West Virginia will let troops and other citizens living abroad vote by smartphone through an app this November, making it the first US state to allow voting on a smartphone in a federal election.
As the United States grapples with ways in which Russia meddled in the 2016 election, West Virginia secretary of state Mac Warner and Voatz, a Boston-based blockchain startup, say the system is secure.
“All that is needed to cast their vote is a compatible Apple or Android mobile device and approved, validated State or Federal ID,” West Virginia officials wrote in their pilot proposal (pdf). (As of Jan. 1, 2018 all West Virginia residents are required to present ID in order to vote.) Though the idea of tapping to vote is appealing in concept, casting a ballot online also raises a host of new security concerns.
“Mobile voting is a horrific idea,” the Center for Democracy and Technology’s Joseph Lorenzo Hall told CNN. “It’s internet voting on people’s horribly secured devices, over our horrible networks, to servers that are very difficult to secure without a physical paper record of the vote.”
To vote, West Virginians will simply take a selfie, which the Voatz app will match with a State ID database using facial recognition. Once a ballot is cast, it will be anonymized and recorded using a blockchain, the distributed ledger technology that powers cryptocurrencies like Bitcoin. Unlike Bitcoin, however, Voatz uses a “permissioned blockchain” that requires a voter or auditor to first be verified before they can review or input new information.
Though Voatz encrypts voter data, there’s no real way to guarantee that the phones and networks voters use to access the app won’t be vulnerable. (It’s entirely possible for data from phones to be intercepted along the way.) Security architect Kevin Beaumont tweeted a thread calling out the app’s site for out-of-date data encryption and authentication services.
Voatz called the claims “false propaganda,” adding that “most of the comments in the thread are incorrect or misrepresentations,” in a response to Vanity Fair.
The idea for Voatz was born at a 2014 hack-a-thon, at the South by Southwest technology festival in Austin, Texas. CEO Nimit Sawhney, whose background is in mobile payment security, wanted to build a way for anyone to vote from home. However, given the general skepticism of both private election companies and blockchain startups, Voatz has had to fight an uphill battle to build trust from governments, security experts, and voters.
Secretary Warner, a former US army colonel himself, was familiar with the cumbersome vote-by-mail process for citizens living abroad and wanted to find solution, a spokesperson from his office told Quartz. (The Washington Post estimated that in 2012, 250,000 overseas and military voters who wanted to vote were “unable to navigate the system.”)
Warner’s office said they were impressed with Voatz’s biometric authentication and blockchain-powered security, but failed to elaborate further on why the company was specifically chosen for this test. After successfully piloting the technology in two counties in May, the state decided to extend the test to the general election.
Voatz has conducted more than 30 successful pilots that range from state party conventions to student government elections, the company told Quartz. But not all Voatz-powered elections have run smoothly.
In a pilot in Utah, for example, the startup was unable to support the large numbers of voters who simultaneously attempted to download the app and become verified within a half-hour of the polls opening. “While the Voatz team was disappointed with the outcome of the Utah pilot, it was a valuable learning experience that we have used to make changes and improvements to our system,” the company told Quartz via email.
Despite the potential hiccups, voting over the internet does have some precedent globally.
Over a dozen countries have experimented with online voting. In Estonia, more than 30% of votes were cast online in the last several elections, according to Tarvi Martens, chairman of the Estonian electronic voting committee. However, an independent research group from the University of Michigan took a closer look at Estonia’s system and found that the system “has serious architectural limitations and procedural gaps that potentially jeopardize the integrity of elections.”
In the US, the risk of hacking could be even higher. Because the United States does not issue national ID cards (most federal agencies rely on state-issued identification), it’s more difficult to remotely verify someone’s identity in a federal election. And, unlike Estonia, which uses a proportional representation system to elect officials, the US has a winner-take-all system. This makes the stakes higher for each candidate, and thus makes election meddling more tempting.
Recently, Dan Coats, the director of national intelligence, told an audience at a Washington, DC think tank that he believes the chance of a cyber-attack on the US is growing greater. “The warning lights are blinking red,” he said.