Category: Technology

Elections & Blockchains: Can Technology Spark Democracy?

Posted on by itops

In November 2018, our Director of Product, Hilary Braseth, delivered a talk for the Women in Blockchain group in Boston, Massachusetts.

The talk, “Elections & Blockchains: Can Technology Spark Democracy?”, explored the history and evolution of voter technology across the U.S. landscape, the four major challenges to a voting system, and a blockchain solution.

The talk sparked a lively discussion along with great interest to learn more about our systems of voting and the applicability of blockchain.

West Virginia Announces Successful Completion of the First Mobile Voting Pilot in a U.S. General Midterm Election

Posted on by itops

Charleston, W.Va. Secretary of State Mac Warner is very pleased with the completion of the General Election pilot project that allowed deployed members of the military and overseas citizens to participate in our democracy by using a mobile voting application to cast ballots secured by blockchain technology.

Warner is a 23-year veteran of the United States Army. While deployed in 2012 and 2014, Warner was not able to vote back home in West Virginia because reliable postal service was unavailable. Until now, absentee voters living out of the country have relied on paper ballot absentees or inconvenient electronic systems that require a printer, scanner or fax machine. Those processes are very difficult and nearly impossible for soldiers to take advantage of while stationed in remote areas of the world.

According to a 2018 report by the Federal Voting Assistance Program, only 6.9 percent of eligible soldiers and overseas citizens cast a ballot in the 2016 Presidential General Election. With his personal experience in mind and stats that proved the problem is vast, one of Secretary Warner’s first challenges to his Elections Division was to eliminate the hurdles in overseas voting that contributed to the very low voter participation rate for our deployed military and overseas citizens.

Prior to the May 2018 Primary Election, the State of West Virginia partnered with Tusk Montgomery Ventures (TMV) and engaged a technology developer from Boston, Massachusetts to pilot their revolutionary mobile voting application. The company, Voatz Inc., created a system that utilizes biometric identity verification and blockchain technology to offer voters a secure option to vote through their mobile application.

………

“For the first time in our nation’s history, military and overseas citizens were able to cast ballots in a federal election using a mobile device. If this technology were not available, many of those soldiers and citizens would not have had the opportunity to participate in our democracy. This pilot will provide actual voting transactions for the independent auditors to review and analyze the first deployment of blockchain technology in an American election,” Warner said.

Read The Full Announcement Here

Several news publications also covered the pilot completion and you can access some of them via the links below:

WaPo

StateScoop

Town of Millis, Massachusetts Pilots Voatz on Election Day for a Town Meeting Poll

Posted on by itops

The Town of Millis in Massachusetts piloted the Voatz platform for an innovative town meeting poll on Election Day (November 6, 2018).

“Voatz employees arrived early with plenty of staff, brought all equipment, and problem-solved issues (old building, poor WiFi connection, etc) throughout the day. They provided us results quickly and effectively and have remained in contact since the poll expired. Overall, we could not have asked for a better experience,” said the Town Meeting Review Committee.

We thank the 425 citizens of Millis who participated using their smartphones or the Voatz tablet stations.

Excited to Share Our Work with Udacity’s “Built on Blockchain” Series

Posted on by itops

This September, we were honored to be featured in a six-part series issued by Udacity, an online platform that offers courses to build professional skills ranging from cybersecurity to design.

Built on Blockchain” is a six-part “original documentary series that aims to demystify blockchain,” featuring how activists and entrepreneurs are building solutions that impact politics, society, and daily life.

We encourage you to take a peek — each episode is less than ten minutes — and in particular, at Episode 2, “One Block, One Vote”, where Voatz CEO Nimit shares why he’s moved to do this work, alongside other partners and companies innovating in the democracy and blockchain space.

History-Making Mobile Voting Pilot for Military, Overseas Citizens Expands to 24 West Virginia Counties for General Election

Posted on by itops

WV Mobile Voting Pilot

We are delighted and honored to be a small part of this effort led by the West Virginia Secretary of State’s Office to make voting easier and safer for our deployed military service members, their families and U.S. citizens living overseas.

Official Announcement

Press Coverage

Voatz Security Issue Disclosure Policy

Posted on by itops

This Security Issue Disclosure Policy document sets forth the policies that Voatz uses to disclose security issues and resolutions with its Mobile Voting Platform.

Preamble

The security of our election infrastructure is critical to the integrity of our democracy. Therefore, we value the input of security researchers acting in good faith to help us maintain a high standard for the security of our systems, which in turn gives all voters confidence in our electoral process. This includes encouraging responsible research and disclosure of issues. This policy sets forth our definition of good faith in the context of finding and reporting issues, as well as what you can expect from Voatz in return.

Scope

The scope of this policy includes only Internet-accessible election applications and infrastructure, including:

  • App-based mobile voting platforms
  • Web-based remote ballot marking systems

From time to time, Voatz may add additional items to the above list. Any systems not listed above are out-of-scope for security testing under this policy.

How to report

We recommend the following methods to report.

  • Use our bug bounty programs.
  • Directly via email to cso at voatz.com

From time to time, Voatz may add additional methods to the above list.

What you can expect from Voatz

When working with us according to this policy, you can expect us to:

  • Always hold the integrity of the democratic process as critical to our mission.
  • Extend Safe Harbor for your issue / vulnerability research that is related to this policy.
  • Work with you to understand and validate your report, including a timely initial response to the submission.
  • Work to remediate discovered issues / vulnerabilities within our budgetary and operational constraints.
  • Recognize your contribution to improving our security, after remediation and at a time of our choosing if you are the first to report a unique issue / vulnerability, and if your report triggers a code or configuration change.

With your permission, we will disclose unfixed issues that you find with other security researchers to assist in their testing to avoid unnecessary duplication of effort.

What happens if an issue or vulnerability provides unintended access to data?

If an issue or vulnerability provides unintended access to data:

  • Cease testing and submit a report immediately if you encounter any user or voter data during testing, such as Personally Identifiable Information (PII).
  • Limit the amount of data you access to the minimum required for effectively demonstrating a Proof of Concept.
  • Avoid downloading or extracting data of any kind. A screenshot of 3-5 records and/or a brief video is generally enough for your Proof of Concept.

Safe Harbor Policy

Voatz acknowledges the research community’s important role in securing our services. Due to our live systems’ designation as U.S. Critical Infrastructure, it is subject to strict monitoring and incident reporting requirements. We therefore ask that participants take special care to limit testing activities to our test environments. Unfortunately, Voatz is unable to guarantee safe harbor if you make attempts to access production assets and / or live election systems for testing purposes.

Our test environments have been designed to closely mirror our live environments and we encourage you to contact us if your research is inhibited in any way.

Voatz supports safe harbor for participants who:

  • Use the test or beta versions of our mobile apps (Apple TestFlight or Google Play Beta) as provided through our program’s scope and the specific links on this page below.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
  • Provide us with a reasonable amount of time to resolve vulnerabilities prior to any disclosure to the public or a third-party.

We will consider activities conducted consistent with this policy to constitute “authorized” conduct and will not pursue civil action or initiate a complaint against you. We will help to the extent we can if legal action is initiated by a third party against you. When conducting vulnerability research consistent with this policy, we consider the research to be:

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and / or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
  • Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
  • Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy;
  • Lawful and helpful to the overall security of the Internet, and conducted in good faith; and
  • You are expected, as always, to comply with all applicable laws.

Responsible Disclosure Policy[1]

For the protection of our customers and to protect against malicious attackers seeking to sow misinformation and / or to exploit reported but not yet resolved security issues, Voatz does not disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are generally available. To minimize the potential disruption to the electoral process, Voatz will make public disclosure during defined Issue Disclosure Windows (IDWs)[2].

While we will always strongly consider your assessment and recommendations regarding vulnerability severity, Voatz retains the authority to determine what issues and / or vulnerabilities can and should be remediated and within what time frame. We will always prioritize our mission to administer fair elections and will address vulnerabilities to the best of our ability to achieve that goal.

[1]The Voatz Security Policy is modeled after Apple’s security policy.

[2]The timing of IDWs is determined by the election calendars of Voatz customers. Note, the nature of IDWs is inherently fluid (e.g. special elections to fill the position of a deceased elected official).

 

Last Updated: March 1, 2020

Historic Milestone: First Mobile Blockchain Vote in U.S. Primary Election History (3/23/18)

Posted on by itops

We are delighted and humbled to formally announce that a piece of history was created on March 23, 2018 when the first mobile blockchain vote in U.S. Primary Federal Election History was recorded on the Voatz platform.

V Block 25626

Hopkinton, Massachusetts Pilots Voatz for Voting at Its Annual Town Meeting

Posted on by itops

On May 7, 2018, Hopkinton, MA became one of the early towns in the country to officially pilot a mobile blockchain-based voting platform at its annual town meeting. Nearly 400 citizens voted.

West Virginia Secretary of State Announces UOCAVA Mobile Voting Pilot for 2018 Primary Elections

Posted on by itops
CHARLESTON, W.Va. – Secretary of State Mac Warner announces the launch of a secure military mobile voting solution for the May 8th Primary Election. Registered and qualified military voters that are currently deployed from participating counties are now able to vote on the secure mobile application and will continue being able to vote until polls are closed at 7:30 p.m. EST on Primary Election Day on May 8th. All that is needed for qualified, registered military personnel to cast their ballot is a compatible Apple or Android mobile device and an approved, validated State or Federal ID.

 

This pilot project – launched Friday, March 23rd – was originally limited to currently deployed military voters, spouses and their dependents that are registered to vote in two counties – Harrison County and Monongalia County. With the support of the County Clerks in both counties, the mobile voting application has also been offered to eligible UOCAVA voters in those two counties.

 

Voatz and Clear Ballot Announce Partnership to Explore Blockchain Technology for Remote Voting

Posted on by itops

After  more than a year of investigation and collaboration, two Boston-based companies, Voatz, Inc. and Clear Ballot Group, Inc. are announcing their partnership to accelerate the introduction of secure, accessible remote voting in elections. Voatz brings an open source blockchain platform designed for secure, high volume remote voting on smartphones and tablets. It has been independently evaluated for security and has already been piloted successfully in several private and municipal elections in 2016.  Clear Ballot, a voting system company, has provided the Voatz team with election industry knowledge, market requirements and a rich sample election dataset that allows their engineers to understand and build support for the complexities and scale of real elections.

Key portions of the user interface and the Voatz backend technology will be demonstrated at the National Association of Secretaries of State (NASS) and the National Association of State Election Directors (NASED) meetings held at the JW Marriott in Washington, D.C. from February 15-17, 2017.

Nimit Sawhney, Co-Founder and CEO of Voatz said, “Both companies recognize that there are a number of questions that must be adequately addressed before a large-scale deployment of remote voting is possible.  These include end-to-end verification, voter anonymity, authentication, security, cost, ease of deployment, scalability, user experience and most importantly – public trust.  I strongly believe that this partnership puts us in a great position to address these challenges to enable millions of citizens to benefit from the convenience and security offered by this new technology paradigm.”

Larry Moore, Founder and CEO of Clear Ballot said, “Innovation in elections takes too long and there are too many barriers to entry in this market. I am convinced that the fastest way to accelerate election innovation is for voting system companies, like Clear Ballot, to help promising new technology companies with technical support, election industry knowledge, regulatory requirements and market access.  An example is that people want to vote on their smartphone. Two of the challenges to remote voting have been security and accessibility. Blockchain technology coupled with smartphones and tablets have the potential to solve these problems, but this pairing must be rigorously assessed before widespread deployment.  With this partnership, we break down the barriers to entry and begin the innovation cycle to address the need for secure, accessible, remote voting.”

Imagine the convenience to registered voters who receive a sample ballot on their smartphone and make their selections using the familiar accessible features of an app on their smartphone. Then, when the polls open, they bring their smartphone with their pre-marked ballot to the polling location. By building the app on the blockchain architecture, it is not a great leap to imagine the voter not having to make the trip at all.

Working together, Voatz and Clear Ballot are tackling the complex problem of secure, accessible remote voting.

Press Release