Utah GOP Sets the Standards for Mobile Voting in Groundbreaking Virtual Convention

Full press release issued here.

BOSTON and SALT LAKE CITY, April 30, 2020 — Voatz, the Boston-based mobile voting platform, today announced the successful completion of a first-of-its-kind virtual convention with the Utah Republican Party to narrow down key races in upcoming elections, including the race for governor and the 4th Congressional seat. 7,430 delegates were credentialed using the Voatz platform to participate across this year’s state convention, and five local county conventions. In the state convention, the party witnessed a record-breaking 93% participation rate, voting via the Voatz app using smartphones. This election also reflects the largest use of ranked-choice voting in Utah’s history. 

Voatz was engaged to work with the state at the end of March. Building upon its extensive experience with election pilots and testing, Voatz worked closely with GOP officials for alignment and training to ensure a smooth rollout of the platform. The platform was also built in cooperation with disability rights advocates, including accommodations for the visually impaired. Those who did not use the Voatz app had access to voting through a help desk. 

The elections, which opened on Thursday of last week, were completed just after midnight Saturday. To ensure the integrity of the election, the process will be audited by the National Cybersecurity Center with public participation from citizens. The results of the audit will be published in the public domain.

“We’re proud to have partnered with the Utah GOP during this challenging time,” says Voatz Co-Founder and CEO, Nimit Sawhney. “Voatz’s mission has always been to expand access to voting for those who cannot physically show up at the polls. We live in an unprecedented moment. This pandemic has significantly increased the number of those who face a risk in going to the polls, and no one should have to choose between their health and exercising their civic voice. Our platform provides another option to stay safe and healthy. We’re also proud to continue with our public citizen audits, where anyone can sign up to be an auditor of these elections. These are critical steps to continue demonstrating that auditing election results is both possible and necessary.” 

Derek Brown, Chairman of Utah Republican Party said, “The Voatz platform made possible the remote verification and voting processes for thousands of statewide delegates, allowing them to participate from the ease of their mobile phones. Using Voatz allowed us to digitally recreate our usual convention procedures, and implement technology in a way that made the process more convenient and secure. This experience was not only positive, but has opened our eyes to ways that we can operate in the future to ensure that more delegates are able to participate in the process. It has also helped us see new ways of integrating technology into our party’s operations.”

“I believe that, years from now, we will look back and see this moment, and our partnership with Voatz, as a turning point for our party,” Brown said.

About Voatz
Voatz is an award-winning mobile elections platform that leverages cutting-edge technology (including biometrics and a blockchain-based infrastructure) to increase access and security in elections. Since 2016 Voatz has run more than 60 elections with cities, universities, towns, nonprofits, and both major state political parties for convention voting. Learn more here.

About the Utah Republican Party
The Utah Republican Party is by the people and for the people. We affirm the worth of all individuals and seek the best possible quality of life for all. Learn more here.

Voatz Open Press Call Transcribed from February 13, 2020

The following Voatz press call took place on February 13, 2020 from 1-1:30pm ET. The contents of the call are transcribed below, lightly edited for punctuation and typos.

Full audio is available here.

Robert Dowling, Moderator:

Use the chat function to send us your questions. Direct all your questions to moderator and that way we will take them on as we have with, on a first come first serve basis. As some of you know, Voatz is regularly called on by members of the media and influencer community to respond to all kinds of conversations, including what’s been raised by The New York Times today. Voatz as a small team of technologists and election experts focused on developing technologists that is often, the company is often unable to respond to every query in every way.

So we’re doing this in an effort to respond quickly. Everyone is traveling, but they’ve taken time to jump on this call. We appreciate that, and if we don’t get to all the questions or if there’s a great amount of demand, we can host another call tomorrow or early next week. So, let’s jump right in. Thank you in advance for your participation. We’ve got three executives from Voatz, Nimit Sawhney, CEO & Co-founder, Larry Moore, Senior Vice President and Hilary Braseth, Vice President. I will continue to prioritize the questions in terms of first come first serve. Hilary, could you kick things off with a quick overview and introduction to Voatz for those who are just getting introduced to the company for the first time?

Hilary Braseth, Vice President:

Definitely. Can everyone hear me okay?

Robert Dowling, Moderator:

You’re coming through loud and clear.

Hilary Braseth, Vice President:

Okay. Excellent. Thanks so much, Robert. As Robert mentioned, I’m Hilary and I’m a Vice President at Voatz, and thanks to everyone for joining on such short notice. We very much look forward to responding to your questions about the report from MIT. But before we dive in, I just want to quickly introduce Voatz so that we all have a shared context for having this conversation.

So for the last five years, Voatz has been working on developing accessible, secure, and auditable technology that provides access for people who can’t get to the polls or for whom paper ballots just don’t work. This includes people with disabilities, the elderly, overseas military service, men and women. In order to do that, we have leveraged the latest security features of smartphones, like Apple and Android, the phones that many of us use along with facial recognition technology to verify and validate the identity of the voter.

Nimit Sawhney, CEO & Co-founder:

Hilary

Hilary Braseth, Vice President:

Yeah?

Nimit Sawhney, CEO & Co-founder:

One moment. I think just out of courtesy, we should inform everybody that we would like to record this call and make sure everybody’s okay with that.

Hilary Braseth, Vice President:

Okay.

Nimit Sawhney, CEO & Co-founder:

Can you, yeah. Hi, everyone, just letting you know that the call is being recorded and will be transcribed as well. Thank you, proceed.

Hilary Braseth, Vice President:

Okay. All right. So as I was mentioning, we leverage a handful of different technologies to provide voting access to those who can’t otherwise make it to the polls. So, I was in the midst of mentioning smartphone technology. We pair that with facial recognition technology for verification and validation of the voter’s identity. We leverage biometrics to secure and protect that voter’s identity, and we use cryptography to automatically produce a paper ballot for tabulation of the jurisdiction, and lastly blockchain for rigorous post-election audits so that we can ensure voter intent is reflected in the overall count without revealing voter identity.

Hilary Braseth, Vice President:

Now, I realize that’s a lot of tech buzzwords and I’m sure we can get into the specifics during Q&A. Above all, I want to reiterate that we are always interested in having conversations with people who want to explore the deeper underpinnings of our technology and even experience it. We are more than happy to have that conversation.

Hilary Braseth, Vice President:

I also want to address up front and right away that very often our system is accused of not having a way to ensure that after a voter makes selections on a smart phone, that they don’t get changed during transmission. This is false. Every ballot submitted using Voatz produces a paper ballot, and every voter using Voatz receives a ballot receipt once they submit, and both of these documents are anonymized and encrypted, and together they form the building blocks for an end-to-end voter verified feedback loop that allows the jurisdiction to confirm that whatever the voters submitted on the smartphone is what’s actually tabulated.

Hilary Braseth, Vice President:

We have worked exceptionally hard alongside or election officials and independent cybersecurity organizations to develop a very strict post-election audit process that, for the first time in history, is open to anyone in the public to sign up. Anybody can be part of that audit process, and we encourage anyone to sign up to be an auditor of our pilots. I cannot emphasize that enough. These audits verify that every single ballot submitted using Voatz in those ballots, that voter intent is reflected and that tabulation is accurate. These audits are critical to both involving the community in our innovation process, but also ensuring that every single ballot submitted on our system can be verified independently without compromising the voter’s anonymity.

Hilary Braseth, Vice President:

Last, before we dive into questions, I really quickly want to note that we have run more than 50 elections since 2016, including 9 targeted, well-designed governmental election pilots across five states for overseas voters and voters with disabilities. These governmental pilots have all been declared successes by the jurisdictions, and many of the voters who’ve used the system have shared very valuable feedback about how this voting option made participation accessible for them, and for some, this was the first time in decades.

Hilary Braseth, Vice President:

The reality is that our system, as it’s currently designed, actively shuts out citizens from participating in our democracy and we are of the belief that we have to move the needle forward to provide these citizens with an easier way to vote, and in that process, security has always been our number one priority in moving forward with these small, targeted, well-designed pilots so we can learn, iterate, and build, and drive progress. Our hope today is we can have a frank and transparent conversation together and that we can have a chance to respond to the latest news about a report that was written about this morning in The New York Times.

Hilary Braseth, Vice President:

Robert, I’ll hand it back to you. I know we have a lot of questions to get through.

Robert Dowling, Moderator:

Great, thanks. Thanks for the background, Hilary. We’ll get through these as fast and efficiently as possible. The first set of questions come from Eric Geller, from Politico.

Robert Dowling, Moderator:

Is Voatz concerned about CISAs comment that is looking into MIT’s new report on the app’s vulnerabilities?

Nimit Sawhney, CEO & Co-founder:

Hi, this is Nimit. I can answer that. So, we are not concerned. We’ve been collaborating with CISA ever since the discussion about this report started a few days ago, and it’s been a very transparent process with them, and we’ve communicated our feedback to them already throughout the process, so not worried about anything over that.

Robert Dowling, Moderator:

Is the company worried that it will lose contracts due to the research?

Larry Moore, Senior Vice President:

Hi, this is Larry. Of course we are, and we’re also concerned that this report will scare off others, but I’m at an event in South Carolina right now and the feedback that we’ve received as late as this morning, and I mean, everyone who’s read this report have had The New York Times article. But as late as this morning, the response has been very gratifying to us.

Robert Dowling, Moderator:

Okay. What evidence does Voatz have that the researchers are motivated by a desire to “thwart the process of innovation and progress for better voting access”? “Disrupt the election process”, “sow doubt in the security of our election infrastructure”, and “spread fear and confusion”.

Larry Moore, Senior Vice President:

Yeah. Let me take that one again. Again, this is Larry Moore. So first of all we are, I was just trying to do this on Google Maps, but we’re probably less than two miles away as the crow flies from the MIT Research Lab in Downtown Boston, so we’re close. They could have contacted us. Had they invited us over, we had come over on the red line, but they didn’t avail themselves of the hacker one program and riffed that in the report, and yet, that would have taken a trivial effort on their part to just confirm the allegations of the jailbroken phones, but they didn’t do that.

Larry Moore, Senior Vice President:

The other evidence is the last couple of paragraphs in their report where they say, “Given the severity of failings discussed in the paper,” which we dispute, “the lack of transparency,” which we also dispute, “the risks of voter privacy and the trivial nature of the attacks, we suggest that any near future plans to use the app for high stakes elections be abandoned.” So not a very collaborative environment here, and they use the media attention to, in a pretty aggressive way, to really try to stop this process in these pilots.

Robert Dowling, Moderator:

Thanks. Why did Voatz accuse the researchers of trying to remain anonymous when they put their names on the paper?

Hilary Braseth, Vice President:

I can take this one. So throughout the process of the researchers initially getting in touch with CISA, they decided to remain anonymous throughout that process, and we could have some guesses as to who the researchers were, but even up until publication in The New York Times, they refused to reveal their identity. We are unaware of why they didn’t want to reveal their identity. We would have been, as Larry mentioned, happy to have engaged in thoughtful conversation with them and helped them to validate whether or not their approach was sound.

Larry Moore, Senior Vice President:

Yeah, and one of the thing, Hilary, I’ll just add to that, they demanded and we exceeded to the demands of having a one on, having a phone call with all of our customers, without us being present, mediated by CISA. Even on that phone call, which happened on Tuesday, a week ago, they did not disclose their own, their identity.

Robert Dowling, Moderator:

If Voatz believes that the research is wrong due to the researchers use of a simulated server, will Voatz let them access its a real server to perform the same analysis?

Nimit Sawhney, CEO & Co-founder:

Hi, this is Nimit here again. I can answer that. Absolutely. We offered that to them as part of our initial response via CISA. 

Nimit Sawhney, CEO & Co-founder:

There was no response from researchers. And moreover, we already have this server available. It’s to our public bug bounty program. Anybody who wishes to sign up, test that apps over there, against the real server with full functionality, is able to do that. And so that system’s already available. They willfully chose not to do it. So absolutely, one of the first things we offered in our responses, why don’t you prove all these claims on a real system, and then we can investigate further. But they did not respond to that at all.

Robert Dowling, Moderator:

Thanks Nimit So the next set of questions come from Russell Brandom from The Verge. First question is, I understand from the post that the MIT researchers were testing an outdated version of your software and weren’t connected with Voatz servers. However, the post stops short of saying that the vulnerabilities discovered had been patched in recent version. I’m curious if you can speak directly to the status of those vulnerabilities.

Nimit Sawhney, CEO & Co-founder:

Absolutely. So they had whole paper is riddled with holes, if I can use that word. For example, they talk about our use of the blockchain and say, executing a 51 percent attack. That attack is not possible because we do not use a public blockchain. We use a permissioned blockchain based on Hyperledger, and such an attack is not possible on that infrastructure. Similarly, they assume that by defeating the malware and the jailbreak detection on the mobile devices, that they will be able to connect to our server. Because they didn’t connect to our server, they did not experience all the checks which happen on the server, which would have prevented them from doing anything.

Nimit Sawhney, CEO & Co-founder:

And then all of their claims are based off that. That because they were able to jailbreak or successfully compromise a client device, that the assumption that device would be able to connect to our server is completely, completely flawed. And so that’s the really, really strange thing was, why would they do such a hypothetical analysis when they had a real system to actually test it out?

Nimit Sawhney, CEO & Co-founder:

Similarly, there’s another-

Larry Moore, Senior Vice President:

Nimit, a reminder to talk about the first claim on the side channel link.

Nimit Sawhney, CEO & Co-founder:

Yes, I was getting there. So one of the claims they have is, as Larry mentioned, it’s called a side channel leak. To drill it down, what it means is as network traffic is passing through while people are using their devices, that by looking at that encrypted network traffic, they can deduce who you are voting for, and then start disrupting that traffic to the disadvantage of the voter. And hypothetically, that may be possible. In a realistic scenario, that’s not possible given how our pilots are conducted. Secondly, that issue of a side channel problem was fixed many months ago. So if they had used the newer version of our system, they wouldn’t have even seen that. But we want to reiterate that in a real world scenario, exploiting that is extremely, extremely hard. Especially in the case of our pilots where voters are distributed, it’s a smaller amount of voters. They’re distributed around the world, breaking into network routers, cell towers, isolating individual voters, breaking into their devices… I mean, these are… This is hypothetical scenario. It’s not realistic at all.

Larry, is there anything you’d want to add to that?

Larry Moore, Senior Vice President:

Yeah, the… Maybe a little humor on the side channel leak. So despite the fact that we really fixed it, I mean think about what’s going on. They have, again, to repeat Nimit, the voters, which there are less than 600 across nine pilots, dispersed around 40 countries. You’d have to gain access to the routers that are located in the cellular providers’ networks or at military bases. And just think about how hard that is. The example that they used, it basically looks trivial if you’ve got one contest and two candidates that have different length names. Bush V Gore for example, would not work.

Larry Moore, Senior Vice President:

And so by looking at gibberish, which is what the encrypted traffic looked like, they claim that you can deduce somewhat easily the identity of the candidates that are being voted for, and then choose to disrupt the traffic back to the server so that the vote would never get registered. That also ignores the guaranteed delivery of messages, and the voter would notice this right away. So, and once again, how did they attack… Attach to the network? They would’ve seen this.

Robert Dowling, Moderator:

So just to follow up on Russell’s question for absolute clarity. He asked, have they been patched? And it sounds like, did they exist? If so, have they been patched? Are they mitigated or otherwise addressed from some server-side protection? I’m curious if you can say why Voatz users should not be worried about the vulnerabilities described in the MIT paper.

Nimit Sawhney, CEO & Co-founder:

Absolutely. So as Larry mentioned earlier, the side channel issue, even though we think it’s largely theoretical at this stage, was addressed in one of our versions much newer than the version which the researchers looked at. Regarding the other protection, yes. So their claim of being able to compromise a device and then being able to use that to connect to the network, that would have gotten blocked by server-side protection. And so definitely, there’s a lot of the intelligence in the system that relies on the server-side, in the cloud, which they completely missed because they were just looking at one isolated piece of the system. So as far as Voatz users are concerned, we do not believe that they should be worried at all about these vulnerabilities, which they are highlighted.

Robert Dowling, Moderator:

Good. Okay, thank you. So we’re going to go to the next set of questions from Alexander Culafi from TechTarget. The first question is really looking for clarity about what we were just talking about, The researchers’ paper said Voatz confirmed the existence of the side channel and PIN entropy vulnerabilities. Is this accurate? I think we’ve more or less covered it, unless there’s anything you want to add there.

Nimit Sawhney, CEO & Co-founder:

I can add something about the PIN entropy. So the system supports PINs of various lengths, various complexities. You can even use external multi-factor devices. But keep in mind, we are focused on accessibility here to make it as convenient as possible for voters without compromising on security. And so the common approach used there is, if you don’t have biometrics enabled on your device, if you’re not using a fingerprint or a face ID, then you can as a last resort, for accessibility, resort to an eight digit pin. Now an eight digit pin has 100 million permutations. So in order to crack a pin for a pilot voter, firstly you have to get physical access to that voter’s device. Then you have to get into that device, run a brute force, it would probably take you two days at the minimum. Destroy the battery, by which time the user would have detected you. And so that’s why we feel it’s not at all realistic at the moment.

Robert Dowling, Moderator:

Got it. The research paper says Voatz does not actually use blockchain technology to submit votes from a mobile device to the servers. Is this accurate? And if so, then why does Voatz official documentation suggest it does use blockchain for votes submissions?

Nimit Sawhney, CEO & Co-founder:

So this claim is completely inaccurate. Right from our very first election, we have used the Hyperledger based blockchain framework. With every pilot we’ve enhanced it, made improvements to it, and continued to do so. Our post-election pilots, ever since the third pilot done by then Denver County, have all utilized the blockchain infrastructure to facilitate the forced post-election audit, which citizen auditors have audited. NCC, which is the National Cybersecurity Center, has audited. So this claim is completely baseless. And if they had tried to dig in more into the system, into the reports which are available on our website, they would not have made this claim that we don’t use the blockchain.

Robert Dowling, Moderator:

Are there differences between the field-tested version of the Voatz app and the version covered in the HackerOne Bug Bounty program?

Nimit Sawhney, CEO & Co-founder:

No, there are not. The only differences, the servers they connect to, the field versions obviously will connect to a production infrastructure when a live election is in progress. The HackerOne applications connect to a replica infrastructure which is identical to the live infrastructure. Just that it’s not a live infrastructure. So you, as a researcher, can request access to test elections if you like. Like many researchers have done, you can request enhanced access where you get… We can provide these special versions of the applications which have less security so you can do more drilling and you know, more kind of under the hood studies as well. And so, but the version available on the bounty program and public production versions are the same. They connect to a different server on the backend.

Robert Dowling, Moderator:

Got it. A Voatz statement said the research team used a flawed approach by constructing hypothetical backend servers, but were the modeled servers used by the research team an accurate representation of Voatz’s servers? And if not, how are they different?

Nimit Sawhney, CEO & Co-founder:

They missed a lot of things, so they were not accurate. At best, they were somewhat partial because they could not see all the components. 

Nimit Sawhney, CEO & Co-founder:

They could not see all the components. They could not even reverse engineer all the code in the Android app that they looked at. And so they’re missing some pieces in the Android app itself. I would say they probably missed 50% of our server architecture information as well, and so that’s why we call it really flawed because had they gone through the bug bounty program or collaborated with us through other means, they could have gotten access to the full infrastructure and had a more accurate view of how our system works.

Robert Dowling, Moderator:

Got it. The next set of questions come from Hiawatha Bray from the Boston Globe. Can you confirm that some other states are planning to use the vote software in this year’s election? Which states? Also, how many states are using the votes app this year?

Nimit Sawhney, CEO & Co-founder:

Hilary, that’s for you.

Hilary Braseth, Vice President:

Yeah, I can take that one. We typically leave any announcements to the jurisdiction. So any new jurisdiction that’s going to be using our technology this year, we’ll let them make that announcement.

Robert Dowling, Moderator:

How do you get a printout from your smartphone?

Hilary Braseth, Vice President:

So this question might be in reference to what I said in the introductory remarks. As soon, and I was describing kind of the post vote audit trails, so we do have an infographic that delineates and tries to simplify yet still honor the technical process behind the vote system. So if anybody on this call is interested in having a copy of that infographic, please reach out to the organizer of this call and we can get that to you. But the short of it is that as soon as the voter submits her ballot on her smartphone, three really important things happen.

Hilary Braseth, Vice President:

One, instantly she receives a receipt with all of her selections. This receipt is anonymized, it’s password protected, and only she holds the password to see that receipt. The purpose of this receipt is so that the voter can verify her selection, as I reiterate. Simultaneously, what happens at the jurisdiction is an official ballot that is marked with this voter’s selections has been formed at the jurisdiction, and on election day two members from the jurisdiction possess the keys to unlock what we call a digital lockbox where they unlock it and print the official ballots for tabulation.

Hilary Braseth, Vice President:

At the close of the election, comparing that digital receipt with the voter’s selection that’s anonymized with that official ballot, both are signed with an anonymous ID, selection by selection validates that voter intent is reflected in the overall count and to make sure that nothing nefarious happened in the transmission of the voter’s vote. Not to get too technical, but the third and last thing that happens, because I mentioned there were three things that happen when a voter submits. The last thing that happens is when a voter submits their ballot, each oval on that ballot passes through that Hyperledger public permissioned blockchain network that Nimit was mentioning, and that serves as the final and third audit piece as an untamperable record in the event that something were to happen to the paper tally. So that digital receipt, the official paper ballot, comparing those two verifies that intent is reflected in the overall count. And then the blockchain record is the overall final audit piece. I hope that clarifies. And again, we have an infographic that delineates this.

Robert Dowling, Moderator:

Thanks Hilary. Aaron Mack from Slate asks, I was wondering if votes had a statement on Mason County deciding not to use the app.

Larry Moore, Senior Vice President:

So I’ll take that. I know the auditor there pretty well. So surely this was disappointing to us. He was under intense pressure to back out, but as late as this morning, he indicated he wished he’d stayed in. But I want to put a plug in for the Voatz system, we don’t know of another system that in fact could have backed out votes that had already been cast. And that’s a real strength of the system. So yes, votes had been submitted in Mason County. And when Paddy McGuire said I need to pull the plug, we were able to back those out and they never counted.

Robert Dowling, Moderator:

Got it. Kevin Collier from NBC asks, I believe Voatz has gone thr0ugh several independent audits, the results of which it hasn’t made public. When you say who each of these auditors are and will you ever make the results public?

Nimit Sawhney, CEO & Co-founder:

I can address that. So many of the audits we’ve done in the past, as we mentioned earlier, have been under stipulations warranted by the NDA, so we are unable to reveal the names. However, findings have been shared with our customers, and so there are some audits happening for which information is publicly available. One of them was conducted by the DHS. That’s report is available on our website, so if you go into the FAQ section, you’ll find a report. And as more public reports are available, we will be sharing them on our website as well.

Robert Dowling, Moderator:

Right. We have one more question that’s come in during the call from Rob Right at Tech Target. Voatz took issue with the fact that the researchers wouldn’t disclose their identities. But you also offered these same anonymous researchers access to your backend servers? Is that correct?

Nimit Sawhney, CEO & Co-founder:

Yes, we did. When the initial discussions were happening, these are moderated by the team at CISA. We did request the researchers to use our bug bounty system, in which case they can remain anonymous. They don’t have to reveal themselves. And prove their claims. Because they didn’t actually prove a single one of their claims. It’s all hypothetical. And so it’s like, okay, why don’t you prove this on a real system? And if it’s a real problem, other than the side channel one, which we had already previously fixed, if any of the others are real problems, minus the server one. That was a whole sense of hypothesis there, but any of the other issues they highlighted, we would have loved to engage with them but they did not even reply. Larry, you want to add something?

Larry Moore, Senior Vice President:

Yeah. Let me pause for just a second before we go onto any other questions and just talk about the nature of pilots. On innovations in elections, and I think I can say this with a great deal of certainty here, have started with… All innovations in elections have started with pilots, from the time the industry moved from precinct voting to vote centers in early voting, to the time when Washington and Oregon pioneered all vote by mail. These have all started with pilots. And in every single case, security was raised as an issue. And so we see this as a continuum going on. And we’re not at all saying that we’re ready for universal access or universal adoption, but we feel like we’re very responsible starting off with really the two most vulnerable cohorts in the electorate. And that’s military and overseas voters, their families and civilians residing abroad as well as voters with disability who have a legal right to access new technology as it’s presented to, for example, military and overseas voters.

Larry Moore, Senior Vice President:

So pilots are inherently part of the progress that gets made in elections, which we may agree has been largely a stagnant industry. And these attacks that have been leveled against us this morning really are a continuum of the attacks against this kind of technology that started nearly 18 years ago. And the same arguments are being used. I think the MIT researchers spent a lot of time compiling this report, and I think it would have been a lot better had they collaborated with us instead of attacked us.

Robert Dowling, Moderator:

Thanks, Larry. And thank you everyone. I know we are past time. You can send follow up questions. We’re taking them by email. Give us feedback on the call. And also if you need more information, please reach out. We’ll of course let everyone know if an additional call is necessary and gets scheduled and are happy to address follow up questions. Thanks for your time and have a great afternoon.

Voatz Response to Researchers’ Flawed Report

Voatz wishes to acknowledge the enormous effort it must have taken for the team of researchers, until this point anonymous to us, to produce “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S Federal Elections”. 

Our review of their report found three fundamental flaws with their method of analysis, their untested  claims, and their bad faith recommendations.

First, the researchers were analyzing an Android version of the Voatz mobile voting app that was at least 27 versions old at the time of their disclosure and not used in an election. Had the researchers taken the time, like nearly 100 other researchers, to test and verify their claims using the latest version of our platform via our public bug bounty program, they would not have ended up producing a report that asserts claims on the basis of an erroneous method.

Second, as the researchers admitted, the outdated app was never able to successfully transact with the Voatz servers, which are hosted on Amazon AWS and Microsoft Azure. This means that they were unable to register, unable to pass the layers of identity checks to impersonate a legitimate voter, unable to receive a legitimate ballot and unable to submit any legitimate votes or change any voter data.

Third, in the absence of being able to successfully access the Voatz servers, the researchers fabricated an imagined version of the Voatz servers, hypothesized how they worked, and then made assumptions about the interactions between the system components that are simply false. This flawed approach invalidates any claims about their ability to compromise the overall system. In short, to make claims about a backend server without any evidence or connection to the server negates any degree of credibility on behalf of the researchers.

The researchers have labeled Voatz as “not transparent”. With qualified, collaborative researchers we are very open; we disclose proprietary information and hold lengthy interactive sessions with their architects and engineers. We educate them on the critical demands of election security; they give us feedback and educate us on new best practices based on their practical knowledge of security drawn from other industries.

Voatz has worked for nearly five years to develop a resilient ballot marking system, a system built to respond to unanticipated threats and to distribute updates worldwide with short notice. It incorporates solutions from other industries to address issues around security, identity, accessibility, and auditability.

We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues. Pilot programs like ours are invaluable. They educate all election stakeholders and push innovation forward in a responsible, transparent way. For nearly two decades, the researchers and the community to which they belong have waged a systematic effort to dismantle any online voting pilots. These attempts effectively choke any meaningful conversation and learnings around the safe integration of technology to improve accessibility and security in our elections. The effect is to deny access to our overseas citizens, deployed military service men and women, their families, and citizens with disabilities.

It is clear that from the theoretical nature of the researchers’ approach, the lack of practical evidence backing their claims, their deliberate attempt to remain anonymous prior to publication, and their priority being to find media attention, that the researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.

The reality is that continuing our mobile voting pilots holds the best promise to improve accessibility, security and resilience when compared to any of the existing options available to those whose circumstances make it difficult to vote.

Updated July 13, 2020: A summary technical analysis of the claims is available here.

Statement on the Iowa Caucus

Voatz is following the news from Iowa closely and we are interested, like everyone else, in learning what happened.

We are unable to comment on the technology used by The Iowa Democratic Party. We’ve never previously heard of the technology nor the company behind it. However, we want to make it clear that Voatz was not involved in the Iowa caucuses, and using an app to tabulate in-person caucus votes is not mobile voting.

To make the distinction abundantly clear, Voatz is a mobile elections platform built to ensure an accessible, secure voting method for groups that otherwise face difficulties with the voting options currently available (i.e. overseas citizens, deployed military, and voters with disabilities). 

We’ve been in the industry for nearly 5 years and have run more than 50 safe and secure elections. Our approach is to build our technology in a deliberate, step-by-step manner through well-designed pilots. We work closely with partnering jurisdictions to ensure a voter-verified, auditable paper trail, and rigorously evaluate the technology’s resilience and progress along the way. 

Election security is our number one priority and it should never be compromised for the sake of accessibility. We voluntarily work with the Department of Homeland Security, their Cybersecurity and Infrastructure Security Agency (CISA), and other independent third parties for security testing and infrastructure analysis. We are also committed to transparency which is why we were one of the first elections companies in the world to invite the research community to help test our technology through our public bug bounty program.

Voatz Shortlisted for the 2020 GSMA Global Mobile Awards

The Voatz team is delighted and honored to be shortlisted for the 2020 Global Mobile Awards in “5c. Best Mobile Innovation for Accessibility & Inclusion” section of the Tech4Good category organized by GSMA.

The GLOMO Awards provide a world stage on which to celebrate the most inspirational and innovative developments across our industry, recognising the companies and individuals leading the way in everything from 5G & intelligent Connectivity to emerging market innovation and diversity in tech. The awards attract a significant level of high-quality entries, so being nominated today is a great achievement. We wish everyone the very best of luck and we look forward to some exciting announcements at MWC Barcelona 2020,” said John Hoffman, CEO, GSMA Ltd.     

 

If you are planning to attend the GSMA GLOMO Awards ceremony in Barcelona on Feb 25, 2020, please let us know: pr at voatz.com. Our team would love to connect with you.

Pierce County, Washington, Completes Successful Mobile Voting Pilot

In the November 2019 General Election, Pierce County, Washington successfully piloted an expansion of mobile voting to its military and overseas voters. These efforts were in support of the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) and the Military and Overseas Voter Empowerment (MOVE) Act.

The imminent withdrawal from the Postal Union created an imperative. Knowing that the biggest barrier for military voters is the transit time to receive and return a ballot, we weren’t willing to risk additional delays,” said Pierce County Auditor Julie Anderson.

Voatz, a mobile elections platform, was used in the pilot. Eligible registered voters received, marked, verified and submitted their ballots using their personal Apple or Android smartphones. Votes were submitted from 28 countries over the Internet; blockchain technology was used to secure the aggregate vote.

Voatz uses blockchain technology to store encrypted voting data distributed across a network of 32 U.S. based cloud servers. The voting data is anonymized with an unidentifiable ID number for each ballot and receipt. The process disaggregates any information that could be used to trace its source and votes cast are tamper-proof.

Pierce County’s UOCAVA voters are normally permitted to return their ballots by mail, fax, or email attachment. The pilot provided UOCAVA voters a fourth option: the Voatz mobile app. Without any prompting, voters used the mobile voting option at a higher rate than fax or email.  In the November 2019 General Election, 103 UOCAVA voters used FAX or email and 163 voters used the mobile voting option. Mail, as usual, was the primary method of ballot returns (2,481 ballots returned by postal service).

Facsimile and email alternatives are substandard, according to Anderson. Ballots returned by facsimile are often missing important pages and aren’t machine-readable. Ballots and declarations returned as email attachments present significant cybersecurity risks and arrive in a wide-variety of formats ranging from pictures of ballots lying on the floor to pixelated low resolution images.

Anderson went on to say, “If we want every UOCAVA ballot to be counted accurately and privately, and we want to mitigate the risks of mail disruption, we need a different transmission solution. A secure mobile app that uses encryption to transmit voter-verified ballots is long overdue and desperately needed in an age of global conflict, severe weather events, and international trade disputes.

Pierce County had an excellent experience with the Voatz pilot. We intend to continue offering mobile voting as an option for overseas voters. Pierce County sees this as a safe and secure alternative for UOCAVA voters.  We also see future potential for voters with disabilities– especially those who are blind or have difficulty handling paper and pens.  A secure mobile voting app could be an important accommodation,” said Anderson.

Voatz CEO and Co-Founder Nimit Sawhney was pleased with the pilot. “We’ve been thrilled to partner with Pierce County to extend our mobile voting platform to Pierce’s voters. We look forward to the future of this technology, which we hope can continue to be part of the movement of making our elections as equipped, ready and resilient for the future,” said Mr. Sawhney.

The November 2019 pilot received financial assistance from the National Cybersecurity Center, supported by Tusk Philanthropies.

Read the full article here (courtesy of Suburban Times).

 

Statement on Sen. Wyden’s Letter

While we have not been contacted by Senator Wyden or his office directly, we welcome any and all additional security audits by the Department of Defense and NSA regarding our platform.

We remain committed to providing as much transparency as possible about our system while at the same time needing to protect our intellectual property as one of the youngest election companies in the country. We are confident that all additional audits will come to the same conclusions that the West Virginia Secretary of State’s office, the Denver Elections Division, the Utah County Elections Office and independent security organizations such as ShiftState Security have: that all our elections to date have been conducted safely and securely, with no reported issues with the accurate tabulation and recording of ballots, and that the overall system is very robust. 

Voatz originated after winning a hackathon and was founded by cybersecurity and mobile technology experts. Security has been our utmost priority since day one. We have conducted 54 successful elections (public and private) over the past 3 years, some of which have involved active attempts to break-in that have all been thwarted in real time. We strongly believe that the technology to enable safe and accessible remote voting for certain demographics is here and ready.  At the same time, we have been very deliberate about rolling out the platform to historically disadvantaged demographics (such as military voters, overseas citizens and the disability community) in a slow, step-by-step manner via well-designed pilot programs. Such well-designed pilot programs are extremely necessary to educate all stakeholders and to help improve the overall security of our current absentee voting process wherein voters return ballots via insecure email, facsimile or unreliable postal mail. Mobile voting offers significantly better security, reliability and accessibility when compared to many of the existing options available to several absentee voters. 

Our advanced intrusion prevention capability was clearly demonstrated as part of the election pilots we conducted in West Virginia last year. Attempts to tamper with the system were actively thwarted and reported to the relevant jurisdictions for any law enforcement action they may deem appropriate. Voatz was the first election systems provider in the world to launch a public bug bounty program and recently initiated the third cycle of our innovative testing process that actively involves the community at large to help improve the product. We continue to encourage interested security professionals and researchers to join our bounty program and provide us with their valuable feedback.

Voatz has met the standards for blockchain security and auditability as outlined by the National Cybersecurity Center (NCC), and anonymizes and secures ballot information using National Institute of Standards and Technology (NIST) approved encryption algorithms over a highly distributed, resilient and tamper-resistant infrastructure. Starting with the Denver pilots earlier this year, Voatz made an open audit tool available to the public to enable independent tallying and end-to-end auditing of the election. NCC has been managing these citizen audits and has determined all of the audits to be a success. 100% of the voter-verified digital receipts matched the corresponding paper ballots that were tabulated using the optical scanners. There were no issues with the tabulation or recording of the ballots and auditors were pleased with the results overall. We encourage citizens to join the next iteration of our public audit programs which will begin in a few days’ time.

As soon as appropriate standards for remote ballot marking systems are available as part of the VVSG (Voluntary Voting System Guidelines) 2.0, Voatz looks forward to participating in the Federal Election Assistance Commission’s Testing and Certification program in order to receive accreditation that the Voatz platform has all the necessary functionality, accessibility, and security capabilities required under the Help America Vote Act (HAVA). In the meanwhile, Voatz continues to conduct advanced levels of security testing and has already started to collaborate with the DHS NCATS teams to conduct frequent security assessments and ongoing penetration testing. 

We look forward to hearing from Senator Wyden directly about this request and working with the DoD and NSA to provide more details about our system. In the meantime, we encourage Senator Wyden and his team to first learn more about how we’ve built our system (HERE), which allows any voter to verify that the vote was counted, and secondly to learn more about how the Voatz system has been built for end-to-end verifiability (HERE).

Voatz Collaborates with WGBH’s National Center for Accessible Media to Make Mobile Voting Accessible for Voters with Disabilities and Citizens Residing Overseas

BOSTON, Nov. 04, 2019 — Voatz, a Boston-based elections company focused on secure mobile voting , announced a collaboration with the Carl and Ruth Shapiro Family National Center for Accessible Media at WGBH Educational Foundation (NCAM) to test the accessibility features of the company’s secure mobile voting application.

The mobile voting application, available on compatible Android and iOS devices, allows deployed military personnel and overseas U.S. citizens, as well as people with disabilities, to conveniently and securely vote in elections with their smartphones from virtually anywhere in the world.

 

“We’re proud to collaborate with NCAM to help make sure people with disabilities have accessible means to raise their voices in elections,” said Nimit Sawhney, Voatz co-founder and CEO.  “For too long, the needs of citizens with disabilities have largely been ignored in the perceived conflict between security and convenience. Voatz believes that citizens with disabilities deserve to take advantage of the advanced accessibility features available on modern smartphones. Democracy is at its best when all citizens can vote securely without limitation—physical or geographic.”

 

Secured with blockchain technology and rigorously tested for ease of use, the app allows eligible users the option to forgo inaccessible paper  ballots currently submitted by postal mail, facsimile or email. The Voatz app provides voters with an auditable confirmation and produces a fully marked paper ballot for tabulation, thereby providing unprecedented levels of end-to-end auditability and verifiability.

 

In our tests, we have found Voatz’s platform to be highly accessible,” said Donna A. Danielewski, Ph.D., Senior Director of NCAM. “It allows individuals with disabilities to participate in the democratic voting process in a clear and accessible way. We look forward to continuing to work with Voatz  in testing the platform as they work to bring it to more markets.”

 

About NCAM

For nearly three decades, the National Center for Accessible Media (NCAM) has been a national leader in making digital media accessible for people with disabilities. The team in NCAM—with more than 150 years of combined experience in accessibility—are pioneers, inventors, and problem-solvers, frequently anticipating and creating solutions for tomorrow’s technology challenges. 

 

About WGBH

WGBH is America’s preeminent public broadcaster and the largest producer of PBS content for TV and the Web, including Frontline, Nova, American Experience, Masterpiece, Antiques Roadshow, Arthur, and more than a dozen other prime-time, lifestyle, and children’s series. WGBH also is a major source of digital content and programs for public radio through PRX, including The World and Innovation Hub; a leader in educational multimedia with PBS LearningMedia™, providing the nation’s educators with free, curriculum-based digital content; and a pioneer in services that make media accessible to deaf, hard of hearing, blind and visually impaired audiences. WGBH has been recognized with hundreds of honors, including Emmys, Peabodys, duPont-Columbia Awards and Oscars. More info at www.wgbh.org.

 

About Voatz

Voatz is an award-winning mobile elections platform that leverages military-grade technology (including biometrics and a blockchain-based infrastructure) to increase accessibility and security in elections. Voatz has run more than 50 elections with state and local governments, cities, universities, towns, nonprofits, and both major state political parties for convention voting. Last year, Voatz partnered with West Virginia to empower deployed military and overseas citizens to vote, marking the first mobile votes in U.S. history. In 2019 Voatz expanded its pilots to Denver and Utah, both of which held citizen’s public-facing audits, hosted by the National Cybersecurity Center.  Recently, two counties in Oregon have also started to pilot the Voatz platform. All pilots have led to an increased turnout and in the case of Denver, 100% of voters responding to a post-election survey said they preferred this method of voting to any other. Learn more here.