USPS Built and Secretly Tested a Blockchain-Based Mobile Voting System Before 2020
An anonymous reader quotes a report from The Washington Post: The U.S. Postal Service pursued a project to build and secretly test a blockchain-based mobile phone voting system before the 2020 election (Warning: may be paywalled; alternative source), experimenting with a technology that the government's own cybersecurity agency says can't be trusted to securely handle ballots. The system was never deployed in a live election and was abandoned in 2019, Postal Service spokesman David Partenheimer said. That was after cybersecurity researchers at the University of Colorado at Colorado Springs conducted a test of the system during a mock election and found numerous ways that it was vulnerable to hacking. The project appears to have been conducted without the involvement of federal agencies more closely focused on elections, which were then scrambling to make voting more secure in the wake of Russian interference in the 2016 contest. Those efforts focused primarily on using paper ballot so the voter could verify their vote was recorded accurately and there would be a paper trail for auditors -- something missing from any mobile phone or Internet-based system. The project appears to have been conducted without the involvement of federal agencies more closely focused on elections, which were then scrambling to make voting more secure in the wake of Russian interference in the 2016 contest. Those efforts focused primarily on using paper ballot so the voter could verify their vote was recorded accurately and there would be a paper trail for auditors -- something missing from any mobile phone or Internet-based system. The Postal Service system allowed people to cast votes on an Internet-connected mobile app similar to how they might add items to an online shopping cart or fill out an online survey. The votes were designed to be anonymous and to be recorded in multiple digital locations simultaneously. The idea is that each of those digital records would act as a check to verify the accuracy of the other records. This is essentially the same method that cryptocurrencies such as bitcoin use to ensure transactions are accurately recorded. But the system didn't protect against the numerous ways hackers might fake or corrupt votes, the University of Colorado researchers said. Those include impersonating voters, attacking the blockchain system itself so votes can't be trusted, flooding the system with information so it becomes too overwhelmed to function, and using techniques that undermine voters' privacy and the secrecy of the ballot. The researchers were able to successfully perform all those hacks during a mock election held on campus. "The Postal Service was awarded a public patent for the concept in August 2020, but had not previously revealed that it built a prototype system or tested it," the report notes.
Read more of this story at Slashdot.