" ;
    • the stub is then removed before putting the ballot in the ballot box, which then stops the traceability of the ballot and thus guarantees the secrecy of the vote.

    Better still, paper operations can be followed and monitored by absolutely anyone with a minimum of explanations, unlike processes implemented on a computer which is a black box whose operation will remain opaque, even to the greatest specialists, for the simple reason that it is impossible to follow in real time the functioning of a computer simply because of its speed.

    Public confidence is absolutely essential in the conduct of the poll, because it is the survival of our democratic system. The fact that the current system is completely traceable by ordinary people matters a lot. The introduction of a black box at any point in the processing of votes breaks traceability. And what about the trendy blockchains , which are far from obvious how they work (I think I understand how they work, but I'm not at all sure - at least, not sure enough to trust them personally, despite my years of experience).

    • Mileage may vary. You do not need to 100% of everyone or force phone voting on everyone. Just as long as a choice exists for those who register their intention to vote this way, in advance. Take Australia. Voting is compulsory. Phone and SIM numbers are all verified. You do NOT need to produce ID when voting. You may also do nothing in the voting booth, and slip in a blank ballot paper, or otherwise informal vote You would need to loosen up the law to allow pre-voting, which the politicians hate. Just as lo
    • Public confidence is absolutely essential in the conduct of the poll, because it is the survival of our democratic system. The fact that the current system is completely traceable by ordinary people matters a lot.

      Strangely, this argument is so often overlooked in discussions about remote voting or voting machines. And it is an extremely strong argument in favour of paper ballots. However, the key requirement is public confidence; auditability by laymen is not, it's a means to achieve that public confidence. It would be fine to use electronic voting as long as it's secure and people have confidence in the outcome.

  • ...Because they mailed the paper in! (rimshot!)

  • I might be a little retarded but I've wondered why some kind of private/public key system hasn't been done. A complete list of public keys available to everyone and who those public keys voted for, while individual voters have their own private key to verify their vote was counted correctly and, if needed, prove who they voted for/address inconsistencies.

    • Blockchain IS a public private key system, apart from few other things like distributed triple entry ledger

      Your ID/Wallet ID is the public key. Any type of transaction is signed with your pvt key & sent to the blockchain to be recorded /added to the end of the blockchain along with hashes of All previous transactions (and a huge bunch of other things related to the other party & miners etc and all the timestamps etc)

      Anyone can browse the bchain or search for public and see the transactions without k

  • Just grab the working Estonian one. Its Blockchain backend is open source by the way.

    This is what everyone does. It has been audited a gazilion of times, deployed in voting trials with up to 30-40M voters and will be the basis for most of the other production online voting systems coming online from 2022 onwards.

  • ... rather good opinion on that.

    Essentially they say that such a system could (by German standards) trustworthy for elections if a layperson without any special knowledge or equipment can check its correctness without sacrificing its secrecy. It's extremely hard, if not impossible, for computer based systems to fulfil that requirement. After all a computer can just lie to you. This can be achieved very easily in many ways an average person cannot detect.

    For example at the NEDAP election computers which were

  • The USPS should not have been doing anything even remotely like this! They have no authority over elections and certainly no right to try and create a new way to vote. This is absurd overreach and a damned waste of money. I don't want to ever hear the USPS complain about its budget if they're pissing away our tax dollars on things they aren't even allowed to think about.
  • Or, you know, just do what we do in Canada vote with a pencil and paper, at the polling station. Elections are run every 3 to 5 years on average, results are known by the time the west coast goes to bed. Recounts rarely result in a change in results by more than. vote or two.

    Simple, cheap, reliable.

    Of course, we just vote for one persion, rather than our representative, the dog catcher, county judge, and soup nazi.

  • It has been pointed out that the Lottery commission KNOWs when and where each Lottery ticket is sold. Matching up the timestamp to an individual might be hard. But slipping in a hundred that were fakes would be much harder. Simple system, when you get to the poll, your blank ballot gets a timestamp. It shows when and what polling place it was created. No more town of 10,000 having 20,000 votes. No ballots in the mailbox for someone to snatch and send in. Ballots should be easy to read as a scratch o
  • The good news here is they actually did an audit and based on what they found, make a reasonable decision to kill the project.

    I would have expected a government monopoly to just keep bullheading their way along, duct taping over issues as they arose, never admitting defeat.

    It's hard making a secure but usable system. Security is tough to get right. Developing a secure voting system is not something we should take lightly. If we're going to do this (and it's likely inevitable in the next century), it's proba

If you have a procedure with 10 parameters, you probably missed some.

Working...