West Virginia is the first state to run a blockchain-based voting project at such a scale, state officials say. And if adopted more widely, the technology could make it easier to vote and potentially reduce long lines at the polls. But many security experts worry that the technology may not be ready for broader use — and could even contain vulnerabilities that risks the integrity of elections.
By the end of Tuesday, election officials expect more votes to roll in digitally from as many as five additional countries. Voters have already submitted ballots from Albania, Botswana, Egypt, Mexico and Japan, among others, said Michael Queen, deputy chief of staff to West Virginia Secretary of State Mac Warner. Warner’s son, who is in the military and stationed abroad, has also participated in the pilot, Queen said.
“It’s already been very successful,” Queen said. “We’re very pleased with the participation.”
As many as 300,000 U.S. voters located overseas requested ballots in the 2016 elections but failed to submit them, said Queen, a figure that suggests many Americans face difficulty participating in the democratic process.
West Virginia sought to solve the problem by turning to Voatz, a company that in January received $2.2 million from Medici Ventures, a blockchain-focused investment firm owned by the online retailer Overstock.com.
The Voatz app has been used on a limited basis in a number of other settings, such as student council races and West Virginia’s May primary. But Election Day represents the company’s biggest test yet.
To cast a ballot, voters must first register through the app by uploading an image of their driver’s license or other photo identification. Then the app instructs them to submit a short video of their own face. Facial recognition technology supplied by a voter’s iPhone or Android device matches the video against the photo ID, and the personal information on the ID is matched to West Virginia’s voter registration database. Once the verification is complete, voters can make their selections and confirm their ballot by fingerprint or facial recognition.
Hilary Braseth, Voatz’s director of product design, said that in addition to using technology for verification, the company also has human workers manually reviewing the submitted information. The company does not store the personal data once a voter’s identity has been confirmed, she said.
Votes are stored on a private blockchain — essentially a database where records are secured using complex computational algorithms — and unlocked by county clerks when the polls close.
“When they take the votes from the blockchain, it will immediately print onto a paper ballot — just like the same look and feel of what voters are physically voting with on Election Day,” Braseth said. “And then those paper ballots will be fed into the tabulating machines on the ground at the state level.”
Overseas voters who used Voatz will receive an anonymized copy of the ballot that they submitted remotely; another copy will be made available to Warner’s office for auditing purposes. Several independent, outside auditors are expected to spend the following months performing an assessment of the pilot project, and with a report probably due by mid-spring.
Two voters so far have reported difficulties using the app, Queen said, but the process has otherwise proceeded smoothly. In response to questions about security, Queen said West Virginia has no plans to extend mobile voting beyond its relatively small overseas population.
“Secretary Warner has never and will never advocate that this is a solution for mainstream voting,” Queen said.
Voting with Voatz is probably more secure than submitting absentee ballots by email, said Maurice Turner, an election security expert at the Center for Democracy and Technology, a Washington think tank. And because the system relies on facial recognition tech produced by Apple and other vetted devicemakers, the verification method seems sound. But, he said, it remains far less secure than submitting a paper ballot in person.
Even though human workers may be analyzing the photo identification and user-submitted videos, that does not prevent someone from trying to impersonate a voter by digitally manipulating the photo ID before uploading it, Turner said.
“That’s not authenticating the voter. It’s authenticating the person who’s using the app,” he said.
Other security experts have said that simply by introducing an Internet-connected mobile device into the process raises the baseline risk of hacking or interception.
And despite the current use of cryptography to keep remotely submitted ballots secret on the blockchain, future technologies that could defeat that protection may end up unmasking voters' identities and choices.
If I can verify that my vote was correctly recorded, then your local mob boss can also use my receipt to verify the same thing.— Matthew Green (@matthew_d_green) August 28, 2018
Still, Turner said, as many aspects of consumers' lives go digital, it’s no surprise that voters might expect the same from their engagement with the civic process.
“We’re coming upon a time where the average voter is someone who grew up with digital devices,” he said. “If we can accept that, then we can plan for it accordingly. If we make the assumption that voters will move to mobile devices, we can start thinking about what are the policies, what are the regulations to put in place, to make sure it can happen — and what security measures need to be designed into those platforms.”