Voting by phone is easy. But is it secure?
- By Matt Vasilogambros
- Jul 18, 2019
For the first time in a presidential election, voters in two upcoming Democratic caucuses will be able to vote using their phones.
The Democratic Party announced this month that Iowans and Nevadans in February will be able to opt out of the traditional caucus experience and vote using the keypads on their cellphones or landlines.
Party leaders say the change will make the caucus process more inclusive, especially for members of the military and others who can’t easily caucus in person, such as people with disabilities and voters who live in remote areas.
Some Americans already have voted by phone: Servicemembers from West Virginia and Denver in the past year were able to participate in local elections using a smartphone app.
Many election officials, election technology companies and voting rights advocates support a phone-based system to make voting easier for millions of Americans.
But the convenience of voting by phone comes with risks. Election security experts have vehemently warned against it, saying it opens elections to potential hacks and disruptions.
The dilemma for states that might consider voting by phone is the conflict between accessibility and security. Voting rights advocates want to make casting a ballot as easy as possible. At the same time, the United States faces the threat of foreign interference in this presidential election.
Voting by phone is voting through the internet, either through mobile apps or the tabulating and downloading process, said Marian Schneider, president of Verified Voting, an election integrity nonprofit that advocates for a paper trail in voting.
That opens the door to malicious actors, like the foreign intelligence agents who attempted to hack U.S. state and local voting systems during the last presidential race.
In light of those attempts, many states are going back to paper ballots or requiring a paper trail to back up electronic systems.
“Did people not get any lessons learned from 2016?” Schneider said. “It’s really an odd time to be doing this.”
West Virginia and Denver were the first U.S. jurisdictions to allow overseas servicemembers to use a new mobile app to vote in local elections. The voting process and post-election audits were successful, local officials say.
A ‘virtual caucus’
In February, voters in Iowa and Nevada will caucus in schools, churches and community centers to choose a Democratic nominee.
During caucuses, voters divide themselves into groups by candidate preference in their assigned precinct until every candidate represented meets a certain threshold to win delegates. The process can last hours, as people move around the room.
This year, in addition to the in-person caucuses, voters can dial in to a “virtual caucus,” ranking candidates by pressing a button or saying their name.
The preferences will be added later in their home precincts. Voters can access the system only by dialing an access code provided by the state party.
Democratic Nevada voters can call in the Sunday and Monday before the Saturday caucus and participate in English, Spanish or Tagalog. The Silver State also will have four days of early, in-person caucusing during which voters can express their preferences.
In Iowa, voters can choose between six time slots to caucus using the new system, one of them on caucus night. Those votes will be tallied in the voters’ precincts on caucus day.
“We expect it to take minutes, rather than hours,” said Shelby Wiltz, caucus director for the Nevada State Democratic Party. “This is going to be a great option for folks. It’s important the folks who are voting are reflective of our whole Democratic community.”
But critics worry the new voting systems are unsafe.
State Democratic leaders and the private vendor hired to build the system will work with security experts at the national party headquarters to implement safeguards and conduct testing.
But the party has not yet outlined exactly how and by whom the dial-in system will be tested before the caucuses, and which safeguards are being implemented to prevent hacking attempts and disruptions.
While voters caucus over the phone, their preferences will be tabulated and transmitted via the internet. The state Democratic parties will be able to download those preferences in a spreadsheet or text file.
Anytime the internet is involved in voting, it’s risky, said David Dill, a professor emeritus of computer science at Stanford University who has studied election security for the past two decades.
The lack of security specifics from Democrats should give voters pause, he said.
“Basically, what they’re saying is, ‘Trust us,’” Dill said. “The stakes are high in the primaries. It’s irresponsible for any political party to be using software like this.”
Nevada’s Wiltz insisted that “security is our No. 1 priority.”
“We are working hand-in-hand with DNC security experts to be thoughtful at every step,” she added, referring to the Democratic National Committee.
‘In a hostile zone’
When Sheila Nix served as chief of staff to former second lady Jill Biden, she consistently heard from military members stationed abroad about how difficult it was to vote.
A federal law signed by President Barack Obama in 2009 requires that states send electronic ballots to servicemembers 45 days before Election Day. But returning the ballot isn’t always easy, and the process varies by state.
“Absentee ballots, access to printers, have a fax machine?” Nix said. “In a hostile zone, there’s no way you’re able to do those things.”
Twenty-two states and the District of Columbia allow servicemembers to return their ballots via email, according to a National Conference of State Legislatures analysis last year. But that practice also can be risky. Emails can be intercepted, and voters forfeit their privacy by sending their completed ballot to a county official.
Nix is the president of Tusk Philanthropies, which funds mobile voting initiatives in states. One of those initiatives it supports is Voatz, a Boston-based company that has developed a voting app for Apple and Android phones. The app uses blockchain technology -- a series of redundant, geographically dispersed and hard to hack servers that can store votes.
West Virginia was the first state to use the smartphone app for military voters overseas.
When he was in Afghanistan for five years, West Virginia GOP Secretary of State Mac Warner couldn’t vote in the 2012 and 2014 elections.
He understood there were security concerns to an internet-based system, said Mike Queen, his deputy chief of staff and communications director, but thought getting ballots to servicemembers who don’t have regular access to the mail was worth the risk.
“You know the U.S. Postal Service doesn’t show up in Beirut or Iraq or Afghanistan,” Queen said.
After receiving a proposal from Voatz, West Virginia agreed to try the app. In the May 2018 elections, the state tested the system with fewer than 20 voters in two of the state’s 55 counties.
In its second pilot during the November midterms, the state opened the process to 24 counties and 144 West Virginians who voted from 30 countries, including Japan, Kuwait and Uganda. State officials audited every vote after the election.
Warner hopes to include every county by the next presidential election. However, he wants to limit use of the app to overseas military voters.
After West Virginia’s success, city officials in Denver this year allowed servicemembers and their families living abroad to vote in May’s municipal elections using the Voatz app.
Denver officials opened the audit process to members of the public, who were able to verify the accuracy of the voting. Officials also hosted a Facebook Live demonstration of its post-election audit.
Leaders at Voatz say they have gone to great lengths to ensure their app is secure.
After downloading the app from Apple or Google stores, eligible voters can access their ballot by scanning both sides of their driver’s license using the phone’s camera. Voters use facial recognition software to take a 10-second video of their face, blinking and moving their heads slightly. Their fingerprint on the phone’s home button confirms their identity.
After the voting is complete, voters receive a password-protected email attachment with their vote receipt, which self-corrupts after a certain period. Counties receive a completed ballot with an anonymous identification number that is ready to be printed and counted with other ballots by credentialed election officials.
The encrypted vote is transmitted to 32 blockchain servers, hosted by Amazon and Microsoft, in several locations throughout the country.
To run post-election audits, the company partnered with ShiftState Security in West Virginia and with Colorado-based National Cybersecurity Center in Denver.
To find potential security weaknesses in its software, it partnered with the Department of Homeland Security and the online community HackerOne.
The company is expected to release white papers about its security measures ahead of the 2020 presidential election.
“The concerns are valid, but there are protections in place,” said Nimit Sawhney, co-founder and CEO of Voatz. “We are giving citizens the confidence that their absentee ballots made it and were counted without compromising their privacy.”
But Audrey Malagon, an associate professor of mathematics at Virginia Wesleyan University, isn’t convinced. Malagon supports the idea of making voting easier for servicemembers, but she believes that traditional absentee ballots are safer.
During the last legislative session in Richmond, Malagon, working as an adviser for Verified Voting, successfully advocated against a measure that would have opened overseas military voting to a blockchain-based system. Instead, she pushed officials to extend the deadline for mailing absentee ballots for those stationed abroad.
“The thing you lose when you vote over the internet is privacy,” she said. “Once that vote is sent off, there’s no way for the voter to know that when it gets to the other end it’s been counted and tabulated the way they intended, unless you’re going to compromise that anonymity.”
When Voatz sends an email confirming how a person voted, that voter’s privacy is stripped, Malagon said. And while there is a paper record of their vote, voters cannot see the final document election administrators print and count.
Blockchain technology in elections “would do little to address the major security requirements of voting,” according to a National Academies of Sciences, Engineering, and Medicine report last year. Allowing internet access in the voting process is too risky, the report argues, at least until there are “substantial scientific advances.”
But Nix, at Tusk Philanthropies, thinks states can achieve better accessibility and security through apps like Voatz, despite concerns from security experts.
“What we’re doing is more secure than what’s in practice,” she said. “And every time you make it easier to vote, that’s a good thing. Empowering more people to participate is very much a step in the right direction.”
Voatz plans to continue expanding its app to other jurisdictions in the coming months.
This article was first posted on Stateline, an initiative of the Pew Charitable Trusts.