First Female MA State Treasurer Speaks on Power, Voting & Changes Across Time

Below is the transcription of an interview conducted by David Cohen, Co-Founder and Managing Director of Techstars, the global platform for investment and innovation that connects entrepreneurs, investors, and corporations. 

David interviewed Shannon O’Brien on voting, elections, and changes throughout time.

Shannon O’Brien was the first woman state treasurer of the state of Massachusetts, and former Democratic nominee for governor.

(view full interview here)

David Cohen: You were elected to office for the first time in 1986, 30 years later, what has changed in how we vote?

Shannon O’Brien: Well, back in 1986, it was incredibly labor intensive. Everything was done on paper, getting phone numbers so that you could reach out to voters was an incredibly labor intensive process, getting absentee ballots, again took time and had a lot of rules and regulations about how you actually got those absentee ballots into the town clerk’s office. And so back then it took a lot of human beings to make this happen.

So a lot has changed over the years. But now, as we’re seeing that as technology and different issues are coming to the forefront, we have a lot of people thinking that it’s an important time to go back to those days where it’s just all paper. I think it’s sort of fascinating that you see a lot of people now calling for harking back to paper ballots, and I sort of shudder when I think about what that was like back in 1986.

I think it’s sort of fascinating that you see a lot of people now calling for harking back to paper ballots, and I sort of shudder when I think about what that was like back in 1986.

Shannon O’Brien, Former Massachusetts State Treasurer

David Cohen: In 2000 we were introduced to hanging chads. Today we’re back to talking about paper ballots. Kevin Roose from the New York Times says that he has decided that Americans should vote by etching our preferred candidates name into a stone tablet with a hammer and chisel. I think he’s kidding. What do you think about the evolution, and thought, and the perception? Why is it that people feel this way?

Shannon O’Brien: Well, obviously everyone is concerned about the possibility for compromise or hacking. I mean, I was working on the campaign back with the hanging chads. And we had something similar in the congressional district, where I live something similar in terms of how the paper ballots and the punch system did not work during a very heavily attended congressional race. So what we’ve seen over the course of the last number of years, we’ve seen the Equifax hack. We saw in 2016, that the Russians had attempted to, at least in 21 states, attempt to hack the voting machines in different jurisdictions there. So I think that there’s a heightened concern about technology whether or not it can be fully secure, and especially whether or not it can be fully secure for such an important right as placing your vote and expressing your opinion as to who should be leading the state or the country.

David Cohen: Most people like myself these days we do online banking, I just did my census online. As an investor, I transfer a lot of money around online, but today we’re hearing people say that mail-in ballots are really the only option. It seems crazy to me, but what do you think are their barriers to mail in ballots that people generally miss? Are states willing to bear the cost? When we need money in other places, are we justified in investing our resources here?

Most people like myself these days do online banking, I just did my census online. As an investor, I transfer a lot of money around online, but today we’re hearing people say that mail-in ballots are really the only option.

David Cohen, Co-Founder and Managing Director, TechStars

Shannon O’Brien: Paper ballots are not hackable, but they are not infallible. We’ve seen I think in this country in the last election, the last presidential election. Over 400,000 absentee ballots, either didn’t make it to get counted, were rejected because the signature on the ballot did not match a signature within the clerk’s office. So paper ballots, while the putting pen or pencil to paper and getting that done is not hackable, the process between getting that vote from your home or your office, or wherever you’re going to be, actually filling out the ballot and getting it in, and actually having it counted, there are many potential pitfalls that can happen, and we saw this just this past week in Wisconsin, where there were so many people who needed to send in absentee ballots because workers concerned about the Coronavirus did not want to show up and man the polls. And so I think they had something like 1/10th the number of in-person balloting locations, so people had to wait hours and hours. Those ballots that, you know, did not get in on time, they will not be counted.

But those people in Wisconsin, those 400,000 people whose absentee ballots didn’t count in the last cycle, their vote doesn’t get diluted, their vote gets stolen. And so for me, accessibility, if I have to determine between security and voter fraud and accessibility, I’m going to tip the scales in terms of accessibility, but I still think there is a way that you can do both. I believe that there is a way that you can balance many of the concerns that different people have right now, and do it in a way that’s reasonable that protects both the ability to access and have an opportunity to vote, but also promotes security and reduces voter fraud.

I believe that there is a way that you can balance many of the concerns that different people have right now, and do it in a way that’s reasonable that protects both the ability to access the opportunity to vote, but also promotes security and reduces voter fraud.

Shannon O’Brien, Former Massachusetts State Treasurer

David Cohen: I’m certain that with Coronavirus changing how we do business, you know some government services maybe licenses and IDs will move online, but what are the practical barriers to elections moving online?

Shannon O’Brien: The real issue is, I think right now, going to be cost. We saw that in the stimulus package approximately 400 million was put into that bill to help make sure that people can get to the polls during this Coronavirus crisis. So it’s going to cost money, but it’s also going to require a meeting of the minds between the left and the right, the Republicans and the Democrats, that they agree that making sure that voter access, especially during this just unusual pandemic crisis we’re having right now, is important, and I think that the most important thing toward making voting more accessible is to understand that making voting more accessible is an important civil and constitutional right, that we all have.

David Cohen: Sounds reasonable to me. You’ve sort of answered this one but I’m going to ask it again in case you have anything else to add, what are the political challenges associated with modernizing the voting process?

Shannon O’Brien: The political challenges are that right now you don’t have everyone in agreement about what the best process is for both securing the vote and making voting accessible, and I think that the most important thing that can happen is to take some very measured and rational steps towards testing some new technologies. But the fact is, you had people who weren’t trained, you had new rules that were brought to bear during those Iowa caucuses. So there were many things beyond the technology that made the Iowa caucuses a failure. And so understanding that any new technology, even going to mail-in ballots, there will be issues and problems that have to be dealt with. And so it’s making sure that we understand that whatever we do, this is not going to be a quick fix, and has to be part of a longer process, moving us forward where we can both use technology and maybe old fashioned technology to increase both accessibility and security, but do it in a rational well thought out, and hopefully, bipartisan way.

I think that the most important thing that can happen is to take some very measured and rational steps towards testing some new technologies.

Shannon O’Brien, Former Massachusetts State Treasurer

David Cohen: What needs to be done to make the changes necessary to improve access? What would you do if you could wave your magic wand?

Shannon O’Brien: I am a believer in taking a look at mobile voting platforms, looking at ways that we can enhance both the accessibility, but also the auditability. Because there are many voting machines out there that count the paper ballots that we cannot subject them to simple audit. So making sure that we understand that we can use technology to make these improvements. And so I think it’s just understanding that we’re going to be able to use technology, that we need to do it in a number of different facets that can help us as a state, as a nation, and so moving in that direction I think is going to be very, very important for all of us as citizens.

I am a believer in taking a look at mobile voting platforms, looking at ways that we can enhance both the accessibility, but also the auditability.

Shannon O’Brien, Former Massachusetts State Treasurer

David Cohen: Shannon, I hear you have a personal story about voting that is relevant to all this.

Shannon O’Brien: In 1976, my dad ran for the United States Congress in the post-Watergate era. And it was a year that many people thought that a democrat might win the seat. And my father ran against a very well qualified candidate Ed McColgan, and the primary, he won by something like 12 votes. And then during the recount process, there were votes that went back and forth, and he ended up losing by four votes. I think it was the closest congressional vote in the history of the state. I think it still remains.

But the real issue was, and this is the problem with paper ballots is that you can’t change paper ballots because they need to be printed, they need to be sent out. And so the problem that my father faced is that he actually thought he might be able to go to court and successfully challenge the outcome of that recount, but he couldn’t go to court because even if he won the court case, there would not have been enough time to print his name on the ballot. So he gracefully stepped back, and you know a lot of people thought that my dad actually won that primary. So it was one of those things that you understand the inflexibility of a paper ballot. Someone goes and they vote for Pete Buttigieg, he drops out or Bernie Sanders, he drops out. They’re not on the ballot anymore. And if you’ve already voted, you don’t get an opportunity to quickly or easily change your vote.

Republican Party of Arizona Drives Momentum for Mobile Voting in Virtual Convention


Voatz successfully completes another significant mobile voting exercise, confirming that mobile can be a viable voting option in these unprecedented times.

BOSTON, May 14, 2020 /PRNewswire/ — Voatz, the Boston-based mobile voting platform, today announced the successful completion of the virtual Arizona State Republican Party Convention, the first of its kind to also incorporate visual live streaming and telephonic townhall components. This continues the momentum of mobile voting as an alternative, secure way to exercise the democratic right to vote. 

In order to ensure a smooth rollout of the platform, Voatz worked closely with Republican Party of Arizona officials to train voters and test the platform ahead of the May 9 convention. 

More than 1,100 delegates voted using the Voatz app on May 9, with a nearly even split of voters using iPhones (58.3%) and Androids (41.7%). 

Arizona builds on the success of the Utah Republican Party’s State and County Conventions, when roughly 7,000 votes were cast using the Voatz app. 

“This is a critical moment for our democracy, and we have to ensure that we have safe alternatives to voting in person. Voatz is proud to be able to meet this need and to ensure the safety and health of its voters,” says Voatz Co-Founder and CEO, Nimit Sawhney. “We believe deeply in expanding access to voting, and with many voters’ health at risk, we are proud to leverage our experience to support the Arizona Republican Party’s mandate to represent their delegates’ voices.” 

Commenting on the success, Republican Party of Arizona Executive Director Greg Safsten said “Voatz was a great partner in fulfilling our goal of being minimally disruptive to our convention procedures. After a careful vetting process, we were confident in Voatz’s ability to support secure and private voting with the added benefit of an immediate confirmation that each delegate’s vote counted. In developing the plan for this convention, we knew that we needed to provide the most reliable connection to it for all participants, and we were able to do this by ensuring everyone who wanted to vote could do so easily and from the safety of their home.”

About Voatz
Voatz is an award-winning mobile elections platform that leverages cutting-edge technology (including biometrics and a blockchain-based infrastructure) to increase access and security in elections. Since 2016 Voatz has run more than 60 public and private elections. Learn more here.

Press release issued from PR Newswire.

Hacking, Fear & Voting: Former NSA Director Speaks on Election Security

Below is the transcription of an interview conducted by David Cohen, Co-Founder and Managing Director of Techstars, the global platform for investment and innovation that connects entrepreneurs, investors, and corporations.

David interviewed Dr. Eric Haseltine on the security of our nation’s elections.

Dr. Eric Haseltine is an author, futurist and neuroscientist. He is former director of research at the National Security Agency, Executive Vice President at Walt Disney Imagineering, Associate Director at CTO for National Intelligence at the Federal Office of the Director of National Intelligence, and a director of engineering at the Hughes Aircraft Company.

(view full interview here)

David Cohen: Eric, in addition to your credentials at the NSA, I understand you were a psychologist, we do our research here. I’d love to get your read on our national psyche right now, how it relates to voting and security and I’m wondering if there’s a connection and maybe why people might be resistant to online voting today?

Dr. Eric Haseltine: The way I would assess the national psyche right now when it comes to elections, is lack of trust, lack of trust that someone isn’t going to try to mess with the election as they did in 2016, and we’re hearing reports from the intelligence community and elsewhere that that’s going on right now. Lack of trust that the voting system is secure from other issues. And then there’s the issue of disease. If I go vote am I going to pick up a virus? So I think people are very nervous about voting. And there’s a lot of concern about trust, can you trust the system?

David Cohen: So from your background of directing research at the NSA, I’m sure you’ve been privy to lots of conversations about hacking. We saw the misinformation campaign, in some cases, attempts to hack our voter registration list in 2016. In every tech category from finance to healthcare, we’ve managed to develop a system for managing that risk. Based on your background and what you’ve witnessed across critical infrastructure like this. Do you think there’s a solution for voting?

Dr. Eric Haseltine: I do believe that electronic voting can be secure. There is no system including our nuclear launch codes that’s 100% bulletproof. The key that modern security acknowledges is to operate under the assumption that you’ve been compromised, so that you can detect it quickly, isolate it when it does happen, and fix it quickly. And that’s really state of the art. And because of my knowledge about how these things are done, I’ve seen it done, it works very well. And I don’t have any concerns at all that we can vote securely, and I would go so far as to say that electronic voting is probably more secure than the paper ballot or the kind of voting we have right now.

“I would go so far as to say that electronic voting is probably more secure than the paper ballot or the kind of voting we have right now.”

Dr. Eric Haseltine, Former Director of Research, NSA

David Cohen: Before we move on to anything else let’s talk about Iowa. You and I know that wasn’t really a voting app that caused all this stir, but it really scared people obviously.

Dr. Eric Haseltine: That wasn’t so much a voting app issue as it was a reporting of the votes issue, as to do we know what happened and will we ever know? Absolutely. It’s the same thing that happens when you have any failure. It’s a human element, at some point in the chain, a human didn’t set it up right, didn’t specify the right thing, didn’t operate it correctly. So people tend to focus in the electronic realm on the technology. But having been what you think of as a bad guy or a burglar in this space, what we always focused on to exploit a target was the human element. And that’s the piece that gets under recognized. So I can say without fear of contradiction, that the problem in Iowa and all the other problems that we’ve had, at their root is a human vulnerability.

David Cohen: It would be a lot easier if it weren’t for those pesky humans, I guess. And I always thought of the NSA as the good guys, I guess.

Dr. Eric Haseltine: Well, we always like to think of ourselves that way. We aren’t always painted that way in the press, we’re hackers for God and country I guess you could put it that way. But because we do that, and we’re the best in the world, and we go up against the best in the world, we know what can be done and what can’t be done, what can be guaranteed and what can’t be guaranteed, and that’s why I say that the state of the art right now is to say, this system sooner or later probably will be compromised in some way. How do we set it up so that when that happens, and if that happens, we’re still going to be okay?

David Cohen: You were an op ed recently that said we should continue to do these tests and pilot things around voting. There’s not as much time for pilots now though. So should every piece of tech be considered and my peers in Silicon Valley are coming together like crazy and there’s, as you say, tech for everything. So do we just need to jump in headfirst here given the situation?

Dr. Eric Haseltine: Yeah, if I were in charge, I would say let’s find the best one or two, get the best white hat hackers we can, attack the heck out of it. Really beat it up, find its holes and get it working as fast as possible. And continue to do that. That’s the thing about penetration testing and white hat exercises. They can’t stop once they’re done with the initial attack, they have to keep it up 24/7 actually.

David Cohen: Do you think that ever gets politicized where someone that’s just against online voting for whatever reason tries to create that lack of trust or do you think that that’s just the default state that we’re in and we’ve got to work through it?

Dr. Eric Haseltine: I absolutely think it’ll get politicized, how can it not, and after all it’s about politics. And clearly, there are some who really are not going to benefit from electronic voting. Without mentioning any names, one party historically is underrepresented at the polls, because people in that party have other life issues and they don’t get to the polls, for any number of reasons. If we lower the barrier to entry, so that anybody could vote really easily, I think it’s clear that one party is going to benefit over the other and you can just bet your bottom dollar that is going to get fought tooth and nail.

David Cohen: So what’s the counter argument there if you’re in that other party, why do you think that this is a thing we shouldn’t do?

Dr. Eric Haseltine: I think that If I were in that other party and I actually am in that other party, the way I would look at it is to say, this is an opportunity, not a threat. And the key is since it’s inevitable, sooner or later it’s going to happen. Rather than fighting it let’s get out ahead of it and see how we can surf that wave rather than be drowned in that wave.

“[Electronic voting] is inevitable. Sooner or later it’s going to happen. Rather than fighting it let’s get out ahead of it and see how we can surf that wave rather than be drowned in that wave.”

Dr. Eric Haseltine, Former Director of Research, NSA

David Cohen: No one would know better than you, Eric, thanks for taking the time to talk to us today.

Dr. Eric Haseltine: Well, you know what, it’s a really important subject I really appreciate being asked to weigh in.

Full Techstars interview viewable here.

Groundbreaking Virtual Convention Reveals Majority of Voters Prefer Mobile Voting

Last week, nearly 7,000 votes were submitted using the Voatz mobile voting platform in the Utah GOP’s virtual convention. This constituted a 93% turnout for the convention.

All submitted ballots undergo a public citizen’s post-election audit, in which anyone is able to participate as an auditor, hosted by the National Cybersecurity Center.

We wanted to share interesting data from this election. In addition to voting statistics, after voting, several Utah GOP voters voluntarily responded to a survey regarding their experience with mobile voting.

Highlights:

  • 90% reported being “satisfied” or “very satisfied” with the convention
  • 87% reported being more likely to serve as a delegate if future conventions are online
  • 89% reported that their experience with Voatz was “positive” or “very positive”
  • Only 13% prefer to return to a traditional, in-person convention

[Data from a UT GOP survey with nearly 1,000 respondents.]

Additional highlights:

  • A majority of the voters prefer submitting their ballot via secure mobile voting
  • Nearly two-thirds of the voters felt secure submitting their ballot via mobile voting
  • Nearly all voters felt the instructions for completing verification were clear, that their ballot was easy to navigate and to cast

[Data from a voluntary survey specific to mobile voting with nearly 300 respondents.]

Below includes other highlights and data points from the election itself, as well as survey responses.

% RETURN RATE ON BALLOTS RECEIVED


This means that 99.6% of delegates who successfully verified in the Voatz app and received their ballot successfully submitted it.

BREAKDOWN OF VOTER SMARTPHONE TYPE

Q: Were the instructions for completing the verification clear?

Q: Was the ballot easy to navigate?

Q: Was it easy to cast/submit your ballot?

Q: How did you submit your last ballot, prior to this election?

Q: How secure did you feel submitting your ballot through this mobile voting project?

Q: What method do you prefer to submit your ballot?

State-of-the-Art Security Performs First-Rate Threat Mitigation

During the election, our advanced security threat detection mechanisms were able to detect, mitigate and thwart a handful of devices that had malware, were operating on insecure networks, or had insecure applications installed.

This is important data that indicates that the system is successful at ensuring a secure vote.

In these instances, voters were prevented from voting until the threat was mitigated. In some instances, voters were asked to remove malware on their devices and in others, some voters were asked to delete certain suspicious applications they had installed or remove certain appliances from their networks that could pose a threat to their smartphones. 

Stay tuned for some more details in a forthcoming blog post.

Utah GOP Sets the Standards for Mobile Voting in Groundbreaking Virtual Convention

Full press release issued here.

BOSTON and SALT LAKE CITY, April 30, 2020 — Voatz, the Boston-based mobile voting platform, today announced the successful completion of a first-of-its-kind virtual convention with the Utah Republican Party to narrow down key races in upcoming elections, including the race for governor and the 4th Congressional seat. 7,430 delegates were credentialed using the Voatz platform to participate across this year’s state convention, and five local county conventions. In the state convention, the party witnessed a record-breaking 93% participation rate, voting via the Voatz app using smartphones. This election also reflects the largest use of ranked-choice voting in Utah’s history. 

Voatz was engaged to work with the state at the end of March. Building upon its extensive experience with election pilots and testing, Voatz worked closely with GOP officials for alignment and training to ensure a smooth rollout of the platform. The platform was also built in cooperation with disability rights advocates, including accommodations for the visually impaired. Those who did not use the Voatz app had access to voting through a help desk. 

The elections, which opened on Thursday of last week, were completed just after midnight Saturday. To ensure the integrity of the election, the process will be audited by the National Cybersecurity Center with public participation from citizens. The results of the audit will be published in the public domain.

“We’re proud to have partnered with the Utah GOP during this challenging time,” says Voatz Co-Founder and CEO, Nimit Sawhney. “Voatz’s mission has always been to expand access to voting for those who cannot physically show up at the polls. We live in an unprecedented moment. This pandemic has significantly increased the number of those who face a risk in going to the polls, and no one should have to choose between their health and exercising their civic voice. Our platform provides another option to stay safe and healthy. We’re also proud to continue with our public citizen audits, where anyone can sign up to be an auditor of these elections. These are critical steps to continue demonstrating that auditing election results is both possible and necessary.” 

Derek Brown, Chairman of Utah Republican Party said, “The Voatz platform made possible the remote verification and voting processes for thousands of statewide delegates, allowing them to participate from the ease of their mobile phones. Using Voatz allowed us to digitally recreate our usual convention procedures, and implement technology in a way that made the process more convenient and secure. This experience was not only positive, but has opened our eyes to ways that we can operate in the future to ensure that more delegates are able to participate in the process. It has also helped us see new ways of integrating technology into our party’s operations.”

“I believe that, years from now, we will look back and see this moment, and our partnership with Voatz, as a turning point for our party,” Brown said.

About Voatz
Voatz is an award-winning mobile elections platform that leverages cutting-edge technology (including biometrics and a blockchain-based infrastructure) to increase access and security in elections. Since 2016 Voatz has run more than 60 elections with cities, universities, towns, nonprofits, and both major state political parties for convention voting. Learn more here.

About the Utah Republican Party
The Utah Republican Party is by the people and for the people. We affirm the worth of all individuals and seek the best possible quality of life for all. Learn more here.

National Cybersecurity Center Launches “Secure the Vote” Initiative

Voatz is honored to sit on the new advisory board for the National Cybersecurity Center’s (NCC) Secure the Vote initiative.

Secure the Vote seeks to advance the development of standards and best practices in mobile voting, and to scale efforts in support of a culture of security in small and rural jurisdictions.

The advisory board, made up of experts in cybersecurity and elections, will provide diverse perspectives on election security and growth at the intersection of technology and voting.

We applaud the NCC for forming this initiative and look forward to contributing to well-informed discussions on the opportunities with mobile voting technology that ensure greater safety and transparency.

Charting A New Forward Course in Election Security

We consider today to be an important milestone as part of our ongoing efforts to chart a new, forward approach to transparency in our elections infrastructure. We recognize that transparency in our critical infrastructure is both desired and not always championed across the industry. As part of our effort to shift the paradigm, we announce the publishing of the one of our public, comprehensive audits of our system, conducted in partnership with leading security consulting firm Trail of Bits.

Security has been our utmost priority since day one — in fact, the earliest roots of our company came from winning the ‘Hack to the Future’ hackathon at SXSW. Beyond the “hacker’s mindset” being embedded deep in our DNA, across our corporate and elections infrastructure we focus heavily on the practical aspects of security and a highly layered approach to provide defense in depth.

Ongoing Audits

Audits and bug hunting are a normal, necessary part of any software development process. In order to facilitate the rapid iterations and learnings from our pilot programs, beyond our engagement with Trail of Bits, we continue to invest in frequent, ongoing audits by independent third parties external to Voatz. These audits involve a comprehensive examination of our voting platform, including the mobile application source code, backend infrastructure, and blockchain, as well as an assessment of the networks, computing devices, and processes used to transmit, process, and store voting data.

The publishing of today’s report is the first of many to come in the next several months. We have also voluntarily engaged with multiple agencies in DHS, including their Cybersecurity and Infrastructure Security Agency (CISA), one of the leading federal testing labs in the nation to review the technologies deployed in our pilots. These audits are ongoing, and due to the ever-evolving nature of threats along with the rapid iterations in the platform itself, repeated examinations of this kind are critical in our pursuit of security as a continuous exercise.

A historical summary of our various audits is available under the ‘Security Audits’ section of our FAQ.

We believe that working with collaborative security researchers is critical to the security of our elections infrastructure. As part of this philosophy, we are the first elections company in the world to open a public bug bounty program, since 2018, which grants qualified security researchers access to the latest versions of the Voatz mobile voting platform to report vulnerabilities and provide us valuable feedback. For those who want to probe more deeply, we also offer the opportunity to more qualified researchers to work with us directly.

Security Issue Disclosure Policy (LINK)

Throughout our security audits and testing process, we remain committed to providing as much transparency as possible about our system. Our full security issue disclosure policy is available here for reference.

For the protection of our customers and to protect against malicious attackers seeking to spread misinformation and/or to exploit reported but not yet resolved security issues, Voatz does not disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available. To minimize the potential disruption to the electoral process, Voatz makes public disclosure during defined Issue Disclosure Windows (IDWs) only.

An Issue Disclosure Window is a period of time when there is no election happening, and there is a reasonable period of time, say 30 days, before the start of the first early voting period in the next election and, say 7 days, after the election is certified, which is determined by state statute. In Florida, for example, the certification deadline is 14 days after Election Day; in California it is 30 days.

We continue to pursue comprehensive security measures as we evolve as a small company, and we take any reports of the existence of issues or vulnerabilities in our mobile voting platform with the highest degree of scrutiny and concern. We analyze the probability of risk around each issue by attempting to reproduce the issue from a real-world perspective and prepare a mitigation strategy accordingly.

All of this is in pursuit of our mission — that every citizen has the right to vote safely and securely regardless of their circumstances.

For more information regarding our security, please visit our frequently updated FAQ.

Voatz Successfully Completes an Election in Utah County, Marking its Tenth Governmental Pilot in the Nation

Last week, Utah County, UT successfully completed its third mobile voting pilot using Voatz to enable remote voting for overseas citizens, deployed military and citizens with disabilities.

This marks Voatz’s tenth governmental pilot in the nation. The pilot saw great success, with 78 total submitted ballots, marking a 91% return rate on all ballots sent to these voters. This pilot was also available to voters with disabilities, including a voter who had just received a kidney transplant and was unable to travel to the polls.

“We are so impressed with how knowledgeable, supportive and professional the Voatz team is. I love how smooth and easy the application and process is, and we have had so many positive responses from our voters,” said one of the election officials in Utah County. 

Voters, too, had feedback to share.

“Thank you for making this so easy! I hope it ‘sticks’ for the fall election!” shared one voter.

Another voter shared, “Fantastic! Thanks again for your hard work and quick responses!”

All ballots will undergo a post-election audit hosted by the National Cybersecurity Center next week, open to the public for participation.

Valentine’s Day Myth-Busters

In celebration of this love-filled day, from the humans behind the screens, we take this moment to bust five not-so-romantic myths about us.

 

MYTH 1: Voatz doesn’t like cybersecurity researchers

TRUTH: Absolutely not! The Voatz team is staffed by cybersecurity experts and technologists – we wouldn’t be here otherwise. We are promiscuous though… we’ve worked with more than 100 other researchers to test and verify their claims on our public bug bounty program using the latest version of our platform.

If someone misled you to believe otherwise, please know – we love you. Slide into our DMs on Twitter @Voatz or out in the open on our public bug bounty program. We will make the connection! We’ve got nothing but love. 

 

MYTH 2: Voatz reported someone to the FBI

TRUTH: Nope! Voatz did not report anyone to the FBI.

The real story goes like this: during the 2018 West Virginia live election pilot, there was an unsuccessful attempt to gain entry into the live election system. We immediately saw the attempt and blocked it like a black hole on stardust. At the time, we had no way of knowing if the attempt was maliciously inclined or not, and protecting the system was most important to us (as it always is!).

Voatz shared the details of this attempt with West Virginia (as we’re obligated to do, helping to run their live election and all). Given the nature of the attempt, and because elections infrastructure happens to be classified by DHS under a fancy, very serious term called “critical infrastructure”, West Virginia felt it necessary to report the attempt to law enforcement. 

Again, the people who made this attempt were targeting the live system during an active election. They were not part of the bug bounty program, which allows you to test the replica system. Targeting a live system during an active election is a no-no because of that fancy “CI” designation, and requires reporting. Testing the replica system as part of the bug bounty program, on the other hand, is allowed. Therein lies the difference between what happened in West Virginia (not allowed: tampering with a live election), versus what could have happened (allowed: testing on public bug bounty program).

We think research is great – please keep researching. Truly. Our world is ever-evolving with security threats and we absolutely, fundamentally need people like you. And, by all means, please do it on our public bug bounty program. It’s free (!). You can access our latest versions of the platform and play with them all you want. And maybe even win money (!). And join nearly 100 researchers who’ve been important, collaborative researchers as part of the program. And, most importantly, you can help all of us, collectively, work toward building solutions rather than trying to tear them down. It takes a village, you know.

 

MYTH 3: Voatz hides its audits

TRUTH: No, we don’t. Voatz is an audacious experiment – not unlike finding true love. We are out in the open. Voatz has several public reports, including from the CISA Hunt and Incident Response Team (HIRT), along with our white papers, which are available on our website here. More reports are coming in the next couple of months – stay tuned. Also, it’s worth mentioning that our pilots are citizen-audited with the NCC, which is the National Cybersecurity Center. You can sign up to be an auditor, too – we all can, and make our elections more assured, and more transparent. Commitment does not get better than this.

 

MYTH 4: Everyone is voting on their smartphones — it’s widespread!!

TRUTH: This is very, very false. Across all of our governmental mobile voting pilots, less than 600 total voters have used our system. That’s an average of 66.66 voters per election — check out that equation.

We are always one of the first to say that mobile voting is far from ubiquitous. We’ve been building the technology for 5 years, now, step-by-step, piloting on a very small scale to test and iterate with church elections, universities, then both major political parties and then, for the first time two years ago, piloting with small numbers of overseas citizens in state and federal elections. These elections are the ones that suddenly threw us on the map with the media, but we’d been at it for 3 years before then.

It’s our belief that these very small pilots are what help us learn, test these technologies, and prepare – deeply – for election resilience for the future. You know, baby steps. Like first dates, then second dates, and so on.

 

MYTH 5: Mobile voting is less secure than what voters currently use

TRUTH: Did you know voters are currently voting by sending their ballots in an email? How about that for security? 

Email is how many of our overseas citizens and military are voting (think yahoo, hotmail, etc. 😱), because paper ballots don’t work for them (think about a village in the middle of West Africa). These voters have to relinquish their right to anonymity, and their jurisdiction has to hand-copy their emailed ballots, oval by oval, onto a paper ballot that can be tabulated. How about that for a long distance relationship – taxing on the jurisdiction, not very secure, and also prone to error.

So, in so many ways, mobile voting is actually a massive improvement to the current methods being used by these voters. It keeps them anonymous, it’s far more secure, it automatically produces a paper ballot for tabulation, and the voter gets a receipt to confirm their vote was counted correctly and to audit that their intent was tabulated. No ghosting, here.

 

Happy weekend, may your hearts be filled with nothing but joy and love for being alive!

Voatz Open Press Call Transcribed from February 13, 2020

The following Voatz press call took place on February 13, 2020 from 1-1:30pm ET. The contents of the call are transcribed below, lightly edited for punctuation and typos.

Full audio is available here.

Robert Dowling, Moderator:

Use the chat function to send us your questions. Direct all your questions to moderator and that way we will take them on as we have with, on a first come first serve basis. As some of you know, Voatz is regularly called on by members of the media and influencer community to respond to all kinds of conversations, including what’s been raised by The New York Times today. Voatz as a small team of technologists and election experts focused on developing technologists that is often, the company is often unable to respond to every query in every way.

So we’re doing this in an effort to respond quickly. Everyone is traveling, but they’ve taken time to jump on this call. We appreciate that, and if we don’t get to all the questions or if there’s a great amount of demand, we can host another call tomorrow or early next week. So, let’s jump right in. Thank you in advance for your participation. We’ve got three executives from Voatz, Nimit Sawhney, CEO & Co-founder, Larry Moore, Senior Vice President and Hilary Braseth, Vice President. I will continue to prioritize the questions in terms of first come first serve. Hilary, could you kick things off with a quick overview and introduction to Voatz for those who are just getting introduced to the company for the first time?

Hilary Braseth, Vice President:

Definitely. Can everyone hear me okay?

Robert Dowling, Moderator:

You’re coming through loud and clear.

Hilary Braseth, Vice President:

Okay. Excellent. Thanks so much, Robert. As Robert mentioned, I’m Hilary and I’m a Vice President at Voatz, and thanks to everyone for joining on such short notice. We very much look forward to responding to your questions about the report from MIT. But before we dive in, I just want to quickly introduce Voatz so that we all have a shared context for having this conversation.

So for the last five years, Voatz has been working on developing accessible, secure, and auditable technology that provides access for people who can’t get to the polls or for whom paper ballots just don’t work. This includes people with disabilities, the elderly, overseas military service, men and women. In order to do that, we have leveraged the latest security features of smartphones, like Apple and Android, the phones that many of us use along with facial recognition technology to verify and validate the identity of the voter.

Nimit Sawhney, CEO & Co-founder:

Hilary

Hilary Braseth, Vice President:

Yeah?

Nimit Sawhney, CEO & Co-founder:

One moment. I think just out of courtesy, we should inform everybody that we would like to record this call and make sure everybody’s okay with that.

Hilary Braseth, Vice President:

Okay.

Nimit Sawhney, CEO & Co-founder:

Can you, yeah. Hi, everyone, just letting you know that the call is being recorded and will be transcribed as well. Thank you, proceed.

Hilary Braseth, Vice President:

Okay. All right. So as I was mentioning, we leverage a handful of different technologies to provide voting access to those who can’t otherwise make it to the polls. So, I was in the midst of mentioning smartphone technology. We pair that with facial recognition technology for verification and validation of the voter’s identity. We leverage biometrics to secure and protect that voter’s identity, and we use cryptography to automatically produce a paper ballot for tabulation of the jurisdiction, and lastly blockchain for rigorous post-election audits so that we can ensure voter intent is reflected in the overall count without revealing voter identity.

Hilary Braseth, Vice President:

Now, I realize that’s a lot of tech buzzwords and I’m sure we can get into the specifics during Q&A. Above all, I want to reiterate that we are always interested in having conversations with people who want to explore the deeper underpinnings of our technology and even experience it. We are more than happy to have that conversation.

Hilary Braseth, Vice President:

I also want to address up front and right away that very often our system is accused of not having a way to ensure that after a voter makes selections on a smart phone, that they don’t get changed during transmission. This is false. Every ballot submitted using Voatz produces a paper ballot, and every voter using Voatz receives a ballot receipt once they submit, and both of these documents are anonymized and encrypted, and together they form the building blocks for an end-to-end voter verified feedback loop that allows the jurisdiction to confirm that whatever the voters submitted on the smartphone is what’s actually tabulated.

Hilary Braseth, Vice President:

We have worked exceptionally hard alongside or election officials and independent cybersecurity organizations to develop a very strict post-election audit process that, for the first time in history, is open to anyone in the public to sign up. Anybody can be part of that audit process, and we encourage anyone to sign up to be an auditor of our pilots. I cannot emphasize that enough. These audits verify that every single ballot submitted using Voatz in those ballots, that voter intent is reflected and that tabulation is accurate. These audits are critical to both involving the community in our innovation process, but also ensuring that every single ballot submitted on our system can be verified independently without compromising the voter’s anonymity.

Hilary Braseth, Vice President:

Last, before we dive into questions, I really quickly want to note that we have run more than 50 elections since 2016, including 9 targeted, well-designed governmental election pilots across five states for overseas voters and voters with disabilities. These governmental pilots have all been declared successes by the jurisdictions, and many of the voters who’ve used the system have shared very valuable feedback about how this voting option made participation accessible for them, and for some, this was the first time in decades.

Hilary Braseth, Vice President:

The reality is that our system, as it’s currently designed, actively shuts out citizens from participating in our democracy and we are of the belief that we have to move the needle forward to provide these citizens with an easier way to vote, and in that process, security has always been our number one priority in moving forward with these small, targeted, well-designed pilots so we can learn, iterate, and build, and drive progress. Our hope today is we can have a frank and transparent conversation together and that we can have a chance to respond to the latest news about a report that was written about this morning in The New York Times.

Hilary Braseth, Vice President:

Robert, I’ll hand it back to you. I know we have a lot of questions to get through.

Robert Dowling, Moderator:

Great, thanks. Thanks for the background, Hilary. We’ll get through these as fast and efficiently as possible. The first set of questions come from Eric Geller, from Politico.

Robert Dowling, Moderator:

Is Voatz concerned about CISAs comment that is looking into MIT’s new report on the app’s vulnerabilities?

Nimit Sawhney, CEO & Co-founder:

Hi, this is Nimit. I can answer that. So, we are not concerned. We’ve been collaborating with CISA ever since the discussion about this report started a few days ago, and it’s been a very transparent process with them, and we’ve communicated our feedback to them already throughout the process, so not worried about anything over that.

Robert Dowling, Moderator:

Is the company worried that it will lose contracts due to the research?

Larry Moore, Senior Vice President:

Hi, this is Larry. Of course we are, and we’re also concerned that this report will scare off others, but I’m at an event in South Carolina right now and the feedback that we’ve received as late as this morning, and I mean, everyone who’s read this report have had The New York Times article. But as late as this morning, the response has been very gratifying to us.

Robert Dowling, Moderator:

Okay. What evidence does Voatz have that the researchers are motivated by a desire to “thwart the process of innovation and progress for better voting access”? “Disrupt the election process”, “sow doubt in the security of our election infrastructure”, and “spread fear and confusion”.

Larry Moore, Senior Vice President:

Yeah. Let me take that one again. Again, this is Larry Moore. So first of all we are, I was just trying to do this on Google Maps, but we’re probably less than two miles away as the crow flies from the MIT Research Lab in Downtown Boston, so we’re close. They could have contacted us. Had they invited us over, we had come over on the red line, but they didn’t avail themselves of the hacker one program and riffed that in the report, and yet, that would have taken a trivial effort on their part to just confirm the allegations of the jailbroken phones, but they didn’t do that.

Larry Moore, Senior Vice President:

The other evidence is the last couple of paragraphs in their report where they say, “Given the severity of failings discussed in the paper,” which we dispute, “the lack of transparency,” which we also dispute, “the risks of voter privacy and the trivial nature of the attacks, we suggest that any near future plans to use the app for high stakes elections be abandoned.” So not a very collaborative environment here, and they use the media attention to, in a pretty aggressive way, to really try to stop this process in these pilots.

Robert Dowling, Moderator:

Thanks. Why did Voatz accuse the researchers of trying to remain anonymous when they put their names on the paper?

Hilary Braseth, Vice President:

I can take this one. So throughout the process of the researchers initially getting in touch with CISA, they decided to remain anonymous throughout that process, and we could have some guesses as to who the researchers were, but even up until publication in The New York Times, they refused to reveal their identity. We are unaware of why they didn’t want to reveal their identity. We would have been, as Larry mentioned, happy to have engaged in thoughtful conversation with them and helped them to validate whether or not their approach was sound.

Larry Moore, Senior Vice President:

Yeah, and one of the thing, Hilary, I’ll just add to that, they demanded and we exceeded to the demands of having a one on, having a phone call with all of our customers, without us being present, mediated by CISA. Even on that phone call, which happened on Tuesday, a week ago, they did not disclose their own, their identity.

Robert Dowling, Moderator:

If Voatz believes that the research is wrong due to the researchers use of a simulated server, will Voatz let them access its a real server to perform the same analysis?

Nimit Sawhney, CEO & Co-founder:

Hi, this is Nimit here again. I can answer that. Absolutely. We offered that to them as part of our initial response via CISA. 

Nimit Sawhney, CEO & Co-founder:

There was no response from researchers. And moreover, we already have this server available. It’s to our public bug bounty program. Anybody who wishes to sign up, test that apps over there, against the real server with full functionality, is able to do that. And so that system’s already available. They willfully chose not to do it. So absolutely, one of the first things we offered in our responses, why don’t you prove all these claims on a real system, and then we can investigate further. But they did not respond to that at all.

Robert Dowling, Moderator:

Thanks Nimit So the next set of questions come from Russell Brandom from The Verge. First question is, I understand from the post that the MIT researchers were testing an outdated version of your software and weren’t connected with Voatz servers. However, the post stops short of saying that the vulnerabilities discovered had been patched in recent version. I’m curious if you can speak directly to the status of those vulnerabilities.

Nimit Sawhney, CEO & Co-founder:

Absolutely. So they had whole paper is riddled with holes, if I can use that word. For example, they talk about our use of the blockchain and say, executing a 51 percent attack. That attack is not possible because we do not use a public blockchain. We use a permissioned blockchain based on Hyperledger, and such an attack is not possible on that infrastructure. Similarly, they assume that by defeating the malware and the jailbreak detection on the mobile devices, that they will be able to connect to our server. Because they didn’t connect to our server, they did not experience all the checks which happen on the server, which would have prevented them from doing anything.

Nimit Sawhney, CEO & Co-founder:

And then all of their claims are based off that. That because they were able to jailbreak or successfully compromise a client device, that the assumption that device would be able to connect to our server is completely, completely flawed. And so that’s the really, really strange thing was, why would they do such a hypothetical analysis when they had a real system to actually test it out?

Nimit Sawhney, CEO & Co-founder:

Similarly, there’s another-

Larry Moore, Senior Vice President:

Nimit, a reminder to talk about the first claim on the side channel link.

Nimit Sawhney, CEO & Co-founder:

Yes, I was getting there. So one of the claims they have is, as Larry mentioned, it’s called a side channel leak. To drill it down, what it means is as network traffic is passing through while people are using their devices, that by looking at that encrypted network traffic, they can deduce who you are voting for, and then start disrupting that traffic to the disadvantage of the voter. And hypothetically, that may be possible. In a realistic scenario, that’s not possible given how our pilots are conducted. Secondly, that issue of a side channel problem was fixed many months ago. So if they had used the newer version of our system, they wouldn’t have even seen that. But we want to reiterate that in a real world scenario, exploiting that is extremely, extremely hard. Especially in the case of our pilots where voters are distributed, it’s a smaller amount of voters. They’re distributed around the world, breaking into network routers, cell towers, isolating individual voters, breaking into their devices… I mean, these are… This is hypothetical scenario. It’s not realistic at all.

Larry, is there anything you’d want to add to that?

Larry Moore, Senior Vice President:

Yeah, the… Maybe a little humor on the side channel leak. So despite the fact that we really fixed it, I mean think about what’s going on. They have, again, to repeat Nimit, the voters, which there are less than 600 across nine pilots, dispersed around 40 countries. You’d have to gain access to the routers that are located in the cellular providers’ networks or at military bases. And just think about how hard that is. The example that they used, it basically looks trivial if you’ve got one contest and two candidates that have different length names. Bush V Gore for example, would not work.

Larry Moore, Senior Vice President:

And so by looking at gibberish, which is what the encrypted traffic looked like, they claim that you can deduce somewhat easily the identity of the candidates that are being voted for, and then choose to disrupt the traffic back to the server so that the vote would never get registered. That also ignores the guaranteed delivery of messages, and the voter would notice this right away. So, and once again, how did they attack… Attach to the network? They would’ve seen this.

Robert Dowling, Moderator:

So just to follow up on Russell’s question for absolute clarity. He asked, have they been patched? And it sounds like, did they exist? If so, have they been patched? Are they mitigated or otherwise addressed from some server-side protection? I’m curious if you can say why Voatz users should not be worried about the vulnerabilities described in the MIT paper.

Nimit Sawhney, CEO & Co-founder:

Absolutely. So as Larry mentioned earlier, the side channel issue, even though we think it’s largely theoretical at this stage, was addressed in one of our versions much newer than the version which the researchers looked at. Regarding the other protection, yes. So their claim of being able to compromise a device and then being able to use that to connect to the network, that would have gotten blocked by server-side protection. And so definitely, there’s a lot of the intelligence in the system that relies on the server-side, in the cloud, which they completely missed because they were just looking at one isolated piece of the system. So as far as Voatz users are concerned, we do not believe that they should be worried at all about these vulnerabilities, which they are highlighted.

Robert Dowling, Moderator:

Good. Okay, thank you. So we’re going to go to the next set of questions from Alexander Culafi from TechTarget. The first question is really looking for clarity about what we were just talking about, The researchers’ paper said Voatz confirmed the existence of the side channel and PIN entropy vulnerabilities. Is this accurate? I think we’ve more or less covered it, unless there’s anything you want to add there.

Nimit Sawhney, CEO & Co-founder:

I can add something about the PIN entropy. So the system supports PINs of various lengths, various complexities. You can even use external multi-factor devices. But keep in mind, we are focused on accessibility here to make it as convenient as possible for voters without compromising on security. And so the common approach used there is, if you don’t have biometrics enabled on your device, if you’re not using a fingerprint or a face ID, then you can as a last resort, for accessibility, resort to an eight digit pin. Now an eight digit pin has 100 million permutations. So in order to crack a pin for a pilot voter, firstly you have to get physical access to that voter’s device. Then you have to get into that device, run a brute force, it would probably take you two days at the minimum. Destroy the battery, by which time the user would have detected you. And so that’s why we feel it’s not at all realistic at the moment.

Robert Dowling, Moderator:

Got it. The research paper says Voatz does not actually use blockchain technology to submit votes from a mobile device to the servers. Is this accurate? And if so, then why does Voatz official documentation suggest it does use blockchain for votes submissions?

Nimit Sawhney, CEO & Co-founder:

So this claim is completely inaccurate. Right from our very first election, we have used the Hyperledger based blockchain framework. With every pilot we’ve enhanced it, made improvements to it, and continued to do so. Our post-election pilots, ever since the third pilot done by then Denver County, have all utilized the blockchain infrastructure to facilitate the forced post-election audit, which citizen auditors have audited. NCC, which is the National Cybersecurity Center, has audited. So this claim is completely baseless. And if they had tried to dig in more into the system, into the reports which are available on our website, they would not have made this claim that we don’t use the blockchain.

Robert Dowling, Moderator:

Are there differences between the field-tested version of the Voatz app and the version covered in the HackerOne Bug Bounty program?

Nimit Sawhney, CEO & Co-founder:

No, there are not. The only differences, the servers they connect to, the field versions obviously will connect to a production infrastructure when a live election is in progress. The HackerOne applications connect to a replica infrastructure which is identical to the live infrastructure. Just that it’s not a live infrastructure. So you, as a researcher, can request access to test elections if you like. Like many researchers have done, you can request enhanced access where you get… We can provide these special versions of the applications which have less security so you can do more drilling and you know, more kind of under the hood studies as well. And so, but the version available on the bounty program and public production versions are the same. They connect to a different server on the backend.

Robert Dowling, Moderator:

Got it. A Voatz statement said the research team used a flawed approach by constructing hypothetical backend servers, but were the modeled servers used by the research team an accurate representation of Voatz’s servers? And if not, how are they different?

Nimit Sawhney, CEO & Co-founder:

They missed a lot of things, so they were not accurate. At best, they were somewhat partial because they could not see all the components. 

Nimit Sawhney, CEO & Co-founder:

They could not see all the components. They could not even reverse engineer all the code in the Android app that they looked at. And so they’re missing some pieces in the Android app itself. I would say they probably missed 50% of our server architecture information as well, and so that’s why we call it really flawed because had they gone through the bug bounty program or collaborated with us through other means, they could have gotten access to the full infrastructure and had a more accurate view of how our system works.

Robert Dowling, Moderator:

Got it. The next set of questions come from Hiawatha Bray from the Boston Globe. Can you confirm that some other states are planning to use the vote software in this year’s election? Which states? Also, how many states are using the votes app this year?

Nimit Sawhney, CEO & Co-founder:

Hilary, that’s for you.

Hilary Braseth, Vice President:

Yeah, I can take that one. We typically leave any announcements to the jurisdiction. So any new jurisdiction that’s going to be using our technology this year, we’ll let them make that announcement.

Robert Dowling, Moderator:

How do you get a printout from your smartphone?

Hilary Braseth, Vice President:

So this question might be in reference to what I said in the introductory remarks. As soon, and I was describing kind of the post vote audit trails, so we do have an infographic that delineates and tries to simplify yet still honor the technical process behind the vote system. So if anybody on this call is interested in having a copy of that infographic, please reach out to the organizer of this call and we can get that to you. But the short of it is that as soon as the voter submits her ballot on her smartphone, three really important things happen.

Hilary Braseth, Vice President:

One, instantly she receives a receipt with all of her selections. This receipt is anonymized, it’s password protected, and only she holds the password to see that receipt. The purpose of this receipt is so that the voter can verify her selection, as I reiterate. Simultaneously, what happens at the jurisdiction is an official ballot that is marked with this voter’s selections has been formed at the jurisdiction, and on election day two members from the jurisdiction possess the keys to unlock what we call a digital lockbox where they unlock it and print the official ballots for tabulation.

Hilary Braseth, Vice President:

At the close of the election, comparing that digital receipt with the voter’s selection that’s anonymized with that official ballot, both are signed with an anonymous ID, selection by selection validates that voter intent is reflected in the overall count and to make sure that nothing nefarious happened in the transmission of the voter’s vote. Not to get too technical, but the third and last thing that happens, because I mentioned there were three things that happen when a voter submits. The last thing that happens is when a voter submits their ballot, each oval on that ballot passes through that Hyperledger public permissioned blockchain network that Nimit was mentioning, and that serves as the final and third audit piece as an untamperable record in the event that something were to happen to the paper tally. So that digital receipt, the official paper ballot, comparing those two verifies that intent is reflected in the overall count. And then the blockchain record is the overall final audit piece. I hope that clarifies. And again, we have an infographic that delineates this.

Robert Dowling, Moderator:

Thanks Hilary. Aaron Mack from Slate asks, I was wondering if votes had a statement on Mason County deciding not to use the app.

Larry Moore, Senior Vice President:

So I’ll take that. I know the auditor there pretty well. So surely this was disappointing to us. He was under intense pressure to back out, but as late as this morning, he indicated he wished he’d stayed in. But I want to put a plug in for the Voatz system, we don’t know of another system that in fact could have backed out votes that had already been cast. And that’s a real strength of the system. So yes, votes had been submitted in Mason County. And when Paddy McGuire said I need to pull the plug, we were able to back those out and they never counted.

Robert Dowling, Moderator:

Got it. Kevin Collier from NBC asks, I believe Voatz has gone thr0ugh several independent audits, the results of which it hasn’t made public. When you say who each of these auditors are and will you ever make the results public?

Nimit Sawhney, CEO & Co-founder:

I can address that. So many of the audits we’ve done in the past, as we mentioned earlier, have been under stipulations warranted by the NDA, so we are unable to reveal the names. However, findings have been shared with our customers, and so there are some audits happening for which information is publicly available. One of them was conducted by the DHS. That’s report is available on our website, so if you go into the FAQ section, you’ll find a report. And as more public reports are available, we will be sharing them on our website as well.

Robert Dowling, Moderator:

Right. We have one more question that’s come in during the call from Rob Right at Tech Target. Voatz took issue with the fact that the researchers wouldn’t disclose their identities. But you also offered these same anonymous researchers access to your backend servers? Is that correct?

Nimit Sawhney, CEO & Co-founder:

Yes, we did. When the initial discussions were happening, these are moderated by the team at CISA. We did request the researchers to use our bug bounty system, in which case they can remain anonymous. They don’t have to reveal themselves. And prove their claims. Because they didn’t actually prove a single one of their claims. It’s all hypothetical. And so it’s like, okay, why don’t you prove this on a real system? And if it’s a real problem, other than the side channel one, which we had already previously fixed, if any of the others are real problems, minus the server one. That was a whole sense of hypothesis there, but any of the other issues they highlighted, we would have loved to engage with them but they did not even reply. Larry, you want to add something?

Larry Moore, Senior Vice President:

Yeah. Let me pause for just a second before we go onto any other questions and just talk about the nature of pilots. On innovations in elections, and I think I can say this with a great deal of certainty here, have started with… All innovations in elections have started with pilots, from the time the industry moved from precinct voting to vote centers in early voting, to the time when Washington and Oregon pioneered all vote by mail. These have all started with pilots. And in every single case, security was raised as an issue. And so we see this as a continuum going on. And we’re not at all saying that we’re ready for universal access or universal adoption, but we feel like we’re very responsible starting off with really the two most vulnerable cohorts in the electorate. And that’s military and overseas voters, their families and civilians residing abroad as well as voters with disability who have a legal right to access new technology as it’s presented to, for example, military and overseas voters.

Larry Moore, Senior Vice President:

So pilots are inherently part of the progress that gets made in elections, which we may agree has been largely a stagnant industry. And these attacks that have been leveled against us this morning really are a continuum of the attacks against this kind of technology that started nearly 18 years ago. And the same arguments are being used. I think the MIT researchers spent a lot of time compiling this report, and I think it would have been a lot better had they collaborated with us instead of attacked us.

Robert Dowling, Moderator:

Thanks, Larry. And thank you everyone. I know we are past time. You can send follow up questions. We’re taking them by email. Give us feedback on the call. And also if you need more information, please reach out. We’ll of course let everyone know if an additional call is necessary and gets scheduled and are happy to address follow up questions. Thanks for your time and have a great afternoon.