Imagine a country where every eligible citizen votes during elections. The citizenship has full faith in the power and trustworthiness of elections. And voting in every election is just a starting point for more participatory democracy and active citizenship. Now, let's figure out how blockchain technology and open-source community can help make this imagination a reality. Let's unlock the powers of blockchain voting and web3 elections, overcome their shortcomings, and design an awesome voting system!
Do Voting and Elections Require Improvements?
"If it ain't broke, don't fix it". When we are talking about blockchain voting, are we trying to reinvent the wheel? MIT Researchers think "blockchain voting" is a bad idea. We don't think forcing blockchain on voting and elections is the answer either. But we believe that a good amount of design thinking, iterations, and the right combination of techniques can do wonders to elections. First, let's see why voting and elections are ripe for debugging, upgrades, and innovation.
Limitations around Verification, Trust, Transparency
How do you know if your vote was cast or not? Was it recorded accurately? Was it counted? Existing voting systems prevent individual voters from verifying and answering these questions reliably. Citizens have to trust the voting systems blindly, it feels like a leap of faith and most of the process is invisible.
Similarly, the auditability of ballots and elections is under the control of central bodies like Election Commissions. They might deploy rigorous processes and ensure all things are working properly and there is no tampering. But by having a few, appointed parties to verify and audit, they can become targets of corruption, hacking or even just plain, innocent human error.
What if independent watchdogs, non-profit organizations, activists, and any ordinary citizen were given the abilities to verify and audit the elections?
Low Voter Turnouts
In the minds of a citizen, what is the value of voting? Do they think that their vote matters? Do they understand the costs of not voting? In general, the number of people participating in a system indicates their trust in that system. And it indicates their belief that their participation has an impact.
What then, do low voter turnouts imply? Sure, there might be some people whose health prevents them from voting. Maybe some are too busy engaged in highly critical tasks. And some might not be present in the area on the day when voting is scheduled. Eliminating these exceptions, we can still expect a good 80-90% voter turnout in every election.
When we are getting lower citizen participation in elections, it shows apathy and hopelessness of citizens. They don't feel like their vote matters. Maybe they see elections simply as a time to enjoy holiday and go on trips with family and friends. Citizens who haven't registered for voting in the first place, and those who avoid voting, are having some obstacle in how they perceive the worth and utility of elections.
A better voting system would be one that elicits greater trust, easier access, and therefore higher voter turnouts.
Paper-based ballots, like in-person voting or mail-in voting, requires people to tick or stamp in front of a candidate's name. Angry or frustrated citizens can use ballots to indicate their sense of hopelessness or disgust regarding the political system. Rather than voting, they will write and draw all sorts of things on the ballot paper as a sign of protest. Neither their vote gets taken, nor their voice gets heard, by engaging in ballot spoiling. It is perceived as a form of vandalism at worst, and a waste of resources at least.
The voting system ought to be designed to prevent the possibility of ballot spoiling.
Candidates try to bribe citizens to vote for them by giving them gifts or money. This is called vote buying and it short-circuits the democratic process. Candidates need to use their past performance and future vision in order to win people's trust and support. But in badly governed regions with poverty, it can become easy to provide short-term gains just before elections and win votes. This creates perverse incentives that propagate further bad governance, stagnating the progress in that region. Elections become a means for candidates to gain power over the local resources and use them for personal gains.
Can we create an incentive architecture where vote buying is seen as either unnecessary/ineffective or too costly/difficult?
Problems with In-person, Paper-based/Ballots Voting
Paper-based voting is a low-tech option that was the easiest to implement for executing elections traditionally. Before the advent of computers and the internet, it was inevitable to embrace the massive, time-consuming process requiring a lot of manpower. Given that everyone has become used to it, we tend to overlook how expensive and slow it is.
Also, under emergency situations like natural disasters or wars, it becomes impossible to hold in-person voting. So, we should be exploring alternative voting systems that are more resilient and trustworthy. They will allow secure, remote-voting and help to avoid such inevitable delays or cancellations of elections during emergencies.
These costs of organizing, voting, counting, compiling, and verifying can be reduced using high-tech solutions. All while improving verifiability and transparency, making voting systems secure, trustworthy, easily accessible, and cost-effective.
Problems with e-Voting / Internet Voting
If we use the internet and centralized electronic systems for voting, we expose the election process to all vulnerabilities of software and networks. A typical client-server architecture means that there are a number of points in the network where hacks could be made to subvert the authenticity of the elections. Old and outdated operating systems or applications are present on the devices of both citizens and government administrators. E-voting just exposes these device vulnerabilities to malicious actors, whether it is candidates wanting to win unfairly, or foreign adversaries wishing to subvert a nation's integrity.
Paper-based, in-person voting actually has many security advantages over e-voting, that come from its inherent difficulty and manual execution. A polling booth might get compromised by local goons with guns, where people are forced to vote for a given candidate, or where the ballot box gets stolen or tampered with. But to execute such manual "hacking" of elections is not scalable. However, in the case of e-voting or internet voting, a single compromised administrative server can lead to the entire election getting manipulated.
Problems with Electronic Voting Machines (EVMs)
Electronic voting machines (EVMs) make the process of counting votes so much faster and easier, compared to paper-based, manual voting. However, they are like black boxes for citizens. How can citizens verify if the button they pressed actually registered their vote accurately? And what about the integrity of the data during the rest of the vote counting process? EVMs might make the work of admins who count votes easier, but it doesn't solve the rest of the questions in citizens' minds. So, the "leap of faith" and "blind trust" aspects of paper-based voting remain with EVMs.
EVMs have proprietary, closed-source software running on proprietary hardware manufactured by a few manufacturers. And there are only a few assigned auditors certifying their authenticity and security. Such closed systems with a few actors involved make them vulnerable to corruption, tampering, or error that will go undetected.
Problems with Mail-in / Vote-by-mail / Postal Voting
In the case of remote voting like mail-in or e-voting, citizens can easily prove their voting choice to the candidate and earn money/favors. On the other hand, in-person voting, whether using paper or EVMs, involves going to the assigned place and voting secretly. This secrecy and privacy give in-person voting advantages over mail-in voting. Apart from a few compromised polling booths where they might observe and influence your vote by force, candidates cannot be sure if most of the citizens they bribed are actually voting for them.
So, due to the secrecy of in-person voting, citizens may even take bribes separately from multiple candidates, and still vote for their original preference. This renders vote buying into an ineffective strategy for candidates to win unfairly. Thus, the secrecy and unverifiability of in-person voting discourage vote buying in the first place. But with vote-by-mail, perverse incentives form as citizens can prove their votes to the candidates, and win gifts, money, or favors in return.
Also, there are other concerns with postal systems, like lost or stolen mail consignments, or delivery delays due to supply chain crisis. So, postal voting remains a slow, costly, and unreliable medium for high-stakes elections.
What Should be the Properties of an Ideal Blockchain Voting System?
We have looked at the existing options of voting systems and their major flaws. We would like to take advantage of low costs, high speeds, and accuracy coming from the automation and connectivity of the Internet. But we also want to keep our voting systems anonymous, secure/tamper-proof, verifiable, and auditable. While blockchains can fulfill some properties of elections quite well, some others might seem counterintuitive or impossible to implement using blockchain.
For example, it can be easy to see how blockchains make voting records tamper-proof and auditable. But how can privacy and anonymity be implemented using public blockchains? And if we use private blockchains, then don't we suffer from the problems of closed and centralized systems? As we will show, blockchains can be used along with some other methods effectively to create the ideal voting system.
Only you should have the information about who you voted for, no one else. No one should be able to find out by any means which citizen voted for which candidate, neither during nor after the election. Such knowledge can lead to favoritism and groupism. Citizens voting for opposition parties can be treated poorly or unfairly.
Transactions on public blockchains, like the Bitcoin blockchain, are inherently transparent and lack privacy. While wallets are pseudonymous, the transactions are public. So anyone can view any transaction and see the amount of bitcoin transferred, and the sender and receiver wallets. This makes critics claim that blockchains are inherently unsuitable for anonymous voting.
But cryptocurrencies like Zcash use zero-knowledge proofs to keep transactions private. So, it is possible to use blockchain to maintain the anonymity of votes by using zero-knowledge cryptography to impart privacy features.
2. Secrecy of election results while people are still voting
Every vote being cast during an election should be independent and mutually exclusive. With electronic or automated systems, live voting updates can be given. However, by design, we must remove this ability, so that no vote is influenced by how others have voted so far.
Encryption and Smart Contracts
There should be a voting phase, during which voting counts are hidden from everyone. Data once written on the blockchain cannot be altered. We must encrypt the data while writing to the blockchain. The keys to decrypt only the data related to which candidate got a given vote should be locked using a smart contract. These are "public audit" keys and they remain a secret during the voting phase, and we only use them for audits during the audit phase.
3. Auditability / Verifiability to build Trust
Once the voting phase is over, we can have an audit phase when the smart contract unlocks the keys and publishes them for the public to see and use. Now, anyone can use these keys to audit the distribution of votes on the blockchain and create reports and tallies. When a sufficient number of independent entities audit the blockchain and get the same results, everyone can trust and accept the results without any controversy.
The data about who cast a given vote always remain encrypted and therefore a secret from the public. Only you can see and verify whom you voted for, using your own private key to decrypt that information. This can give you the peace of mind that your vote was recorded accurately and is on the ledger from where it will be counted in the total tally.
And using zero-knowledge proofs, it is possible to prove to anyone that you participated in the voting, without revealing any more information, like who you voted for.
4. Tamper-Proof to Build Trust
In theory, the immutability of blockchains makes them tamper-proof and a much more secure alternative to other electronic systems. However, blockchains are vulnerable to 51% of attacks. This means that if any entity gains access to 51% or more resources, it can present an alternative ledger as the official one. In other words, a weak blockchain can be hijacked by a malicious party. It cannot rig the elections since such an event will be public and visible. However, it will render the elections invalid, waste time and resources, and drain the public's trust in the blockchain voting system.
Secure the Blockchain from 51% attacks
Thus, we should keep in mind that blockchains are not tamper-proof by design. We need to deliberately make a robust blockchain suitable for elections, such that it cannot be tampered with or hijacked. In the case of Proof of Work blockchains, this would mean having a high hash rate, or a large number of miners. Since this is both costly and harmful to the environment, it is likely that Proof of Stake blockchains will be preferred instead. To secure such blockchains, we will need to stake a sufficient number of its native tokens from the total supply. This will prevent the possibility of 51% attacks and therefore tampering with the election process and results.
We will need to combine the security and trust of a blockchain-based solution with the ease of use of a mobile app. The blockchain voting system must be an open-source decentralized app, that is responsively designed to run in a web browser on any mobile. By avoiding native apps like Android or iOS, we can ensure that local data storage is avoided. The dapp should perform the functions for voting, self-verification, and proof of voting in a secure and remote manner. This includes reading and decrypting data from the blockchain without local caching/cookies. We can force the dapp to function only in the incognito mode of the browser. Screenshots inside the dapp can be disabled for greater privacy.
Secure Management of Private Keys
Users will never need to know or memorize their private keys. They will only authenticate on a session-only basis and the dapp will use their keys for a short time. For secure handling of private keys, we should implement two-factor authentication to use the keys temporarily during the session. Here as well, zero-knowledge proofs will ensure that keys are authenticated and used, without actually revealing the keys to any entity in the system.
The two-factor authentication can include biometrics for greater security and to ensure that the user themselves are performing the functions. Of all the options available, the most highly secure biometric options should be preferred. Liveliness detectors using computer vision will present challenges to the user to make certain gestures and prove their presence using multiple camera angles. We can also use voice fingerprinting and voice recognition effectively for this. For this reason, the dapp will be used on a mobile as it has in-built sensors like a camera, mic, and fingerprint scanner.
6. In-built incentive structures
How will such a blockchain voting system come into being? It isn't something that a single government or corporation can pull together. Our guess? Elections are central to the democratic process, and there is democracy in most countries. The initial trigger for such an open-source blockchain voting system can start from anywhere. In fact, it can begin parallelly in multiple places. Being powerful and large democracies, India and the US are great candidates for places where a large-scale blockchain voting development project can take root.
Attract global talent
The best system will be the one that attracts the best international talent and funding. Once we implement such a system in one country, we can easily fork it and customize it for different countries. So, it makes sense for developers from all countries to participate in it. As such, the project specification will inevitably need to include long-term benefits for the participating developers. Other projects with more limited offerings will suffer from malnourishment of talent, fail to offer good systems, and die out. This is a challenging engineering project and it requires an international open-source community to be a major stakeholder.
Encourage voter turnout
A great blockchain voting system requires a native token for governance (51% staking for tamper-proofing) and compensation (best talent from an open-source community). This native token can also serve as a reward for citizen participation in various essential activities in a democracy. However, we need to be very careful while designing incentives.
As behavioral economics has shown, humans are not 100% rational actors. Let's say we pay $10 to every voter after they cast the vote. We cannot be sure this will increase voter turnout. It can backfire to put a price on a good activity. People who would have participated for free, because it is their duty, can feel turned off by this and stop voting in protest or disgust. And monetization of voting also encourages malicious actors to offer $20 to buy votes.
So, the positive incentive to vote needs to have a long-term but unquantified or indirect value. Firstly, the native token should not be tradeable in the market, to protect it from speculators and market forces. Holding it can be like a long-term investment where its valuation happens only after 5 or 10 years, tied to the GDP growth of the country, for instance. Or it can have indirect value, such as a certain percentage in exemptions while filing taxes.
Prevent vote buying
Can an underground market of vote buying form around the blockchain voting system? After all, it is a remote voting system, and users are able to verify on their own who they voted for. Of course, we can discourage vote buying and selling by hefty fines by regulation. But can there be in-built mechanisms for preventing vote buying?
First of all, for proving that you voted, there will be a zero-knowledge proof method. We can use this to prove active participation in the elections to avail benefits of government services. Even private companies can encourage voting by offering discounts on proving that you voted. In this "proof of voting", the details of your vote will remain confidential.
So, the provision for verification of your vote details is for personal use only. To reduce the chances of abuse of this verification service, we can limit the number of times people use it, by charging with a native token, which has long-term value. So candidates offering bribes to verify that you voted for them will have a hard time offering the right value for it. By disabling screenshots, we are further limiting its misuse.
So overall, with such feature designs and the hefty fines through regulation, we can minimize the occurrence of vote buying.
7. Starting point for active citizenship
A blockchain voting open-source project powered by the international developer community is an inspiring example in itself for active citizenship. With improved security, transparency, and accessibility, and with in-built long-term incentives, it will attract more citizens to vote regularly. They will trust this system more since it is publicly auditable and its integrity can be independently verified by a large number of people and organizations. They can see that the system registered and counted their vote accurately and exactly as they had cast it. It is no longer an invisible black box requiring a leap of faith.
The architecting and engineering of such an open-source blockchain voting system present a foundation for other government services and functions. The privacy and accessibility features implemented in this voting system will also serve important functions in other areas of life. And when most of the citizens are regularly participating in such a voting process and its audits, it inculcates a sense of collective pride and ownership in their country. This inspiration and motivation will not stop with elections. It will carry on and grow throughout the next steps in the democratic cycle, as the government-citizen partnership formulates and implements new projects and schemes.
Putting It All Together
When we think about blockchain voting, we cannot ignore the vast role that an open-source community and zero-knowledge proofs will play in its success. We need privacy, secrecy, and confidentiality for the details of every single vote. And balance that with the public auditability of the election records to engender trust and transparency. Elections are high-stake events, and so the blockchain needs to be highly secure. We must ensure to make it secure enough to protect it from 51% attacks from the beginning. By making it in the form of an accessible dapp, and having an in-built, long-term incentive structure, we will get high voter turnouts during elections and encourage further active citizenship throughout the democratic nation-building process.