West Virginia Wants To Put Its Vote On The Blockchain. That's Either A Win Or A Disaster For Democracy.
Sixteen voters from two counties cast their ballots in West Virginia's May primaries by app. The state's secretary of state would like to expand that to the entire state.
This spring, Joe Aoshima, an American linguist who lives in Japan, became one of the first 16 people to use a particular kind of app on their phone to vote in a US federal election.
"I’m quite the technophobe, so I don’t really enjoy using technology,” he told BuzzFeed News. “But I really like the app.”
Aoshima, 40, left West Virginia years ago, soon after he received his graduate degree from West Virginia University, situated in the state's Monongalia County. This May, absentee and military voters registered in Monongalia and in nearby Harrison County were given a unique opportunity: to forgo using a traditional postmarked paper ballot for the congressional primaries and simply check a box on a smartphone app instead.
If West Virginia Secretary of State Mac Warner gets his way, those two counties are just the beginning. If all goes according to plan, he’ll announce in September that every county in West Virginia will offer that option. And then, he hopes, West Virginia can inspire the rest of the country to get on board what might make it easier for hundreds of thousands of vets and expats to vote in US elections.
Or it could turn out to be a security nightmare.
For Warner, a veteran whose four children are all either retired military or currently on active duty, using smartphones to make it easier to vote is personal.
In 2014, while working a State Department job in Afghanistan, Warner experienced firsthand the frustration of trying to vote in the US from abroad — when an improvised explosive device took out a mail truck at a time that he was supposed to be sending in his ballot. “I went months at a time without getting mail into or out of Afghanistan,” he told BuzzFeed News.
“I know from personal experience that many soldiers are having difficulty with the whole process,” Warner said. “Just so many hurdles or obstacles to voting that we need to lower those barriers, and make it easy for people out there on the front lines defending our democracy, to give them a right and the opportunity to participate. This mobile device voting is an answer to those issues.”
It’s not just a few vets, either. More than 125,000 of the 369,000 absentee ballots mailed to active service members in 2016 didn’t end up being counted, according to a report by the Election Assistance Commission.
To find a way to offer easy access to voting, Warner’s office settled on Voatz, one of dozens of aspiring startups that rely on blockchain technology, a kind of digital ledger. Most famous as the concept that makes bitcoin possible, blockchain is the subject of its own inflated economy. Investment in blockchain-related startups has risen steadily since 2012, hitting nearly $1 billion in 2017.
The idea of the blockchain is that it can’t be modified, only added to, and is simultaneously propped up by a network of users, rather than controlled by any one person. So in theory, it’s both an immutable record and accessible by anyone on the internet — two things that should work wonders for ensuring a vote is counted properly.
A blockchain ledger is inherently less fallible than a paper ballot, which can be mishandled or tampered with, argues Voatz cofounder Nimit Sawhney. “Using the properties of the blockchain, once the vote’s written from the phone, nobody can change it, so being tamper-resistant is a big feature. Ensuring auditability and verifiability as well as post-election audit and keeping transparency, having your public ledger where you can see the votes coming in.”
But things are different in practice, according to Matt Blaze, a renowned cryptographer and election security expert. In a landmark study in 2007, Blaze led teams of hackers to analyze possible software flaws in the various voting machines in use in California and Ohio — machines that had already passed numerous audits and which represented most of the companies whose equipment was in use at the time. Those states decertified some of that equipment, though some of the software they found flaws with is still in use.
They found numerous vulnerabilities, most of which would only need a single knowledgeable user to exploit them. “In some cases, compromise of a single system component (such as a precinct voting machine) was sufficient to compromise not just the vote tally on that machine, but to compromise the entire county back end system,” Blaze testified before Congress last year.
The central problem with trusting an American’s vote to a blockchain app, or to any app, for that matter, is that it means placing your complete trust in software, which by nature is invariably either buggy or exploitable and whose inner workings you can’t see, Blaze said. And trusting any computer program with your vote is a step backward.
“You’re casting your vote to software,” Blaze explained to BuzzFeed News. “And what you’re sending is an electronic record that may or may not reflect what your actual choice was. The fundamental problem is you can easily verify the electronic representation of your vote was counted. But what we can’t verify is that’s how you intended to vote.”
Voting security experts almost universally agree that the basic formula for trustworthy elections is for every vote to produce a paper trail so that the voter can see for herself that her vote is marked with her correct choice, and to conduct statistically significant audits of those paper receipts afterward to make sure the vote count doesn’t seem off. Kirstjen Nielsen, the secretary of homeland security, has declared ensuring ballots have a paper trail a matter of national security, and lawmakers keep trying to appropriate money to help states buy auditable equipment.
One of Voatz’s top selling points, Sawhney said, is that the blockchain is a flawless record keeper. A recount would be unnecessary, because it’s impossible to go back and alter previous votes cast to it. Asking for a recount would be like repeatedly putting the same equation into a calculator. But even if one did place their trust in the Voatz software to communicate their vote electronically, it’s impossible to check.
Security concerns and US regulations prevent the Voatz app from telling voters outright how they voted. Instead, if gives users a QR code, available only on the device used to cast that vote. “You then have to take your phone to an official polling place or other designated location — it could be a public library,” to verify what Voatz recorded as your choice, Sawhney said.
But that’s little comfort to anyone living abroad uses the app to cast a vote in the United States.
Here’s how Voatz works, in practice. Aoshima or any of the 15 other people who used the Voatz app to cast their vote earlier this year started by downloading the app for free from the Android or Apple store, like any other app. They registered by inputting the same information they'd given to their county to register as an absentee voter into the app. Then they uploaded a photo of a government ID and a selfie for Voatz to verify their identity.
Once someone actually cast a vote, Voatz sent their choice to a specific blockchain that the company set up for the West Virginia primaries. Once the voting period was over, Voatz physically brought to county clerks a USB flash drive which the clerks used to unlock the ballots from a cloud storage site that Voatz had set up. Those clerks, alongside observers from opposing political parties, put those USB sticks into a computer, opened up Excel to read a list of voters and how they chose and together counted each vote for one candidate or another — the same process they would use if they were opening up physical mail for an absentee ballot.
“It was kind of hectic in the beginning,” said Susan Thomas, the clerk in Harrison County.
“Still a little iffy,” she said. “I think the security aspect of it, not the voting part, but the end when it gets here, needs to be changed.”
Sixteen voters is a small sample size, but Voatz users repeatedly told BuzzFeed News that while they had trouble with the app they were optimistic for its future.
“I literally emailed them twice a day for like a week,” Aoshima said. “I emailed them countless times. They took me step by step, but it was really easy. Any user problems were mine.”
“I had an initial issue logging into the site, but the support staff helped me out immediately,” said Megan Casey, a 36-year-old lieutenant commander in the US Public Health Service.
Lewis Anderson, an 18-year-old who was born in the US while his New Zealander father taught at WVU, used the app to vote for the first time. The app didn’t work at all, showing random characters instead of text. “I almost gave up,” Anderson said, until tech support realized his phone’s language setting was Australian, whereas the app only worked in American English. After changing that, “the app was really nice,” Anderson said.
Sally Luce, a 70-year-old West Virginia native living in Canada, said she and her husband had trouble getting the app to work on their Android phones and spent significant time with Voatz support. “The man who helped me stayed on the line while I voted to ensure that the voting was successful,” Luce said. “This was not at all private, but I decided to proceed in order to get my vote counted.”
“If the system is better created to accept online votes, it would certainly be a convenient alternative to mail delivery and subsequent posting of paper ballots, but I have a number of concerns,” Luce told BuzzFeed News.
Even a handful of minor issues with a voting app could be disastrous if widely deployed, said Blaze, the security expert.
“Encouraging participation is a legitimate civic goal, and the extent to which you can help people vote who otherwise would have difficulty voting is laudable,” Blaze said. “When you scale this up to something as large as a public election, and as important as a public election, any problem with an app like that, no matter how many audits it might have passed, is catastrophic.”
Voatz’s security and logistical problems are significant, said Thomas, the Harrison County clerk. “We probably won’t be doing this in my lifetime,” she said.