Utah County to pilot blockchain-based mobile voting

Credit to Author: Lucas Mearian| Date: Tue, 23 Jul 2019 10:46:00 -0700

Utah County is the latest government entity to pilot a mobile voting application based on blockchain to allow military absentee voters and their family members living overseas to vote in an upcoming municipal primary election.

The county, which has more than a half million residents, is the third in the U.S. to partner with Tusk Philanthropies on a national effort to expand mobile voting. The pilot is a collaboration between the Utah County Elections Division, Tusk Philanthropies, the National Cybersecurity Center and Boston-based voting app developer Voatz.

Eligible voters will be able to participate in the upcoming election by opting in to vote electronically on their smartphones. Those using the mobile voting platform will fill out an absentee ballot request, complete their identity authentication and verification on the Voatz application, and submit their ballot for the election. Voting began June 28  and continues through 8 p.m. on Election Day, Aug. 13.

About 45 voters have been invited and “a handful” have already voted using the mobile app, according to Voatz CEO Nimit Sawhney.

For federal and local elections, the Voatz blockchain-based mobile voting platform is only offered to active-duty military, their eligible dependents and other overseas voters using their smartphones. To date, the Voatz platform has been used in four public election pilots (and 40 elections overall): the 2018 West Virginia Primary Elections; the 2018 West Virginia Midterm Elections; the 2019 City/County of Denver Municipal General Elections; and the 2019 City/County of Denver Municipal Runoff Elections.

West Virginia Secretary of State Mac Warner estimated that 144 West Virginia absentee voters living in 30 different countries cast ballots in the 2018 Midterm Elections using  Voatz’s app on approved mobile devices; the app records the ballots anonymously using blockchain. While Warner lauded the blockchain-secured app for enabling military and their dependents to vote, his deputy chief of staff, Mike Queen, said the state has no plans to expand the use of the Voatz mobile app.

“We have done a ton of due diligence on this process and we’ve seriously considered every complaint and concern about blockchain,” Queen said in an earlier interview. “Not only does blockchain make it secure, but Voatz has a really unique biometric safeguard system in place as well that involves facial recognition and thumb prints.”

The Voatz app has been used in non-public election voting such as state political party conventions, caucus voting, labor unions, nonprofits and student government elections at universities, Sawhney said.

“In the near future, it is anticipated that pilots could be expanded to citizens with disabilities, and/or other absentee voters in a graduated, step-by-step manner,” Sawhney said via email.

That said, not everyone is thrilled about the prospect of mobile voting.

Michela Menting, digital security research director at UK-based ABI Research, said mobile voting applications have shortcomings involving both ease-of-use concerns and security fears. For one, not everyone has a top-end smartphone.

“Also, that hardware piece would need to securely store a hash of your biometric information in order to use the biometric modalities on the phone to verify your identity,” Menting said via email.

On the back end, the company processing the biometric information must ensure it’s done securely and can’t be stolen for unauthorized use. “So, a company like Voatz would have to ensure that it is applying the highest security standards to the security and management of that data,” she said.

Jeremy Epstein, vice chairman of the U.S. Technology Policy Council at the Association for Computing Machinery (ACM), said in a recent report that new technologies, including blockchain, fail to resolve the insoluble security issues inherent with online voting.

“These issues include server penetration attacks, client-device malware, denial-of-service attacks and disruption attacks,” Epstein said in the report. “Infecting voters’ computers with malware or infecting the computers in the elections office that handle and count ballots are both effective methods for large-scale corruption.”

Until there is a fundamental technological breakthrough to internet security, the report said, the best method for protecting election integrity is a tried-and-true one: mailed paper ballots.

While not tamper-proof, paper ballots “are not vulnerable to the same wholesale fraud or manipulation associated with internet voting,” Epstein said in the report.

“Military voters undoubtedly face greater obstacles in casting their ballots. They deserve any help the government can give them to participate in democracy equally with all other citizens,” Epstein wrote. “However, in this threat-filled environment, online voting endangers the very democracy the U.S. military is charged with protecting.”

The Voatz application uses a permissioned blockchain based on the HyperLedger framework first created by IBM and now supported by the Linux Foundation. In the election, verified validating nodes (servers) are used, split evenly between AWS and Microsoft Azure, each of which are geographically distributed, according to Voatz.

Military personnel and their families who used the Voatz app only need an Apple or Android smartphone and a state or federal ID.

Voatz iPhone mobile voting application.

On the Voatz app, authentication is a three-step process that uses the smartphone’s camera and its biometric feature (either fingerprint or facial recognition). First, the voter scans their state driver’s license or passport; then they take a live facial snapshot (a video “selfie”), and finally they touch the fingerprint reader on the smartphone, which ties the device to the specific voter.

Once a voter is authenticated, the app matches the voter’s “selfie” to the facial picture on their passport or driver’s license and confirms eligibility to vote by checking the state’s voter registration database.

“In line with our commitment to privacy and security, the voter photo-IDs and selfies are deleted soon after verification and are not used for any other purpose outside of voter identity verification,” Voatz’s Sawhney said. “Any biometric information never leaves the secure storage on the mobile devices and is not stored on remote servers.”

In time, similar blockchain applications could be used for other purposes, such as setting up a government identity, getting a driver’s license or even paying taxes.

“Since only verified voters are permitted to use the Voatz platform by design, it is conceivable that such users could opt-in to use the Voatz ID for non-voting related, federated identity verification services and related use cases in the future,” Sawhney said. “As [to] when this would happen, it would require the user to explicitly opt-in.”

http://www.computerworld.com/category/security/index.rss