W. Va. to use blockchain-based mobile app for mid-term voting
Credit to Author: Lucas Mearian| Date: Tue, 18 Sep 2018 03:12:00 -0700
West Virginia this fall will let members of the military and their families deployed overseas to vote by smartphone or tablet using a blockchain-based app developed by a Salt Lake City start-up, Voatz.
The voters using the app would otherwise have to submit paper absentee ballots via mail or vote over a land line telephone.
The move means the state will become the first in the U.S. to use blockchain in a voting system in a general election.
After being elected in January 2017, West Virginia Secretary of State Mac Warner tasked IT staff to investigate mobile voting options for 8,000 West Virginian military members overseas. Warner, a retired U.S. Army officer with four children who are also all current or former Army officers, cited his own inability to vote when deployed in Afghanistan as one reason for his efforts.
“The traditional absentee paper ballot process isn’t useful for military personnel in remote areas that don’t have a reliable postal service or a landline telephone – both of which is required if any overseas voters is going to participate in the absentee ballot process,” said Mike Queen, Warner’s deputy chief of staff. “But, everybody has a cell phone, right?”
After considering a half-dozen options, Warner settled on Voatz. The company said it has conducted more than 30 successful pilots that range from state party conventions to student government elections. In the largest election, more than 15,000 votes were cast, it stated in a blog post.
Voatz iPhone mobile voting application.
Military personnel and their families who want to use the Voatz app will only need an Apple or Android smartphone and a state or federal ID.
The Voatz application uses a permissioned blockchain based on the HyperLedger framework first created by IBM and now supported by the Linux foundation. In the general election, eight verified validating nodes will be used, split evenly between AWS and Microsoft Azure, each of which are geographically distributed, according to Voatz.
“We have done a ton of due diligence on this process and we’ve seriously considered every complaint and concern about blockchain,” Queen said. “Not only does blockchain make it secure, but Voatz has a really unique biometric safeguard system in place as well that involves facial recognition and thumb prints.”
To participate in the West Virginia’s Secure Military Mobile Voting pilot program, a qualified and eligible voter must first submit a Federal Post Card Application to their county clerk indicating they would like to receive voting information via email or online (that process can be done via email in West Virginia). Once the voter receives confirmation from the clerk, they can download the free mobile voting app from Voatz, authenticate themselves using it and – upon receipt of the ballot – vote.
On the Voatz app, authentication is a three-step process that uses the smartphone’s camera and its biometric feature (i.e. fingerprint or facial recognition). First, the voter scans their state driver’s license or passport; then they take a live facial snapshot (a video “selfie”), and finally they touch the fingerprint reader on the smartphone, which ties the device to the specific voter.
Once a voter is authenticated, the app matches the voter’s “selfie” to the facial picture on their passport or driver’s license and confirms eligibility to vote by checking the state’s voter registration database.
The system ensures voter anonymity and privacy by storing personally identifiable information in a database separate from the blockchain distributed network where a hash table is used to create an encrypted online identity. The voter is in control of the private encryption key.
In May, two of West Virginia’s 55 counties tested the Voatz mobile app in the primary election, allowing deployed military personnel to use it. Three independent audits of the Voatz tool and the resulting election data revealed no problems, Queen said.
In July, West Virginia held a statewide security conference involving all 55 county clerks and election officials where the primary election data was presented and the Voatz app once again vetted. After the conference, Voatz was asked to build into the application the ability to create a verifiable paper trail for absentee voters.
For example, when a soldier votes in the general election in November, as soon as they push the “send” button they received an instant copy of their ballet and they’re asked whether it’s accurate. If it is, they hit send again, and its transmitted to the appropriate country clerk’s office, Queen said.
Michela Menting, digital security research director at UK-based ABI Research, said mobile voting applications have shortcomings – involving both ease-of-use concerns and security fears. For one, not everyone has a top-of-the-line smartphone.
“Also, that hardware piece would need to securely store a hash of your biometric information in order to use the biometric modalities on the phone to verify your identity,” Menting said via email.
On the back end, the company processing your biometric information must ensure it’s being done securely, so it can’t be stolen for unauthorized use. “So, a company like Voatz would have to ensure that it is applying the highest security standards to the security and management of that data,” she said.
That said, Menting believes absentee voting is a good use case for blockchain, which is a distributed ledger technology that creates an immutable record of any data entry. The pre-verified user behind any data entered on a blockchain is hidden by a hash key, so the identity remains anonymous except for the administrator of the distributed ledger.
“It provides a more transparent method for voters and also better security from voter fraud,” Menting said.
In time, similar blockchain applications could be used for other purposes, such as setting up a government identity, getting a driver’s license, paying taxes or for credit ratings, Menting added. “There are many potential use cases where these could be tied in together, to the benefit of the individual who remains in control of their data and gains visibility into what and how that data can be used,” she said.
While blockchain for voting purposes is new, mobile voting isn’t. Estonia, for example, has allowed e-voting since 2001 and it introduced remote voting via the internet in 2005. In 2017, about 25% of Estonia’s registered voters used e-voting, verifying themselves through a mobile ID, Menting said. Blockchain technology is also used in Estonia’s e-residency program for law enforcement and for verifying patient information in the nation’s healthcare system.
Voatz’s mobile voting app has already been used by several universities, labor unions, state political parties and even church groups. Earlier this year, Medici Ventures led a $2.2 million funding round for the startup, according to Voatz.
West Virginia has no plans to expand the use of Voatz beyond military absentee voters.
“We’re not advocating it as a means to vote for the entire country. We set out to find a solution to address the problem of military not being able to vote,” Queen said.
Warner considered the blockchain app’s use from “risk versus reward” standpoint, where the security risk for a relatively small group of absentee voters is worth the reward of enabling them to vote, Queen said.
“If you use it domestically, the risk of a hack goes up,” he said.