The most common way in which a country votes is through a paper based system, but is it not time to bring voting into the 21st century of modern technology? Digital voting is the use of electronic devices, such as voting machines or an internet browser, to cast votes. These are sometimes referred to as e-voting when voting using a machine in a polling station, and i-voting when using a web browser.
Security of digital voting is always the biggest concern when considering to implement a digital voting system. With such monumental decisions at stake, there can be no doubt about the system’s ability to secure data and defend against potential attacks. One way the security issues can be potentially solved is through the technology of blockchains.
Current Advancements in Voting Technology
A number of digital voting systems are currently in use in countries around the world. Estonia has had electronic voting since 2005 and in 2007 was the first country in the world to allow online voting. In the 2015 parliamentary election 30.5% of all votes were made though the nation’s i-voting system. The bases of this system is the national ID card that all Estonian citizens are given. These cards contain encrypted files that identify the owner and allows the owner to carry out a number of online and electronic activities including online banking services, digitally signing documents, access their information on government databases and i-voting.
In order to vote, the voter must enter their card into a card reader and then access the voting website on the connected computer. They then enter their PIN number and a check is made to see if they are eligible to vote. Once confirmed, they are able to cast/change their vote up until four days before election day. The voter may also use a mobile phone to identify themselves for i-voting if they do not have a card reader for their computer. However, this process requires a specialised SIM card for the phone.
When a voter submits their vote, the vote is passed though the publicly accessible vote forwarding server to the vote storage sever where it is encrypted and stored until the online voting period is over. Then the vote has all identifying information cleaned from it and is transferred by DVD to a vote counting server which is disconnected from all networks. This 7 server decrypts and counts the votes and then outputs the results. Each stage of this process is logged and audited.
During the 2013 Local Election, researchers observed and studied the i-voting process and highlighted a number of potential security risks with the system. One such risk is the possibility of malware on the client side machine that monitors the user placing their vote and then later changing their vote to a different candidate.
Another possible risk is for an attacker to directly infect the servers though malware being placed on the DVDs used to set up the servers and transfer the votes. However, this report has also come under criticism from the Estonian Information Systems Authority.
Designing a Blockchain Voting Mechanism
The first aspect is the registration process, verifying a voter is essential in establishing security within the system. Making sure that someone’s identity isn’t being misused for fraudulent purposes is important, especially when voting is considered, where every vote matters. To allow users to register to vote our proposed service utilizes both postal based forms as well as web forms requiring the same information to ensure we cater for those without a direct internet connection. This information includes their national identity number (an example would be an australian citizen’s national insurance number), postal address, optional email address and a password. All of this information then forms a transaction for the user agreeing with the government that they are asking to vote; this transaction is then created on the voter blockchain which is distinctly different from the vote blockchain.
Once someone has registered an automated government miner analyses the transaction and if they haven’t been awarded or denied a vote the miner will make the decision as to whether to verify the user or not. If the user is verified, they will be sent a ballot card with their information on it to both their home address and email address if provided. They will also be sent a randomly generated password to use on the polling stations. Once this correspondence has been sent, the miner will create a transaction giving the user a vote from an infinite government pool of votes on the voter blockchain.
During this process, a voter blockchain is used to keep a record of both transactions taking place at each stage of this process for each voter:
- Firstly, a transaction is created when a user ‘registers’.
- The next transaction is created when a government miner authorizes that user’s right to vote.
After the correspondence is received by the user they can then await voting to open to use their credentials to vote. It is important to note that this voter blockchain will never contain details of the vote cast by the user.