Lloyd told Cointelegraph that a number of researchers have found abnormalities with the program and that the company responsible for running the platform has not shared any of Voatz’s attestation documents or audit summaries publicly. He further pointed out that the Voatz blockchain is essentially a private hyperledger network that has less than 10 nodes — which led him to believe that the system is no more useful than a traditional database. Lloyd then went on to add:
“A blockchain running only provisioned nodes still needs those nodes to be exposed to the internet for people to vote. People attempting to compromise public facing applications is routine for any web application. The FBI is involved because of the target. You can’t ‘change votes’ after the fact. The target would have to be the voter’s mobile phone and then only when they have authenticated and are ready to vote.”
Ivanitskiy also mentioned that this past September, a blockchain voting system was used for the city of Moscow’s parliamentary election. The results statistically differed from the in-person voting count, which meant that the overall result was a bit distorted. Ivanitskiy then added:
“The blockchain part worked well, the problem was in the identification part. Blockchain is great for voting; however, identification is a complicated problem. We should not use any electronic voting system unless we are sure that identification works correctly.”
Blockchain in voting systems
It is important to distinguish between blockchain technology and the applications that make use of this framework. Simply put, blockchain allows for the creation of a datastore that is tamper-evident, and by distributing multiple copies of this tamper-evident datastore, the information automatically becomes highly resistant to the nefarious activities of third-party individuals.
Related: Will Blockchain Stop Personal Data Leaks?
This is because if one copy of the datastore is altered (in any shape or form), the change immediately becomes visible to all of the other participants of the network. Not only that, once an alteration is detected, it can be overwritten with one of the many copies that are not corrupted to bring the information back to its original state. To further elaborate on the subject, Jeff Stollman, a principal consultant at Rocky Mountain Technical Marketing, provided Cointelegraph with some insights:
“The problem with blockchain voting is the front-end application that manages the new data that is added to the blockchain. Blockchain technology does not stop someone from hacking the front-end application and altering the data (e.g., votes) before it is added to the blockchain. For example, it a fraudster is able to impersonate a legitimate voter (because he has stolen the voter's credentials), he can vote in place of the legitimate voter. This has nothing to do with the blockchain.”
In relation to Voatz, since there has been no solid evidence to prove that the infiltration attempt in question was successful, it might be safe to assume that the hacker was seeking to access certain areas of data input associated with the app rather than the blockchain itself.
Additionally, since Voatz reportedly makes use of a permissioned blockchain consisting of a relatively small number of verifying nodes rather than a permissionless ecosystem, John Wagster — the co-chair of blockchain legal team Frost Brown Todd — believes the latter would be better suited for voting-related activities, as each transaction would need to be verified by a larger number of participants, adding that:
“No system is fool-proof, but the security in the Voatz application seems to have held up nicely even though it was designed for a permissioned blockchain. This looks more like an attempted break in than an actual break in.”
Was the Voatz incident a one-off thing?
A pertinent question that is bound to arise as a result of the aforementioned incident is whether or not more blockchain-based voting systems could be compromised in the near future. Virtually all of the so-called hacks related to this domain are not security lapses of the blockchains. Instead, they are hacks of the data or data relays that connect to the central blockchain ecosystem. On the subject, Wagster told Cointelegraph:
“Voting applications are actually an excellent use case for blockchain technology because they allow transparent, verifiable interactions between non-trusting parties.”
A similar sentiment was echoed by Henry Ly, project manager at cyber security and technology company OccamSec. In a conversation with Cointelegraph, he said that even though blockchain-based voting systems need additional verification protocols in terms of an assessment from a security vulnerability standpoint (as is highlighted by some of the blockchain hacks that have occurred recently), incidents such as these are nothing new. Every new technology, in his view, regularly goes through infiltration bids.
Ly further pointed out that hacking attempts are a daily occurrence on blockchain apps, but that doesn’t mean that such offerings don't possess any long-term promise. He went on to add:
“Its highly impossible to build ‘foolproof systems.’ Given enough time and resources everything and anything can be broken into. Electronic voting and blockchain voting has a lot of problems but it holds some promise.”
Government-related blockchain use cases continue to increase
Even though critics continue to harp on the vulnerabilities related to blockchain tech, its global use cases continue to grow steadily. For example, ?ternity, a decentralized application-focused blockchain venture, recently entered into an agreement with the Uruguay Digital Party in order to create a new platform that will allow Uruguayans to participate in a variety of local political decisions in a transparent, decentralized manner.
Similarly, the United Kingdom’s Food Standards Agency (FSA) announced last year that it had successfully completed a pilot program using blockchain to track the distribution of meat within the region.
Related: US Moves Closer to Accepting Blockchain, Still Uncertain Over Crypto
In the United States, a total of 18 states have, in some form or another, introduced legislation related to blockchain technology. Nine such bills have already become laws — for example, people living in Tennessee are allowed to use blockchain technology and smart contracts to facilitate their electronic transactions. In the same vein, a recent Wyoming law allows corporate entities to make use of blockchain to maintain their internal records.
