After trying Internet voting for overseas voters, West Virginia is expanding the option to those with physical disabilities. But MIT researchers now say they’ve found worrying flaws in the app the state has been using.
West Virginia, which has become an early tester of blockchain voting, is expanding Internet voting to include those with physical disabilities.
But the move comes just as researchers from the Massachusetts Institute of Technology (MIT) have published a paper asserting that Voatz — the app West Virginia has been using in its pilot tests — has serious flaws, including the ability of bad actors to change votes without voters' knowledge.
Gov. Jim Justice signed SB 94 into law last week giving the secretary of state permission to create a system that allows people with physical disabilities to vote electronically. The Office of the Secretary of State lauded its success with Boston-based vendor Voatz that tallied 144 ballots from uniformed and overseas citizens in 2018. The Secretary of State’s Office may choose the startup again to enact the new law’s mandate for the 2020 primary and general elections.
But election security experts and computer scientists have grown increasingly skeptical of the cybersecurity surrounding voting apps, especially after a mobile app used during the Iowa Caucus recorded data accurately but only reported it partially due to a coding error.
Though what happened in Iowa was more technical in nature, experts caution that systems like Voatz's are susceptible to cyberattacks despite claims of advanced defenses based on encryption technology. Voatz, for example, leverages the biometric systems built into smartphones coupled with blockchain storage to secure ballots.
Researchers from MIT reverse engineered the Voatz app and found critical gaps in security, according to a research paper. The team recreated the company’s system based on publicly available information and learned that bad actors could monitor votes being cast and change or block ballots without voters' knowledge.
Susan Greenhalgh, vice president of programs for the nonpartisan National Election Defense Coalition (NEDC), said blockchain isn’t as secure as it's purported to be and that existing malware lying in wait on smartphones and tablets can be leveraged by hackers to change a vote after a ballot is cast and before the information is locked into the blockchain.
“We can’t afford to introduce a system that’s not secure and it’s also not right for one segment of the voting population to vote on something that could be tampered with more readily than anyone else’s vote,” Greenhalgh told Government Technology.
Additionally, the NEDC found in its own studies that a blockchain can be compromised if half the servers are hacked, she said.
Voatz categorically refuted the MIT paper, stating the researchers worked with a version of the app that was at least 27 versions behind the company’s current app and that they took liberties when simulating the servers.
“The reality is that continuing our mobile voting pilots holds the best promise to improve accessibility, security and resilience when compared to any of the existing options available to those whose circumstances make it difficult to vote,” the company wrote in its response.
Meanwhile, Voatz quietly posted a report by the Cybersecurity and Infrastructure Security Agency (CISA) Hunt and Incident Response Team (HIRT) earlier this week.
HIRT assessed 14 of the company’s servers, 21 workstations and monitored network traffic at Voatz’s corporate headquarters in Boston from Sept. 27 to Oct. 4, 2019. The HIRT report concludes that its analysts did not find “threat actor behaviors or artifacts of past activities.” They did identify areas where the company’s IT personnel could deploy defense-in-depth protections and configurations — a multi-layered approach with redundancies — to better defend the network.
Donald Kersey, the general counsel for the West Virginia Office of the Secretary of State, said the state is closely monitoring the growing cybersecurity concerns circling electronic voting. He said the state hasn’t chosen a vendor solution for Internet voting yet, and officials are weighing options like Voatz or the no-cost Maryland online absentee-ballot system, which has also faced criticism for vulnerabilities.
“You have to make sure you’re balancing integrity with security while at the same time making sure that the public understands what you’re doing and believes that it is secure enough to keep their confidence high in the results,” he said.
Tusk Philanthropies provided the state with Voatz during the 2018 election and will make a recommendation for 2020, but the state reserves the right to forgo the offered option and go out to bid, he said. Voatz is backed by Bradley Tusk, a venture capitalist who has used the philanthropic arm of his holdings to facilitate government use of the voting app.
To date, Voatz has carried out several pilot projects, accounting for about 600 votes in federal elections in Denver, West Virginia and counties spanning Oregon, Utah and Washington state.
Greenhalgh said as Internet-connected voting becomes more common the accountability and reliability of elections decays. She said the technology lacks end-to-end verification, so even with auditing she believes malware tampering is still possible. Voatz sends a printout of the user’s ballot to their local elections office for audits.
“End-to-end verifiable voting is a concept that seeks to employ cryptographic tools to allow voters to not just confirm that their vote was recorded correctly, but to confirm that the overall vote tally is correct, too, without compromising the secret ballot,” she said.
Those technologies, however, aren’t ready for real-world deployment and will require a vested interest from election officials to move from conceptualization to implementation, she said. The other secure option is going back to tried-and-true paper analog, or in the case of helping those with physical disabilities, ensuring more polling stations comply with the Americans with Disabilities Act (ADA).
“I feel we would be better served to be putting pressure on making those polling locations fully ADA-compliant and accessible because those polling locations are not just used a couple days a year for elections,” she said. “They’re used because they’re libraries, schools, churches and different municipal buildings and if you make them accessible for those election days then you make them accessible all the other days, too.”
Whichever vendor West Virginia chooses, Kersey said it will be ADA-compliant and the most secure option available. He said what’s most important for the Office of the Secretary of State is that voters and elections officials trust the solution.
“The important thing here is weighing security with accessibility and making sure that the integrity of the election is not put at stake because of a theory,” he said.