W. Virginia's Decision to Allow Smartphone Voting for Midterms Raises Serious Security Concerns
For the first time in our nation's history, voters in 24 counties in W. Virginia will be able to vote using their mobile phones. While some are hailing the decision because it will make voting easier for members of the military deployed overseas, experts are warning of possible security breaches.
"After researching previously available options, the Secretary’s team identified that most electronic ballot delivery technology required access to a desktop computer, printer and scanner, all of which present significant barriers to overseas voters, especially those in combat zones or engaged in covert operations," the W. Virginia Secretary of State's office explained in a press release this week. The state is partnering with a Boston, Massachusetts-based company called Voatz, Inc.
"Voatz has developed a secure mobile voting application that allows voters to receive, vote, and return their ballots electronically," the press release claims. "The application also utilizes blockchain technology to store electronically submitted ballots until election night, and requires a heightened standard of identity verification for users than traditional absentee ballot processes. This project is unprecedented in United States history, being the first mobile voting application and first use of blockchain technology in a federal election."
During the state's primary election in May, a pilot was conducted in two W. Virginia counties with voters in six different countries utilizing the technology. "Post-election security audits by several independent and widely respected technology auditing companies showed that the technology provided a secure platform for voting and an alternative to the traditional absentee paper ballot," the Secretary of State's office declared. "Voatz’s app, which also utilizes biometric facial recognition software and thumbprint safeguards to ensure the identity of the voter, increased the confidence of the auditors. In short, the nation’s first mobile voting app test pilot was a success."
In order to use the mobile technology, users register with Voatz by taking a picture of their government ID and also a selfie video of their face. Voatz then uses facial recognition software that (they claim) can verify the voter's identity. Once approved, voters can cast their ballots using Voatz's app. After the vote is cast it is added to the blockchain, a digital ledger of sorts, popularized by digital currencies such as Bitcoin.
"Because blockchain is a distributed ledger of transactions, military mobile votes become immutable and tamper-proof once recorded," says Voatz.
The state of W. Virginia admits that there are "substantial" security concerns, but explained that Voatz will be utilizing "federal standards for software development, regular maintenance and security upgrades, in-depth penetration testing, source code auditing and audits of the system’s cloud infrastructure. After surpassing those requirements, the pilot moved forward."
Federal standards? That alone should raise red flags.
A report from Thales eSecurity points out that 71 percent of federal agencies have experienced data breaches. Their 2018 "Data Threat Report" concluded that "federal agencies are experiencing a 'perfect storm" around data that is putting agency secrets, and the private data of over 330 million citizens, at risk."
Research Principal Analyst Garrett Bekker posited that "the U.S. federal sector has experienced a higher rate of breaches in the past year than any other sector."
A Heritage Foundation report on 2017 federal cyber breaches concluded, "In fiscal year 2016, government agencies reported 30,899 information-security incidents, 16 of which met the threshold of being a major incident." The report includes an extensive list of breaches.
A report at Spiegel Online last month warned of a wide variety of security concerns with mobile voting:
- To start with, the infrastructure that Voatz uses cannot be secured -- i.e., the voters' smartphones and the networks used to transfer the data.
- Voatz is also sketchy on details relating to its use of blockchain technology, making it unclear whether it offers a specific advantage over standard databases. "With all the servers in the custody of the vendor, a dishonest vendor could do anything they want to the results," warned Marian K. Schneider, president of the U.S. advocacy group Verified Voting.
- Voatz says it has commissioned third-party firms for extensive security audits. But information about these security firms on Voatz's website has been repeatedly revised in recent days, apparently in response to queries from the media.
- There are no indications that a technical inspection by state authorities took place either. Voatz, at the very least, has made no claims to that effect. If that didn't happen, it would mean that the public authorities aren't even aware of what, exactly, is behind Voatz's technology.
- Internal Voatz code has popped up in at least two places on the platform Github, a mass database where code is uploaded and widely shared. The company claims it was test code unrelated to the real system. But details in the code raise concerns that Voatz doesn't always attach the utmost importance to common security practices.
It's important to remember that in April the Department of Homeland Security announced that Russian hackers had targeted all 50 states during the 2016 election cycle.
Assistant Secretary Jeanette Manfra told lawmakers at the time, "Two years ago the Russian government launched a brazen, multi-faceted influence campaign aimed at undermining public faith in our democratic process, generally and our election specifically." She added, "That campaign involved cyber espionage, public disclosure of stolen data, cyber intrusions at the state and local voter registration systems, online propaganda, and more. We cannot let it happen again."
Director of National Intelligence Dan Coats also warned that “the warning lights are blinking red” with respect to Russian interference in U.S. elections.
West Virginia has seemingly ignored those warnings, launching headlong into mobile voting with a barely tested technology. While everyone agrees that we want to make it as easy as possible for military voters to participate in elections, those needs must be weighed against security concerns. In reality, the men and women serving in our armed forces are being used as guinea pigs for an experimental technology that could conceivably be vulnerable to hackers and others determined to disrupt our election processes. While paper ballots are cumbersome and the vote totals are often delayed, they've been proven over and over again to be the most secure way to cast a ballot.
Paper ballots are "absolutely the safest way,” to vote, Richard DeMillo, a cybersecurity professor at the Georgia Institute of Technology in Atlanta, told Bloomberg. “All this fancy stuff—you are talking to a computer scientist, and it breaks my heart to say this—but it just drives up the cost and doesn’t add anything.”
National Academies of Sciences, Engineering, and Medicine warned in a 2018 report that election administrators should work toward using “human-readable paper ballots" for the 2020 presidential race and should make "every effort" to use them for this year's elections.
“The issues highlighted in 2016 add urgency to a careful reexamination of the conduct of elections in the United States and demonstrate a need to carefully consider tradeoffs with respect to access and cybersecurity," the report explained.
The researchers further warned that ballots that have been marked by voters “should not be returned over the Internet or any network connected to it, because no current technology can guarantee their secrecy, security, and verifiability.”
Follow me on Twitter @pbolyard