Almost a year ago, the Department of Homeland Security alerted roughly half of all U.S. states that their election systems had been the targets of hackers linked to Russia. Jeanette Manfra, the head of cybersecurity at the Department of Homeland Security, later confirmed the attacks. “We saw a targeting of 21 states and an exceptionally small number of them were actually successfully penetrated,” she told NBC News in February. Even worse, experts have warned that Russia’s attempts at meddling did not end in 2016. “They’re still very active—in making preparations, at least—to influence public opinion again,” Feike Hacquebord, a security researcher at Trend Micro, told the Associated Press in January. The Trump administration, meanwhile, is doing painfully little to prevent future attacks. The president’s repeated denials of Russian meddling is another form of malign neglect. With less than three months to go until Americans return to the polls en masse, the United States remains deeply vulnerable to any hackers who might like to cast a vote of their own. Enter Voatz. With a name reminiscent of a plot device in Idiocracy, Voatz is a mobile election-voting-software start-up that wants to let you vote from your phone. In the upcoming midterm elections, West Virginians serving overseas will be the first in the U.S. to be able to vote via a smartphone app using Voatz technology, CNN reported Monday. The Boston-based company raised $2.2 million earlier this year, helped along by buzzwords such as “biometrics” and “blockchain,” which it claims allows it to secure the voting process. Its app reportedly requires voters to take and upload a picture of their government-issued I.D., along with a selfie-style video of their face, which facial-recognition technology then uses to ensure the person pictured in the I.D. and the person entering a vote are the same. The ballots are anonymized and recorded on the blockchain.
Security experts, to put it mildly, are not impressed. On Monday, security architect Kevin Beaumont tweeted a thread deftly critiquing the app for its flaws, including an out-of-date data encryption and authentication service. “This is going to backfire,” he warned. “The United States needs some form of vetting process for online voting in elections.” Software developer Buzz Andersen piled on, tweeting, “Oh cool, the Theranos of voting!”
Joseph Lorenzo Hall, the chief technologist at the Center for Democracy & Technology, called Voatz a “horrifically bad idea,” not least due to the potential for votes to become de-anonymized in the future. “Imagine if you’re a uniformed military serviceman stationed abroad, excited to be able to cast a ballot in, say, the West Virginia primary, where they plan on using a remote blockchain voting system . . . then imagine that in 20 years, the entire contents of your ballot are decryptable and publicly available,” he said. “It’s not something we should throw to the V.C. wolves or allow bleeding-edge technologies to mess with, without serious and deep inquiry and interrogation.” The potential for a security breach, Verified Voting president Marian Schneider told CNN, also stretches beyond Voatz’s technology, to the unsecured computers and mobile devices of everyday Americans. And reliance on an electronic format, in place of a traditional paper trail, means “undetectable changes . . . could occur in transit.”