Protecting all voters’ personal information is the number one priority at Voatz. As soon as a voter’s identity is verified and linked to the voter’s thumbprint, FaceID*, or PIN, all identifying documents (photo ID, video ‘selfie’) are completely expunged from the system. This ensures that no personally identifiable information can be accessed in the future, and allows Voatz to use the smartphone’s thumbprint, FaceID* or PIN capabilities to authenticate the voter going forward.
*FaceID is copyright by Apple.
Once a voter submits a ballot, three distinct records are created that allow a voter to verify their vote is recorded and counted as they intended.
- Ballot Receipt: Soon after voting, a voter receives an encrypted, anonymized receipt to verify their selections. This receipt is password protected and signed with an anonymous ID (only the voter knows this password and anonymous ID).
- Paper Ballot: A paper ballot is generated and printed at the jurisdiction for tabulation. This paper ballot is signed with the same anonymous ID, and this paper ballot constitutes the record being counted.
- Blockchain Record: All ballot selections pass through multiple, distributed nodes on a public-permissioned blockchain network. If the votes pass all checks, they are stored as a tamper-resistant record alongside all other votes.
There is an additional step a voter can take to verify their vote(s). Once the election closes, the voter has the opportunity to participate in a public citizens’ audit, where all ballot receipts, paper ballots and blockchain data are compared to ensure voter intent is reflected in the overall election count. For more information about the Voatz post-election audit process, view the video on the Security & Technology page of our website.
Voatz is currently only available for elections in jurisdictions that are actively engaged in a pilot or on a contractual basis.
If a voter lives in a jurisdiction offering Voatz, the process is as follows:
- REQUEST – A voter requests to vote absentee from their jurisdiction and indicates that they would like to “vote mobile” (which often requires filling out an “absentee voter request form”).
- VERIFY – The voter receives an invitation to download the Voatz app and verify their identity (usually by scanning a government-issued photo ID).
- VOTE – Once verified, the voter votes on the smartphone and a paper ballot is produced at the jurisdiction for tabulation. The voter also receives a ballot receipt confirming their selections. Both documents are digitally signed with an anonymous ID to preserve privacy.
- CONFIRM – After the election, an audit confirms that the tabulation (paper ballots) match voter intent (ballot receipts).
In the third point above, the actual voting process begins once the voting window officially opens. When the voter opens the app, they will see a notification on the home screen indicating they have access to an active ballot in an ongoing election. When they open the ballot, they can tap to make selections for the candidate(s) and/or issue(s) of their choice, one contest at a time. Voters are prevented from making more selections than allowed for a given contest. This ensures that only the allotted number of votes is recorded. At any time before submission, the voter can review their choices and make changes if necessary. Once finished, the voter submits their ballot, and all information is anonymized and recorded on a blockchain network.
In the Voatz app, authentication is a three-step process that uses the smartphone’s camera and biometric features (fingerprint recognition or facial recognition):
- The voter scans their state driver’s license, state ID, or passport.
- The voter takes a live snapshot of their face (a video “selfie”).
- The voter touches the fingerprint reader or uses the facial recognition feature on their smartphone, which links the device to the voter.
The app first does a liveness check on the ‘selfie’, then compares the voter’s “selfie” to the photo on their passport or driver’s license, and finally, compares the ID data to the state’s voter registration database to confirm that the voter is eligible to vote. As soon as the voter is authenticated, all personally identifiable information is deleted.
The entire process takes roughly five minutes and once a voter has successfully completed authentication, they will not be required to do it again unless they change their address or get a new ID.
This process is essential because it verifies that the voter is who they say they are, that their jurisdiction confirms they are eligible to vote, and that their identity is tied to the smartphone being used, guaranteeing one voter per device, and one device only.