Another Click2Gov data breach hits Indio, California
October 15, 2018
The online bill payment software used by hundreds of local governments continues to be a frequent source of cybersecurity incidents.
The state is expanding on a two-county test during its May primary, despite the misgivings of election security advocates.
Benjamin Freed is the technology editor for StateScoop, covering how states and cities make decisions about the technology that powers government s...
West Virginia voters living overseas will have the ability to cast ballots this November using a mobile app that uses blockchain encryption. The state had tested the app, called Voatz, during the May 8 primary election with voters hailing from two counties, and now intends to make it available to all 55 counties following a security audit that found “no blocking or critical issues” during the pilot.
The decision was first reported by CNN; state officials did not respond to requests for comment.
Election security advocates are not reassured, saying that West Virginians who choose to cast their ballots over a phone app will be exposed to risks that their votes could be corrupted.
“All the risks and vulnerabilities present in other internet transactions will be present,” Marian Schneider, president of Verified Voting, told StateScoop Tuesday. “All the problems with internet voting are present in the app West Virginia is using.”
But West Virginia election officials have been keen on their embrace of Voatz, which they discovered through an introduction from Tusk Montgomery Philanthropies, a New York venture-capital that invests in cryptocurrency platforms. The app, as demonstrated to StateScoop, uses text messages and facial recognition to authenticate users before they’re presented their ballots.
Blockchain enthusiasts promote distributed ledger technology as a secure way to make voting easier for deployed members of the U.S. military and other Americans living abroad. The Federal Voting Assistance Program, a Pentagon initiative aimed at helping deployed troops and civilian expats send ballots back home, estimated that only 4 percent of 2.6 million eligible overseas voters participated in the 2014 midterm election, including 334 West Virginians.
During a presentation in June at the National Association of Secretaries of State conference, West Virginia elections director Donald “Deak” Kersey said Voatz is an upgrade to other electronic methods overseas voters already use. Voters returning ballots via fax or email typically have to sign waivers acknowledging their votes won’t remain secret as they’re opened and counted. Voatz, by comparison, claims to keep its users' identities secret.
Still, there is doubt that the convenience and claimed privacy of a mobile app are guaranteed to boost participation. “People who have studied convenient ways to vote have found the only thing that increases turnout is same-day registration,” Schneider said.
The state will accept ballots back through the mail or previously existing electronic means, Kersey told StateScoop in June, and it will be up to individual county clerks whether to offer the app to their voters.
Schneider also questioned Voatz’s security claims, saying “there’s no way” for outside analysts to tell if the app works properly. On its website, Voatz states the post-primary audit, which was conducted by a group of five cybersecurity firms, focused on the top security flaws listed by organizations including the National Institute for Standards and Technology and the Open Web Application Security Project.
But Schneider also suggested a ballot cast on Voatz could be susceptible if the voter’s device has already been corrupted.
“There’s no way to check people don’t have malware in the phones they’re using,” she said.
Voatz co-founder Nimit Sawhney told StateScoop earlier this year his company’s app will not function if it detects malware on a device.
And despite the skepticism about mobile-based voting, West Virginia has been undertaking statewide reviews of its election security. Clerks from nearly all 55 of the state’s counties gathered last month at a Morgantown hotel for a two-day cybersecurity training conference. The state is also distributing $6.5 million in federal funds for election-security upgrades, and partnering with its National Guard on election-related cybersecurity, Secretary of State Mac Warner said at the conference.
Warner’s son, an active duty Army officer, was one of the few voters to use the Voatz app in May.