Well, good, because I couldn't fathom why anyone would want to run an election using blockchain.
Paper ballots with automated scanners is a solved problem. It works, it's cheap, and it's virtually tamper-proof. (Tampering with the result will require physical access by many people: if you allow that possibility you're basically conceding that you cannot trust the government to run the election properly, and using any technology won't save you.)
In other words, paper ballots is a boring, unsexy technology whose only benefit is that it works. No wonder people aren't excited.
What? I agree it works, but it's pretty insecure. Paper ballots can just be swapped out for other paper ballots. With a public blockchain (or something like it) you could always look up your vote and by nature it cannot be changed. The vote count could be tallied instantly as well and recounts are unnecessary.
Blockchains can't ensure no false votes are cast for deceased or unwilling participants, but it honestly would be better than paper in many ways. I am not advocating people use some third party token to do this. That I believe would be unnecessary. Am I missing something though? I don't understand the overwhelming hatred any blockchain related tech gets on HN. This is one area where I think it could provide real value.
> With a public blockchain (or something like it) you could always look up your vote and by nature it cannot be changed.
So all you have to do is to set up a fake website advertising "Look up if your vote is counted as it should be", let people type in their credentials, and you now know exactly how millions of people have voted.
Paper ballots work because it's dead simple. Your ballot goes into a box, multiple eyeballs from multiple parties continuously watch the box, and then the box is opened and everything in it is counted, with no way to connect each ballot to individual voters. That you cannot "look up your vote" later is not a bug: it's a feature.
zero knowledge proofs fail to address this concern:
> all you have to do is to set up a fake website advertising "Look up if your vote is counted as it should be", let people type in their credentials, and you now know exactly how millions of people have voted.
this is a social engineering problem, not a cryptography problem. said social engineering would be much harder to implement with paper ballots than a system that's available over the internet.
further, your reply does not address this concern:
> That you cannot "look up your vote" later is not a bug: it's a feature.
i should not be able to verifiably let another party know how i voted. to use your own rhetorical device, i'd suggest you look up vote selling and voter coercion.
>>>> Paper ballots with automated scanners is a solved problem. It works, it's cheap, and it's virtually tamper-proof. (Tampering with the result will require physical access by many people: if you allow that possibility you're basically conceding that you cannot trust the government to run the election properly, and using any technology won't save you.)
>>>> In other words, paper ballots is a boring, unsexy technology whose only benefit is that it works. No wonder people aren't excited.
> Blockchain is the only legitimate way to carry out voting, imo.
you'll have to forgive me if i'm still unconvinced.
There are multiple people watching ballot boxes during the election. Best part - anyone can signup to watch and later count them. It's dead-simple job and any nut can easily do it. On top of that, all major parties have their own people watching each other. You'd need massive operation to mess up even single voting outpost.
Meanwhile with e-voting we'd loose transparency. Non-tech people would be completely out of the loop. Many tech people would have hard time inspecting hardware and source code too. Let alone there's no bullet proof way to ensure code on the machines and machines themselves weren't tampered.
E-voting is a wet dream of any conspiracy theorist...
> Paper ballots can just be swapped out for other paper ballots.
I would offer you $10,000 to prove that you can do this in an Australian election. To actually, your own self, swap one ballot for another in a way that I can verify, during an election.
But it's a crime for you to do it and a crime for me to ask you to do it.
And, here's my actual point: you would be caught doing it.
> With a public blockchain (or something like it) you could always look up your vote and by nature it cannot be changed. ... Am I missing something though?
Ballot secrecy. Without it you get vote-buying and voter coercion. If you want to see what that looks like, ask your legislators about which lobbyists they met last week.
Good point! If keys/addresses were assigned in secret, I don't see how blockchain forensics could identify someone given that voting is simply transactions going one way. The only way might be time, but that could be a big give away.
There's also people providing their public address as proof of a vote in exchange for something, but the risk for the buyer is that someone just hands over someone else's transaction and votes as they please.
A real potential solution would be to make the votes private and "untraceable" (A la Monero ring signatures or something of the sort), but that kind of comes with it's own pros and cons and could always be broken later. I still think it's worth investigating if this is more secure than plain old paper ballots.
Or you could just stick to proved, simple reforms that have been introduced in Australia over the last century or so.
Cryptography is powerful, but it tends to be on such an absurdly higher level of assurance inside its narrow applications that it becomes very attractive to try to stuff everything into it, whether or not that's warranted or useful.
Democratic legitimacy comes from the volume of participating individuals who trust and understand the system. Paper ballots are easily understood, independent electoral commissions improve trustworthiness, election scrutineers ensure every room has mutually suspicious observers highly motivated to detect problems, compulsory voting helps ensure the median voter dominates policy and preferential voting helps prevent minority candidates from inverting majority preferences against bad candidates.
None of these require a blockchain. It is a distraction from the actual reforms that will make the important differences.
Fair enough, I fully admit to not being an expert on voting and don't know about any reforms taking place. I was simply stating that a blockchain solution might be better than just casting a plain paper ballot. The way OP worded his response made it seem like paper was the most secure end all be all solution. If there are other reforms in place I might agree.
The thing is that as technologists, we see a software solution in every shadow. Sometimes software is the wrong solution, taking account of all the needs in hand.
The kind of electoral systems most of us want requires both ballot secrecy and a trustworthy count. Pure software ballots don't achieve that. Paper ballots don't categorically achieve it either, but it's much harder to violate either of the secrecy or count requirements because paper is bulky and the watching eyeballs are numerous. In practical terms: paper ballots can be made to work. I'm from a country where they do.
A blockchain system either works on a public chain, meaning I can sell my vote, or it uses a zero-proof scheme. The zero-proof schemes I'm aware of require someone, somewhere, to seed the chain with a private key. Then we're all just supposed to hope they deleted the one set of bits that can untraceably edit everybody's history. They pinky-swear they'll do it. But there's no way to prove they did, which rather sours the blockchain-can-prove-anything story.
Not to mention the problem that they allow retrieval. Sure, you can't prove that I ever owned a particular ballot. But I can retrieve an identical ballot. That might work for evading money laundering charges but it still kinda fits the vote-selling usecase.
It drives me nuts because this our love of reinvention and our fondness for assuming we can solve everything from first principles as if nobody's thought of these problems before. These problems are already solved in a simple, scalable, subversion-resistant way that everyone can understand. All we have to do is accept that, for once, our profession was not required to interrupt everyone else to give our opinion.
> I fully admit to not being an expert on voting and don't know about any reforms taking place. I was simply stating that a blockchain solution might be better than just casting a plain paper ballot.
I am being dead serious and I'm not trying to antagonize you here: the fact that you responded and seemed to have a firm opinion on an area you admit you aren't well versed in... well that to me is a huge problem with the way democracy works. It's a trait that we complain about when non-nerd voters vote in uninformed ways on technology and science issues. Blockchain isn't going to solve that.
Better educated voters will do a lot more to improve democracy than blockchain will.
We can't even get reasonable technology choices for the evoting approaches we've tried (we can't even get vendor transparency), and that's not for lack of good proposals for evoting systems over the years. It's because the people choosing the technology don't understand it super well, and are often in the pockets of the vendors.
In practice, it feels like paper ballots are a much better solution than most of the evoting systems we use in the real world currently, and paper ballots certainly feel better to me than any of the completely nebulous "but what about blockchain?" proposals here and elsewhere.
to anyone still harping on blockchain, can you give a detailed description of a realistic threat model where it performs better than paper ballots.
>>> I still think it's worth investigating if this is more secure than plain old paper ballots.
I would agree with that general sentiment, but the overwhelming evidence right now points to "no", IMO.
i will also say, the thing that you're doing that i'm complaining about is a thing that programmers do a lot, and is a thing that i'm plenty guilty of myself (thinking everything is more solvable than it is because you can envision rough pseudocode or systems diagrams for it in your head). this is a thing i'm really trying to get better about not doing.
I think one of the points OP was trying to make is if you have the capability to swap out enough paper ballots to materially affect an election, you would also have the ability to fake or distort a blockchain implementation...
Not really, in India we have something called booth capturing. It was pretty rampant in time of paper ballots. This people are not going to learn blockchain.
If there's one constant for humans it is this: people will learn whatever they need, however complicated it might be, if it promises to make them rich quick.
The original story wasn't very clear how blockchain was involved. It seems very likely now with the NEC denying the claims that it was a bunch of hype.
>“Agora’s results for the two districts they tallied differed considerably from the official results, according to an analysis of the two sets of statistics carried out by RFI,”
>Was Agora simply attempting a PR stunt in support of its upcoming token sale.
I voted it up. I read the article because I'm interested in Sierra Leone and was interested in keeping an eye on developments (like how exactly blockchain was involved)...
I should probably raise my standards for upvoting.
for what it is worth, the indigenous Sierra Leone News site I follow has 0 references to "blockchain" and only one to "agora" (which doesn't seem to actually contain "agora")
I have yet to see how blockchain is supposed to solve problems with elections that can't be solved with good process. And if process isn't fixed, I don't see how blockchain alone will get around the process shortcomings.
Elections are no different than any other info security problem. Multiple checks at multiple locations in the process. Blockchain is not magic pixie dust that makes info security issues go away.
> I have yet to see how blockchain is supposed to solve problems with elections that can't be solved with good process. And if process isn't fixed, I don't see how blockchain alone will get around the process shortcomings.
Blockchains provide a verifiably immutable log. This is the exact primitive you want for elections - tamper-proof logging. It is genuinely a good technological solution to the problems of election legitimacy and validation. That isn't a defense of this article, or of any of the current blockchain/election projects, but in principle, the idea makes sense.
You’ve commented a lot on this, so I feel I have to ask, do you have a stake in cryptocurrency, or is this purely your sincere enthusiasm for the tech? After all, cryptographically secure elections with verifiablity don’t require blockchain tech in the slightest.
I am invested in cryptocurrency, but cryptocurrency really has nothing to do with this. Blockchains are a convenient cryptographic solution to secure elections. There are definitely others, and the fact that blockchains are a convenient solution to this problem should have any implications for the price of any cryptocurrency, because cryptocurrencies rely on distributed consensus algorithms that aren't necessary in the context of elections (where precise temporal ordering doesn't really matter).
Don't get me wrong - there's a ton of hype around blockchains that is completely unjustified. But there are a few applications where it may have some utility, and I think this is one of them. So it irritates me when I see people on HN jump on the "blockchain therefore hype" bandwagon without spending the time to actually think about when this sort of technology is useful and when it isn't.
That’s honestly the smallest part of election validation. How do you know everything was recorded to the log correctly or at all? In other words, the actual “election” part where you verify voters and collect results, which has nothing to do with blockchain. But even if that is all done right, how is the blockchain itself being run? Blockchain data is only as trustworthy as the systems doing the verification. A centralized blockchain is no more trustworthy than a centralized database of any kind. And a distributed blockchain has its own attack vectors. Rubbing blockchain on it is not a security solution.
If I am given a voterID, let's say an address from which I cast my vote. I can look at my vote on the chain to ensure it was cast correctly forever from that point forward. The node software would ideally be open source and publicly available. A full node could be run at each voting site, and potentially by citizens themselves even. You could run one to make the voting process even more secure.
A decentralized blockchain is far more trustworthy than a centralized database in this scenario. Say Russia controls the centralized voting database, they can just edit whatever value they want to say "Putin" and call it a day. It's not public. No one can verify their vote. It's under the control of one party. The entire point of decentralization is to ensure there is public consensus among multiple parties.
There are other discussions about how to allow or incentivize citizens to run nodes, mitigate lost or stolen IDs/private keys, prevent against spam attacks, etc...but it sounds like you aren't even open to discussing those because you equate the word "blockchain" with "snake oil".
It is secure, even if its centralized, because you will be able to see if your vote counted or not. At the end of the election, there will be a digital artifact, that will allow you to cryptographically prove whether or not your vote was tallied.
> Blockchains provide a verifiably immutable log. This is the exact primitive you want for elections - tamper-proof logging.
i disagree. the exact primitive you want is a verifiable counter, where people can be verified as being allowed to add one to the counter, with no ability to determine who added to which counter. that is different from a verifiably immutable log.
also, there are scenarios where a blockchain can be mutated, and i bet you that the election of a country would provide a very enticing target for subverting the blockchain.
> That isn't a defense of this article, or of any of the current blockchain/election projects, but in principle, the idea makes sense.
but in practice, maybe it doesn't? elections aren't some academic thing.
I'd say a significant amount of our problems are not transaction log failures - they are authentication/identity failures. The catch is that blockchain technologies force you to solve both (you cant take part in a transaction without an identity, can you?). Plenty of people who've lost wallets will concede this is still hard (what happens when you lose your government issued private-key, for example?).
I agree that blockchains do not solve all of the problems with elections. Here's what blockchain can offer, assuming you have a cryptographic identity mechanism (which has its own problems, of course):
1. Any person can validate that their vote was counted.
2. Any person can validate that their voted counted towards their intended candidate.
3. The collective can validate that no person (i.e. no crypto-id) voted twice.
4. The collective can validate the exact true number of tallied votes (and, e.g. make sure it doesn't exceed the total number of eligible voters).
5. The collective can validate the tallying process. I.e. they can count all the votes on the chain, and themselves reproduce the sums.
That does not address the following:
1. Ensuring that a crypto-id was used by the appropriate person (Although if someone stole your ID, this would likely be discovered by the person it was stolen from, due to previous property #2).
2. Ensuring that a person was not coerced to use their crypto-id against their will.
Which are real problems that I would love to see solutions to. But that doesn't mean we shouldn't try to solve those first 4 as well.
>> 2. Any person can validate that their voted counted towards their intended candidate.
This is a bad idea even in concept. If anyone can validate their vote went for the candidate of their choice, someone else can force them to perform the same validation for money, under threat of violence, familial ostracism, or whatever really.
I get that you understand there is a problem with coercion here, but it's not just an implementation problem, it's a problem with the concept.
> This is a bad idea even in concept. If anyone can validate their vote went for the candidate of their choice, someone else can force them to perform the same validation for money, under threat of violence, familial ostracism, or whatever really.
I responded to this issue in the previous thread about this. But short answer is: create a verifiable but also deniable scheme.
That’s a proposal, not a proven solution, and it assumes that the chosen algorithm, implementation, and operation are all perfect or it fails open. That’s why you need to look at this as a system rather than a chance to use the current fad: this class of proposal replaces something which is cheap, robust, easy to understand, and fails closes with something complex and unproven which most people would cannot make accurate threat assessments about. There’d have to be a huge win to make up for that and “it costs a lot more and my startup could cash in” doesn’t count.
Goals 1 through 5 are addressable by using election scrutineers[0], without introducing problems 1 and 2.
I like crypto as much as the next person. But the bigger picture means that simpler, dumber systems that rely on lots and lots of humans are more suited to the problem space.
Why is authentication/identity failure an actual problem in practice, that can't be solved with simple good process? Despite misleading propaganda by a certain American political party, it is simple and straightforward to reduce voter identity fraud to irrelevance.
Let's start with imagining a statewide election with a million votes. To move the results by 1% would require 10,000 fraudulent votes. Now, how do we get 10,000 fraudulent votes?
First, we could stuff the boxes with fake ballots. Second, we could have false voter registrations and send "professional voters" around to vote at multiple polling places. Third, we could alter the results at the count, by giving a false count.
Now, let's introduce a process step: all activities that involve touching ballots, whether marked or unmarked, must be done in the presence of representatives of at least two political parties. In other words, if Team A is going to try to physically manipulate ballots or counts, they have to do it where Team B can watch them do it. How does that affect things?
And there's the process of running a polling place. At the beginning of the day, you get X number of blank ballots. They were delivered by two parties, and counted by two parties, and are presumably under some sort of seal. We know how many ballots are in the building. And there's a paper voter registration roll, with the names of every registered voter in the precinct. When a voter comes in, they look up the name on the roll, and the voter signs to say they voted. A tally is kept of how many voters sign. Each voter then gets a ballot, marks the ballot, and puts it in the box. At the end of the day, count the number of ballots. It should match the number of voters on the tally, and can be hand-checked against the number of signatures on the roll in a recount. Spot-checks of this at random precincts prevent widespread alteration without triggering a recount. The number of votes plus the number of remaining blank ballots equals the number of blank ballots at the beginning. So inserting fake ballots is hard. Inserting them in a way that can't be detected at count time or at recount time is harder.
So, how about false registrations and professional voters going around making multiple votes in different precincts? Remember, we need 10,000 votes to move the tally 1% in our theoretical election. Let's say one professional voter can make it to ten polling places over the course of a day. So you would need a thousand of them, trained, with targets. They would need to be either fanatical, or paid. And you need to do this with no leaks, no turncoats, no one who thinks "I could sell my story to the news for tens of thousands", no hidden cameras... yeah. (As an aside, this is why insistence on voter ID is misplaced. The difficulty of the problem prevents it far more than an ID step would.)
So how about altering the count? Well, if it involves altering the ballots themselves, it's a hard problem. (Unless you use those idiotically dangerous touchscreen machines, which ought to be illegal.) You need to remove valid ballots and replace them with altered ones, again with multiple parties observing. Or you can alter the final result count, but then it mismatches the paper ballots, and would be detected as fraudulent at recount time. Spot check hand-counts detect such issues.
Technical implementation example here: In Minnesota, we use Scantron machines. If there are multiple Scantrons at a polling place, we will hand-count one of them and compare to its electronic tally. The electronic tally from the machine is an unofficial result only, until certified.
Now, let's look at some easy things to do to manipulate elections! First, gerrymandering - draw district lines that make it nearly impossible for one party to win. I live in such a district. We're more likely to get visited by aliens than elect a Republican in my district. Second, voter suppression. Make it increasingly more difficult to vote - limit polling station resources in certain districts to force multi-hour lines, require ID, etc. These are popular and common. See how this works?
Blockchain doesn't fix ANY of this. Either it's already fixed, or could be fixed by improving the process based on models that are demonstrably good in other states.
Heck, they do fair elections in poor countries with high illiteracy rates, too. Just stamp each voter's hand when they vote. No one can vote twice because stamps are checked. Ballots can have symbols for parties rather than words. Election validation is easy.
I've already explained elsewhere in this thread that it's easy to make this system also deniable, so that you cannot be extorted. As for buying votes, the deniability would make it equally difficult to prove you voted a certain way as it is now.
It's deniable afterwards, but not during. At some point you reveal to the voter a way to map their vote to an anonymised 1 or 0. That point is vulnerable and that point will be where someone expects you to show them something.
It's almost like people are thinking of blockchain as a global immutable append-only log with source attribution.
Then the main question is, is what you're willing to pay to append a record more than what the operators (miners) are willing to accept to append a record? In the case of elections, I don't know a lot of governments that would be willing to pay to do what they do for free today.
Not only that, but the blockchain is not even immutable... Forks happen all the time and the developers end up arbitrarily choosing which fork is the real blockchain. Anyone that was using the other fork in the meantime sees their chain mutate (gets wiped out, essentially) or be given a different name.
So basically even IF the blockchain was not costly, the nation would need to control the developers to control the blockchain in the case of consensus failure (fork) to make sure no one messes with the election results.
> Not only that, but the blockchain is not even immutable... Forks happen all the time and the developers end up arbitrarily choosing which fork is the real blockchain. Anyone that was using the other fork in the meantime sees their chain mutate (gets wiped out, essentially) or be given a different name.
Yes they are. That's not what 'immutable' means. Immutability refers to an inability to change the past. Not an inability to fork the future. A blockchain is a persistent, immutable data structure. This is just a simple fact of computer science.
When a chain fails to find consensus and forks due to different consensus rules, the 2 chains persist until the developers tell us which chain is the right one. Let's take the 2013 Bitcoin fork for example. OK now a merchant who has accepted Bitcoin on one chain could have had a transaction that was 20 blocks deep. Then, when the miners decide to abandon that chain and obey the developers and go on the other chain, the merchant's transaction is no longer confirmed if it wasn't played on the other chain. This is how blockchain consensus failures change the past of the ledger and therefore how the blockchain fails to be immutable by your definition.
side note: I'd be wary of calling blockchain's consensus mechanism "computer science", it's more of a social consensus when consensus rules are different (ie. when forks are involved).
Blockchains are immutable. Immutability is the property you want for elections. Blockchains are absolutely computer science. The consensus PoW mechanism is not part of 'blockchains'. It is a part of cryptocurrencies. Blockchains are simply a log-structured Merkle tree.
Repeating things don't make them true. You defined immutability as the inability of changing the past. I have provided you an example of the past of Bitcoin being changed (24 blocks were invalidated). I await your rebuttal.
That isn't changing the past. It's changing the interpretation of the past. The old transactions are still there, they're just not considered valid. That's fine. An election blockchain can't enforce its result anyway. A dictator can always simply say "yep, I got voted against, but too bad, i'm staying". What's important though, is that in a blockchain based system, that dictator would not be able to claim legitimacy convincingly. We would know and be able to prove that they invalidated or ignored the results. They cannot invalidate/ignore the true tally without everyone knowing they did it, just like you know that those Bitcoin transactions were invalidated. That is exactly the point.
If I had a data structure whose contents could be interpreted differently by different parties, I'd have a very hard time convincing stakeholders that it was immutable... and I'd feel bad trying to do so.
> We would know and be able to prove that they invalidated or ignored the results
To your new point, though, picture this: it's 2016 and you're running your election on the blockchain. Unfortunately, a consensus bug in the blockchain causes the updated nodes (say, half the network that updated) to split. The devs decide to go forward with the new consensus rules and abandon the other chain. However, we find that the tally on the abandoned chain elected Hilary and the tally on the new chain elects Trump. What happened? Were the devs co-erced? Did they introduce the bug themselves? Why was the tally different on the abandoned chain? Who collected the tally and wrote it to the blockchain?
How do we know or prove the legitimacy of the chosen blockchain over the abandoned one, as you claim?
> If I had a data structure whose contents could be interpreted differently by different parties, I'd have a very hard time convincing stakeholders that it was immutable... and I'd feel bad trying to do so.
Whether or not you could convince someone of it, it is so. The definition of an immutable data structure is that the contents of it don't change. It says nothing about interpretation. Immutability isn't some nebulous concept, it has a specific definition in computer science. And it is that the data itself does not change.
> To your new point, though, picture this: it's 2016 and you're running your election on the blockchain. Unfortunately, a consensus bug in the blockchain causes the updated nodes (say, half the network that updated) to split. The devs decide to go forward with the new consensus rules and abandon the other chain. However, we find that the tally on the abandoned chain elected Hilary and the tally on the new chain elects Trump. What happened? Were the devs co-erced? Did they introduce the bug themselves? Why was the tally different on the abandoned chain? Who collected the tally and wrote it to the blockchain?
> How do we know or prove the legitimacy of the chosen blockchain over the abandoned one, as you claim?
There is no need for consensus in an election-based blockchain, and this is not a new point, it's been my point the entire time. It's the point of all blockchain-election solutions. We can arbitrarily choose any chain, and then verify all the properties that we care about on it.
> When a chain fails to find consensus and forks due to different consensus rules, the 2 chains persist until the developers tell us which chain is the right one. Let's take the 2013 Bitcoin fork for example. OK now a merchant who has accepted Bitcoin on one chain could have had a transaction that was 20 blocks deep. Then, when the miners decide to abandon that chain and obey the developers and go on the other chain, the merchant's transaction is no longer confirmed if it wasn't played on the other chain. This is how blockchain consensus failures change the past of the ledger and therefore how the blockchain fails to be immutable by your definition.
Okay, so which of the chains changed?
(Hint: neither changed; they can't change, because they're immutable).
You seem to have a chip on your shoulder with this idea the developers control the blockchains. Every time you see something about blockchain you seem to jump in and start arguing with people in favor of your pet issue. I've seen you do this on multiple threads now.
The irony is, there are some persuasive arguments for the idea that developers have too much control of blockchains, but you're not saying any of them, because you clearly don't grok the technology. You have a Wired-magazine-level understanding of the technology: you know the history and social systems around the technology but you clearly don't understand the concept of immutability as it applies to blockchain forks, or why consensus is both a social concept and a computer science concept when applied to blockchain, or how a block is validated.
In your defense, understanding blockchains requires a lot of background, and I'd say most people don't understand it. But most people aren't arguing so vehemently for their opinion.
The ledger that is Bitcoin changed. From the merchant's perspective: Bitcoin was one ledger, then it became another. Transactions that were 24 blocks deep changed. That is the ledger changing. The developers are the ones that told everyone that this change would happen.
The rest of your post is pretty offensive but I'm willing to look past it if you want to actually talk about your blockchain ideology with civility.
I honestly think the disconnect here is you're thinking in terms of bits and atoms and I'm thinking from the user's perspective. If we're going to build something useful with the blockchain, we have to think from the user's perspective. It doesn't matter if it's 2 separate "block chains", they're both attempts at finding consensus on 1 ledger: the Bitcoin ledger. That's the whole point of a distributed ledger: at any given time you may have disagreeing versions of it existing simultaneously, but it's still 1 ledger trying to find consensus so that users can know what happened actually. And if there are times where developers are ESSENTIAL to resolve ledger consensus failures, that is precisely the kind of central control that could be abused in ways Satoshi was trying to avoid. We don't even know if the 2013 bug was intentional or not. What if the developers were compromised and the fork was made so that someone could execute a large double-spend? What if this happens again in the future?
> The rest of your post is pretty offensive but I'm willing to look past it if you want to actually talk about your blockchain ideology with civility.
I don't usually go out of my way to tell people they are uninformed, but you're spreading very uninformed opinions around. You can't reasonably expect to spread your uninformed opinion around and not have people tell you you're uninformed. If you take offense to that, well, maybe you should limit yourself to sharing opinions about things you understand. I'm not saying this to offend or hurt you, I'm saying it because it's a fact you should be aware of.
I don't think you're dumb; you seem like a smart guy. You're just ignorant on a specific topic--and that's okay too--ignorance is fixable. But you should fix it before you start spraying your opinions on the topic around.
> I honestly think the disconnect here is you're thinking in terms of bits and atoms and I'm thinking from the user's perspective. If we're going to build something useful with the blockchain, we have to think from the user's perspective.
No, the cryptography (which has little to do with bits and nothing to do with atoms) affects users. You can't simply argue that you understand Bitcoin well enough because the social aspects of Bitcoin are the important part. Both the social aspects AND the cryptography aspects are vital to understanding--if you don't understand the cryptography you don't understand Bitcoin. Period. This is especially true when you make claims that are directly about the cryptography (such as that a block chain is not immutable) which show that you clearly don't understand it.
> It doesn't matter if it's 2 separate "block chains"
Since that is literally what a fork is, if it "doesn't matter" then why are we even talking about a fork?
> they're both attempts at finding consensus on 1 ledger
No, they're both (immutable) data structures which hold a ledger. "Attempts at finding consensus" aren't really represented by a data structure.
> What if the developers were compromised and the fork was made so that someone could execute a large double-spend?
You could start to build a plausible case for this by looking at the respective blockchains--which is, incidentally, an effect of them being immutable. But I thought this "doesn't matter".
But that's unlikely, because the fork was relevant for < 2 hours. The attacker would have had to spend their coin and the seller would have to release control of the asset they were spending the coin for, in that time.
And if a large double spend were executed, there's a good chance we'd know about it because the seller who received their coins on the 0.8 blockchain would probably be pretty angry about it.
If you don’t understand that the process of reconciling 2 chains of blocks is for the sake of consensus on 1 ledger, maybe you just don’t understand distributed systems ¯\_(ツ)_/¯
Because if you did, you would understand that when your values (in this case, transactions) get modified unexpectedly even if they’ve been consistent for an arbitrarily long time, you cannot claim that your database is immutable. The fact that the individual attempts at consensus are immutable is irrelevant because the user only cares about the resulting ledger, which as I have proven to you over and over again is mutable.
I see what you did though, you defined “blockchain” as just an individual chain, not as the encompassing consensus-finding system... which to me is not a useful definition because it leads to misunderstandings like yours (ie. “the database is immutable”). Picture this:
Exchange: “Why did the Bitcoin I received vanish? I thought Bitcoin was immutable??!!!”
You: “Oh lol you’re terribly misinformed, it’s the data structures that are immutable, silly, not the actual database. Obviously the database consensus can fail and that can make you lose money, unless it’s controlled by trustworthy and honest people of course... who made you believe otherwise?”
Immutability refers to data, not interpretation of data. It has a specific meaning in computer science. It does not mean "social value", or "economic utility", or anything like that. It refers to the actual values of the bits. And in that sense, Bitcoin is unequivocally immutable. If you want to define some other term to refer to mutability of interpretation - go ahead. Just don't call it mutability.
> Then the main question is, is what you're willing to pay to append a record more than what the operators (miners) are willing to accept to append a record? In the case of elections, I don't know a lot of governments that would be willing to pay to do what they do for free today.
If a government is holding fair elections, they should be willing to spend money on the opportunity to prove that they are fair. That being said, you don't actually need mining in an election-based blockchain. Mining/PoW exist to solve the 'double spend' problem - but that's just a race condition. There's no need to worry about race conditions in elections. The global consensus can be computed slowly. The important property that you want is that each individual voter be able to mathematically verify that their own personal vote was counted towards the total, and counted correctly. Blockchains do offer that capability.
You think that problems with election legitimacy don't exist? They definitely do. Especially in non-western countries, but even in western countries there are often questions of legitimacy. Blockchains have the potential to remove all doubt. I'd say that's a pretty worthwhile goal.
That being said, this particular project is not a good example of any of that. But blockchain for elections is actually one of the few truly technically legitimate uses of the technology.
Yes, but blockchains are a particularly suitable form of this technology, because they are decentralized. Not in the sense that people normally mean, mind you, but simply because they allow the unsynchronized, simultaneous submission of votes from around a country in a technically convenient way.
> Blockchains have the potential to remove all doubt.
given a very specific and likely untenable list of assumptions about the way the entire human system works, yes, i'd agree that they might remove all doubt.
outside of textbooks, i think plenty of other comments here have cast doubt on how a blockchain voting implementation would solve real world problems in practice.
Beware of Blockchain stories with unsubstantiated facts. The original story had many red flags, not the least of which being the use of the future tense in a quote by Gammar.
“Anonymized votes/ballots are being recorded on Agora’s blockchain, which will be publicly available for any interested party to review, count and validate,” said Gammar.
Agora makes zero attempt to rebut the claims with evidence, and instead, attack the source:
> Through research we have found that username "Tamba Lamin", who is the main source of this article, is from a competing service. You can do your own research into his position by Googling the username and "election". We do our part to not incite witch-hunts or dox users so please do not either but he used his real name on our channels and we have no other way to reference it.
The article by Tamba Lamin is just one of more than a dozen articles listed in the cited post that argue against Agora. This is not a great response from the Agora team (posted below for posterity):
Hi /u/custom1made, we welcome both positive and negative feedback on our company so we can continue to learn, earn trust, and grow.
Our continued success will attract many unsavory characters that will attack us - we must remain professional, honest, and composed - and hope to foster a community that agrees to that mantra.
We are very much hoping you will do your part in helping us stay strong so we can focus on our mission to bring transparent Democracy to the world.
Through research we have found that username "Tamba Lamin", who is the main source of this article, is from a competing service. You can do your own research into his position by Googling the username and "election". We do our part to not incite witch-hunts or dox users so please do not either but he used his real name on our channels and we have no other way to reference it.
Although his motives may have been questionable, he brought up important topics. We had an internal meeting about our stance on sensational subject titles, filters in place, and how we will handle incorrect information from third-party news organizations. Our intent is to set and keep the record straight.
As stated in our pinned posts and in all of our Reddit posts, we do not verify the accuracy of third-party news reports. Thank you.
Companies which double down on lying PR by personally attacking people correcting it (not even accurately apparently, given no evidence to suggest Tamba Lamin has any connection with French media reporting quotes from election officials) should not be anywhere near election counting.
If it's the case that Sierra Leone did not use blockchain for any part of its election, I think TechCrunch needs to own up to its reporting, which seems very thinly sourced:
In fact, it seems completely sourced to "Leonardo Gammar of Agora", "Agora" being a company that is trying to sell its "blockchain-based digital voting solution" [0] and thus has every incentive to hype the usage of their product. The TC reporter apparently made no attempt to contact anyone who actually works in Sierra Leone's government/elections, or anyone who actually lives there.
It is possible that Agora was accredited as an independent observer of results. But it's problematic that they use their Sierra Leone results page to advertise their services, which don't seem to have been used as described:
> Agora is a Swiss foundation providing decentralized digital voting systems based on the blockchain technology. Agora’s solution will enable secure and remote voting from digital devices, as well as allow each voter to verify his or her untampered vote in the final count.
When you go to Agora's "results" page, all you get is an aggregated tally of votes. I don't see a ledger of any kind:
Luckily, I have the answer: a blockchain which records overhyped blockchains. This technology will make it possible to create an immutable, universal record that will exclude all falsehood.
ICO imminent. Act now and receive a 20% bonus on your next overpromise.
I live in a third world country (Colombia) and the scammy hype is even here, people at cafes telling each other to "invest" in BTC and the other crypto currencies, usually through a middlemen (the ones doing the convincing, so they take a commission one way or another); usually involving people with not much money to begin with, just hungry for an opportunity to make some, willing to take bank credits or other forms of debt in order to "invest". It's all so lame.
This sounds like an argument against rolling your own blockchain instead of using an existing, highly secure one. Not that I'm convinced blockchains are the proper tool for the job.
BTW, is it too late to stop using the word "blockchain" like it's something that can be bottled up and sold? I believe an article is required.
That's not true at all. The worst the state can do is to deny votes to be written in the blockchain by mining empty blocks. But no matter how much computing power it has, the state can't write false votes, thanks to public key cryptography.
If transactions where cheaper, voting on a public blockchain like Bitcoin would be a great thing. That's not the case today, but I'm pretty sure it will be in the coming years.
That’s not correct. The worst that can happen is falsifying votes before they’re written to the blockchain. And there’s nobody who will check the „blockchain“ for his vote, because people want to vote and get over with it.
Paper ballots with automated scanners is a solved problem. It works, it's cheap, and it's virtually tamper-proof. (Tampering with the result will require physical access by many people: if you allow that possibility you're basically conceding that you cannot trust the government to run the election properly, and using any technology won't save you.)
In other words, paper ballots is a boring, unsexy technology whose only benefit is that it works. No wonder people aren't excited.