Voatz

Tag Archive

Editorials: There’s always a threat to voting online | Huntingdon Herald-Dispatch

It shouldn’t take an MIT genius to figure out that any internet-based voting system can be hacked, but apparently it did. Last week researchers at the Massachusetts Institute of Technology said the Voatz app, which has been used in West Virginia and elsewhere by absentee voters and military personnel, has vulnerabilities that could allow hackers to change a person’s vote without detection. The Voatz developer said the analysts used an older version of the app. It accused them of acting in “bad faith.” So far the app has been used by fewer than 600 voters in nine pilot elections. Voatz was used in West Virginia’s elections in 2018 by fewer than 200 voters. No problems were reported. Last month, the Legislature approved a bill that would allow voters with physical disabilities to use the Voatz app in this year’s election. The bill awaits the governor’s signature or veto.

Full Article: Editorial: There's always a threat to voting online | Opinion | herald-dispatch.com.

National: Security experts raise concerns about voting app used by military voters | Brian Fung/CNN

Security researchers are reporting flaws in a smartphone-based voting app that’s been used by military voters overseas and is now being tested for use in the US. The vulnerabilities could allow nation-state hackers to view, block or even change smartphone ballots before they’re counted, according to a new paper written by three researchers at the Massachusetts Institute of Technology. The app is designed by the company Voatz, whose technology has been piloted so far in West Virginia, Colorado and Utah. The company called the report “flawed” in a statement posted to its website Thursday. “We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues,” Voatz said in the statement. “The researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.” The report comes amid rising concern about the use of apps and online voting tools in the 2020 election following the failure of reporting tools in the Iowa caucuses.

Full Article: Security experts raise concerns about voting app used by military voters - CNNPolitics.

National: Smartphone voting stirs interest — and security fears | AFP

West Virginia’s disabled residents and overseas military personnel will be able to vote by smartphone in the US presidential election this year, the latest development in a push to make balloting more accessible despite persistent security fears. Rising interest in electronic voting has heightened concerns among security experts who fear these systems are vulnerable to hacking and manipulation that could undermine confidence in election results. Overseas service members from West Virginia first voted by smartphone in 2018 with the blockchain-powered mobile application Voatz, which is now being tested in some elections in Colorado, Utah, Oregon and Washington state. West Virginia recently expanded the program to people with physical disabilities. A report released Thursday by Massachusetts Institute of Technology researchers uncovered Voatz “vulnerabilities” which could allow votes to be altered and potentially allow an attacker to recover a user’s secret ballot.

Full Article: Smartphone voting stirs interest -- and security fears - RFI.

National: Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy | Thomas Claburn/The Register

Only a week after the mobile app meltdown in Iowa’s Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia’s 2018 midterm election. They claim the Android app is vulnerable to attacks that could undermine election integrity in the US state. Based on their findings, published today in a paper [PDF] titled, “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections,” researchers Michael Specter, James Koppel, and Daniel Weitzner conclude that internet voting has yet to meet the security requirements of safe election systems. “We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a side-channel attack in which a completely passive network adversary can potentially recover a user’s secret ballot,” their paper states. “We additionally find that Voatz has a number of privacy issues stemming from their use of third-party services for crucial app functionality.” Specifically, the researchers discovered that malware or some miscreant with root access to a voter’s mobile device can bypass the host protection provided by mobile security software known as the Zimperium SDK.

Full Article: Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy • The Register.

National: Researchers Find Security Flaws in Voatz Mobile Voting App | Andrea Noble/Route Fifty

A mobile voting app used by West Virginia and several local governments in the 2018 midterm elections contains vulnerabilities that could allow hackers to determine how someone voted or even change their vote, according to a report released Thursday by security researchers. Researchers from the Massachusetts Institute of Technology found the security flaws in the Voatz voting app, which was originally designed as a way for overseas service members to cast ballots. The researchers said their findings underscore prior security recommendations that the internet not be used for voting. “Perhaps most alarmingly, we found that a passive network adversary, like your internet service provider, or someone nearby you if you’re on unencrypted Wi-Fi, could detect which way you voted in some configurations of the election,” said Michael Specter, a graduate student in MIT’s Department of Electrical Engineering and Computer Science. “Worse, more aggressive attackers could potentially detect which way you’re going to vote and then stop the connection based on that alone.” In addition to West Virginia, several local governments, including ones in Washington state, Colorado, Utah and Oregon, have conducted their own pilots with the Voatz system. Additional states are also considering whether to use the app to assist absentee voters in upcoming elections.

Full Article: Researchers Find Security Flaws in Mobile Voting App - Route Fifty.

National: MIT researchers find vulnerabilities in Voatz voting app used in multiple states | Maggie Miller/The Hill

A voting app used in multiple states during the 2018 midterms elections to allow for more accessible voting has cyber vulnerabilities that could allow for votes to be changed or exposed, researchers at the Massachusetts Institute of Technology (MIT) found. In a paper published Thursday, three MIT researchers found that Voatz had vulnerabilities that “allow different kinds of adversaries to alter, stop, or expose a user’s vote” and that the app also had several privacy issues due to the use of third-party services to ensure the app functioned. The researchers found that if an individual were able to gain remote access to the device used to vote on the Voatz app, vulnerabilities could have allowed that person to discover and change the votes cast. The researchers described their findings as being part of the first “public security analysis of Voatz” and noted that they used reverse engineering of the Android Voatz app to come to their conclusions. The Voatz app was used during the 2018 midterms in some municipal, state or federal elections in West Virginia, Colorado, Oregon and Utah. The company allows voters to cast their votes via an app and was rolled out in West Virginia as a way for overseas military personnel and other voters unable to physically go to the polls to cast their votes.

Full Article: MIT researchers find vulnerabilities in voting app used in multiple states | TheHill.

National: ‘Sloppy’ Mobile Voting App Used in Four States Has ‘Elementary’ Security Flaws | Kim Zetter/VICE

A mobile voting app being used in West Virginia and other states has elementary security flaws that would allow someone to see and intercept votes as they’re transmitted from mobile phones to the voting company’s server, new research reveals. An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately, researchers from the Massachusetts Technology Institute write in a paper released Thursday. The app, called Voatz, also has problems with how it handles authentication between the voter’s mobile phone and the backend server, allowing an attacker to impersonate a user’s phone. Even more surprising, although the makers of Voatz have touted its use of blockchain technology to secure the transmission and storage of votes, the researchers found that the blockchain isn’t actually used in the way Voatz claims it is, thereby supplying no additional security to the system. The research was conducted by Michael Specter and James Koppel, two graduate students in MIT’s Computer Science and Artificial Intelligence Lab, and Daniel Weitzner, principal research scientist with the lab. Election security experts praised the research and said it shows that long-held concerns about mobile voting are well-founded.

Full Article: 'Sloppy' Mobile Voting App Used in Four States Has 'Elementary' Security Flaws - VICE.

West Virginia: State Expands Online Voting as Security Worries Grow | Patrick Groves/Government Technology

West Virginia, which has become an early tester of blockchain voting, is expanding Internet voting to include those with physical disabilities. But the move comes just as researchers from the Massachusetts Institute of Technology (MIT) have published a paper asserting that Voatz — the app West Virginia has been using in its pilot tests — has serious flaws, including the ability of bad actors to change votes without voters’ knowledge. Gov. Jim Justice signed SB 94 into law last week giving the secretary of state permission to create a system that allows people with physical disabilities to vote electronically. The Office of the Secretary of State lauded its success with Boston-based vendor Voatz that tallied 144 ballots from uniformed and overseas citizens in 2018. The Secretary of State’s Office may choose the startup again to enact the new law’s mandate for the 2020 primary and general elections. But election security experts and computer scientists have grown increasingly skeptical of the cybersecurity surrounding voting apps, especially after a mobile app used during the Iowa Caucus recorded data accurately but only reported it partially due to a coding error.

Full Article: West Virginia Expands Online Voting as Security Worries Grow.

National: Voting on Your Phone: New Elections App Ignites Security Debate | Matthew Rosenberg/The New York Times

For more than a decade, it has been an elusive dream for election officials: a smartphone app that would let swaths of voters cast their ballots from their living rooms. It has also been a nightmare for cyberexperts, who argue that no technology is secure enough to trust with the very basis of American democracy. The debate, long a sideshow at academic conferences and state election offices, is now taking on new urgency. A start-up called Voatz says it has developed an app that would allow users to vote securely from anywhere in the world — the electoral version of a moonshot. Thousands are set to use the app in this year’s elections, a small but growing experiment that could pave the way for a wider acceptance of mobile voting. But where optimists see a more engaged electorate, critics are warning that the move is dangerously irresponsible. In a new report shared with The New York Times ahead of its publication on Thursday, researchers at the Massachusetts Institute of Technology say the app is so riddled with security issues that no one should be using it.

Full Article: Voting on Your Phone: New Elections App Ignites Security Debate - The New York Times.

National: MIT researchers identify security vulnerabilities in voting app | Abby Abazorius/MIT News

In recent years, there has been a growing interest in using internet and mobile technology to increase access to the voting process. At the same time, computer security experts caution that paper ballots are the only secure means of voting. Now, MIT researchers are raising another concern: They say they have uncovered security vulnerabilities in a mobile voting application that was used during the 2018 midterm elections in West Virginia. Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted. Additionally, the researchers found that Voatz’s use of a third-party vendor for voter identification and verification poses potential privacy issues for users.

Full Article: MIT researchers identify security vulnerabilities in voting app | MIT News.

Utah: Lawmaker says Iowa caucuses a cautionary tale for online voting | Art Raymond/Deseret News

Issues in the recent Iowa Democratic caucuses with a smartphone app are a further reminder, according to one Utah lawmaker, that the state should move slowly and deliberately toward any future change to a statewide online voting system.

To that end, Rep. Mike McKell, R-Spanish Fork, is sponsoring a proposal to spend some 20 months on a study to determine what, if any, digital voting system is secure enough to trust with running Utah elections. That proposal, HB292, got unanimous support from the House Government Operations Committee on Wednesday and is now headed to the full body for further consideration. Ahead of the meeting, McKell told the Deseret News the proposed study isn’t due until October 2021 and would have no impact on the upcoming general election, nor the 2021 off-year municipal elections. The goal of the study, McKell said, is to take the necessary time to do a thorough assessment of the potential advantages, and pitfalls, of moving the voting process into the digital realm. “I think we need to slow things down and commit to a thorough review of internet voting,” McKell said. “I think there are a lot of pressures in play to use new technologies and take advantage of efficiencies they can bring. “But we just saw a whole host of problems in Iowa … that are a reminder that we’re just not there yet.”

Full Article: Utah lawmaker says Iowa caucuses a cautionary tale for online voting - Deseret News.

National: Iowa’s app fiasco worries mobile voting advocates | Tonya Riley/The Washington Post

The fiasco caused by an app that failed to properly transmit votes in the Iowa caucuses is worrying the mobile voting industry, which hoped 2020 would be a banner year. Companies — and proponents of incorporating more technology into elections — are trying to avoid being lumped in with the hastily made app used in Iowa. They’re saying its failure proves serious investment in user-friendly, secure election technology is more critical than ever. “We need to ensure that every new idea is tested, transparent and secure — just like the eight successful mobile voting pilots conducted to date,” Bradley Tusk, the founder and CEO of Tusk Philanthropies, said in a statement. “Enough is enough. 2016 should have been enough of a wake-up call. Iowa just confirmed it.” Tusk Philanthropies has funded pilots for mobile voting across the country, launched in a push to increase participation in elections. Unlike the app used in Iowa, which was developed to relay vote counts, the pilots use technologies that allow voters to easily vote from their mobile phones. So far, the pilots have largely been limited to eligible uniformed and overseas voters and voters with disabilities. But any expansion is sure to fall under an even more critical spotlight. Any malfunction — or hack — of an app used directly for voting in 2020 could have far greater impact in undermining public faith in the Democratic process than one Democratic caucus gone wrong.

Full Article: The Cybersecurity 202: Iowa's app fiasco worries mobile voting advocates - The Washington Post.

Washington: ‘Proceed very cautiously’: Experts say online elections raise security concerns | Amy Radil/KUOW

Voting online is now an option for certain voters in King, Pierce, and Mason counties. But Washington state lawmakers and security experts say these methods should be “off the table” in 2020. Tuesday, February 11 is the last day for voters in the King Conservation District election to submit their online ballots. The election made headlines last month as the country’s first in which all eligible voters cast ballots via smartphones and computers. Pierce and Mason counties plan to use the same method to allow military and overseas voters to cast ballots in the presidential primary. But the failure of the app at the Iowa caucuses last Monday has inflamed doubts around online voting. Even before then, Washington Secretary of State Kim Wyman and cybersecurity experts condemned online balloting calling for the exclusive use of paper ballots this year. Should Washington voters worry about online voting? …Computer scientist Jeremy Epstein has a much different perspective than Tusk. He argues the platforms Tusk has funded through two firms, Voatz and Democracy Live, are not transparent. “Both Voatz and Democracy Live have talked about, ‘Oh yes we’ve had security assessments,’” said Epstein, who works for the Association for Computing Machinery. “But they won’t release any information on what they’ve tested, what the results are. They just said, ‘don’t worry, be happy.’” Epstein said there are no standards for secure internet voting because it is “fundamentally insecure. ” He add that “we don’t want to build standards for ‘safe cigarettes,’” and “we don’t build standards for ‘safe’ internet voting because it’s a contradiction in terms.”

Full Article: KUOW - 'Proceed very cautiously': Experts say WA online elections raise security concerns.

Verified Voting Blog: What We Don’t Know About the Voatz “Blockchain” Internet Voting System

The breakdown of the Iowa caucus’s mobile reporting app on February 3 highlights the risks of implementing new voting technologies that rely on the internet. Verified Voting advocates for the responsible use of technology in elections, and as President Marian K. Schneider noted, “The good news is that {Iowa) didn’t use (a mobile app) for voting, which means the results are available and have been preserved on paper.”

Internet voting is not secure, yet despite known vulnerabilities, internet and mobile phone voting are still being considered by some lawmakers as viable voting options. In 2019, Verified Voting Board Member David Jefferson and other authors published a paper about the risks of the Voatz mobile voting platform and the many questions that still remain unanswered. Read their 2019 paper below or download the PDF here 

National: Iowa Caucus chaos likely to set back mobile voting | Lucas Mearian/Computerworld

A coding flaw and lack of sufficient testing of an application to record votes in Monday’s Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting. While there have been hundreds of tests of mobile and online voting platforms in recent years – mostly in small municipal or corporate shareholder and university student elections – online voting technology has yet to be tested for widespread use by the general public in a national election. “This is one of the cases where we narrowly dodged a bullet,” said Jeremy Epstein, vice chair of the Association for Computing Machinery’s US Technology Policy Committee (USTPC). “The Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it’s just delayed results and egg on the face of the people who built and purchased the technology.” The vote tallying app used Monday in the Iowa Caucus was created by a small Washington-based vendor called Shadow Inc.; the app was funded in part by a nonprofit progressive digital strategy firm named Acronym. Today, Acronyn strived to make it clear through a tweet it did not supply the technology for the Iowa Caucus, and it is no more than an investor.

Full Article: Iowa Caucus chaos likely to set back mobile voting | Computerworld.

West Virginia: State plans to make smartphone voting available to disabled people for 2020 election | Kevin Collier/NBC

West Virginia is moving to become the first state to allow people with disabilities to use technology that would allow them to vote with their smartphones in the 2020 election. Gov. Jim Justice, a Republican, plans to sign a bill by early next week that will require all counties to provide some form of online ballot-marking device to every voter with physical disabilities, according to West Virginia Secretary of State Mac Warner. Warner, the state’s chief election official, said that he would most likely provide counties with the smartphone app Voatz or a similar app, making the choice easy for cash-strapped counties. But cybersecurity experts have long railed against apps like Voatz, saying that any kind of online voting unnecessarily increases security risks. “Mobile voting systems completely run counter to the overwhelming consensus of every expert in the field,” said Matt Blaze, a computer scientist at Georgetown University and a seasoned election security researcher. “This is incredibly unwise.”

Full Article: West Virginia plans to make smartphone voting available to disabled people for 2020 election.

West Virginia: Bill To Allow Internet Voting For West Virginians With Disabilities Passes Legislature | West Virginia Public Broadcasting

The West Virginia House of Delegates has passed a bill that would allow voters with certain disabilities to vote electronically in the upcoming election.  Senate Bill 94 will provide West Virginians with disabilities the same electronic voting ability the West Virginia Secretary of State allowed for overseas military members in 2018. It’s the first bill both chambers of the Legislature have voted on this year. The bill now heads to the governor’s desk for final approval. Donald Kersey, general counsel to the Secretary of State’s office, said Thursday qualifying voters will know within a month what kind of electronic voting methods will be available to them, assuming Gov. Jim Justice signs the bill. He said because Tusk-Montgomery Philanthropies, a mobile voting advocacy group, has offered to pay for the associated equipment, implementing the bill won’t cost anything to the state or the counties responsible for offering and collecting the ballots. The same group covered mobile voting costs in the last election.

Full Article: Bill To Allow Electronic Voting For West Virginians With Disabilities Passes Legislature | West Virginia Public Broadcasting.

West Virginia: Mobile absentee voting proposed for people with disabilities | Steven Allen Adams/News and Sentinel

A mobile phone app used by deployed military service members to vote overseas could be the answer for helping people with disabilities and the blind to vote absentee, though concerns were raised Monday about potential hacking. Senate Bill 94 was introduced Jan. 8 by Senate Judiciary Committee Chairman Charles Trump, R-Morgan, at the request of Secretary of State Mac Warner. The bill would provide West Virginians with physical disabilities the ability to vote by an electronic absentee ballot. The bill easily made it through the state Senate eight days later, passing unanimously Jan. 15 as the first bill to cross over from the Senate to the House of Delegates. The House Judiciary Committee took up the bill Monday morning and was still talking about the bill Monday afternoon. The bill was recommended for passage and will be sent to the full House.

Full Article: Mobile absentee voting proposed for people with disabilities | News, Sports, Jobs - News and Sentinel.

National: Internet voting Is happening now and it could destroy our elections | Rachel Goodman and J. Alex Halderman/Slate

Russian hackers will try to disrupt American voting systems during the 2020 election cycle, as they did in 2016. This time, they’ll be joined by hackers from all over the world, including some within the United States. What unites them all is an eagerness to undermine free and fair elections, the most basic mechanism of American democracy. There are some hard questions about what to do about all this, but one piece is surprisingly straightforward: We need to keep voting systems as far away from the internet as possible. There’s a growing and clear consensus on this point. Federal guidelines for new voting machines might soon prohibit voting systems from connecting to the internet and even using Bluetooth. At the same time, though, voter turnout in this country remains abysmal. Allowing people to vote on their phones seems intuitively like it could help, especially for young people who vote at especially low rates. It could also be helpful for some military and overseas voters, as well as some voters with disabilities, who face challenges getting a physical ballot cast, returned, and counted. So why not try it? Well, put mildly, security vulnerabilities introduced by internet voting could destroy elections.

Full Article: Internet voting could destroy our elections..

National: Voting by app is a thing, and it’s spreading, despite the fears of election security experts | Mark Sullivan/Fast Company

In this age of extreme concern—even paranoia—over election security, you might be a little surprised to hear that some voters in parts of the country are voting from home, using an app. So far the vote-by-app option has been reserved for military people serving overseas and elderly people who might have physical difficulty getting to the polls. One state (West Virginia) and a number of cities and counties have already used a voting app called Voatz in elections, mainly small ones. Voatz, a Boston-based startup that’s raised almost $10 million in venture capital, birthed its app at a SXSW hackathon in 2016, and went through the TechStars incubator. Its technology is unique in that it utilizes the biometric security features (such as fingerprint readers and facial recognition cameras) of newer smartphones to verify the voter’s identity. Those security technologies are already used to secure sensitive transactions like sharing financial information and making online purchases. But election security people have raised concerns about internet-connected voting technologies. The Mueller report exposed numerous attempts by foreign hackers to infiltrate U.S. voting systems via the internet during the 2016 election. Since then, states and counties have rushed to disconnect all voting systems–including voting machines, tabulators, and administrative technologies–from the public internet. The Voatz app’s use of the internet is the main reason it’s caught the attention of the election security community.

Full Article: Voting by app is spreading—via a startup called Voatz.