Utah county moves to expand mobile voting through blockchain

Credit to Author: Lucas Mearian| Date: Mon, 21 Oct 2019 03:00:00 -0700

Disabled voters in Utah County will be able to use their smartphones to vote in the November municipal election, an expansion of an earlier pilot test of the blockchain-based technology and anothert step toward allowing all voters to cast ballots with a mobile device.

The county, which has more than a half million residents, is the third in the U.S. to partner with Tusk Philanthropies, a non-profit focused on expanding mobile voting nationally. The latest pilot is a collaboration between the Utah County Elections Division, Tusk Philanthropies, the National Cybersecurity Center and Boston-based voting app developer Voatz.

Voatz iPhone mobile voting application.

“I think it’s a great expansion on the mobile voting project,” Michela Menting, a director with ABI Research, said via email. “I think there is certainly potential to extend such technology to the general public, but it is always contingent on succeeding in smaller focus groups first, and especially those which may often find it more difficult to vote – due to location or disability as in this example.”

Utah County chose to expand the use of mobile voting after the National Cybersecurity Center (NCC) recently completed an audit of an August municipal primary election pilot that used the mobile voting app; the audit found that the results were accurate. Disabled voters will be able to use the app in upcoming municipal elections.

“I made the decision to utilize it for our disabled community after that,” said Amelia Gardner, Utah County Clerk and Auditor. “It was used twice in West Virginia for overseas voters, twice in Denver for overseas voters; so, in addition to my use of it in the municipal primary, that gave us five solid examples of clean audits coming back showing the votes were true.”

Utah County, which has 265,000 active registered voters, used the mobile voting app in a municipal election earlier this year for absentee military service members and their families living overseas. Only 45 voters took advantage of it, but the pilot went smoothly. This time around, Gardner expects there’ll be dozens of disabled registered voters who’ll be able to cast their votes through a smartphone to avoid having to go to a polling station.

“We’re excited about it. It’s made things a lot more simple on our side and increased our confidence in the quality of the overseas votes,” Gardner said. “We have been working closely with the Disability Law Center in the state of Utah to get the word out, but municipal elections are always a smaller election anyway.”

To date, the Voatz mobile voting platform has been used in four public election pilots (and about 40 elections overall): the 2018 West Virginia Primary Elections; the 2018 West Virginia Midterm Elections; the 2019 City/County of Denver Municipal General Elections; and the 2019 City/County of Denver Municipal Runoff Elections.

The NCC also worked with Voatz to develop a web-based tool that displays the voter-verified receipt, the tabulated ballot image and the blockchain-based ledger transaction. The ballot can then be printed out and inserted into a scanner with other paper ballots.

Using the mobile app also simplifies the typically labor-intensive process of dealing with absentee ballots, Gardner said. “Previously, overseas voters cast their ballots with email, but there was no way to verify their ID and no way to know if their email system had been hacked or if they were really the person responding to the email or not,” she said.

“On top of that, we had to have an employee read the email and fill out a paper ballot, and have a second employee verify they read the email correctly. It’s very labor intensive and very manual,” she said. “With this process, once the vote is recorded in the blockchain it generates a paper ballot and we run that through our scanners with all the other ballots and it maintains the secret ballot for that citizen.”

Voatz is among a small community of mobile voting platforms using blockchain as a distributed voting system; other firms include Votem, SecureVote, and Scytl. While only a small number of vendors offer it, mobile voting is gaining the attention of municipal officials for its ease of use and purported privacy and security.

The city of Vineyard, Utah – one of the fastest-growing cities per capita in the U.S. –  has asked Gardner for permission to use the mobile voting app for all residents, something that’s currently not legally possible. The city, which has grown from 5,000 residents to 15,000 in less than four years, has a large millennial population that is tech savvy, Gardner said.

Right now in the state of Utah, marking a ballot electronically is only allowed for citizens who fall under the national Uniformed and Overseas Citizens Voting Act (UOCAVA), which covers overseas absentee voters and disabled voters. If Congress were to enable mobile balloting for all registered voters, Gardner said she’d still require a few more audited pilots before she’d agree to opening the technology up to the general citizenry.

“I’m a fan, and most county clerks you’ll find are also fans, of introducing new technology incrementally. The first was UOCAVA voters in a smaller election and then in a little larger election; the next step I’d like to see would be all absentee ballots, whether you’re in another country or serving an internship in another state or caring for a sick family member in another state,” Gardner said.

The Voatz application uses a permissioned blockchain based on the HyperLedger framework first created by IBM and now supported by the Linux Foundation. In the election, verified validating nodes (servers) are used, split evenly between AWS and Microsoft Azure, each of which are geographically distributed, according to Voatz.

On the Voatz app, authentication is a three-step process that uses the smartphone’s camera and its biometric feature (either fingerprint or facial recognition). First, the voter scans their state driver’s license or passport; then they take a live facial snapshot (a video “selfie”), and finally they touch the fingerprint reader on the smartphone, which ties the device to the specific voter.

Once a voter is authenticated, the app matches the voter’s “selfie” to the facial picture on their passport or driver’s license and confirms eligibility to vote by checking the state’s voter registration database

“The voter photo-IDs and selfies are deleted soon after verification and are not used for any other purpose outside of voter identity verification,” Voatz CEO Nimit Sawhney said in an earlier interview. “Any biometric information never leaves the secure storage on the mobile devices and is not stored on remote servers.”

Not everyone, however, is sold on mobile voting – blockchain-based or otherwise.

Jeremy Epstein, vice chairman of the U.S. Technology Policy Council at the Association for Computing Machinery (ACM), said in a recent report that new technologies, including blockchain, fail to resolve insoluble security issues inherent with online voting.

“These issues include server penetration attacks, client-device malware, denial-of-service attacks and disruption attacks,” Epstein said in the report. “Infecting voters’ computers with malware or infecting the computers in the elections office that handle and count ballots are both effective methods for large-scale corruption.”

Until there is a fundamental breakthrough to internet security, the best method for protecting election integrity is a tried-and-true one: mailed paper ballots, Epstein concluded.

While not tamper-proof, paper ballots “are not vulnerable to the same wholesale fraud or manipulation associated with internet voting,” Epstein said in the report.

ABI Research’s Menting said many have argued against mobile and blockchain voting because it’s not inherently safe and because there are too many “threat vectors, and unknowns, that could put the voting process in jeopardy.

“That is true to an extent, but so is paper-based voting,” Menting said. “I would argue that mobile and blockchain technology notably can provide a number of additional security features that offer robust-enough security to ensure the voting process is as secure (if not more secure) than existing voting mechanisms, especially regarding insecurity of ballot counting machines and systems. So I do believe that blockchain voting is safe.”

Of course, Menting added, any new technology initiatives, whether blockchain, mobile or otherwise, need to be continuously tested and verified to ensure they continue to meet the levels of security required in a voting setting.

“But to date, it looks like the Voatz system works, and well at that, and hopefully it continues to do so,” she added.

http://www.computerworld.com/category/security/index.rss