Posted on 09/26/2018 10:03:22 AM PDT by Red Badger
For the first time in our nation's history, voters in 24 counties in W. Virginia will be able to vote using their mobile phones. While some are hailing the decision because it will make voting easier for members of the military deployed overseas, experts are warning of possible security breaches.
"After researching previously available options, the Secretarys team identified that most electronic ballot delivery technology required access to a desktop computer, printer and scanner, all of which present significant barriers to overseas voters, especially those in combat zones or engaged in covert operations," the W. Virginia Secretary of State's office explained in a press release this week. The state is partnering with a Boston, Massachusetts-based company called Voatz, Inc.
"Voatz has developed a secure mobile voting application that allows voters to receive, vote, and return their ballots electronically," the press release claims. "The application also utilizes blockchain technology to store electronically submitted ballots until election night, and requires a heightened standard of identity verification for users than traditional absentee ballot processes. This project is unprecedented in United States history, being the first mobile voting application and first use of blockchain technology in a federal election."
During the state's primary election in May, a pilot was conducted in two W. Virginia counties with voters in six different countries utilizing the technology. "Post-election security audits by several independent and widely respected technology auditing companies showed that the technology provided a secure platform for voting and an alternative to the traditional absentee paper ballot," the Secretary of State's office declared. "Voatzs app, which also utilizes biometric facial recognition software and thumbprint safeguards to ensure the identity of the voter, increased the confidence of the auditors. In short, the nations first mobile voting app test pilot was a success."
In order to use the mobile technology, users register with Voatz by taking a picture of their government ID and also a selfie video of their face. Voatz then uses facial recognition software that (they claim) can verify the voter's identity. Once approved, voters can cast their ballots using Voatz's app. After the vote is cast it is added to the blockchain, a digital ledger of sorts, popularized by digital currencies such as Bitcoin.
"Because blockchain is a distributed ledger of transactions, military mobile votes become immutable and tamper-proof once recorded," says Voatz.
The state of W. Virginia admits that there are "substantial" security concerns, but explained that Voatz will be utilizing "federal standards for software development, regular maintenance and security upgrades, in-depth penetration testing, source code auditing and audits of the systems cloud infrastructure. After surpassing those requirements, the pilot moved forward."
Federal standards? That alone should raise red flags.
A report from Thales eSecurity points out that 71 percent of federal agencies have experienced data breaches. Their 2018 "Data Threat Report" concluded that "federal agencies are experiencing a 'perfect storm" around data that is putting agency secrets, and the private data of over 330 million citizens, at risk."
Research Principal Analyst Garrett Bekker posited that "the U.S. federal sector has experienced a higher rate of breaches in the past year than any other sector."
A Heritage Foundation report on 2017 federal cyber breaches concluded, "In fiscal year 2016, government agencies reported 30,899 information-security incidents, 16 of which met the threshold of being a major incident." The report includes an extensive list of breaches.
A report at Spiegel Online last month warned of a wide variety of security concerns with mobile voting:
To start with, the infrastructure that Voatz uses cannot be secured -- i.e., the voters' smartphones and the networks used to transfer the data.
Voatz is also sketchy on details relating to its use of blockchain technology, making it unclear whether it offers a specific advantage over standard databases. "With all the servers in the custody of the vendor, a dishonest vendor could do anything they want to the results," warned Marian K. Schneider, president of the U.S. advocacy group Verified Voting.
Voatz says it has commissioned third-party firms for extensive security audits. But information about these security firms on Voatz's website has been repeatedly revised in recent days, apparently in response to queries from the media.
There are no indications that a technical inspection by state authorities took place either. Voatz, at the very least, has made no claims to that effect. If that didn't happen, it would mean that the public authorities aren't even aware of what, exactly, is behind Voatz's technology.
Internal Voatz code has popped up in at least two places on the platform Github, a mass database where code is uploaded and widely shared. The company claims it was test code unrelated to the real system. But details in the code raise concerns that Voatz doesn't always attach the utmost importance to common security practices.
It's important to remember that in April the Department of Homeland Security announced that Russian hackers had targeted all 50 states during the 2016 election cycle.
Assistant Secretary Jeanette Manfra told lawmakers at the time, "Two years ago the Russian government launched a brazen, multi-faceted influence campaign aimed at undermining public faith in our democratic process, generally and our election specifically." She added, "That campaign involved cyber espionage, public disclosure of stolen data, cyber intrusions at the state and local voter registration systems, online propaganda, and more. We cannot let it happen again."
Director of National Intelligence Dan Coats also warned that the warning lights are blinking red with respect to Russian interference in U.S. elections.
West Virginia has seemingly ignored those warnings, launching headlong into mobile voting with a barely tested technology. While everyone agrees that we want to make it as easy as possible for military voters to participate in elections, those needs must be weighed against security concerns. In reality, the men and women serving in our armed forces are being used as guinea pigs for an experimental technology that could conceivably be vulnerable to hackers and others determined to disrupt our election processes. While paper ballots are cumbersome and the vote totals are often delayed, they've been proven over and over again to be the most secure way to cast a ballot.
Paper ballots are "absolutely the safest way, to vote, Richard DeMillo, a cybersecurity professor at the Georgia Institute of Technology in Atlanta, told Bloomberg. All this fancy stuffyou are talking to a computer scientist, and it breaks my heart to say thisbut it just drives up the cost and doesnt add anything.
National Academies of Sciences, Engineering, and Medicine warned in a 2018 report that election administrators should work toward using human-readable paper ballots" for the 2020 presidential race and should make "every effort" to use them for this year's elections.
The issues highlighted in 2016 add urgency to a careful reexamination of the conduct of elections in the United States and demonstrate a need to carefully consider tradeoffs with respect to access and cybersecurity," the report explained.
The researchers further warned that ballots that have been marked by voters should not be returned over the Internet or any network connected to it, because no current technology can guarantee their secrecy, security, and verifiability.
Having worked in IT for the Army, as well as pointing this out to IT Techs I currently know, we all say, ‘NO!’
Another ploy by the Socialist Democrat Party to electronically stuff ballot boxes!
CHEATERS!
This should NEVER EVER EVER be allowed to happen in a free society!
What are the names of these idiots who put this in place??
I wonder if/when some conservative group will challenge this insane law?
WTF? Whose great idea was this? The West Virginia Secretary of State Andrew “Mac” Warner is ostensibly a Republican, but I just cannot believe this.
As it stands, I fully see the Left trying to actually pull out ALL the stops in an attempt to STEAL this election, they are that desperate and I think will try to get away with everything they can, no matter how blatant.
Why play into their hands? I can’t believe this.
All I could find in the article was a link to a statement by Andrew “Mac” Warner, the WV SOS. He may just have to implement it.
Still looking for someone to pin this to besides him.
Voatz is also sketchy on details relating to its use of blockchain technology, making it unclear whether it offers a specific advantage over standard databases. “With all the servers in the custody of the vendor, a dishonest vendor could do anything they want to the results,” warned Marian K. Schneider, president of the U.S. advocacy group Verified Voting.
~~~
Blockchain servers are typically not in the possession of any one owner or entity. It’s part of the reason why it’s so secure, along with the decryption difficulty.
Also, this sort of thing would be somewhat easy to detect. Your State and local Secretary of State or Board of Electors should have a system of creating secret dummy sample voters for which the vote records can be pulled after the counts to verify matching votes. In fact, this would be a good method for error checking as well as for catching fraud.
The most secure method is a paper ballot handed to the voter at the polling station. The voter then goes into the privacy booth, makes their selection(s), folds the ballot and places said ballot in the box. The boxes are opened only after the polls close, and the public is free to view the counting at any and all times.
Any other method of balloting is far too vulnerable to fraud.
Early voting should only be for those unable to attend for professional or military reasons, and those ballots should be kept at the courthouse and counted the same day as regular ballots, the same way.
Paper ballots and dye-stained index fingers...the only way to have an honest election in these corrupt times.
Misleading statement. What should be added is "...ONLY if they are overseas military or overseas gov't workers."
Have no knowledge of the tech end of this but SoS Warner wants to make sure these votes are counted. For various reasons, they often are not. Warner led the fight to purge 70,000 entries from voter rolls since Jan '17.
I have just scanned about 10 articles, every single one of them is devoid of information or names regarding who was championing this.
Ostensibly, it is for military personnel, but I don’t approve of that either. There are well established avenues for absentee ballots, and even though Leftists have a penchant for somehow losing those in trunks of cars, or finding them at the last minute in close races, I would rather have that.
This is insane. I want more information.
How ya gonna do that with overseas military? That's what this is for. NOT IN STATE VOTING!!!
Haven't folks gotten sick and tired of "lost and/or late" military votes?
Military and gov't worker only.
...and even though Leftists have a penchant for somehow losing those in trunks of cars, or finding them at the last minute in close races, I would rather have that.
I'd rather not...provided the security issues are adequate.
Wish I had your knowledge so as to speak to the tech end.
Right now I’m having a hard time just trying to keep the FACTS of this policy straight. The knee jerk reactions are ridiculous.
Note, I’m not for OR against this yet. I’m waiting to see what tech savvy FReepers like you say.
As a EE with extensive years in communications and IT, this would be a Hell No.....
Although you may be able to secure the ability, similar to online banking, there is no guarantee of who is actually voting....
Plus the platform leaves a door open into the voting platform for potential massive hacking....unlike a business protecting its interests, this is government employees ( largely democrat) ensuring the integrity of the system.....oops...
BINGO!...........................
I spent six years in the Navy in the 1980’s. I had no problem voting in every election, no matter where I was in the world.
Voting by cell phone is a disaster waiting to happen.
In my state we have processes for absentee ballots for citizens, not just military and government workers...I am all for absentee ballots, but I think they should ONLY be used in cases where a person CANNOT physically be present to vote.
I detest the process of giving them to people who can’t get up off their fat ass to go down to a polling place.
Oddly, my wife and I may both have vote absentee this election because we will be out of state...last time I did it was in 1978, when I was in the USN.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.