 Our next speaker coming up is... Oh, I haven't practiced this and I haven't discussed it with him. You can say Diego Aranja, that's fine. Oh, don't tell me, don't tell me. Diego Aranja. Like Lasagna. Lasagna? I don't even have that on me. Aganya like Lasagna, the pronunciation. Lasagna? Yeah, pronounced the same. Okay, but it's spelled Aranja. Long story, long story. Okay, with a silent S. Okay, thank you. Diego from the Department of Engineering owns a university. Can blockchain make voting more secure? Let's hear about that. Thank you. So my main research is in cryptographic engineering, which means developing techniques to deploy cryptography securely in practice. But I have this weird research topic and disturbing hobby of studying elections or electronic elections in particular. And today I'll try to give information to Sol or to answer this question. Can blockchains make voting more secure? And by voting here, I mean races for public positions. So official elections conducted by governments. Of course, private companies and other enterprises can choose different ways to vote because they have different threat models, right? So let's start with the basics of election security. All elections, to be fair and reasonable, they need to satisfy some requirements, some security properties. And some of these are fairly intuitive to us. First of all, only eligible voters should be able to vote. You don't want to allow people who are not allowed to vote to cast their choices. Votes should be secret, so voters can freely express their will towards their candidates no matter how horrible those candidates can be. Votes shouldn't be changed after the fact. So there is an integrity property also that's important. And all of this is just to basically convince the losers that they actually lost. This is the ultimate goal of elections, to convince the losers that they lost so that the election is legitimate. This is fairly easy. It's fairly easy to see how this is accomplished by a paper ballot election. Basically ballot secrecy is guaranteed by a voting booth, so you can pick your choices on the ballot without anyone seeing. The integrity property is basically everyone looking at the ballot box for the whole day to see that no one is messing with the contents. And eligibility can be solved by just government issue documents. But humans, you know, they have this tendency of automating everything. And the effort of automating elections started in the 1920s with the first lever machines. These are basically giant contraptions to help in some way a voter to cast their ballots. They were introduced in the US at first, and they were used for decades. I don't know exactly from looking at the picture how this could help someone to vote, but not get into that. And for decades, these were the main voting interfaces for several states in the US. With the down of the electronic age, of course, the effort continued to the development of electronic voting machines, especially at the end of the 90s and beginning of the 2000s. And in the US in particular, towards that was the election of Bush. You probably remember the situation in Florida with the recounts and the Supreme Court mandating recounts to be stopped, and all of that. So several countries have adopted the electronic voting machines in the end of the new century and the end of the 90s already. I have pictures there from the clock. A counter-wise order from India, the Netherlands, the US, and Brazil. And I have to admit that these machines helped voters vote in some ways. In several cases, they provided better interfaces than in the paper ballot for poor voters or voters dealing with accessibility problems. But from the point of view of security, I have to say these machines were a huge step back. So if you take a look at the analysis, the security analysis of how these machines operate, how the software is written, how the security measures are implemented, they are a textbook of what not to do. Actually, they are great textbooks for anyone willing to learn how to protect computer systems because you get all the counter-examples from those security analysis. I've participated in two different hacking challenges of the Brazilian voting system where we could find ways for external attackers to break both ballot secrecy using only public information and also to manipulate the software installed in the machines so it would manipulate the count. So I still have nightmares about this after all these years. So if voting machines do not help or do not solve the problem after all, maybe we should look for alternatives. And some countries have done by thinking of deploying internet voting, which in my opinion makes everything worse. Due to just a larger attack surface in which now, first of all, other countries can participate in your elections, not in the nicest way possible, but they surely can. Either by preventing elections to be held with denial of service attacks or just hacking infrastructure and casting votes. But there are other not as scary ways of manipulating elections conducted through the internet. Now it's much harder to protect voters from coercion because they are voting remotely. How can you prevent an employer from collecting everyone for the big voting day so everyone needs to vote following certain instructions? You also need to worry about malware installed in the computers belonging to the voters so that these computers do not cast votes in place of the voters. You now have to worry about insiders because these usually are centralized systems. So you need to worry about insiders operating the system and maybe manipulating how votes are being counted. No matter all these risks, at least one country got this mostly functioning. This is Estonia. So in Estonia you have the option to vote either by paper or using the internet voting system. And they have additional protections to prevent voter coercion in which you can vote multiple times and the latest vote is the one which counts. And you can also, if you were coercive, to vote online you can also vote by paper after the online voting is closed to make sure that your vote is really the way you intend to. But a security index of the Estonian voting system was not very inspiring also to read so it's triggered with problems. A recent example was the Swiss experience. So the Swiss government did a hacking challenge in the last month where it opened the source code of their voting system. They purchased this system from Saito, it's a Spanish company. And researchers could take a look at how security measures were implemented and if all those sorts of problems which would allow, in the cases demonstrated so far, insiders to manipulate individual votes a fraction of the votes and still this would be undetected due to the problems of how the commitment schemes and zero-knowledge proofs were implemented. Go read the details, it's fairly interesting research. So okay, internet voting also has all sorts of problems so we may have to look for more alternatives and if you remember the first slide I told you that we need both integrity and secrecy here and blockchains from the session you learn that they can't provide you actually with storage for private data encrypted data that cannot be changed afterwards. So it seems these properties match what we expect from elections really well so maybe blockchains are really what we were looking for we are into something here so maybe blockchains can solve all problems with elections after all probably not I have to say sorry for being pessimistic the limitations here are clear blockchain voting in the case that someone will cast an individual vote to be stored in the blockchain basically implies internet voting the natural interface to cast the vote on the blockchain and the individual vote in the blockchain would be exactly using some internet service to do that so all those risks they just come back and in some cases they come back amplified so for the voter to verify that the system is behaving correctly this can be harder for insiders because to use this interface before the vote is stored in the blockchain we still need to run software developed by humans who could have malicious intentions you still need to protect the voters computers from malware and other problems we still have the problem with nation state attackers and there is the additional risk of everlasting security since all these encrypted votes will be stored in the blockchain essentially forever what happens if after the election someone finds a way to recover critical information about those votes to try to break ballot secrecy what if a key leak or something is discovered afterwards so blockchains actually do not solve the most relevant problems with electronic elections but they may help in some way so this is the basic workflow of any election you start with a voting session where people will go to the polling place cast their votes either through paper ballots or voting machines with paper records for transparency increase transparency at some point the voting session will end and you do a local tally of just that voting session so either count votes by hand or softening the voting machine prints you a result of that polling place and you can do a recount with paper to match that electronic result is correct so you have a local tally already done and this result can be made public in several countries so it's really mandatory to make that result public so now the problem is just transferring this public result to the central tabulator which will basically collect all the partial results from all over the country and then publish the global outcome who gets to be elected on this preferably this should be done in a way that the voters, political parties and any other stakeholders in the election which is the entire society by the way can check that partial results were transmitted correctly without manipulation blockchains may be very useful for transmitting those results because they can store public information essentially forever or as long as they are being kept or maintained in a way that the voters and other parties can check that the partial results were transmitted correctly and you can do recounts in other tasks audits on the blockchain itself we did a similar effort in 2014 when I was still living in Brazil without using a blockchain of course it was too early for that but in 2014 we conducted a crowdsourced project in which we told voters to go to the polling places and stick to the very end and take pictures of the poll tapes with the partial results for those places and send them to internet service we deployed so we collected all these pictures we extracted information from all these pictures to match with the electronic records published by the electoral authority three days after the election and we managed to do this for 4.1% of the vote which is quite significant for a country as large as Brazil with 140 million voters and this at the time was done using a cloud-based service but I don't see any technical problem of running this in a blockchain platform and it would actually make some things easier because it would be decentralized and easier to scale so I think my main takeaway here is elections are not a playground for your latest technology if a country already has functional and transparent elections that public will trust that they can be audited using paper ballots or voting machines with paper records, congratulations you have sorted out the problem with elections they are good enough already and this is more important than ever we have seen the world increasing political polarization and many of the populists being elected in several countries are just playing this card elections are rigid and you need really independently verifiable elections so that our democracies become as robust as we envision them to be so you can find some references of work we did before improving the security of voting systems especially in Brazil and I thank you for your attention thanks radio show on the radio 24-7 and it's a tech radio show and I have a colleague and we are a little bit like Yang Yang even though we are getting closer because he has a show about surveillance and data and all this stuff and he tells me all the time with voting there is only one thing that works analog he says it's the only secure way and it's a big sort of claim and think he always talks about would you agree with this the systems that you know of so I would say it depends a little bit on the scale you are doing the election I claim that while any country in the world it should be possible to do a decentralized transparent paper-based election of course this is easier in some countries than others if your country is small for example if not that large population or without too much of their identity in terms of how can I say that I'm trying to pick the nice words so you have an average level of instruction that's good enough people understand how the system works and I can expect that the system is working I would say this is great for paper-based elections this is a great setting for other countries in which this is not true in Brazil for example you have the problem that someone will cast votes in the middle of the Amazon forest and you need to transport those at some point to the central government in the capital right how can you make sure that these votes will still survive the trip to be audited and so on this is a stick to paper ballots for larger countries with problems in logistics and level of instruction and inequality even these are the places where you can perhaps experiment with other technologies as they have been doing in the past one thing I can add is electronic voting is not for itself insecure it's just that efforts done in the past decades in that direction were too isolated from the experts were too usually conducted by governments which were not very democratic in the first place and this of course leads to horrible outcomes such as horribly insecure systems being used in practice and what exactly is it that goes wrong if something goes wrong so you can break for example ballot secrecy so in Brazil I will stick to the evidence we collected from Brazil you could actually after the election figure out how the Supreme Court judge voted based on the public information this was one of the main results of the hacking challenge organized in 2012 we never managed to do that of course because we would end up in jail as an example but the conditions the technical conditions were there and they are still there and voter coercion in particular is extremely important in Brazil it's a constitutional requirement there for the voting system to preserve ballot secrecy so it's one of the few ways where things can go horribly wrong maybe you can have an insider also manipulating the software so it miscounts votes for certain candidates so all of many things can go wrong for electronic elections not conducted properly or in the most transparent way Brazil is quite advanced in fintech as I remember the banking infrastructure it's quite advanced because it had to survive many fraud attempts along the years yeah so does that mean that Brazil is moving forward with blockchain or so the government already has some official position for blockchains so Bitcoin at least there's a real commodity there and you actually need to declare if you own Bitcoin or at least if you got money out of Bitcoin transactions in your tax return and so the government at least understands something and I know that the central bank has a special group understanding the technology and trying to think of regulation around it but we don't see as much adoption on daily life as in other countries like Switzerland for example you may get there it's like a case country where they're doing most things around blockchain I may not be the best person to respond to that question but it seems Switzerland is doing some things right in that way I see the example of Venezuela coming up from time to time but of course this for very different reasons right if your financial system breaks down maybe you still can use a blockchain or Bitcoin to do transactions but this is a different story thank you very much thank you very much