What’s up, What’s Next readers? Hopefully things are starting to settle down a bit for you after the midterms. This week we’ll be looking at arguments for and against blockchain voting. Also, some of the wonkier news you may have missed in the midst of election fever, including Waymo doing away with drivers, a nationwide consumer biometrics database, and a proposed privacy law that could mean jail time for those that break it.

But what’s up with you? Give me a shout—ilopez@alm.com or @IanMichaelLopez.



Block the Vote: Can Blockchain Curb Election Concerns?

Online voting discussions seem to pop up every election cycle, but is blockchain making the possibility of a widespread internet voting apparatus more plausible?

That’s the position of Blockchain Research Institute’s Alex Tapscott, who in a recent New York Times op ed piece dubs “cryptography, code, and collaboration” the gateway to assuaging concerns over privacy and transparency that plague the voting process. “Voters can check the blockchain to verify that their vote was counted correctly, candidates can trust the vote count and election officials can verify and audit the results,” Tapscott said. “Because the system is decentralized, no government or hacker can change the results without immediate detection.”

Now, web voting isn’t entirely novel—at least 25 states allow some folks to cast ballots online, and West Virginia has a blockchain-based voting app. But some people believe it’s “dangerously” wrong to use blockchain ballots as a remedy for hacking and voter suppression. Among them is Ars Technica’s Timothy Lee, who describes widespread online voting as “a huge threat to the integrity of elections—and to public faith in election outcomes.”

Lee has a rhyme for his reasoning. He notes that, as Tapscott suggests, while blockchain enables voters to cast ballots anonymously while ensuring their vote was included in the final tally, it “ignores the many, many ways that foreign government could compromise an online vote without breaking the core cryptographic algorithms.”

Foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters,” Lee warns. “They could bribe election officials to supply them with copies of voters’ credentials. They could hack into the PCs or smartphones voters use to cast their votes. They could send voters phishing emails to trick them into revealing their voting credentials—or simply trick them into thinking they’ve cast a vote when they haven’t.”

And while the technology may exist for a speedier, and frankly easier voting process enabled by blockchain or some form online voting, it may be awhile before hype and reality find common ground. Or, as CNET’s Stephen Shankland puts it, “Blockchain-based voting systems may someday be the norm. But for now, with worries about electronic voting vulnerabilities and even technophiles recommending paper-based ballot systems, any new digital voting option must prove itself.”

➤ Takeaway: The technology for online voting is here, but our readiness to use it is a different story. Yet critics remain divided on when the time will come that voting will be as easy as calling an Uber.

On the Radar: 3 Things to Know

➤ Privacy or Prison. Sen. Ron Wyden of Oregon is shaking up the conversation over federal data privacy standards by announcing a draft billthat could promise hefty prison sentences for execs that run afoul. In its current state, the Consumer Data Protection Act spells out FTC authorityto issue 10- to 20-year “criminal penalties” for senior executives, or a fine up to 4 percent of annual revenue for violations, as well as create a “national Do Not Track System” for consumers to stop companies from tracking them and collecting their data. But don’t get your hopes up yet, privacy thumpers. Ars Technica’s Jon Brodkin points out that given the “extreme penalties” and big business influence over congress, the bill is likely a no-go. But Wyden’s proposal could “make big fines and prison sentences part of the discussion” over privacy, something both Republicans and Democrats seem to be itching to have.

➤ Waymo doesn’t need drivers. At least in California. The company became the first granted a permit by the state’s DMV to test cars without a safety driver riding shotgun, though a remote operator will stand by take the wheel from a far if things take a turn for the worse. After the state DMV put the finishing touches on driverless car regulations in February, California joined Arizona as a host to Waymo’s Early Rider program, VentureBeat reports. But some think the company is leaving safety in the dust by trying to get ahead of the competition. MIT’s Bryan Reimer tells Consumer Reports that autonomous vehicles should “undergo the same type of trials that pharmaceutical companies face when seeking approval from the Food and Drug Administration for a new drug.”

➤ Crypto ATM. Running short on Bitcoin and need it in a pinch? New Yorkers relying on Bitcoin ATMs may be pleased to hear that Coinsource, the operator behind such crypto cash vending, was granted a virtual currency license by the state’s Department of Financial Services this week. The license allows ATM users to stock up on bitcoin or trade it in for cash by scanning their mobile wallet. But the relationship with the Empire State is give and take: To get the license, companies need to quickly resolve consumer complaints and maintain consumer protections, as well as take steps to stop terrorist financing and money laundering.

Dose of Dystopia: Is a Nationwide Biometrics Database Underway?

Robbie.AI and SureID may not be household names, but the companies are teaming up to create what they’re calling “the United States’ first nationwide biometrics gathering system for broad consumer-focused services.”

So what are those services? The companies offer up a few examples in their press release, such as job candidates using fingerprints and facial recognition in accessing services and improved authentication measures for smart phones. But the idea of niche identifiers all under one privately owned, nationwide roof may sound the alarm for some privacy advocates.

As Naked Security’s Danny Bradbury notes, “The worry with biometric authentication has always been that someone might crack it by replicating a person’s features,” citing an instance of a Vietnamese security company wrapping a silicon mask on a 3D frame with an infrared print of a person’s eyes to hack into Apple’s FaceID system to make his point. And while the companies are confident in their security capabilities—Robbie.AI claims weight gain doesn’t impact its facial recognition results—hacks are always a possibility, meaning there’s also a worry that the database itself can be cracked through other means.

This sort of compromise isn’t unprecedented with nation-state attempts to collect citizen biometric information. The hacking of China’s Office of Personnel Management computers resulted in the lifting of over 5 million individuals’ fingerprints. In India, meanwhile, journalists were able to get access to the country’s entire biometric database, Aadhaar, for the equivalent of $8.

And when it comes to privacy, even the most middle of the road advocates might be a bit spooked by the concept of a biometrics gathering system for the entire country. As ZDNet’s Greg Nichols describes it, the idea can seem “anathema to presumed rights of privacy” regardless of intent.

What’s more, legal recourse around biometrics use is fairly limited—Illinois’ biometrics law, arguably the strongest around, doesn’t cover phone handling behavior currently used for authentication by banking apps, a method that Edelson PC’s Chris Dore dubbed “an evolution” of biometrics.

Nevertheless, Nichols says, “The convergence of facial recognition and traditional biometrics like fingerprinting is inevitable, and advocates see it as a security win.”

➤ Looking Ahead: Despite privacy concerns, the security benefits of biometrics, coupled with technological capabilities, make something like a coast-to-coast collection of facial information and fingerprints seem inevitable. And recourse for security snafus and the like is presently limited.

That’s it for this week! Stay tuned for What’s Next!