Login | June 16, 2019

App voting. What could go wrong?

Technology for Lawyers

Published: October 12, 2018

For the first time, 2018 will see voting via app. On the blockchain. Not on a large scale, but it is live and real and OMG. Cause, all data is safe. Cause, ask Facebook.

The state of West Virginia has contracted with a Boston start-up called Voatz (https://voatz.com) to enable certain registered voters, particularly military members stationed overseas, to vote absentee via this app in the 2018 midterms.

After downloading the app, voters are only allowed in to this system by uploading a photo of their government-issued ID card and a selfie video. The tow photos must match via the company’s facial recognition software. And then the vote is cast.

The company then has the voter data anonymized and stored in a blockchain database, backed by a real-time paper ballot printout. The system is opt-in. According to Voatz, the process is entirely secure from Fancy Bears.

Anyway—not so fast, say the geeks covering election hacking at Techcrunch.com. They are very unsure about the security of this or any online voting system.

First, of course, no data online is completely secure. And while blockchain technology is as close to secure as anyone can probably get who stores data online, there are various kinds of blockchain databases that have various levels of security.

And according to TechCrunch, the blockchain used by Voatz is weak. A truly secure blockchain will only allow data to be written once, after which it cannot be changed, and after which it can only be accessed by someone with a key (password). The Voatz blockchain, however, is not that. The Voatz “blockchain,” however, is “an eight-node Hyperledger install, i.e. one phenomenologically not especially distinguishable from databases secured by passwords.”

In other words, Voatz advertises that it uses blockchain, but it doesn’t.

Nevertheless, the app was tested in W. Va. In four counties in the last primaries, and the state didn’t detect a problem. The state is also allowing each county to determine whether or not to use this app.

But, sorry, nobody in their right mind can think this system is secure. And so it goes.

Geeks and anyone interested in vote security can read the whole TC article here: https://techcrunch.com/2018/08/11/voatz-a-tale-of-a-terrible-horrible-no-good-very-bad-idea. It’s a horror story.