Posted on 09/26/2018 10:03:22 AM PDT by Red Badger
For the first time in our nation's history, voters in 24 counties in W. Virginia will be able to vote using their mobile phones. While some are hailing the decision because it will make voting easier for members of the military deployed overseas, experts are warning of possible security breaches.
"After researching previously available options, the Secretarys team identified that most electronic ballot delivery technology required access to a desktop computer, printer and scanner, all of which present significant barriers to overseas voters, especially those in combat zones or engaged in covert operations," the W. Virginia Secretary of State's office explained in a press release this week. The state is partnering with a Boston, Massachusetts-based company called Voatz, Inc.
"Voatz has developed a secure mobile voting application that allows voters to receive, vote, and return their ballots electronically," the press release claims. "The application also utilizes blockchain technology to store electronically submitted ballots until election night, and requires a heightened standard of identity verification for users than traditional absentee ballot processes. This project is unprecedented in United States history, being the first mobile voting application and first use of blockchain technology in a federal election."
During the state's primary election in May, a pilot was conducted in two W. Virginia counties with voters in six different countries utilizing the technology. "Post-election security audits by several independent and widely respected technology auditing companies showed that the technology provided a secure platform for voting and an alternative to the traditional absentee paper ballot," the Secretary of State's office declared. "Voatzs app, which also utilizes biometric facial recognition software and thumbprint safeguards to ensure the identity of the voter, increased the confidence of the auditors. In short, the nations first mobile voting app test pilot was a success."
In order to use the mobile technology, users register with Voatz by taking a picture of their government ID and also a selfie video of their face. Voatz then uses facial recognition software that (they claim) can verify the voter's identity. Once approved, voters can cast their ballots using Voatz's app. After the vote is cast it is added to the blockchain, a digital ledger of sorts, popularized by digital currencies such as Bitcoin.
"Because blockchain is a distributed ledger of transactions, military mobile votes become immutable and tamper-proof once recorded," says Voatz.
The state of W. Virginia admits that there are "substantial" security concerns, but explained that Voatz will be utilizing "federal standards for software development, regular maintenance and security upgrades, in-depth penetration testing, source code auditing and audits of the systems cloud infrastructure. After surpassing those requirements, the pilot moved forward."
Federal standards? That alone should raise red flags.
A report from Thales eSecurity points out that 71 percent of federal agencies have experienced data breaches. Their 2018 "Data Threat Report" concluded that "federal agencies are experiencing a 'perfect storm" around data that is putting agency secrets, and the private data of over 330 million citizens, at risk."
Research Principal Analyst Garrett Bekker posited that "the U.S. federal sector has experienced a higher rate of breaches in the past year than any other sector."
A Heritage Foundation report on 2017 federal cyber breaches concluded, "In fiscal year 2016, government agencies reported 30,899 information-security incidents, 16 of which met the threshold of being a major incident." The report includes an extensive list of breaches.
A report at Spiegel Online last month warned of a wide variety of security concerns with mobile voting:
To start with, the infrastructure that Voatz uses cannot be secured -- i.e., the voters' smartphones and the networks used to transfer the data.
Voatz is also sketchy on details relating to its use of blockchain technology, making it unclear whether it offers a specific advantage over standard databases. "With all the servers in the custody of the vendor, a dishonest vendor could do anything they want to the results," warned Marian K. Schneider, president of the U.S. advocacy group Verified Voting.
Voatz says it has commissioned third-party firms for extensive security audits. But information about these security firms on Voatz's website has been repeatedly revised in recent days, apparently in response to queries from the media.
There are no indications that a technical inspection by state authorities took place either. Voatz, at the very least, has made no claims to that effect. If that didn't happen, it would mean that the public authorities aren't even aware of what, exactly, is behind Voatz's technology.
Internal Voatz code has popped up in at least two places on the platform Github, a mass database where code is uploaded and widely shared. The company claims it was test code unrelated to the real system. But details in the code raise concerns that Voatz doesn't always attach the utmost importance to common security practices.
It's important to remember that in April the Department of Homeland Security announced that Russian hackers had targeted all 50 states during the 2016 election cycle.
Assistant Secretary Jeanette Manfra told lawmakers at the time, "Two years ago the Russian government launched a brazen, multi-faceted influence campaign aimed at undermining public faith in our democratic process, generally and our election specifically." She added, "That campaign involved cyber espionage, public disclosure of stolen data, cyber intrusions at the state and local voter registration systems, online propaganda, and more. We cannot let it happen again."
Director of National Intelligence Dan Coats also warned that the warning lights are blinking red with respect to Russian interference in U.S. elections.
West Virginia has seemingly ignored those warnings, launching headlong into mobile voting with a barely tested technology. While everyone agrees that we want to make it as easy as possible for military voters to participate in elections, those needs must be weighed against security concerns. In reality, the men and women serving in our armed forces are being used as guinea pigs for an experimental technology that could conceivably be vulnerable to hackers and others determined to disrupt our election processes. While paper ballots are cumbersome and the vote totals are often delayed, they've been proven over and over again to be the most secure way to cast a ballot.
Paper ballots are "absolutely the safest way, to vote, Richard DeMillo, a cybersecurity professor at the Georgia Institute of Technology in Atlanta, told Bloomberg. All this fancy stuffyou are talking to a computer scientist, and it breaks my heart to say thisbut it just drives up the cost and doesnt add anything.
National Academies of Sciences, Engineering, and Medicine warned in a 2018 report that election administrators should work toward using human-readable paper ballots" for the 2020 presidential race and should make "every effort" to use them for this year's elections.
The issues highlighted in 2016 add urgency to a careful reexamination of the conduct of elections in the United States and demonstrate a need to carefully consider tradeoffs with respect to access and cybersecurity," the report explained.
The researchers further warned that ballots that have been marked by voters should not be returned over the Internet or any network connected to it, because no current technology can guarantee their secrecy, security, and verifiability.
Obviously a reason this is “secret” and hidden.
Just wait until the next step - Google, Apple, facebook, twitter, et. al. will “make it even easier to vote with your smartphone.”
They’ll add “fact checks” about every option on the ballot (from “trusted fact checkers”) and a “vote like me” to automatically check everyone who “I” should vote for. Then the ability to let your phone “vote like me” every election without even needing to run the app or see the ballot or even know an election is today - turn the phone on and google will submit your votes. And “for privacy reasons” they won’t be able to even show you who you voted for (a boss could demand you show them so it’s dangerous to show who you/google voted for).
My skeptical mind thinks exactly that.
It is like the “Motor Voter Law” passed in the Clinton administration.
It wasn’t well known except to people like us who may have followed it...two of the people behind that law were Richard Cloward and Frances Fox Piven (of Cloward-Piven infamy) two people who are revered by the radical Left.
There is a picture of them beaming proudly at the signing ceremony.
My feeling is that anything people like that are for...I am against in principle. And I view this the same way, the fact that I cannot find out who was really behind it makes me suspicious.
Grr. How right you are. This stuff makes my blood boil.
You are exactly right.
I think it is ironic that Mueller is wasting untold dollars and time trying to “prove” collusion between the Russians and the Trump campaign, while West Virginia is allowing voting by smart phone. If that isn’t open to hacking by bad actors from, oh, say, Russia, what is?
As someone who spent 35+ years in IT, it has always been my feeling that not all technologies are advances in living. I’m also beginning to understand why my uncle, who worked on some top secret aircraft during his career in the 50’s through the 80’s, became a total Luddite upon his retirement. No cable, no cell phones, nothing! Most of the music he listened to was on old vinyl records or reel-to-reel tapes. Only when it became almost impossible to find vinyl records did he start using CDs.
He isn't trying to prove collusion, he's trying to find something he can hang on Trump to get him to resign..............
Demonrats are seriously scared.
Considering the problems in getting ballots TO the military as well as FROM the military, especially in combat zones, this idea makes sense so long as security can be assured.
You were lucky, you got to vote when you were in. I had to wait over a year after I finished my 2 yr. active duty before I was allowed to vote.
I’m a software architect.
There’s merit to this concept, although I have my reservations as I’d like to see the open source community fully vet this application.
I’ve considered Blockchain being used for voting. That part of it isn’t my concern, it does do exactly what is claimed - you can’t fake the “transaction ledger” after something is recorded into it. The concern is the validation of the user making the vote via face recognition - I’m weary of the use of biometrics in general. If somebody gets a hold of your digital signature and can spoof it into an application or system, I’m not sure what you’re supposed to do about it - you can’t change your signature.
So if something shows up saying you paid for something by face verification and you know you didn’t make the purchase, what recourse do I have? At least with a credit card I can cancel it and get a new one.
I would not be surprised if more people vote in WV this November that even live in WV!.....................
Then watch out FRiend, 'cause us Mountaineers are gonna take over the WHOLE F#$@%& WORLD!!!!!
Thanks for that. I’m too dumb for that to mean anything to me, but if it pushes those that DO know to discuss it (rather than some of the idiocy I’ve seen posted on this and other threads) all the better.
.
LOL, they obviously didn’t want YOU to vote!
In my squadron, IIRC, our senior enlisted leadership were tasked with giving us the information, having us fill out the forms, and send them on their way. I don’t recall the mechanics, it was so long ago, but I do remember voting in the 1976 and 1978 elections that way.
You're right, they didn't. Nobody wanted me to vote. I had to wait 'til after my 21st birthday.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.