25
Disruption of the business process
Risk
Description
Mitigation
Incorrect vote
counting or
reconciliation
Certain processes that happen
outside of voting (e.g. securities
lending), inherent in the voting
process (e.g. pre-voting), or
resulting from malicious intent of
one of actors may result in
incorrect counts of votes and
incorrect voting outcomes.
Voting rights are represented by
special tokens in the blockchain.
The tokens are created strictly
according to the legislation at the
authorized node using relevant
position information.
Exclusion of
participants from
voting
Cut-off dates are present in
many countries. Asset
movements around these dates
are not always recorded on time
or correctly, potentially affecting
not just vote counts, but also
shareholder eligibility for
participation in the meetings.
Voting rights tokens are generated
at the source which has the most
up-to-date information. The
blockchain code automatically
ensures voter eligibility and forces
all other nodes to reconcile with
the source if they have conflicting
data.
Disruption of the
process by a
malfunctioning,
malicious or
compromised
actor, performing
actions within the
rights assigned to
that actor
The business process supported
by the system must be
thoroughly tested and verified to
prevent situations where a node,
behaving legally as defined by
the system, can cause
unwanted consequences
resulting in some sort of system
disruption.
The blockchain code strictly
defines the eligible actions at any
state of the system. It can be
formally verified that any valid
action always switches the system
to a valid state.
Incorrect initial
loading of data
Regardless of how well-
protected the data is on the
distributed ledger, it is possible
for it to be incorrect before it is
entered into the ledger. This can
affect anything in the system,
from generating minor errors to
completely disrupting the
process.
Most error-prone data items (e.g.
positions) are entered via multiple
channels and the system has a
built-in reconciliation mechanism
that will highlight problems.
26
Risk
Description
Mitigation
Disruption of the
process by
altering the code
that governs
restrictions and
process
The codified business process
defines the rules by which all
process participants must abide.
If this process is changed in a
way that some of the
participants expect, their actions
will have different meaning than
they intended and may render
the system completely
inoperable.
Modification of the chain code
and/or smart contracts, which
govern all processes and
restrictions in the blockchain, is
only possible by a consensus of a
sufficient number of nodes.
Depending on the system
architecture, it may be possible to
not allow any changes for anyone
for any reason. In case changes
are allowed, they can also be
governed by a change process,
which would prevent undesirable
changes from happening.
Tampering with data
Risk
Description
Mitigation
Tampering with
any voter data in
the distributed
ledger: voting
rights,
instructions or
final vote counts
Tampering with data may alter
the results of the voting or
mislead the stakeholders.
All data in blockchain is immutable
and can't be modified. Tampering
with any data is mathematically
impossible.
Data destruction
Destroying any data or
transactions that happened
within the voting process may
influence voting results and
disrupt the audit process,
concealing potential malicious
actions.
All data in blockchain is immutable
and can't be destroyed. Tampering
with any data is mathematically
impossible.
27
Compromising access to confidential data
Risk
Description
Mitigation
Unauthorized
access to data
independent of
voting: positions,
user identities
Personal data is not intended to
be revealed and may be of
strategic significance to the
shareholders. Revealing this
data may allow perpetrators to
exert influence in a way that is
not intended by the law.
All private data is encrypted on the
blockchain.
Unauthorized
access to voting
information
(instructions,
proxies, vote
counts) after the
process
Certain types of data are not
intended to be revealed and
may be used to deduce
personal information or
decisions that were meant to
remain hidden, which may allow
perpetrators to exert influence in
a way that is not intended by the
law.
All private data is encrypted on the
blockchain. Behavioral patterns
(e.g. votes from particular wallets
towards particular outcomes) are
protected further using zero
knowledge algorithms, which
prevent unauthorized actors from
deducing anything about them.
Unauthorized
access to voting
information
(instructions,
proxies,
preliminary vote
counts) during
the process
Gaining access to preliminary
voting results will allow the
perpetrator to vote tactically
according to the situation, giving
him an unfair advantage over
other voters.
All private data is encrypted on the
blockchain. Behavioral patterns
(e.g. votes from particular wallets
towards particular outcomes) are
protected further using zero
knowledge algorithms, which
prevent unauthorized actors from
deducing anything about them.
Unauthorized
actions on behalf
of an actor
managed by an
intermediary
Many voting parties execute
their voting rights via specialized
intermediaries, who end up
casting votes on their behalf. If
the intermediary is compromised
or its systems are
malfunctioning, it is possible to
execute unauthorized actions on
behalf of the voting party.
DLT supports confidentiality on the
level of the ledger, so unless the
private key of the actor is
compromised, no actions can be
taken on behalf of that actor.
Protecting the keys is much easier
than protecting the whole system,
and malfunctioning system can
only cause damage within the
access rights of its current actor.
Dostları ilə paylaş: |