On November 6, West Virginians who are serving in the military or living overseas will be able to vote in a brand new way — via an app on their smartphone.
But in a climate that’s rife with fear of US election hacking, this new method of voting is raising some questions.
In the fall of 2016, Russian hackers successfully infiltrated Illinois’s voter registration system and probed other states’ election websites. No votes were changed and no outcomes were altered — but it was a scary reminder of the weaknesses in our system. In January 2017, the US intelligence community concluded that Russia had meddled in the US presidential election. And this year, top US officials have said that Russia is trying to infiltrate our elections again.
In response, states are trying to beef up their cybersecurity defenses, with support from the federal government. But it may not be enough, as an 11-year-old who hacked a replica of Florida’s election website in 10 minutes last weekend proved. Which is why the timing of the new mobile voting initiative in West Virginia seems so odd.
As CNN reported on August 6, West Virginia will soon allow active-duty service members and other Americans stationed overseas to vote via a new smartphone app called Voatz. The state tested the program in real-time for service members in two counties during the state primaries in May, and is now allowing all counties in West Virginia to opt in for the federal election in November.
Voatz, a Boston-based company, says in a promotional video that it wants to turn “every smartphone and tablet into a secure voting booth.” The company will verify individuals by matching a government issued-ID with a live selfie before allowing voters to submit their ballots.
The app promises privacy and says it will make the ballots anonymous once they’re submitted. It records the votes through blockchain, which is basically a public ledger that shows that what was transmitted by the voter wasn’t changed along the way. (It’s the same system that’s used to record bitcoin transactions.)
But casting a vote on a smartphone involves obvious risks, from malware on devices to compromised networks. Regardless of whether you use blockchain to record votes, J. Alex Halderman, a professor of computer science at the University of Michigan, told me, “voting over the internet is a very, very hard, unsolved security problem.”
It’s unclear how many of West Virginia’s 55 counties will use the technology in the 2018 midterms, though Michael Queen, the deputy chief of staff and director of communications for West Virginia’s secretary of state, said they’re looking for about a dozen or so counties to participate. He stressed that the voting pool will still be small — and it’s not a requirement for overseas voters, who can still mail in or fax absentee ballots.
The 2018 election, however, is a consequential one. And while the rest of the country debates how to keep the electoral system secure, this new online voting method is prompting bigger questions about security, and about what the future of voting may look like.
Voting with Voatz (or is it Voating?)
West Virginia’s experiment with Voatz has a very important objective: The state wants to make it easier for civilians working abroad and service members who are stationed overseas, sometimes in remote areas, to vote. According to the Election Assistance Commission, in 2016, only about 68 percent of the more than 930,000 ballots transmitted were returned — meaning close to 300,00 people who seemed to want to vote never did.
Mobile voting offers the potential to close that gap.
West Virginia used the new voting tool during the state’s May primaries, and West Virginia’s Secretary of State Mac Warner told CNN that tests of the tool, “including its cloud and blockchain infrastructure,” didn’t reveal any issues. Voatz confirmed to Vox that this was indeed the case.
Less than 20 service members — stationed in seven countries — used the app at this time, according to Queen. He added that they hope for about 100 during the November elections, but right now, it’s hard to estimate what the turnout will be.
“These are some very unique circumstances that these soldiers and sailors and airmen and guardsmen find themselves in,” Queen said. “We want them to know that we’re trying to protect their right to vote, like they’re doing for the rest of us.”
“We’re not advocating this on a grand scale,” he added.
Here’s how Voatz will work in West Virginia: Service members and overseas residents who are interested in participating in the 2018 midterm elections pilot program would first notify the county clerk that they want to vote online. Once they’re deemed eligible, they receive an invitation through a secure link to download the app. Voters use a valid government-issued ID and take a “live selfie” that matches the two together — a kind of facial recognition technology.
When the voter is approved, he or she will fill out the ballot on her phone, marking the preferred candidates. Nimit Sawhney, a Voatz co-founder, said the app may prompt you for a fingerprint or another selfie as an additional layer of security. “Once you complete that,” he said, “your ballot is anonymized and submitted through the network.”
The ballot is recorded on blockchain and submitted back to the county clerk’s office, where election workers print it out and tally it up just like any other absentee ballot. (Sawhney says they’re introducing a receipt generated after the votes are submitted so it can be compared with the votes transmitted to local elections officials.)
Voatz has carried out more than 30 pilot elections to test the app, which included about 75,000 individual votes. Some of the pilots have been used at conventions, including the 2016 Massachusetts Democratic Convention, where the party chair gave the app positive feedback.
They also carried out a test vote at the 2016 Utah Republican Convention, where the company admitted in a statement that it failed to get great reviews because it was “unable to support the large numbers of voters who simultaneously attempted to download the app and become verified within a short 30-minute period before voting started.” The experience helped them, the company said, “make changes and improvements to our system.”
A city council in Massachusetts has also used Voatz for its elections, Sawhney said. But beyond the West Virginia primary in May, the midterms in 2018 will be the first general federal election where the app has ever been used.
It’s worth noting that the app has not been certified as secure by the Election Assistance Commission, a independent federal agency that tests and certifies voting systems, but Queen said West Virginia is actively working with the agency ahead of the 2018 midterms.
According to Sawhney, they’ve done thorough testing, which included many mock elections and pilots. At some point, he concluded, “you have to take the leap into a live scenario.”
Some security experts are concerned
As mentioned earlier, Voatz relies on blockchain to record the votes. Blockchain, in brief, is a digital ledger that records data — in this case, your vote — but once it’s published, it can’t be canceled or altered.
Voatz says its blockchain is “permissioned,” which means you need to be an authenticated user to access it, ostensibly making it more protected.
But the problem, according to Philip Stark, a professor of statistics at the University of California Berkeley, is that blockchain does nothing to solve the really difficult problems of voting online. “The one-sentence summary is it’s a scam,” he said of Voatz. “They are not doing what they claim to be doing.”
Halderman, the computer science professor, echoed Stark’s assessment. “The hard part of voting online is ... [securing] the client that the user is voting from and making sure it doesn’t have malware on it,” he said. “It could be trying to change the votes or steal the voter’s identity while the person is using the system.”
There are other issues, Halderman continued, like authentication — ensuring that the person who is voting is actually the person he says he is.
Sawhney admitted that while blockchain provides a secure, tamper-resistant way to record the actual votes, it doesn’t solve all the problems. “I don’t think anybody is claiming that [it does],” he said. “It’s just one piece of the puzzle.”
When it comes to security risks, he suggested that a would-be hacker would have to do many things at once — such as hack the phone, break through Voatz’s security, write code to specifically tamper with the app, and alter the vote.
“All these things have to be done simultaneously,” Sawhney said. “That’s theoretically possible. Practically, it’s really, really hard to do. It’s not realistic. When you think of threats, there are always some threats. What is the realistic possibility of that happening while a person is voting?”
So the Russians, the Chinese, or a 400-pound guy sitting on his bed would face a lot of challenges if they try to mess with the Voatz’s voting system. But Halderman, Stark, and other security experts have noted it’s hard to know for sure because Voatz hasn’t been totally forthcoming about the technical details concerning security — or other potential vulnerabilities such as identity theft.
“[Voatz] has the appearance, based on the blockchain hype and based on the lack of technical descriptions of how it works, of being snake oil,” Halderman said.
Three independent technology firms were used to “vet” Voatz, and the results of the audit were apparently reassuring enough that West Virginia will use the technology in the midterm elections. (Vox reached out to two of them — HackerOne, which has a community of hackers to probe systems; and Security Innovation, which inspected source code — but has not heard back.)
When asked if Voatz would make public the findings or results of those security audits, Sawhney said that it could not because they would contain proprietary information, but it welcomed people to view their results at their Boston headquarters in a secure spot after signing a nondisclosure agreement.
But even Voatz, in its terms of service, says it “cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third-parties will not be able to defeat our security and improperly collect, access, steal, or modify your Personal Information, but we do try our very best to make sure that never happens.”
How to think about Voatz, and online voting generally
In 2010, Washington, DC, decided to create an online voting system for men and women serving in the military overseas. Prior to launch, DC officials invited hackers to try their hand at it.
Halderman and a team of other computer scientists from the University of Michigan decided to participate. “It’s not every day that you’re invited to hack into the government without going to jail,” Halderman said.
In the end, it took them less than 48 hours to break into the system. The hackers gained access to the cameras monitoring the server room of the DC Board of Elections and elected fake candidates. “They only noticed anything was wrong because we left a calling card,” Halderman said. “We modified the website so that every time a voter voted, their computer would start playing the Michigan fight song.”
Not all hackers would leave a calling card so obvious. And Voatz won’t have a test run — when it goes live, it will be for the 2018 midterms. “This is just not the way to experiment with new technology,” Stark said, “even if there’s hope that the new technology will work.”
And this is really the dilemma. The program has a worthy goal — to expand access to military voters and other residents overseas. Some experts also told me that blockchain may have real potential for increased transparency in voting systems going forward. The Voatz system itself may be effective and secure.
But it also may not be.
And as the US government and states struggle to safeguard the systems that are already in place, the biggest problem experts have pointed to is digital “voting systems” — from registration to printing out ballots.
Voatz insists that it has taken the proper precautions and carried out the proper tests, and that both the 2018 primary and the 2018 midterm “pilot” will be relatively small-scale, this is a real election — which could be close, or contested.
At a conference in May, cybersecurity expert Bruce Schneier expressed his hopes for online voting going forward. “I want to build a robust system that is secure despite the fact that computers have vulnerabilities, rather than pretend that they don’t because no one has found them yet. And people will find them — whether it’s nation-states or teenagers on a weekend,” Schneier said, according to an NPR report.
Voting systems are not magical in any way since they’re computers, he continued. “Computers are basically insecure.”