There are two types of people who don't immediately agree:
1.) People who don't understand the technology and distrust those who do.
2.) People who fear democracy, and deep down know their interests and ideals are best served through fraud
3) The National Academy of Sciences
I'll answer quoted sections but if you're in #1.) and can't engage with my responses it will annoy me. People who know they can't debate a subject should not be throwing around links as a substitute.
The first obvious error on my first read through is the assumption that "blockchain" means one and only one thing, I described a system that was not some kind of carbon copy of say bitcoin but it is no less a blockchain for it. A tank is no less a vehicle for the armor. I will point out how the system I refer to indeed does what I say it would.
David Jefferson: In particular, if malware on a voter’s device alters
a vote before it ever reaches a blockchain, the immutability of the
blockchain fails to provide the desired integrity, and the voter may
never know
of the alteration.
3RU7AL's commentary is adequate summary, I'll expand:
First the absolute error, the voter could very well know of the error (as 3RU7AL said) because he/she would have an ultimate private view key. You have spoken else where (almost smugly) of how you can lookup your 'ballot' online.
The ballot is the ledger of your voting choices, it is not a letter purported to establish identity sent with a mail-in-ballot. It is not a receipt or some electronic version of an "I voted" sticker.
So I asked you, and you have no answered, can you see who you voted for?
If you can see who you voted for that does not mean that was how the vote was counted. They could be seeing your request and sending you back HTML that makes you feel secure that has nothing to do with the actual tally. It also means that they have a database of people and who they voted for, if that database were leaked it would represent the total destruction of ballot secrecy. It's mere existence in a form decryptable by government officials is a violation of the principle of a secret ballot.
Finally it gives you no confidence that the votes recorded for others are true and legitimate.
To fix each of these problems one at a time leads to a system which falls under the definition of "blockchain".
1.) To allow you and only you to see your ballot (who you voted for) you generate your own ultimate private view key [UPVK] (I'm saying ultimate because this system would have multiple types of view keys). You use that to generate your vote, and only that key can be used to decrypt the full ballot. You can make that private key public by choice or (theoretically) by letting malware on your computer, but that does not remove your ability to verify your ballot.
If you installed malware which basically disguised itself as the voting software and it changed your vote as you sent it, it would simply be a matter of taking your UPVK to a clean machine and checking. The government could provide clean machines and millions of other citizens would also have the software.
A system for ballot retraction could be included, but it is unlikely to be heavily used because:
2.) Malware is a defeated disease for moderately informed computer user. By attack vector almost all malware originated from overly broad API access of JS to the underlying operating system. They have been plugging holes for a while and at this point they have finally (and wisely) decided that there ought to be no bridge. Modern browsers allow the retrieval of some information but do not allow the unsolicited download of executables or the unmanaged manipulation of files.
The only way to get malware now is to choose to download some form of executable (.exe, .bat, etc... ) and then double click on it. Being delivered a trojan horse executable when you try to download a useful program is of course a problem, but one that has also been solved using checksums and HTTPS + certs.
To put this in concrete terms, if the government runs a website where you can download the voting software and it is HTTPS with a .gov then that is where the executable came from.
Don't trust the federal government? Fine get it from a source you do trust, a local government, a bunch of anti-government militia, the BLM IT division. Doesn't matter, whoever you trust can compile the code and they're all looking at the same files.
So you see the accusation "the voter may not know of the alteration" is true of paper ballots and uniquely not true of a properly designed decentralized cryptographic voting system.
David Jefferson: While it is true that blockchains offer observability and
immutability, in a centralized election scenario, observability and
immutability may
be achieved more simply by other means. Election officials need only,
for
example, post digitally signed versions of relevant election-related
reports
for public observation and download.
This statement is made from a profound ignorance of the vulnerabilities of the current system. Hourly totals may provide evidence of certain kinds of fraud but in no way do they solve the problem. This is akin to suggesting the adding of sprinkles to solve the salmonella in the ice cream.
The dangerous fraud is people fraudulently requesting (or just collecting) ballots which they fraudulently fill out or order to have filled out. That is why mail in voting was such a big deal. That is why "all of a sudden" everybody was concerned about fraud, because all of a sudden an unauditable form of fraud became tens of thousands of times more accessible.
David Jefferson: Ballots stored on a blockchain are electronic. While paper ballots are
directly verifiable by voters, electronic ballots (i.e., ballots on a blockchain)
can be more difficult to verify.
This is the opposite of reality, a giant pile of paper ballots under seal tape, lock, and key is not accessible to the public at all. Its counting is left to machines and officials individually approved by local bureaucrats.
This however is missing the point. A giant pile of ballots is count-auditable, that is; with enough political pressure one can have a third party come in and count the pile. That is more or less what happened in Arizona. Some foul play was indicated, but focusing on this form of audit is (like assertions about dominion machines connecting to Venezuela) a red herring.
It's like saying "Look, we proved the money wasn't printed with an inkjet on office depot paper so therefore it's not counterfeit"
Blockchain totals are truly accessible to the public, but more importantly a bio metric and video recorded issuing of voting tokens would be public origin-auditable.
David Jefferson: Software independence is not, therefore, achieved through posting ballots
on a blockchain: as ballots are represented electronically, software independence may be more difficult to achieve.
It's called "open source", an article written after 2018 really shouldn't be so uninformed.
David Jefferson: The blockchain abstraction, once implemented, provides added points
of attack for malicious actors. For example, blockchain “miners” or
“stakeholders” (those who add items to the blockchain) have
discretionary
control over what items are added. Miners/stakeholders might collude to
suppress votes from certain populations or regions. Furthermore,
blockchain protocols generally yield results that are a consensus of the
miners/
stakeholders. This consensus may not represent the consensus of the
voting
public. Miners/stakeholders with sufficient power might also cause
confusion and uncertainty about the state of a blockchain by raising
doubts
about whether a consensus has been reached.
This is a common myth/fallacy about blockchains. It's often referred to as the "51% attack".
What can be accomplished by a 51% attack is confusion. What cannot be accomplished is undetected fraud.
The integrity of the blockchain is the result of the referential encryption, not consensus. Consensus is what tells you which version of the file is the complete one, but your own CPU can tell you which versions are accurate.
When in doubt a citizen, a state government, the military, congress can each trust their own "mining" and choose what to do as appropriate. As the constitution is currently written state governments can send electors based on the results of a chess tournament, so it can be presumed that the state government would select electors based on the version that their own mining agrees with. If 50,000 citizens & state military with guns can see from their own devices that the state government has chosen the incomplete blockchain and are therefore attempting to ignore votes it is incumbent on them to deal with the treason.
