Other US states are piloting the blockchain-based Voatz app, but cybersecurity researchers say digital voting is rife with vulnerabilities.
This article is part of TechRepublic's series on how states across the US are approaching the cybersecurity threat to the 2018 midterm elections. Read each installment:
or download the entire series as a free PDF.
During the 2018 midterms, deployed military personnel from West Virginia will be the first in the nation to vote in a federal election on their smartphones using a blockchain-based app—despite numerous concerns from cybersecurity experts.
Concern over voting security in the midterm elections is rising, after the Department of Homeland Security detected Russian hackers targeting voter registration databases in at least 21 states in 2016. While most of the systems were not breached, and there is no evidence that Russian agents were able to manipulate voter data or election results, it's likely that the cybercriminals were scanning them for vulnerabilities to potentially exploit in the future, the department said.
As a result, West Virginia has taken several steps to ensure the security of its voting systems, and to improve voter participation among deployed military personnel, who often have difficulties accessing mailing services for absentee ballots, said Mike Queen, deputy chief of staff and director of communications in the West Virginia Secretary of State's Office.
SEE: Security awareness and training policy (Tech Pro Research)
When Congress approved a 2018 spending bill that included $380 million for the US Election Assistance Commission to address cybersecurity issues, West Virginia was the first to apply, and received $3.5 million. Combined with other funding sources, the state made about $12.6 million in voting machine improvements across its 55 counties in the past eight months. These include upgrades to machines, and more rigorous election official training, Queen said.
"It's the primary responsibility of the candidates and political parties to get people out to vote, but we can leverage that by having a good, safe system where people have confidence that their vote is going to count, and that every vote is a legitimate vote," Queen said.
A new option for military personnel
In the 2016 presidential election, nearly 300,000 US voters living overseas requested ballots, but were not able to return them, according to the US Elections Assistance Commission. West Virginia Secretary of State Mac Warner wanted to find a mobile voting option with strong security measures including blockchain, biometrics, and a verified paper trail, and found the Boston-based startup Voatz, which uses facial recognition and the HyperLedger blockchain framework to collect ballots.
West Virginia pilot tested the app for overseas absentee ballots in two counties during primary elections in May. Some 16 people deployed in six countries used the app to vote. Voatz conducted three independent audits of the process, and found no problems, Queen said. The pilot has now been rolled out in 24 counties for the midterms. The state hopes to receive at least 200 transactions to perform more audits and verify the platform's security.
Despite the increased testing, West Virginia has no plans to roll out mobile voting to the general population, Queen said.
"This is not an option for mainstream voting," Queen said. "It is only to address a very small segment of our overall population—those military men and women who are in remote areas without [traditional] phone and postal services."
SEE: Cybersecurity and the 2018 Midterms (TechRepublic Flipboard magazine)
How blockchain voting works
While West Virginia may not have plans to widely implement mobile voting, Voatz does, according to CEO Nimit Sawhney. The company launched in 2015, and has administered more than 30 pilot elections with 75,000 votes. These include internal elections for the Democratic and Republican parties in Massachusetts, as well as those for colleges, nonprofits, and church groups, Sawhney said. More statewide projects will be announced in the near future, Sawhney said.
"We'd like it to be eventually available to everyone," Sawhney said. "But that's a far ways away. It's new technology. It makes sense to roll it out in a slow, step-by-step way."
To fill out an absentee ballot on the Voatz app, the voter must first submit a ballot request form from the federal Voter Assistance Program, Sawhney said. The county clerk then provisions that order in the Voatz system. Voatz sends a notification to the voter, who receives access to a portal to download the app on certain iOS or Android devices. They enter their mobile number and email address, which must match the information from the county clerk, and receive a security code via SMS or email.
Once in the app, the voter takes a picture of their government-issued ID, along with a live selfie, and facial recognition technology will verify that it is the same person, and that the ID is real. The voter then uses a fingerprint or a face ID to verify their identity again and log into the app.
The voter can then access and submit their ballot on their device. Once submitted, the app anonymizes the ballot, and stores it on the blockchain. The voter receives a receipt with their selections, and can report any discrepancies. The ballot is stored until election day, when election officials remove the key from the blockchain, print out the ballots, and tabulate them the same way that in-person ballots are counted, Sawhney said.
SEE: Quick glossary: Blockchain (Tech Pro Research)
Voatz made some changes to the app after the first West Virginia pilot this spring, primarily on the user interaction and interface side, Sawhney said. It also formalized the use of printing out a paper ballot on election day for counting and auditing purposes.
"If there's any issue with something getting tampered over the air or while on the blockchain, it will be detected in the audit," Sawhney said. "We wanted to add the extra layer of security so we can do two post-election audits, and produce a report to show the skeptics that this thing is actually way more safe than how things are currently done."
Post-election audits are necessary regardless of what technology is used for voting, Sawhney said. Since Voatz has two levels of auditing along with a receipt and paper trail, "that gives us a lot of confidence that this process is safer, better, and more transparent than any existing process," he added. "We feel very strongly that this is the way to go in the future, and as long as you do an audit after an election, if there's any discrepancy you will find it there."
If the audit unveils a problem, "there will obviously be some kind of remediation process in terms of what could be improved in the future, and what other checks need to be added to make sure the problem doesn't happen again," Sawhney said. This is why the company wants to keep its pilots at a very small scale for now, he added.
Security concerns rampant
Cybersecurity experts are less confident in the safety and viability of a system like Voatz.
"This is the last thing that people need to be thinking about when it comes to voting right now," said Joseph Lorenzo Hall, chief technologist at the nonpartisan Center for Democracy and Technology. "There are so many more boring pieces of low-hanging fruit, like two-factor authentication, password management, and defending against phishing attacks. But that's unfortunately not as exciting to most people as the blockchain voting stuff."
SEE: Incident response policy (Tech Pro Research)
The core problem with blockchain voting is that it is a form of internet voting, Lorenzo Hall said. "It fundamentally requires computers communicating over the internet to do these kinds of things," he added. "And internet voting is probably one of the worst ideas ever. Our phones, our networks, the servers on the other side, every single one of those is totally insecure."
Sawhney compares mobile voting to mobile banking, which most people feared 10 years ago, but is now a common practice.
But this argument discounts the amount of online banking fraud that occurs, Lorenzo Hall said. "They can buy insurance for it or build it into the price of services," Lorenzo Hall said. "But we won't accept an election system where 10% of ballots just disappear or change without anyone noticing."
Systems that involve submitting encrypted ballots to the blockchain also must contend with the fact that the forms of encryption we currently use will be broken within 10 to 20 years, Lorenzo Hall said. "We expect an amount of secrecy around voting," Lorenzo Hall said. If your votes can be exposed in the future, that could lead to dire consequences, he added.
"If nothing goes wrong with it, it will be because people weren't motivated to mess it up," said Juan Gilbert, chair of the department of computer and information science and engineering at the University of Florida, Gainesville, and co-author of the Securing the Vote report from the National Academies of Sciences, Engineering, and Medicine. "There are so many different ways to attack it. If it was absentees, then it's maybe a very small number, so people may not be as motivated, but it still is the most vulnerable, by far."
Ultimately, it comes down to a calculation of risk vs. reward, Sawhney said. "No system is 100% perfect, but the likelihood of a voter who is eligible to vote representing the military overseas getting [her/his] phone compromised as they're voting, and that vote being altered and remaining undetected on the blockchain—that's really, really hard to pull off."
In July, a cybersecurity official in the Department of Defense said that Russia is more focused on spreading disinformation and dividing voters ahead of the midterms than on attempting to hack voting systems the way it tried in 2016.
Creating chaos and distraction that leads Americans to distrust the election system is likely to be the larger issue in the future, Gilbert said. For example, if a county uses online voting, and the server is locked by ransomware so that ballots are either held hostage or destroyed, that would greatly diminish faith in the election process, he added.
This is also a problem if a post-election audit reveals that votes were tampered with, said Danielle Root, voting rights manager at the left-leaning Center for American Progress. If this is the case, there must be a system in place to overturn election outcomes, Root said.
"This is a national security issue, and a bipartisan issue," Root said. "We need to treat it as such, and we really need to up our game before 2020."
- Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (free PDF) (TechRepublic)
- Did Russia's election hacking break international law? Even the experts aren't sure (ZDNet)
- Ransomware: A cheat sheet for professionals (TechRepublic)
- Election security is a mess, and the cleanup won't arrive by the midterms (CNET)
- What to expect from cyber-attacks during an election year (TechRepublic)
- West Virginia pioneers voting from an app for 2018 midterm elections (Download.com)