There has been a change to how ballots are stored within the ElectionsOnline system utilizing new technology that, while evolutionary with respect to how it came to be, is truly revolutionary in what is now possible—that being immutable and cryptographically verifiable ballots. If you’re familiar with blockchain, and think that’s what we’re talking about, we aren’t, as blockchain has never been an appropriate solution for elections despite the buzz that may have surfaced when it first began gaining popularity with services like Bitcoin. It can be appropriate when multiple parties are looking to work together in a decentralized way, but elections do not meet that criteria. What we are talking about is what comes after blockchain—Quantum Ledger Database (QLDB)—and in keeping with ElectionsOnline’s reputation for being the leading innovator of voting technology, we’re thrilled to be the first and only election service provider to adopt it. QLDB did not materialize out of the ether. It evolved by borrowing some of the properties of blockchain with other properties of a document database, adding some bonus properties to it and then ensuring it hit the target that precursor technologies were aiming for but just came a little off the mark. So what we see with QLDB is something born out of asking what problem blockchain really tries to solve and how can it be solved better? The answer is a technology effectively purpose-built for elections.
To learn more about Quantum Ledger Database, visit its home page on the AWS website, but in a nutshell it is defined as a, “Fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority.” There are some key things in that description that warrant further attention.
This means the makers of QLDB, Amazon Web Services, support the infrastructure on which it runs. Server and network optimization, security, patching, backups, all of it has the expertise of AWS behind it.
Recall the days when bookkeepers using paper would record every single business transaction in a ledger. In the event some piece of data in a transaction needs updating, the original transaction does not go anywhere. It remains untouched, and a new entry is added to the ledger where the correction is made. In this way, a history of transaction activity is chained together. Were 100 such updates to be made, there would be 101 entries in the ledger. (1 for the original transaction, plus 100 updates.) But one should understand that databases have historically not followed this model. Instead, when an update is committed to a database, instead of it creating a new entry, the data in the original entry is overwritten leaving no trace of the state it was in prior to the update. So 100 updates to a single record would still mean only 1 record in the database. That certainly cuts down on the amount of storage space consumed and is perfectly okay when keeping a history of activity is unnecessary. But when a history of activity is required, it usually would mean keeping an “audit table” in a database where previous states of data are logged for audit purposes. But even this has its shortcomings given that someone with access to the database could modify or delete records from the audit table without leaving a trace.
This is where a ledger database comes in. The ability to update and delete data in a ledger database does not behave as it does in non-ledger databases and any data committed to QLDB becomes part of its auditable history.
Transparent means that a record’s full history may be queried and viewed.
Immutable is defined by Oxford dictionary as, “unchanging over time or unable to be changed.” In other words, once a ballot enters the ElectionsOnline system, it is not possible for it to be altered by anyone. More precisely, it is not possible to alter the original ballot committed to the system by a voter. Because no ballot should ever be modified once committed, election managers may verify the absence of any change history to be certain that the results are being reported using original, unaltered ballots as decribed at Election Verification and Certification.
QLDB uses a cryptographic hash function to generate a digest file which may be used to validate the integrity of any data changes. Stay tuned for further developments and updates regarding this particular aspect.
Owned by a Central Trusted Authority
Blockchain is built on the concept of decentralized computing which has its uses, particularly when multiple parties, particularly parties unbeknown to other parties, are involved with ensuring the integrity of data before committing that data to the network. But with elections, that is not the case and is one reason why blockchain is so poorly suited for elections. Instead, the act of a voter committing his or her ballot selections to a system occurs between a voter and a trusted authority like ElectionsOnline. It’s not much different conceptually than an account holder depositing money into his or her bank account where the bank serves the central trusted authority.
This is a big development with much more to follow in the coming months so stay tuned.