Category: Democracy

Voatz Response to Researchers’ Flawed Report

Posted on by itops

Voatz wishes to acknowledge the enormous effort it must have taken for the team of researchers, until this point anonymous to us, to produce “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S Federal Elections”. 

Our review of their report found three fundamental flaws with their method of analysis, their untested  claims, and their bad faith recommendations.

First, the researchers were analyzing an Android version of the Voatz mobile voting app that was at least 27 versions old at the time of their disclosure and not used in an election. Had the researchers taken the time, like nearly 100 other researchers, to test and verify their claims using the latest version of our platform via our public bug bounty program, they would not have ended up producing a report that asserts claims on the basis of an erroneous method.

Second, as the researchers admitted, the outdated app was never able to successfully transact with the Voatz servers, which are hosted on Amazon AWS and Microsoft Azure. This means that they were unable to register, unable to pass the layers of identity checks to impersonate a legitimate voter, unable to receive a legitimate ballot and unable to submit any legitimate votes or change any voter data.

Third, in the absence of being able to successfully access the Voatz servers, the researchers fabricated an imagined version of the Voatz servers, hypothesized how they worked, and then made assumptions about the interactions between the system components that are simply false. This flawed approach invalidates any claims about their ability to compromise the overall system. In short, to make claims about a backend server without any evidence or connection to the server negates any degree of credibility on behalf of the researchers.

The researchers have labeled Voatz as “not transparent”. With qualified, collaborative researchers we are very open; we disclose proprietary information and hold lengthy interactive sessions with their architects and engineers. We educate them on the critical demands of election security; they give us feedback and educate us on new best practices based on their practical knowledge of security drawn from other industries.

Voatz has worked for nearly five years to develop a resilient ballot marking system, a system built to respond to unanticipated threats and to distribute updates worldwide with short notice. It incorporates solutions from other industries to address issues around security, identity, accessibility, and auditability.

We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues. Pilot programs like ours are invaluable. They educate all election stakeholders and push innovation forward in a responsible, transparent way. For nearly two decades, the researchers and the community to which they belong have waged a systematic effort to dismantle any online voting pilots. These attempts effectively choke any meaningful conversation and learnings around the safe integration of technology to improve accessibility and security in our elections. The effect is to deny access to our overseas citizens, deployed military service men and women, their families, and citizens with disabilities.

It is clear that from the theoretical nature of the researchers’ approach, the lack of practical evidence backing their claims, their deliberate attempt to remain anonymous prior to publication, and their priority being to find media attention, that the researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.

The reality is that continuing our mobile voting pilots holds the best promise to improve accessibility, security and resilience when compared to any of the existing options available to those whose circumstances make it difficult to vote.

Updated July 13, 2020: A summary technical analysis of the claims is available here.

Voatz Leads Workshop at Hack(H)er413 Hackathon in Amherst, MA

Posted on by itops

This past weekend, Voatz was a proud sponsor of Hack(H)er413, the first all-women and non-binary students’ hackathon in Western Massachusetts.

Over the course of 24 hours, participants were encouraged to learn and develop new technical skills, network, and innovate with passion. The hackathon was organized entirely by students and aimed to increase diversity and inclusion in the technology industry.

During our time there, we held a workshop introducing participants to ethical hacking, mobile code security testing, and invited students to sign up for the Voatz bug bounty program with an invitation to test the latest versions of the Voatz mobile voting platform.

We were impressed by the students’ interest, the thoughtful questions, and the conversation that ensued. We look forward to continuing collaboration!

 ^Voatz introduction and overview of ethical hacking workshop

^Talking to impressive and passionate students at the career fair

^Members from the Voatz team at Hack(H)er413

Statement on the Iowa Caucus

Posted on by itops

Voatz is following the news from Iowa closely and we are interested, like everyone else, in learning what happened.

We are unable to comment on the technology used by The Iowa Democratic Party. We’ve never previously heard of the technology nor the company behind it. However, we want to make it clear that Voatz was not involved in the Iowa caucuses, and using an app to tabulate in-person caucus votes is not mobile voting.

To make the distinction abundantly clear, Voatz is a mobile elections platform built to ensure an accessible, secure voting method for groups that otherwise face difficulties with the voting options currently available (i.e. overseas citizens, deployed military, and voters with disabilities). 

We’ve been in the industry for nearly 5 years and have run more than 50 safe and secure elections. Our approach is to build our technology in a deliberate, step-by-step manner through well-designed pilots. We work closely with partnering jurisdictions to ensure a voter-verified, auditable paper trail, and rigorously evaluate the technology’s resilience and progress along the way. 

Election security is our number one priority and it should never be compromised for the sake of accessibility. We voluntarily work with the Department of Homeland Security, their Cybersecurity and Infrastructure Security Agency (CISA), and other independent third parties for security testing and infrastructure analysis. We are also committed to transparency which is why we were one of the first elections companies in the world to invite the research community to help test our technology through our public bug bounty program.

Voatz Shortlisted for the 2020 GSMA Global Mobile Awards

Posted on by itops

The Voatz team is delighted and honored to be shortlisted for the 2020 Global Mobile Awards in “5c. Best Mobile Innovation for Accessibility & Inclusion” section of the Tech4Good category organized by GSMA.

The GLOMO Awards provide a world stage on which to celebrate the most inspirational and innovative developments across our industry, recognising the companies and individuals leading the way in everything from 5G & intelligent Connectivity to emerging market innovation and diversity in tech. The awards attract a significant level of high-quality entries, so being nominated today is a great achievement. We wish everyone the very best of luck and we look forward to some exciting announcements at MWC Barcelona 2020,” said John Hoffman, CEO, GSMA Ltd.     

 

If you are planning to attend the GSMA GLOMO Awards ceremony in Barcelona on Feb 25, 2020, please let us know: pr at voatz.com. Our team would love to connect with you.

Pierce County, Washington, Completes Successful Mobile Voting Pilot

Posted on by itops

In the November 2019 General Election, Pierce County, Washington successfully piloted an expansion of mobile voting to its military and overseas voters. These efforts were in support of the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) and the Military and Overseas Voter Empowerment (MOVE) Act.

The imminent withdrawal from the Postal Union created an imperative. Knowing that the biggest barrier for military voters is the transit time to receive and return a ballot, we weren’t willing to risk additional delays,” said Pierce County Auditor Julie Anderson.

Voatz, a mobile elections platform, was used in the pilot. Eligible registered voters received, marked, verified and submitted their ballots using their personal Apple or Android smartphones. Votes were submitted from 28 countries over the Internet; blockchain technology was used to secure the aggregate vote.

Voatz uses blockchain technology to store encrypted voting data distributed across a network of 32 U.S. based cloud servers. The voting data is anonymized with an unidentifiable ID number for each ballot and receipt. The process disaggregates any information that could be used to trace its source and votes cast are tamper-proof.

Pierce County’s UOCAVA voters are normally permitted to return their ballots by mail, fax, or email attachment. The pilot provided UOCAVA voters a fourth option: the Voatz mobile app. Without any prompting, voters used the mobile voting option at a higher rate than fax or email.  In the November 2019 General Election, 103 UOCAVA voters used FAX or email and 163 voters used the mobile voting option. Mail, as usual, was the primary method of ballot returns (2,481 ballots returned by postal service).

Facsimile and email alternatives are substandard, according to Anderson. Ballots returned by facsimile are often missing important pages and aren’t machine-readable. Ballots and declarations returned as email attachments present significant cybersecurity risks and arrive in a wide-variety of formats ranging from pictures of ballots lying on the floor to pixelated low resolution images.

Anderson went on to say, “If we want every UOCAVA ballot to be counted accurately and privately, and we want to mitigate the risks of mail disruption, we need a different transmission solution. A secure mobile app that uses encryption to transmit voter-verified ballots is long overdue and desperately needed in an age of global conflict, severe weather events, and international trade disputes.

Pierce County had an excellent experience with the Voatz pilot. We intend to continue offering mobile voting as an option for overseas voters. Pierce County sees this as a safe and secure alternative for UOCAVA voters.  We also see future potential for voters with disabilities– especially those who are blind or have difficulty handling paper and pens.  A secure mobile voting app could be an important accommodation,” said Anderson.

Voatz CEO and Co-Founder Nimit Sawhney was pleased with the pilot. “We’ve been thrilled to partner with Pierce County to extend our mobile voting platform to Pierce’s voters. We look forward to the future of this technology, which we hope can continue to be part of the movement of making our elections as equipped, ready and resilient for the future,” said Mr. Sawhney.

The November 2019 pilot received financial assistance from the National Cybersecurity Center, supported by Tusk Philanthropies.

Read the full article here (courtesy of Suburban Times).

 

Historic Milestone: First Ranked Choice Mobile Blockchain Vote in U.S. Election History (10/16/19)

Posted on by itops

We are delighted to announce that a little piece of US election history was created on October 16, 2019 when the first ever ranked choice vote was recorded on a mobile blockchain voting platform. The ballot was cast by a UOCAVA voter from Payson City in Utah County.

Update: (11/24/19) – The Associated Press/Salt Lake Tribune has more here about the RCV pilot in Utah County.

Here’s an earlier post on how the Voatz platform supports Ranked Choice Voting in a highly accessible manner. We are excited to see the expansion of RCV across the nation.

Mobile Voting Expands to Jackson County and Umatilla County in Oregon

Posted on by itops

We are delighted to announce the launch of new pilot programs with Jackson County and Umatilla County in Oregon that will provide mobile voting secured by the blockchain to deployed military personnel and overseas United States citizens during the 2019 general elections this year.

We commend Jackson County and Umatilla County teams for seeking new, innovative technologies to improve our election infrastructure and provide secure, auditable, transparent voting options for voters. With this pilot program, Jackson County and Umatilla County are leading the effort in the State of Oregon to make voting more convenient and accessible for deployed military personnel and overseas US citizens. The latest developments in smartphone hardware, encryption and blockchain technology make mobile voting a reality. This is a significant stepping stone that we hope many other states and cities will follow.

Eligible deployed military and overseas voters from both counties now have the option to vote with their smartphones from almost anywhere in the world. By using the Voatz application on their mobile phones, they will forgo the time-consuming process of mailing in an absentee ballot, will receive an auditable confirmation, and will be able to verify their vote within seconds of voting.

With each of these pilots, we gain valuable feedback and continue to incorporate the learnings from the recent experiences of Utah County, the City & County of Denver and the State of West Virginia.

The mobile voting option is being offered in addition to the current absentee options (mail, fax, and email). For uniformed military and overseas citizens, jurisdictions are required by law to send the ballot to voters 45 days prior to the election, allowing sufficient time for the ballots to be returned and counted. Ballots sent to participating voters using the Voatz application will be received within minutes, rather than days or sometimes weeks, and can be returned to the jurisdiction the instant the voter submits their ballot. The ballots that the jurisdiction receives are formatted, printed, and tabulated per standard procedure, and contain an anonymous ID that can be used for a rigorous post-election audit.

To use the Voatz platform, eligible voters must submit an absentee ballot request to their election office indicating a preference for mobile voting, and then complete an authentication process on the Voatz application.

The pilot is a collaboration between Voatz, Jackson County, Umatilla County, Tusk Philanthropies, and the National Cybersecurity Center. To learn more, read the press releases from Tusk Philanthropies.