Historic Milestone: First Ranked Choice Mobile Blockchain Vote in U.S. Election History (10/16/19)

We are delighted to announce that a little piece of US election history was created on October 16, 2019 when the first ever ranked choice vote was recorded on a mobile blockchain voting platform. The ballot was cast by a UOCAVA voter from Payson City in Utah County.

Update: (11/24/19) – The Associated Press/Salt Lake Tribune has more here about the RCV pilot in Utah County.

Here’s an earlier post on how the Voatz platform supports Ranked Choice Voting in a highly accessible manner. We are excited to see the expansion of RCV across the nation.

Mobile Voting Expands to Jackson County and Umatilla County in Oregon

We are delighted to announce the launch of new pilot programs with Jackson County and Umatilla County in Oregon that will provide mobile voting secured by the blockchain to deployed military personnel and overseas United States citizens during the 2019 general elections this year.

We commend Jackson County and Umatilla County teams for seeking new, innovative technologies to improve our election infrastructure and provide secure, auditable, transparent voting options for voters. With this pilot program, Jackson County and Umatilla County are leading the effort in the State of Oregon to make voting more convenient and accessible for deployed military personnel and overseas US citizens. The latest developments in smartphone hardware, encryption and blockchain technology make mobile voting a reality. This is a significant stepping stone that we hope many other states and cities will follow.

Eligible deployed military and overseas voters from both counties now have the option to vote with their smartphones from almost anywhere in the world. By using the Voatz application on their mobile phones, they will forgo the time-consuming process of mailing in an absentee ballot, will receive an auditable confirmation, and will be able to verify their vote within seconds of voting.

With each of these pilots, we gain valuable feedback and continue to incorporate the learnings from the recent experiences of Utah County, the City & County of Denver and the State of West Virginia.

The mobile voting option is being offered in addition to the current absentee options (mail, fax, and email). For uniformed military and overseas citizens, jurisdictions are required by law to send the ballot to voters 45 days prior to the election, allowing sufficient time for the ballots to be returned and counted. Ballots sent to participating voters using the Voatz application will be received within minutes, rather than days or sometimes weeks, and can be returned to the jurisdiction the instant the voter submits their ballot. The ballots that the jurisdiction receives are formatted, printed, and tabulated per standard procedure, and contain an anonymous ID that can be used for a rigorous post-election audit.

To use the Voatz platform, eligible voters must submit an absentee ballot request to their election office indicating a preference for mobile voting, and then complete an authentication process on the Voatz application.

The pilot is a collaboration between Voatz, Jackson County, Umatilla County, Tusk Philanthropies, and the National Cybersecurity Center. To learn more, read the press releases from Tusk Philanthropies.

Utah County Expands Mobile Voting to Include Voters With Disabilities

We are delighted to announce that Utah County has broadened the eligibility in the ongoing mobile voting pilot as part of the 2019 Municipal General Elections to include voters with disabilities, marking the first time mobile voting will be offered to U.S. citizens other than military and overseas voters.

“This is the first election where we are expanding mobile voting for the disability community and providing them the option to vote from their mobile device,” said Bradley Tusk, founder and CEO of Tusk Philanthropies. “We are making voting accessible to new communities, increasing voter turnout, conducting new pilots and auditing that each election to ensure that votes cast over the blockchain are recorded accurately.”

“We commend election officials, like those in Utah County, who are providing options to voters with diverse needs with this exciting pilot project. We regularly hear from voters with disabilities who need accommodations in order to vote privately and independently, that they value their civic right and duty to vote,” said Sherri Newton, Voting Advocate at the Disability Law Center. “However, the barriers involved with traveling to a polling place make it difficult to vote, which can require them to miss work or can be a threat to their health and safety. These voters are excited about the availability of new, developing technologies that allow them to securely vote at home from their own device, just like many other Utahns have seen with the option of voting by mail.”

The November mobile voting is a continued collaboration between the Utah County Elections Division, Voatz, Tusk Philanthropies and the National Cybersecurity Center. Read the official press release from Tusk Philanthropies here. Eligible voters are able to participate in the 2019 municipal general election by opting in to vote electronically on their smartphones. Voters will fill out an absentee ballot request, complete their identity authentication and verification on the Voatz application, and submit their ballot for the election. Voting began September 20, 2019 and continues through 8:00 pm on Election Day, November 5, 2019.

“By including the disability community in the expansion of mobile voting in Utah County, we are enabling an entire community to vote anonymously, privately, and securely from the comfort of their own home using their own accessible device,” said Forrest Senti, Director of Business and Government Initiatives of the National Cybersecurity Center. “We look forward to collaborating with Utah County and the disability community to conduct the post-election audit to ensure votes cast over the blockchain are recorded accurately.”

“Election officials in Utah County are leading the way when it comes to improving absentee voting methods for citizens with disabilities, deployed military personnel and citizens living overseas,” said Nimit Sawhney, CEO and co-founder of Voatz. “Getting to polling locations, marking a paper ballot, and communicating with election officials are just a few of the challenges that citizens with disabilities face with the traditional voting process. By taking advantage of the various accessibility features available on modern smartphones and tablets, mobile voting provides a safe, private and convenient channel for citizens with disabilities to play a more active role in our democratic process.”

Recently, the Utah County Election Division hosted a livestream with NCC publicly auditing the municipal primary election. The public audit can be viewed here. For more information on the audit and how it was conducted, download the full report and from the National Cybersecurity Center here.

When You Vote, How Do You Know It Counts?

When you vote, do you trust that your vote is counted? If you mail an absentee ballot, how do you know that it’s been received and counted accurately?

Our mission is to make voting not only more accessible and secure, but also more transparent, auditable and accountable.

How do we do that?

We’ve built a way for voting to happen on the thing that many of you carry around in your pocket each day — your smartphone.

Here, we share how it works for you, as the voter, to vote with your smartphone, how you can verify that your vote was counted, and how your Election Office can verify that all ballots are legitimate, reflect the voter’s intent, and are tallied correctly.


STEP 1: ENROLLING TO VOTE WITH YOUR SMARTPHONE

First, why the smartphone? Your smartphone contains security features that, even five years ago, didn’t exist. These enhancements cast a wide and valuable infrastructural net that we build on in order to ensure that we’re protecting your privacy and data with the highest standards.

These security features also allow us to ensure that one voter’s identity is linked to only one smartphone at a time in order to prevent you from voting more than once, and to prevent anyone from voting on your behalf.

The process looks like this, also outlined in the diagram above:

  1. You register with your jurisdiction as an absentee voter and, upon approval, download the Voatz app.
  2. You use the Voatz app to verify your identity against the voter registration database, and upon confirmation, your identity is linked to your smartphone and locked with your pseudo-biometric credential (such as FaceID, TouchID, etc) or unique PIN.
  3. When done, any identification documents you provide during the verification process are deleted, and not shared with anyone else.

What’s next?

 

STEP 2: YOU VOTE WITH YOUR SMARTPHONE

Once you’re verified, you receive your mobile ballot inside Voatz on your smartphone, make your selections, sign an affidavit on the screen (~subject to your jurisdictional requirements), authorize submission of the ballot with your pseudo-biometric credential or PIN, and then submit. 

Congrats! You’ve voted. Now, here’s where things get interesting from an audit perspective.

 

STEP 3: VERIFY, AUDIT & CONFIRM YOUR VOTE


The moment you vote, three important records are produced:

  1. A ballot receipt is sent to you, and an anonymized copy is sent to your jurisdiction. It’s protected, and signed with a digital ID (a long string of characters and numbers). With this receipt, you gain the ability to verify that your ballot was received and recorded correctly.
  2. Your votes are stored as vote transactions (think: one oval on your ballot = one vote transaction). They’re anonymized and cryptographically written onto a blockchain network. This allows your overall ballot to be stored in a uniquely tamper-resistant way, and allows your jurisdiction (and interested citizens) to conduct a transparent (yet anonymous) audit after the election.
  3. An official, fully-marked paper ballot is generated for your mobile vote, and printed on ballot paper by your jurisdiction. This paper ballot is immediately ready for seamless tabulation with the normally-used tabulator machines on Election Day, alongside the rest of the ballots people submit at the polls. This paper ballot is also signed with an anonymous digital ID similar to the ballot receipt, which allows your jurisdiction to compare the two during a post-election audit.

In the diagram you can view these three records, where they go and why:

This process enables a fully verifiable paper trail for each submitted ballot.

You remain anonymous, your data remains protected, the tabulation integrates with your jurisdiction’s current operations, and all ballots contain three trails for auditing to ensure all votes were counted as cast. 

Mostly, you get to vote with convenience without compromising security.

Here’s the full process, put together:

 

 

 

 

 

 

 

 


Questions? Get in touch.

Cycle #3 of Our Bug Bounty Program

No technology is perfect, and Voatz believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you’ve found a security issue in our product or service, we encourage you to notify us via our public bug bounty program – a first in the elections industry. We welcome working with you to resolve the issue promptly.

Disclosure Policy

  • Let us know as soon as possible upon discovery of a potential security issue, and we’ll make every effort to quickly resolve the issue.
  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
  • Follow our disclosure guidelines.
  • Provide detailed reports with reproducible steps as part of your submission.

Exclusions

While researching, we’d like to ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of Voatz staff or contractors
  • Any physical attempts against Voatz property or data centers

Out of scope vulnerabilities

When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. The following issues are considered out of scope:

  • Clickjacking on pages with no sensitive actions.
  • Unauthenticated/logout/login CSRF.
  • Attacks requiring MITM or physical access to a user’s device.
  • Previously known vulnerable libraries in iOS or Android without a working Proof of Concept.
  • Comma Separated Values (CSV) injection without demonstrating a vulnerability.
  • Missing best practices in SSL/TLS configuration.
  • Any activity that could lead to the disruption of our service (DoS).
  • Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS
  • Anything related to email spoofing or SPF related issues.

Cycle#3 – What we would really like you to test and evaluate in the mobile apps

  • Bypassing jailbreak detection in iOS or Android
  • Account takeover (i.e. taking over another user’s account)
  • Manipulation of ballot styles assigned to a user
  • Bypassing the device handshake process
  • Bypassing the payload encryption

Safe Harbor

To qualify, you MUST only use the test or beta versions of the mobile apps as indicated in the links provided as part of this program (via Apple TestFlight or Google Play Beta). Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy. Any attempt to disrupt a live election system or tamper with the live versions of the mobile apps will be considered a direct violation of the above policy.

Thank you for helping keep Voatz and our users safe!

Statement on Intrusion Attempt During WV Election

Voatz confirms that on October 25, 2018, there was an unsuccessful attempt to gain entry into the Voatz system during the West Virginia mobile voting pilot for the 2018 U.S. Federal Midterm Election. The attempt was detected, blocked and reported in detail to the West Virginia Secretary of State’s Office. We want to re-emphasize that this attempt targeted our live system and not our replica system made available to researchers as part of our Bug Bounty program.

While probes  into IT systems and general infrastructure across the nation are fairly common, as of January 2017, the Department of Homeland Security designated election infrastructure as part of the nation’s critical infrastructure, a section under DHS’s Government Facilities Sector. As a result, any attempts to tamper with or break into a live election system are illegal. 

Voatz continues to remain vigilant and committed to following industry standard best practices around information security, and partnering with jurisdiction and law enforcement officials to ensure that our election infrastructure remains protected. Voatz is duty bound to continue to report any attempts to breach or tamper with the live system to our clients. Please note that any action taken subsequently by our clients is outside our purview.