Voatz, Inc. | |
Type: | Private |
Founded: | December 22, 2016; 6 years ago |
Area Served: | Worldwide |
Founder: | Nimit Sawhney |
Key People: | Nimit Sawhney Simer Sawhney Jesse Andrews Kahlil Byrd |
Industry: | Technology |
Voatz is a for-profit, private mobile Internet voting application. The stated mission of Voatz is to "make voting not only more accessible and secure, but also more transparent, auditable and accountable."[1] The company is headquartered in Boston, Massachusetts.[2]
Citizens in Utah, Colorado, West Virginia, and other spots around the country have used the mobile app Voatz to cast their ballots in statewide elections. 2020, ″marks the first time people have used the technology to vote in a presidential contest.″[3] The app has also been used by the city of Denver for its municipal elections in 2019, and West Virginia used it for its primary in 2018.[3]
In a 2018 pilot project for West Virginia, using Voatz, American voters submitted ballots from 29 countries including Albania, Botswana, Egypt, Mexico and Japan.[4]
Before 2020, Voatz received substantial criticism for not being transparent with their auditing process; although Voatz had claimed to be subjected to security audits by independent technology firms, it was not forthcoming with the results. For example, when reporters have reached out to auditors they did not hear back,[5] and Voatz has insisted that these same companies sign non-disclosure agreements prior to investigating the company.[6]
In 2020, a report by MIT researchers identified a number of high-severity vulnerabilities in Voatz's architecture,[7] which Voatz vehemently denied, calling the research "flawed.".[8] A follow-on security assessment, paid for by Voatz itself, was released by the security auditing firm Trail of Bits, confirming the MIT researchers' results, and another 48 technical issues were reported (plus 31 threat model findings for a total of 79 findings), a third of which were rated 'high severity.'[9] 8 of the 48 technical issues were addressed.
Voatz was created by Nimit Sawhney in 2014, and was developed as a side project at a SXSW hackathon.[10] As of October 2019, the startup has conducted over 31 pilots and completed a $7 million Series A in June.[11]
Voatz uses blockchain technology and biometrics in order to verify voter identities, forgoing the storage of sensitive personal information in a database. The blockchain infrastructure of Voatz includes 32 identically arranged verifying servers that are distributed across Amazon's AWS and Microsoft's Azure.[12] Each server runs an identical copy of Hyperledger, an open source blockchain software.
Once a user downloads the Voatz app, they verify their phone number, provide a photo ID, as well as a "selfie". Facial recognition and voter rolls are used to verify identity and confirm a match between the picture and ID submitted. After the user is offered a secure token (activated through the use of a fingerprint) applicable to eligible elections, the user's biometric information is removed from the Voatz system.[13] After all votes are submitted to Voatz, votes are printed on a paper ballot and fed into a machine.
The Voatz mobile application offers an interface available to administrators of the election incorporating Voatz. Election officials are able to view ballots, add voters, and publish results if needed.[14] Voatz does not allow voters to interact with the mobile application's blockchain-specific functions. Thus, rather than voters using wallet addresses, tokens, or private keys, voters are able to designate a 6-digit code or use biometric verification as their private key.
From March to May 2018, West Virginia implemented a temporary mobile voting solution for a series of pilot studies that recorded votes for deployed members of the military.[15] Core functionalities included, but were not limited to, the ability to spoil a ballot, post-election audits, and automatic "tabulatable" audits.[16] In order to run the applications, Voatz implemented minimum software and hardware requirements for participants. iPhone users needed to own an iPhone 5s or later with iOS 10+. Android users required a functioning Android OS version 6+ with KNOX support.
In June 2016, Voatz was used to authenticate delegate badges at the 2016 Massachusetts Democratic State Convention.[17] Over 2,000 Democratic leaders and elected officials from Massachusetts traveled to Lowell for the party's state convention.[18] Voatz created a QR code for each delegate on a list provided by the Massachusetts Democratic Party. Before being able to vote, every delegate was required to verify their identity through the Voatz app's photo recognition. Voatz was used at the Massachusetts Democratic State Convention alongside a paper ballot. Veronica Martinez, executive director for the Massachusetts Democratic Party, reported that the party intends to use Voatz in the future.[19] Photo comparison and identification were additional ballot-specific identity features tested. Once voters scanned their QR code and cast their vote — all while using the same device — voters could use their device to take a picture with them in it. Every time a voter used another station or device in order to vote, the voter would take another picture of themselves and compare it to the first picture they took of themselves.
At Tufts University in Medford, Massachusetts, Voatz was used to assist in the Tufts Community Union (TCU) Senate election. The Tufts Registrar created a list of students in order for Voatz to create QR codes for every student. The QR codes were sent to student emails on the day of the election.[20] Students used their smartphone to scan their Tufts Student ID card in order to verify their identity.[21]
The TCU Senate has continued to use Voatz in every election since 2017. After 2017, the TCU Senate created two options for student voting. The first option is to vote online. Tufts students may download the Voatz app, which can only be downloaded by signing up with an official Tufts email address. Tufts students can also check their email for a security key and vote on the Voatz Lite Web Portal. Alternatively, students can vote in person. On the day of elections, students can arrive to a designated campus center with the security key sent to their email. There, they can vote using Voatz tablets provided by Voatz representatives who are there to assist and answer questions.[22]
In October 2020, a Utah resident became the first person to cast a vote for president in a U.S. general election via a blockchain-based voting app on a personal cellphone, according to Fox News.[23] GovTech reported that the vote in question was submitted in Utah County with the Voatz app, which has been piloted in a number of states, including West Virginia, Colorado and Oregon. Utah was the first state to hold a live demonstration of how Voatz ballots can be audited...Utah County started utilizing Voatz in 2019 to give military voters a more secure voting option than email. The county eventually allowed voters with disabilities to use the app in a local election.[24]
According to CNN Philippines, of 669 volunteers, 348 voted on mobile, website, and assisted kiosks for two days for a 52.01% turnout. CNN quoted Comelec Director for Overseas Voting Bea Wee-Lozada, ″This looks promising because traditionally, we never go beyond 50% when it comes to voters who actually voted for overseas voting.″[25]
Voatz makes revenue from operating elections that use its technology. In 2018, a $2.2 million investment[26] by Overstock — an American internet retailer —was made in order to further Overstock's vision of bringing Voatz to election season[27] and to also rebrand Overstock as a financial technology company.[28] Overstock's blockchain subsidiary — Medici Ventures — invests in several sectors: Payments & Banking, Capital Markets, Identity, Property Management, Supply Chain, and Voting. Medici Ventures has invested in 19 blockchain firms including Voatz.[29]
Voatz has received criticism from several security experts. Josh Benaloh, senior cryptographer at Microsoft Research, argues that Voatz's scheme is insecure and over complicated, stating that "blockchains just don't help".[30] Ron Rivest, a professor of computer science at the Massachusetts Institute of Technology, supported Benaloh's conclusion regarding the privacy properties of mobile voting solutions in general, stating that "It could be that the program on your computer is secretly shipping your information off to a government agency and telling them how you voted."
In 2020, a security assessment was released by the security auditing firm Trail of Bits (co-founded by Alexander Sotirov). 48 technical issues were reported (plus 31 threat model findings for a total of 79 findings), a third of which were rated 'high severity.'[9] 8 of the 48 technical issues were addressed. The report also confirmed security issues reported earlier by MIT researchers,[7] despite Voatz's denial.[8]
In 2018, it was reported that there had been an attempted intrusion into the West Virginia military voting system by an unknown source. In relation to the attack, the FBI is investigating students from the University of Michigan[31] enrolled in EECS 498–009,[32] an Electrical Engineering special topic course at the University of Michigan. The course description states its objective is to "provide a deep examination of the past, present, and future of elections, informed by perspectives from computer security, tech policy, human factors, and more."[32] According to Alex Warner, West Virginia's Secretary of State, in a press conference on October 1, 2019, "the IP addresses from which the attempts were made have been turned over to the FBI for investigation. The investigation will determine if crimes were committed."[6] A CNN report[33] on October 4, 2019, reported that Mike Stuart, the U.S. Attorney for the Southern District of West Virginia, was informed that the IP addresses in the investigation matched the IP addresses for the University of Michigan.
It was revealed in October 2019 that the Federal Bureau of Investigation (FBI) had launched an investigation into the attempt to hack Voatz during the 2018 midterm elections.[33] Computer science students at the University of Michigan may have been involved with the case.[31] FBI investigators are speculating that the motive behind the attempted hack into the Voatz app may have been for a class assignment, rather than to alter votes.