Category: Technology

Voatz Response to Researchers’ Flawed Report

Posted on by itops

Voatz wishes to acknowledge the enormous effort it must have taken for the team of researchers, until this point anonymous to us, to produce “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S Federal Elections”. 

Our review of their report found three fundamental flaws with their method of analysis, their untested  claims, and their bad faith recommendations.

First, the researchers were analyzing an Android version of the Voatz mobile voting app that was at least 27 versions old at the time of their disclosure and not used in an election. Had the researchers taken the time, like nearly 100 other researchers, to test and verify their claims using the latest version of our platform via our public bug bounty program, they would not have ended up producing a report that asserts claims on the basis of an erroneous method.

Second, as the researchers admitted, the outdated app was never able to successfully transact with the Voatz servers, which are hosted on Amazon AWS and Microsoft Azure. This means that they were unable to register, unable to pass the layers of identity checks to impersonate a legitimate voter, unable to receive a legitimate ballot and unable to submit any legitimate votes or change any voter data.

Third, in the absence of being able to successfully access the Voatz servers, the researchers fabricated an imagined version of the Voatz servers, hypothesized how they worked, and then made assumptions about the interactions between the system components that are simply false. This flawed approach invalidates any claims about their ability to compromise the overall system. In short, to make claims about a backend server without any evidence or connection to the server negates any degree of credibility on behalf of the researchers.

The researchers have labeled Voatz as “not transparent”. With qualified, collaborative researchers we are very open; we disclose proprietary information and hold lengthy interactive sessions with their architects and engineers. We educate them on the critical demands of election security; they give us feedback and educate us on new best practices based on their practical knowledge of security drawn from other industries.

Voatz has worked for nearly five years to develop a resilient ballot marking system, a system built to respond to unanticipated threats and to distribute updates worldwide with short notice. It incorporates solutions from other industries to address issues around security, identity, accessibility, and auditability.

We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues. Pilot programs like ours are invaluable. They educate all election stakeholders and push innovation forward in a responsible, transparent way. For nearly two decades, the researchers and the community to which they belong have waged a systematic effort to dismantle any online voting pilots. These attempts effectively choke any meaningful conversation and learnings around the safe integration of technology to improve accessibility and security in our elections. The effect is to deny access to our overseas citizens, deployed military service men and women, their families, and citizens with disabilities.

It is clear that from the theoretical nature of the researchers’ approach, the lack of practical evidence backing their claims, their deliberate attempt to remain anonymous prior to publication, and their priority being to find media attention, that the researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.

The reality is that continuing our mobile voting pilots holds the best promise to improve accessibility, security and resilience when compared to any of the existing options available to those whose circumstances make it difficult to vote.

Updated July 13, 2020: A summary technical analysis of the claims is available here.

Voatz Leads Workshop at Hack(H)er413 Hackathon in Amherst, MA

Posted on by itops

This past weekend, Voatz was a proud sponsor of Hack(H)er413, the first all-women and non-binary students’ hackathon in Western Massachusetts.

Over the course of 24 hours, participants were encouraged to learn and develop new technical skills, network, and innovate with passion. The hackathon was organized entirely by students and aimed to increase diversity and inclusion in the technology industry.

During our time there, we held a workshop introducing participants to ethical hacking, mobile code security testing, and invited students to sign up for the Voatz bug bounty program with an invitation to test the latest versions of the Voatz mobile voting platform.

We were impressed by the students’ interest, the thoughtful questions, and the conversation that ensued. We look forward to continuing collaboration!

 ^Voatz introduction and overview of ethical hacking workshop

^Talking to impressive and passionate students at the career fair

^Members from the Voatz team at Hack(H)er413

Voatz Shortlisted for the 2020 GSMA Global Mobile Awards

Posted on by itops

The Voatz team is delighted and honored to be shortlisted for the 2020 Global Mobile Awards in “5c. Best Mobile Innovation for Accessibility & Inclusion” section of the Tech4Good category organized by GSMA.

The GLOMO Awards provide a world stage on which to celebrate the most inspirational and innovative developments across our industry, recognising the companies and individuals leading the way in everything from 5G & intelligent Connectivity to emerging market innovation and diversity in tech. The awards attract a significant level of high-quality entries, so being nominated today is a great achievement. We wish everyone the very best of luck and we look forward to some exciting announcements at MWC Barcelona 2020,” said John Hoffman, CEO, GSMA Ltd.     

 

If you are planning to attend the GSMA GLOMO Awards ceremony in Barcelona on Feb 25, 2020, please let us know: pr at voatz.com. Our team would love to connect with you.

Pierce County, Washington, Completes Successful Mobile Voting Pilot

Posted on by itops

In the November 2019 General Election, Pierce County, Washington successfully piloted an expansion of mobile voting to its military and overseas voters. These efforts were in support of the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) and the Military and Overseas Voter Empowerment (MOVE) Act.

The imminent withdrawal from the Postal Union created an imperative. Knowing that the biggest barrier for military voters is the transit time to receive and return a ballot, we weren’t willing to risk additional delays,” said Pierce County Auditor Julie Anderson.

Voatz, a mobile elections platform, was used in the pilot. Eligible registered voters received, marked, verified and submitted their ballots using their personal Apple or Android smartphones. Votes were submitted from 28 countries over the Internet; blockchain technology was used to secure the aggregate vote.

Voatz uses blockchain technology to store encrypted voting data distributed across a network of 32 U.S. based cloud servers. The voting data is anonymized with an unidentifiable ID number for each ballot and receipt. The process disaggregates any information that could be used to trace its source and votes cast are tamper-proof.

Pierce County’s UOCAVA voters are normally permitted to return their ballots by mail, fax, or email attachment. The pilot provided UOCAVA voters a fourth option: the Voatz mobile app. Without any prompting, voters used the mobile voting option at a higher rate than fax or email.  In the November 2019 General Election, 103 UOCAVA voters used FAX or email and 163 voters used the mobile voting option. Mail, as usual, was the primary method of ballot returns (2,481 ballots returned by postal service).

Facsimile and email alternatives are substandard, according to Anderson. Ballots returned by facsimile are often missing important pages and aren’t machine-readable. Ballots and declarations returned as email attachments present significant cybersecurity risks and arrive in a wide-variety of formats ranging from pictures of ballots lying on the floor to pixelated low resolution images.

Anderson went on to say, “If we want every UOCAVA ballot to be counted accurately and privately, and we want to mitigate the risks of mail disruption, we need a different transmission solution. A secure mobile app that uses encryption to transmit voter-verified ballots is long overdue and desperately needed in an age of global conflict, severe weather events, and international trade disputes.

Pierce County had an excellent experience with the Voatz pilot. We intend to continue offering mobile voting as an option for overseas voters. Pierce County sees this as a safe and secure alternative for UOCAVA voters.  We also see future potential for voters with disabilities– especially those who are blind or have difficulty handling paper and pens.  A secure mobile voting app could be an important accommodation,” said Anderson.

Voatz CEO and Co-Founder Nimit Sawhney was pleased with the pilot. “We’ve been thrilled to partner with Pierce County to extend our mobile voting platform to Pierce’s voters. We look forward to the future of this technology, which we hope can continue to be part of the movement of making our elections as equipped, ready and resilient for the future,” said Mr. Sawhney.

The November 2019 pilot received financial assistance from the National Cybersecurity Center, supported by Tusk Philanthropies.

Read the full article here (courtesy of Suburban Times).

 

Statement on Sen. Wyden’s Letter

Posted on by itops

While we have not been contacted by Senator Wyden or his office directly, we welcome any and all additional security audits by the Department of Defense and NSA regarding our platform.

We remain committed to providing as much transparency as possible about our system while at the same time needing to protect our intellectual property as one of the youngest election companies in the country. We are confident that all additional audits will come to the same conclusions that the West Virginia Secretary of State’s office, the Denver Elections Division, the Utah County Elections Office and independent security organizations such as ShiftState Security have: that all our elections to date have been conducted safely and securely, with no reported issues with the accurate tabulation and recording of ballots, and that the overall system is very robust. 

Voatz originated after winning a hackathon and was founded by cybersecurity and mobile technology experts. Security has been our utmost priority since day one. We have conducted 54 successful elections (public and private) over the past 3 years, some of which have involved active attempts to break-in that have all been thwarted in real time. We strongly believe that the technology to enable safe and accessible remote voting for certain demographics is here and ready.  At the same time, we have been very deliberate about rolling out the platform to historically disadvantaged demographics (such as military voters, overseas citizens and the disability community) in a slow, step-by-step manner via well-designed pilot programs. Such well-designed pilot programs are extremely necessary to educate all stakeholders and to help improve the overall security of our current absentee voting process wherein voters return ballots via insecure email, facsimile or unreliable postal mail. Mobile voting offers significantly better security, reliability and accessibility when compared to many of the existing options available to several absentee voters. 

Our advanced intrusion prevention capability was clearly demonstrated as part of the election pilots we conducted in West Virginia last year. Attempts to tamper with the system were actively thwarted and reported to the relevant jurisdictions for any law enforcement action they may deem appropriate. Voatz was the first election systems provider in the world to launch a public bug bounty program and recently initiated the third cycle of our innovative testing process that actively involves the community at large to help improve the product. We continue to encourage interested security professionals and researchers to join our bounty program and provide us with their valuable feedback.

Voatz has met the standards for blockchain security and auditability as outlined by the National Cybersecurity Center (NCC), and anonymizes and secures ballot information using National Institute of Standards and Technology (NIST) approved encryption algorithms over a highly distributed, resilient and tamper-resistant infrastructure. Starting with the Denver pilots earlier this year, Voatz made an open audit tool available to the public to enable independent tallying and end-to-end auditing of the election. NCC has been managing these citizen audits and has determined all of the audits to be a success. 100% of the voter-verified digital receipts matched the corresponding paper ballots that were tabulated using the optical scanners. There were no issues with the tabulation or recording of the ballots and auditors were pleased with the results overall. We encourage citizens to join the next iteration of our public audit programs which will begin in a few days’ time.

As soon as appropriate standards for remote ballot marking systems are available as part of the VVSG (Voluntary Voting System Guidelines) 2.0, Voatz looks forward to participating in the Federal Election Assistance Commission’s Testing and Certification program in order to receive accreditation that the Voatz platform has all the necessary functionality, accessibility, and security capabilities required under the Help America Vote Act (HAVA). In the meanwhile, Voatz continues to conduct advanced levels of security testing and has already started to collaborate with the DHS NCATS teams to conduct frequent security assessments and ongoing penetration testing. 

We look forward to hearing from Senator Wyden directly about this request and working with the DoD and NSA to provide more details about our system. In the meantime, we encourage Senator Wyden and his team to first learn more about how we’ve built our system (HERE), which allows any voter to verify that the vote was counted, and secondly to learn more about how the Voatz system has been built for end-to-end verifiability (HERE).

Voatz Collaborates with WGBH’s National Center for Accessible Media to Make Mobile Voting Accessible for Voters with Disabilities and Citizens Residing Overseas

Posted on by itops

BOSTON, Nov. 04, 2019 — Voatz, a Boston-based elections company focused on secure mobile voting , announced a collaboration with the Carl and Ruth Shapiro Family National Center for Accessible Media at WGBH Educational Foundation (NCAM) to test the accessibility features of the company’s secure mobile voting application.

The mobile voting application, available on compatible Android and iOS devices, allows deployed military personnel and overseas U.S. citizens, as well as people with disabilities, to conveniently and securely vote in elections with their smartphones from virtually anywhere in the world.

 

“We’re proud to collaborate with NCAM to help make sure people with disabilities have accessible means to raise their voices in elections,” said Nimit Sawhney, Voatz co-founder and CEO.  “For too long, the needs of citizens with disabilities have largely been ignored in the perceived conflict between security and convenience. Voatz believes that citizens with disabilities deserve to take advantage of the advanced accessibility features available on modern smartphones. Democracy is at its best when all citizens can vote securely without limitation—physical or geographic.”

 

Secured with blockchain technology and rigorously tested for ease of use, the app allows eligible users the option to forgo inaccessible paper  ballots currently submitted by postal mail, facsimile or email. The Voatz app provides voters with an auditable confirmation and produces a fully marked paper ballot for tabulation, thereby providing unprecedented levels of end-to-end auditability and verifiability.

 

In our tests, we have found Voatz’s platform to be highly accessible,” said Donna A. Danielewski, Ph.D., Senior Director of NCAM. “It allows individuals with disabilities to participate in the democratic voting process in a clear and accessible way. We look forward to continuing to work with Voatz  in testing the platform as they work to bring it to more markets.”

 

About NCAM

For nearly three decades, the National Center for Accessible Media (NCAM) has been a national leader in making digital media accessible for people with disabilities. The team in NCAM—with more than 150 years of combined experience in accessibility—are pioneers, inventors, and problem-solvers, frequently anticipating and creating solutions for tomorrow’s technology challenges. 

 

About WGBH

WGBH is America’s preeminent public broadcaster and the largest producer of PBS content for TV and the Web, including Frontline, Nova, American Experience, Masterpiece, Antiques Roadshow, Arthur, and more than a dozen other prime-time, lifestyle, and children’s series. WGBH also is a major source of digital content and programs for public radio through PRX, including The World and Innovation Hub; a leader in educational multimedia with PBS LearningMedia™, providing the nation’s educators with free, curriculum-based digital content; and a pioneer in services that make media accessible to deaf, hard of hearing, blind and visually impaired audiences. WGBH has been recognized with hundreds of honors, including Emmys, Peabodys, duPont-Columbia Awards and Oscars. More info at www.wgbh.org.

 

About Voatz

Voatz is an award-winning mobile elections platform that leverages military-grade technology (including biometrics and a blockchain-based infrastructure) to increase accessibility and security in elections. Voatz has run more than 50 elections with state and local governments, cities, universities, towns, nonprofits, and both major state political parties for convention voting. Last year, Voatz partnered with West Virginia to empower deployed military and overseas citizens to vote, marking the first mobile votes in U.S. history. In 2019 Voatz expanded its pilots to Denver and Utah, both of which held citizen’s public-facing audits, hosted by the National Cybersecurity Center.  Recently, two counties in Oregon have also started to pilot the Voatz platform. All pilots have led to an increased turnout and in the case of Denver, 100% of voters responding to a post-election survey said they preferred this method of voting to any other. Learn more here.

Historic Milestone: First Ranked Choice Mobile Blockchain Vote in U.S. Election History (10/16/19)

Posted on by itops

We are delighted to announce that a little piece of US election history was created on October 16, 2019 when the first ever ranked choice vote was recorded on a mobile blockchain voting platform. The ballot was cast by a UOCAVA voter from Payson City in Utah County.

Update: (11/24/19) – The Associated Press/Salt Lake Tribune has more here about the RCV pilot in Utah County.

Here’s an earlier post on how the Voatz platform supports Ranked Choice Voting in a highly accessible manner. We are excited to see the expansion of RCV across the nation.