February 16, 2020
Smartphone voting stirs interest—and security fears
West Virginia's disabled residents and overseas military personnel will be able to vote by smartphone in the US presidential election this year, the latest development in a push to make balloting more accessible despite persistent security fears.
Rising interest in electronic voting has heightened concerns among security experts who fear these systems are vulnerable to hacking and manipulation that could undermine confidence in election results.
Overseas service members from West Virginia first voted by smartphone in 2018 with the blockchain-powered mobile application Voatz, which is now being tested in some elections in Colorado, Utah, Oregon and Washington state.
West Virginia recently expanded the program to people with physical disabilities.
A report released Thursday by Massachusetts Institute of Technology researchers uncovered Voatz "vulnerabilities" which could allow votes to be altered and potentially allow an attacker to recover a user's secret ballot.
Voatz called the study "flawed" and said its app has been updated 27 times from the version used by researchers.
MIT researchers Michael Specter, James Koppel and Daniel Weitzner on Friday stood by their findings, saying they used recent versions of the app.
The researchers said that amid the uncertainty, election officials should "abandon the app for immediate use."
Backers of mobile voting argue it is more efficient, and can improve accessibility for deployed troops, the elderly and other people who can't get to polling stations.
Former presidential candidate Andrew Yang endorsed the idea, saying, "Americans should be able to vote via their mobile device, with verification done via blockchain."
Critics however call for caution in light of an array of cybersecurity worries and a fiasco in Iowa over a mobile app that was used for vote tabulation, but could have been adapted for individual ballots.
While internet voting has been implemented in parts of the world, notably in Estonia, security is still a key concern, and that goes double for smartphone voting, say researchers.
"Internet voting can't be secured by any known technology," said Andrew Appel, a Princeton University computer science professor and member of a National Academy of Sciences panel which produced a 2018 report, "Securing the Vote," that recommends against internet voting.
A key hurdle for online voting, including with smartphones, is ensuring ballots are secret while at the same time verifying the voter's identity and securing the ballot against tampering.
Appel noted that while many people are used to handling sensitive transactions like banking on a smartphone, the security risks of voting are unique.
The 2018 report, Appel noted, recommends the use of "human-readable" paper ballots which can be audited.
Blockchain or not?
Voatz claims its use of blockchain and other technologies can deliver both accessibility and security.
"Voatz leverages the latest security features of smartphones and facial recognition technology to verify and validate the identity of the voter, biometrics to secure that voter's identity, cryptography to automatically produce a paper ballot for tabulation at the jurisdiction, and blockchain for rigorous post-election audits to ensure voter intent is reflected in the overall count without revealing voter identity," a Voatz spokesperson said in an email to AFP.
The Voatz app requires users to scan a driver's license or other identity card and authenticate with a fingerprint reader and a selfie that is matched against it using facial recognition software.
But some analysts say the security using blockchain, which is a shared ledger used for cryptocurrencies that cannot be modified without all parties on the chain being notified, does not address the problems of electronic voting.
"Blockchain solves a problem for elections that pretty much doesn't exist, which is securing votes already cast," said Matt Blaze, a Georgetown University professor specializing in cryptography who has studied election systems.
"It doesn't address the problem of how to know these are the votes people have cast."
Appel said if a ballot is altered by a hacker before it is tabulated, "the hacked ballot would go into the blockchain."
Moving ahead online
Still, internet voting appears to moving forward in the US and elsewhere.
At least four US states allow some voters to return ballots using a web-based portal and 19 allow email or fax, according to the National Conference of State Legislatures.
Barbara Simons, board chair of the nonprofit election watchdog Verified Voting Foundation, said some firms are selling new technology by promising increased voter participation.
"This is an incredible myth—there is little to no evidence showing internet voting is going to increase voter participation," Simons told a conference at Georgetown University.
Outside the US, at least a dozen countries have experimented with some form of online voting, according to Verified Voting.
Estonia's system in place since 2005 is seen by some as a model to follow. But France dropped its system for overseas voting online in 2017 over security concerns.
Appel said one problem in evaluating online voting is that it may be impossible to detect a hack.
For a fully electronic system, he said, "there is no practical way to know if the vote is recorded in an accurate way."
© 2020 AFP