{"id":17636,"date":"2020-02-04T14:30:06","date_gmt":"2020-02-04T22:30:06","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/02\/04\/news-11371\/"},"modified":"2020-02-04T14:30:06","modified_gmt":"2020-02-04T22:30:06","slug":"news-11371","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/02\/04\/news-11371\/","title":{"rendered":"Iowa Caucus chaos likely to set back mobile voting"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2018\/09\/cw_mobile_voting_by_inueng_and_filo_gettyimages_3x2_1200x800-100772605-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Lucas Mearian| Date: Tue, 04 Feb 2020 12:51:00 -0800<\/strong><\/p>\n<p>A coding flaw and lack of sufficient testing of an application to record votes in Monday&#8217;s Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting.<\/p>\n<p>While there have been hundreds of tests of mobile and online voting platforms in recent years \u2013 mostly in small municipal or corporate shareholder and university student elections \u2013 online voting technology has yet to be tested for widespread use by the general public in a national election.<\/p>\n<p>\u201cThis is one of the cases where we narrowly dodged a bullet,\u201d said Jeremy Epstein, vice chair of the Association for Computing Machinery\u2019s US Technology Policy Committee (USTPC). \u201cThe Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it&#8217;s just delayed results and egg on the face of the people who built and purchased the technology.\u201d<\/p>\n<p class=\"post-meta\">         <span class=\"sponsored-blog\">BrandPost<\/span>         <span class=\"post-byline\"> Sponsored by HPE         <\/span>       <\/p>\n<p class=\"crawl-headline\">         <a href=\"https:\/\/www.computerworld.com\/article\/3440059\/defining-the-next-chapter-for-the-it-industry-on-premises-it-as-a-service.html?utm_source=IDG&amp;utm_medium=promotions&amp;utm_campaign=HPE21620&amp;utm_content=sidebar\" title=\"Defining the Next Chapter for the IT Industry: On-Premises IT-as-a-Service\" target=\"_blank\">Defining the Next Chapter for the IT Industry: On-Premises IT-as-a-Service<\/a>       <\/p>\n<p class=\"crawl-summary\">The \u201cAs a Service\u201d model delivers services, not products; flexibility, not rigidity; and costs that align to business outcomes.<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/www.youtube.com\/embed\/UXZrKfm-Cb0\" width=\"100%\" height=\"420\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\" data-mce-fragment=\"1\" style=\"\"> <\/iframe><\/p>\n<p>The vote tallying app used yesterday in the Iowa Caucus was created by a small Washington-based vendor called <a href=\"https:\/\/shadowinc.io\/\" rel=\"nofollow noopener\" target=\"_blank\">Shadow Inc<\/a>.; the app was funded in part by a nonprofit progressive digital strategy firm named Acronym. Today, Acronyn strived to make it clear <a href=\"https:\/\/twitter.com\/kylewilsontharp\/status\/1224584862721630210\/photo\/1\" rel=\"nofollow noopener\" target=\"_blank\">through a tweet<\/a> it did not supply the technology for the Iowa Caucus, and it is no more than an investor.<\/p>\n<p>Last year, the Iowa Democratic Party (IDP) paid Shadow Inc. more than $60,000 for a website that was to upload caucus results, which it failed to accurately do yesterday. The problem with Shadow\u2019s app was blamed on \u201ca coding error\u201d that has since been fixed, the\u00a0<a href=\"https:\/\/www.thecaucuses.org\/results-update\" rel=\"nofollow noopener\" target=\"_blank\">IDP said in a statement<\/a>. Results from the caucus were due out later today, according to the IDP.<\/p>\n<p>The IDP said it determined \u201cwith certainty\u201d that the underlying data collected using the app is accurate and sound, but was only reported out partially.<\/p>\n<p>\u201cWe have every indication that our systems were secure and there was not a cybersecurity intrusion. In preparation for the caucuses, our systems were tested by independent cybersecurity consultants,\u201d\u00a0Iowa Democratic Party\u00a0chairman Troy Price said in the statement.<\/p>\n<p>Shadow Inc. apologized for the malfunction in <a href=\"https:\/\/twitter.com\/ShadowIncHQ\/status\/1224773797380837377?s=20\" rel=\"nofollow\">a series of tweets<\/a>.<\/p>\n<p>The Nevada Democratic Party, which had planned on using Shadow&#8217;s app, said in a statement today <a href=\"https:\/\/www.cnn.com\/2020\/02\/04\/politics\/iowa-caucus-app-issues\/index.html\" rel=\"nofollow\">they&#8217;re abandoning it<\/a>.<\/p>\n<p>As the desire to increase voter turnout remains strong and the number of <a href=\"https:\/\/www.computerworld.com\/article\/3516504\/seattle-joins-list-of-cities-trying-out-mobile-voting.html\">online voting pilot projects<\/a> grows in the U.S. and abroad, some <a href=\"https:\/\/www.computerworld.com\/article\/3430697\/why-blockchain-could-be-a-threat-to-democracy.html\">security experts warn<\/a>\u00a0that any internet-based election system is wide open to attack, regardless of the underlying infrastructure.<\/p>\n<p>\u201cIt&#8217;s yet another nail in the coffin of internet voting. If a vendor can&#8217;t get a relatively simple app like this right, what&#8217;re the odds that they can get a much more complicated voting system right?\u201d Epstein said. \u201cVoting systems require accurate identification of voters and maintenance of secret ballots, all while protecting against malware in voters&#8217; phones and attacks against servers &#8211; and all this system needed to do was capture a few values and send them to a server, which had to be protected from attacks. I hope that folks who were responsible for selection of this app will learn a lesson.\u201d<\/p>\n<p>Others believe the blowback from the Iowa Caucus debacle will dissipate if \u201ca good app were to surface\u201d and can be used to vote in an effective manner, according Jack\u00a0Gold, principal analyst for J.Gold Associates.<\/p>\n<p>\u201cI have to believe that this was never tested in a real-world scenario before the use in the caucuses, otherwise they would have known of the flaws in the app,\u201d Gold said. \u201cWas it rushed? Did they not go to a competent app creator? Did they spec the app incorrectly? Did the user interface actually work? There are lots of questions that need to be answered about this.<\/p>\n<p>\u201cWill this have a long-term negative effect? Probably. The publicity around this will put some doubt into the public trust of mobile voting.\u201d<\/p>\n<p>While mobile or online voting applications hold the promise of opening up the polls to absentee voters and making voting more accessible in genral, security concerns have been at the forefront of election officials since Russia\u2019s interference in the 2016 presidential contest.<\/p>\n<p>Tusk Philanthropies, a non-profit organization that promotes mobile voting and has funded past projects enabled by two vendor platforms, reacted to an IDG video about online voting today saying its vendors\u2019 technology has been tested and successfully used in hundreds of elections.<\/p>\n<p>&#8220;It\u2019s disappointing to see an election company implement something so haphazardly in such an significant election,&#8221; the company said in a statement. &#8220;We know how important it is to test out new technology and train officials, which is why our vendors go to such great lengths to work with jurisdictions to ensure a smooth and successful election. We started this work to increase the number of people who vote in US elections because we think that low voter turnout is the biggest threat to our democracy. This mission has and continues to be our number one focus.<\/p>\n<p>\u201cFrom what we know, the app used in the IA Democratic Caucuses was brand new, untested and created in secrecy,\u201d Tusk continued. \u201cThis couldn\u2019t be in more stark contrast to the eight pilots we have completed transparently, safely and securely.\u201d<\/p>\n<p><a href=\"https:\/\/tuskphilanthropies.com\/\" rel=\"nofollow noopener\" target=\"_blank\">Tusk Philanthropies<\/a> has been a proponent of mobile voting apps from Voatz and Democracy Live, which <a href=\"https:\/\/www.computerworld.com\/article\/3516504\/seattle-joins-list-of-cities-trying-out-mobile-voting.html\">is currently being used in the election of a board of supervisors<\/a>\u00a0in the Seattle area.<\/p>\n<p>Tusk Philanthropies wanted to \u201cmake clear\u201d Shadow Inc.\u2019s app is not \u201cindeed a mobile voting option or app.<\/p>\n<p>\u201cThere will be lots of calls to go back to paper ballots today, but we cannot forget that paper ballots brought us hanging chads and the Iraq War. Or that unsecure voting machines are also vulnerable to hacking,\u201d a Tusk Philanthropies\u2019 spokesperson said via email. \u201cWe need to stop relying on outdated approaches to voting like caucusing in gyms or having people congregate around a bunch of voting machines in a school basement.\u201d<\/p>\n<p>Critics of mobile or online voting,\u00a0including security experts, believe it opens up the prospect of server penetration attacks, client-device malware, denial-of-service attacks and other disruptions \u2014 all associated with infecting voters&#8217; computers with malware or infecting the computers in the elections offices that handle and count ballots.<\/p>\n<p>The problem with online voting isn\u2019t that it&#8217;s more or less secure than current polling systems; it\u2019s more about public perception and how that may affect turnout, according to Julie Wise, elections director for Seattle\u2019s King County.<\/p>\n<p>\u201cI don\u2019t think they\u2019re ready for it,&#8221; Wise said in an interview last week. &#8220;Critically important to running elections as an administrator is having voter confidence and trust in the electoral system. There\u2019s understandable concern around election security and hacking of anything on the internet whatsoever.\u201d<\/p>\n<p>Atif Ghauri, cybersecurity practice leader and principal at global consulting firm <a href=\"https:\/\/www.mazars.com\/\" rel=\"nofollow noopener\" target=\"_blank\">Mazars USA<\/a>, said the ubiquity of mobile devices has created a massive new frontier for cyber threats to mobile apps from Shadow Inc. and any other mobile app providers.<\/p>\n<p>\u201cThe public\u2019s concern is certainly warranted, as mobile apps not only expose software threats, but also location-based threats based on where the device is physically located. Knowing specific GPS coordinates adds another dimension to the attack,\u201d Ghauri said via email. \u201cThe use of mobile devices by the less tech-savvy or aware also increases the likelihood of an attack.\u201d<\/p>\n<p>There are strategies mobile voting vendors and public officials can take to alleviate public concerns. First and foremost, Ghauri said, is the use of multi-factor authentication to provide a biometric, such as facial or finger print recognition, and a passcode from the user \u2013 all of which reduce the possibility of security threats. The use of a blockchain ledger for transactions will help substantially with transaction integrity, Ghauri said.<\/p>\n<p>There are a small number of mobile voting platforms, including Democacy Live,\u00a0<a href=\"https:\/\/voatz.com\/\" rel=\"nofollow noopener\" target=\"_blank\">Voatz<\/a>,\u00a0<a href=\"https:\/\/votem.com\/\" rel=\"nofollow noopener\" target=\"_blank\">Votem<\/a>,\u00a0<a href=\"https:\/\/secure.vote\/\" rel=\"nofollow noopener\" target=\"_blank\">SecureVote<\/a>\u00a0and\u00a0<a href=\"http:\/\/www.scytl.com\/\" rel=\"nofollow noopener\" target=\"_blank\">Scytl<\/a>.<\/p>\n<p><a href=\"https:\/\/www.computerworld.com\/article\/3410570\/utah-county-to-pilot-blockchain-based-mobile-voting.html\">Voatz\u2019s mobile application<\/a> uses blockchain as an immutable electronic ledger to record voting results.<\/p>\n<p>In <a href=\"https:\/\/blog.voatz.com\/?p=1196\" rel=\"nofollow\">a blog<\/a>, Voatz said it had never heard of Showdow Inc. or its technology and was quick to distant itself from the Iowa caucus.<\/p>\n<p>\u201cAnd using an app to tabulate in-person caucus votes is not mobile voting,\u201d the company argued. \u201cVoatz is a mobile elections platform built to ensure an accessible, secure voting method for groups that otherwise face difficulties with the voting options currently available (i.e. overseas citizens, deployed military, and voters with disabilities). We\u2019ve been in the industry for [five] years and have run more than 50 safe and secure elections.\u201d<\/p>\n<p>Voatz said it works with\u00a0the Department of Homeland Security, the\u00a0<a href=\"https:\/\/www.cisa.gov\/\" rel=\"nofollow noopener\" target=\"_blank\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a>, and other independent third parties for security testing and infrastructure analysis of its app.<\/p>\n<p>Democracy Live\u2019s OmniBallot web portal does not use blockchain as the basis for collecting and securing electronic ballots. Instead, it uses Amazon Web Services\u2019 (AWS) Object Lock, which is\u00a0<a href=\"https:\/\/www.nist.gov\/\" rel=\"nofollow noopener\" target=\"_blank\">NIST compliant<\/a>\u00a0and has\u00a0<a href=\"https:\/\/www.fedramp.gov\/\" rel=\"nofollow noopener\" target=\"_blank\">FedRamp<\/a>\u00a0certification, a government program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud services.<\/p>\n<p>The OmniBallot portal has been deployed in more than 1,000 elections across the U.S. and used by 15 million voters in hundreds of jurisdictions since 2008, according to the company.<\/p>\n<p>\u201cThe bottom line is, if you are going to deploy a mission-critical mobile app, especially one with this public visibility, you better test the heck out of it and make sure it works as expected, and under full load (not just on someone\u2019s smartphone in the office),\u201d Gold said.<\/p>\n<p><a href=\"https:\/\/www.computerworld.com\/article\/3519217\/iowa-caucus-chaos-likely-to-set-back-mobile-voting.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2018\/09\/cw_mobile_voting_by_inueng_and_filo_gettyimages_3x2_1200x800-100772605-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Lucas Mearian| Date: Tue, 04 Feb 2020 12:51:00 -0800<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>A coding flaw and lack of sufficient testing of an application to record votes in Monday&#8217;s Iowa Democratic Presidential Caucus will likely hurt the advancement and uptake of online voting.<\/p>\n<p>While there have been hundreds of tests of mobile and online voting platforms in recent years \u2013 mostly in small municipal or corporate shareholder and university student elections \u2013 online voting technology has yet to be tested for widespread use by the general public in a national election.<\/p>\n<p>\u201cThis is one of the cases where we narrowly dodged a bullet,\u201d said Jeremy Epstein, vice chair of the Association for Computing Machinery\u2019s US Technology Policy Committee (USTPC). \u201cThe Iowa Democratic Party had planned to allow voters to vote in the caucus using their phones; if this sort of meltdown had happened with actual votes, it would have been an actual disaster. In this case, it&#8217;s just delayed results and egg on the face of the people who built and purchased the technology.\u201d<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3519217\/iowa-caucus-chaos-likely-to-set-back-mobile-voting.html#jump\">To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[11526,11070,1328,11067,10554,5897,714],"class_list":["post-17636","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-blockchain","tag-emerging-technology","tag-government","tag-government-it","tag-mobile","tag-privacy","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=17636"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/17636\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=17636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=17636"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=17636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}