Voatz is a for-profit, private mobile Internet voting application. The stated mission of Voatz is to "make voting not only more accessible and secure, but also more transparent, auditable and accountable."[1] The company is headquartered in Boston, Massachusetts.[2]

Voatz, Inc.
Type of site
Private
FoundedDecember 22, 2016; 6 years ago
Area servedWorldwide
Founder(s)Nimit Sawhney
Key peopleNimit Sawhney
(Co-Founder and CEO)
Simer Sawhney
(Co-Founder and Board Member)
Jesse Andrews
(Director of Sales and Business Development)
Kahlil Byrd
(Board Member)
IndustryTechnology
URLvoatz.com

Citizens in Utah, Colorado, West Virginia, and other spots around the country have used the mobile app Voatz to cast their ballots in statewide elections. 2020, ″marks the first time people have used the technology to vote in a presidential contest.″[3] The app has also been used by the city of Denver for its municipal elections in 2019, and West Virginia used it for its primary in 2018.[3]

In a 2018 pilot project for West Virginia, using Voatz, American voters submitted ballots from 29 countries including Albania, Botswana, Egypt, Mexico and Japan.[4]

Before 2020, Voatz received substantial criticism for not being transparent with their auditing process; although Voatz had claimed to be subjected to security audits by independent technology firms, it was not forthcoming with the results. For example, when reporters have reached out to auditors they did not hear back,[5] and Voatz has insisted that these same companies sign non-disclosure agreements prior to investigating the company.[6]

In 2020, a report by MIT researchers identified a number of high-severity vulnerabilities in Voatz's architecture,[7] which Voatz vehemently denied, calling the research "flawed.".[8] A follow-on security assessment, paid for by Voatz itself, was released by the security auditing firm Trail of Bits, confirming the MIT researchers' results, and another 48 technical issues were reported (plus 31 threat model findings for a total of 79 findings), a third of which were rated 'high severity.'[9] 8 of the 48 technical issues were addressed.[9]

Voatz was created by Nimit Sawhney in 2014, and was developed as a side project at a SXSW hackathon.[10] As of October 2019, the startup has conducted over 31 pilots and completed a $7 million Series A in June.[11]

Technology

edit

Voatz uses blockchain technology and biometrics in order to verify voter identities, forgoing the storage of sensitive personal information in a database. The blockchain infrastructure of Voatz includes 32 identically arranged verifying servers that are distributed across Amazon's AWS and Microsoft's Azure.[12] Each server runs an identical copy of Hyperledger, an open source blockchain software.[13]

Once a user downloads the Voatz app, they verify their phone number, provide a photo ID, as well as a "selfie". Facial recognition and voter rolls are used to verify identity and confirm a match between the picture and ID submitted. After the user is offered a secure token (activated through the use of a fingerprint) applicable to eligible elections, the user's biometric information is removed from the Voatz system.[14] After all votes are submitted to Voatz, votes are printed on a paper ballot and fed into a machine.

The Voatz mobile application offers an interface available to administrators of the election incorporating Voatz. Election officials are able to view ballots, add voters, and publish results if needed.[15] Voatz does not allow voters to interact with the mobile application's blockchain-specific functions. Thus, rather than voters using wallet addresses, tokens, or private keys, voters are able to designate a 6-digit code or use biometric verification as their private key.[15]

Implementations

edit

2018 West Virginia

edit

From March to May 2018, West Virginia implemented a temporary mobile voting solution for a series of pilot studies that recorded votes for deployed members of the military.[16] Core functionalities included, but were not limited to, the ability to spoil a ballot, post-election audits, and automatic "tabulatable" audits.[13] In order to run the applications, Voatz implemented minimum software and hardware requirements for participants. iPhone users needed to own an iPhone 5s or later with iOS 10+. Android users required a functioning Android OS version 6+ with KNOX support.[13]

2016 Massachusetts Democratic State Convention

edit

In June 2016, Voatz was used to authenticate delegate badges at the 2016 Massachusetts Democratic State Convention.[17] Over 2,000 Democratic leaders and elected officials from Massachusetts traveled to Lowell for the party's state convention.[18] Voatz created a QR code for each delegate on a list provided by the Massachusetts Democratic Party. Before being able to vote, every delegate was required to verify their identity through the Voatz app's photo recognition. Voatz was used at the Massachusetts Democratic State Convention alongside a paper ballot. Veronica Martinez, executive director for the Massachusetts Democratic Party, reported that the party intends to use Voatz in the future.[19] Photo comparison and identification were additional ballot-specific identity features tested. Once voters scanned their QR code and cast their vote — all while using the same device — voters could use their device to take a picture with them in it. Every time a voter used another station or device in order to vote, the voter would take another picture of themselves and compare it to the first picture they took of themselves.[15]

2017 Tufts Community Union (TCU) Senate Election

edit

At Tufts University in Medford, Massachusetts, Voatz was used to assist in the Tufts Community Union (TCU) Senate election. The Tufts Registrar created a list of students in order for Voatz to create QR codes for every student. The QR codes were sent to student emails on the day of the election.[20] Students used their smartphone to scan their Tufts Student ID card in order to verify their identity.[21]

The TCU Senate has continued to use Voatz in every election since 2017. After 2017, the TCU Senate created two options for student voting. The first option is to vote online. Tufts students may download the Voatz app, which can only be downloaded by signing up with an official Tufts email address. Tufts students can also check their email for a security key and vote on the Voatz Lite Web Portal. Alternatively, students can vote in person. On the day of elections, students can arrive to a designated campus center with the security key sent to their email. There, they can vote using Voatz tablets provided by Voatz representatives who are there to assist and answer questions.[22]

2020 Utah U.S. Presidential Election

edit

In October 2020, a Utah resident became the first person to cast a vote for president in a U.S. general election via a blockchain-based voting app on a personal cellphone, according to Fox News.[23] GovTech reported that the vote in question was submitted in Utah County with the Voatz app, which has been piloted in a number of states, including West Virginia, Colorado and Oregon. Utah was the first state to hold a live demonstration of how Voatz ballots can be audited...Utah County started utilizing Voatz in 2019 to give military voters a more secure voting option than email. The county eventually allowed voters with disabilities to use the app in a local election.[24]

Philippines Trial Election

edit

According to CNN Philippines, of 669 volunteers, 348 voted on mobile, website, and assisted kiosks for two days for a 52.01% turnout. CNN quoted Comelec Director for Overseas Voting Bea Wee-Lozada, ″This looks promising because traditionally, we never go beyond 50% when it comes to voters who actually voted for overseas voting.″[25]

Business Model

edit

Voatz makes revenue from operating elections that use its technology. In 2018, a $2.2 million investment[26] by Overstock — an American internet retailer —was made in order to further Overstock's vision of bringing Voatz to election season[27] and to also rebrand Overstock as a financial technology company.[28] Overstock's blockchain subsidiary — Medici Ventures — invests in several sectors: Payments & Banking, Capital Markets, Identity, Property Management, Supply Chain, and Voting. Medici Ventures has invested in 19 blockchain firms including Voatz.[29]

Security assessments

edit

Voatz has received criticism from several security experts. Josh Benaloh, senior cryptographer at Microsoft Research, argues that Voatz's scheme is insecure and over complicated, stating that "blockchains just don't help".[30] Ron Rivest, a professor of computer science at the Massachusetts Institute of Technology, supported Benaloh's conclusion regarding the privacy properties of mobile voting solutions in general, stating that "It could be that the program on your computer is secretly shipping your information off to a government agency and telling them how you voted."[30]

In 2020, a security assessment was released by the security auditing firm Trail of Bits (co-founded by Alexander Sotirov). 48 technical issues were reported (plus 31 threat model findings for a total of 79 findings), a third of which were rated 'high severity.'[9] 8 of the 48 technical issues were addressed.[9] The report also confirmed security issues reported earlier by MIT researchers,[7] despite Voatz's denial.[8]

FBI Investigation

edit

In 2018, it was reported that there had been an attempted intrusion into the West Virginia military voting system by an unknown source. In relation to the attack, the FBI is investigating students from the University of Michigan[31] enrolled in EECS 498–009,[32] an Electrical Engineering special topic course at the University of Michigan. The course description states its objective is to "provide a deep examination of the past, present, and future of elections, informed by perspectives from computer security, tech policy, human factors, and more."[32] According to Alex Warner, West Virginia's Secretary of State, in a press conference on October 1, 2019, "the IP addresses from which the attempts were made have been turned over to the FBI for investigation. The investigation will determine if crimes were committed."[6] A CNN report[33] on October 4, 2019, reported that Mike Stuart, the U.S. Attorney for the Southern District of West Virginia, was informed that the IP addresses in the investigation matched the IP addresses for the University of Michigan.

It was revealed in October 2019 that the Federal Bureau of Investigation (FBI) had launched an investigation into the attempt to hack Voatz during the 2018 midterm elections.[33] Computer science students at the University of Michigan may have been involved with the case.[31] FBI investigators are speculating that the motive behind the attempted hack into the Voatz app may have been for a class assignment, rather than to alter votes.

References

edit
  1. ^ "When You Vote, How Do You Know It Counts?". Blog @ Voatz. 2019-10-03. Retrieved 2019-10-09.
  2. ^ "United States Securities and Exchange CommissionWashington, D.C. 20549 Date=2016". Securities and Exchange Commission.
  3. ^ a b Visram, Talib (2020-11-09). "2020 was the first-ever presidential election where people cast votes via smartphone". Fast Company. Retrieved 2020-11-09.
  4. ^ Fung, Brian (2018-11-06). "West Virginians abroad in 29 countries have voted by mobile device, in the biggest blockchain-based voting test ever". Washington Post. Retrieved 2018-11-06.
  5. ^ Kirby, Jen (2018-08-17). "West Virginia is testing a mobile voting app for the midterms. What could go wrong?". Vox. Retrieved 2019-11-20.
  6. ^ a b De Silva, Matthew. "FBI investigating West Virginia blockchain-based midterm elections". Quartz. Retrieved 2019-11-20.
  7. ^ a b "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections" (PDF). internetpolicy.mit.edu. Retrieved 2020-04-06.
  8. ^ a b "Voatz Response to Researchers' Flawed Report". Blog@Voatz. Retrieved 10 April 2020.
  9. ^ a b c d "Our Full Report on the Voatz Mobile Voting Platform". trailofbits.com. Retrieved 2020-04-06.
  10. ^ "Cyber Saturday: Denver Votes on Blockchain, Facebook Password Snafu, Norsk Ransomware". Fortune. Retrieved 2019-11-07.
  11. ^ "Voatz raises $7M for its mobile voting platform". Built In Boston. Retrieved 2019-11-07.
  12. ^ "Cyber Saturday: Denver Votes on Blockchain, Facebook Password Snafu, Norsk Ransomware". Fortune. Retrieved 2019-11-08.
  13. ^ a b c Sawhney, Nimit (2019). "UNDER THE HOOD: The West Virginia Mobile Voting Pilot" (PDF).
  14. ^ Daniel Huizinga (2016-11-01). "Voting online? This startup is making that dream a reality". NewBostonPost. Retrieved 2019-10-09.
  15. ^ a b c Zhang, Joyce (October 2018). "Addressing Voting Inefficiencies Resulting from Identity Challenges with Blockchain" (PDF). GovLab: 12 – via NYU Tandon School of Engineering.
  16. ^ State of West Virginia, “Pilot Project: Secure Military Mobile Voting Solution,” white paper, March 28, 2018.
  17. ^ Kirby, Jen (2018-08-17). "West Virginia is testing a mobile voting app for the midterms. What could go wrong?". Vox. Retrieved 2019-10-09.
  18. ^ Young, Shannon (2016-06-03). "Massachusetts Democrats to hold annual convention in Lowell Saturday". masslive. Retrieved 2019-11-20.
  19. ^ "This startup wants to secure absentee voting with a blockchain". finance.yahoo.com. Retrieved 2019-11-20.
  20. ^ Verhulst, Stefaan G.; Young, Andrew (December 2018). Toward an Open Data Demand Assessment and Segmentation Methodology. Inter-American Development Bank. doi:10.18235/0001529. S2CID 86599859.
  21. ^ "Editorial: Use of Voatz is a step in the right direction". The Tufts Daily. 2017-09-28. Retrieved 2019-10-09.
  22. ^ "Voting". Tufts Community Union. Retrieved 2019-11-08.
  23. ^ McKay, Hollie. "First presidential vote cast using blockchain technology Is blockchain mobile voting the way to ensure electoral integrity and improve voter turnout?". Fox News. Retrieved 2020-10-16.
  24. ^ Pressgrove, Jed. "Utah County Makes History With Presidential Blockchain Vote". govtech.com. Retrieved 2020-10-20.
  25. ^ Luz Lopez, Melissa (2021-09-13). "Trial online voting results 'promising' despite connectivity issues". CNN Philippines.com. Archived from the original on 2021-09-13. Retrieved 2021-09-13.
  26. ^ Vigna, Paul. "Overstock's Founder Bets on Blockchain, Not Bedsheets". The Wall Street Journal. Retrieved 2019-11-08.
  27. ^ "The Magazine for People in Politics | Campaigns & Elections". www.campaignsandelections.com. Retrieved 2019-11-08.
  28. ^ Alexandra Semenova. "After Voting Startup Fails to Pick Up, Overstock Needs to Rethink Its Blockchain Future | Times Square Investment Journal". Retrieved 2019-11-08.
  29. ^ "Mapping out Medici Ventures' portfolio". finance.yahoo.com. Retrieved 2019-11-08.
  30. ^ a b "Can Blockchain Bring Voting Online?". www.govtech.com. Retrieved 2019-10-09.
  31. ^ a b Liat Weinstein. "University of Michigan students implicated in potential voting app hack". The Michigan Daily. Retrieved 2019-11-13.
  32. ^ a b "EECS 498-009: Election Cybersecurity". www.eecs.umich.edu. Retrieved 2019-11-13.
  33. ^ a b Kevin Collier. "FBI investigating if attempted 2018 voting app hack was linked to Michigan college course". CNN. Retrieved 2019-11-13.