Voting by Smartphone Quick and Easy, Just Not Very Secure
With the U.S. midterm election approaching, concerns about cybersecurity and Russian meddling are mounting. The state of West Virginia has chosen now, of all times, to introduce smartphone voting.
A small number of Americans will be able to vote in the midterm elections this November by taking a selfie-style video and downloading an app. West Virginia is the first and only state to test out Voatz, a voting app for smartphones. The experiment, which is largely directed at military personnel serving overseas, will allow the soldiers to cast their votes digitally as an alternative to cumbersome absentee ballots.
"There is nobody that deserves the right to vote any more than the guys that are out there, and the women that are out there, putting their lives on the line for us," says Republican Mac Warner, West Virginia's secretary of state and chief election official. In light of the ongoing revelations about Russian cyberattacks, others, meanwhile, are horrified by the prospect, arguing that smartphone voting is highly vulnerable to hacking. They accuse the Voatz startup of a lack of transparency, glaring technological flaws, of providing a lack of information relating to its system architecture and of having a dubious public image.
Sign up for our newsletter -- and get the very best of SPIEGEL in English sent to your email inbox twice weekly.
Users register with Voatz by taking a photo of their government-issued ID, as well as a selfie video of their face, which they then upload within the app. The startup maintains its facial recognition software can tell whether the video and the photo of the ID show the same person. Once a user has been approved, that person can then use the app to cast their vote.
The digital ballot is then verified and added to the blockchain, a digital ledger originally devised for digital currencies such as bitcoin. "Because blockchain is a distributed ledger of transactions, military mobile votes become immutable and tamper-proof once recorded," Voatz claims.
Is It Really Safe?
Ultimately, no one can say with certainty whether Voatz's app is secure. Nimit Sawhney's startup launched the software several years ago, and it went on to win a number of awards. But there is very little proof that it is invulnerable.
- To start with, the infrastructure that Voatz uses cannot be secured -- i.e., the voters' smartphones and the networks used to transfer the data. Marian K. Schneider, president of the U.S. advocacy group Verified Voting, lobbies to make voting in the digital era transparent and secure. She has profound reservations about smartphone voting: "Even putting aside the authentication and verifiability issues, nothing in these systems prevents malware on smartphones, interception in transit or hacking at the recipient server end." She also thinks it wouldn't be too difficult to tamper with the identity authentication process. And even a targeted interruption of the connection could be enough to influence an election.
- Voatz is also sketchy on details relating to its use of blockchain technology, making it unclear whether it offers a specific advantage over standard databases. "Blockchain technology is the hot new buzzword, and it appears that Voatz uses it in the least effective way," says Douglas Jones of the University of Iowa, an associate professor of computer science and expert on electronic voting systems. Data in a blockchain is stored in a decentralized way across its network rather than being held centrally, so that it has no centralized points of vulnerability. But in this case, this advantage doesn't apply. Or at least, Voatz hasn't responded to this criticism. "With all the servers in the custody of the vendor, a dishonest vendor could do anything they want to the results," warns Jones.
- Voatz says it has commissioned third-party firm for extensive security audits. But information about these security firms on Voatz's website has been repeatedly revised in recent days, apparently in response to queries from the media. Still remaining are Security Innovation and the platform HackerOne, where Voatz has offered rewards to anyone who can identify security risks. So far, Voatz has paid out a total of two rewards of $100 and $50. That doesn't sound much like serious auditing.
- There are no indications that a technical inspection by state authorities took place either. Voatz, at the very least, has made no claims to that effect. If that didn't happen, it would mean that the public authorities aren't even aware of what, exactly, is behind Voatz's technology.
- Internal Voatz code has popped up in at least two places on the platform Github, a mass database where code is uploaded and widely shared. The company claims it was test code unrelated to the real system. But details in the code raise concerns that Voatz doesn't always attach the utmost importance to common security practices.
DER SPIEGEL sent Voatz a detailed list of questions to give the startup the opportunity to allay concerns. Although a short reply indicated that the PR team had received the mail from the reporters at DER SPIEGEL, the company has yet to answer any of the questions.
New Manipulation Attempts Expected
Mac Warner, West Virginia's secretary of state, is also his state's top election official.
In May, the company launched a pilot test in primaries in two districts in West Virginia. It was deemed a success, even though only 11 voters used the technology in both districts. Now, an expansion is planned for the midterms, when soldiers from West Virginia who are stationed overseas, as well as their families, are to elect a new senator and new members of the House.
The news comes amid a tense debate over the apparent ease of hacking American democracy. Memories of the events of the presidential election two years ago are still fresh in peoples' minds. A flood of new information about Russian attempts at manipulation emerged after Donald Trump's election. Several Congressional committees, as well as the FBI and a special counsel are also currently probing connections between the Trump camp and Moscow.
The intelligence services are certain that Russia will not shy away from continuing efforts to meddle in U.S. politics, even during the upcoming congressional midterm election. "Of course. I have every expectation that they will continue to try and do that," Mike Pompeo, the head of the CIA, told the BBC in an interview earlier this year. In February, Dan Coats, the director of national intelligence, concurred during a hearing in Washington. "There should be no doubt that Russia perceives its past efforts as successful and views the 2018 U.S. midterm elections as a potential target for Russian influence operations," he said.
About a year ago, the Department of Homeland Security informed about half of all U.S. states that their systems had been targeted by hackers with alleged connections to Russia before the 2016 elections.
An 'Entirely Opaque' Process
Given the many points of criticism about app voting, it would be interesting to find out how the pilot project in West Virginia came about. Did the buzzwords "biometry" and "blockchain" convince officials to give Voatz a chance?
The State Election Commission didn't respond to questions on the subject. "The process that West Virginia went through to make an agreement with Voatz is entirely opaque," crticizes Jones. Other election-technology experts, like David Eckhardt, a professor of computer science at Carnegie Mellon University, have more fundamental attitudes about it. Eckhardt rejects online systems for elections in any manner.
It's difficult to predict how many votes will be submitted via Voatz in November. Each of West Virginia's 55 electoral districts can decide on its own whether its registered soldiers and their families will be provided wtih Voatz as an alternative to the ways of voting currently offered. Anyone who wants to vote by smartphone also needs an iPhone 5s or a more recent model, or one of a select number of Android devices that are less than two years old.
For safety's sake, the Voatz system is meant to back up each vote with a paper printout, so that the State Election Commission can later audit the results if needed. But Voatz hasn't stated where and how the printouts will be generated.
The technology that has previously been used in U.S. elections is also considered problematic. Unlike German federal elections, in which pen and paper are used, a variety of electronic voting systems are deployed in America. Not all of them allow for paper recounts. Experts see the aging of American voting-booth computers as a "hair-raising" security problem. And, as the Voatz case shows, the situation doesn't necessarily improve when a state seeks to adopt more modern technology.