Jump to content

Voatz

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by PrimeBOT (talk | contribs) at 19:55, 28 December 2020 (top: Task 30: removal of "alexa" parameter from infobox following an RFC (+infobox genfixes)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Voatz, Inc.
Type of site
Private
FoundedDecember 22, 2016; 3 years ago
Area servedWorldwide
Founder(s)Nimit Sawhney
Key peopleNimit Sawhney
(CEO)
Hilary Braseth
(Director of Product Design and Communications)
IndustryTechnology
URLvoatz.com

Voatz is a for-profit, private mobile election voting application. The stated mission of Voatz is to "make voting not only more accessible and secure, but also more transparent, auditable and accountable."[1] The company is headquartered in Brookline, Massachusetts.[2]

It was revealed in October 2019 that the Federal Bureau of Investigation (FBI) had launched an investigation into the attempt to hack Voatz during the 2018 midterm elections.[3] Computer science students at the University of Michigan may have been involved with the case.[4] FBI investigators are speculating that the motive behind the attempted hack into the Voatz app may have been for a class assignment, rather than to alter votes.

Voatz has seen substantial criticism from security experts. Voatz has received additional criticism for not being transparent with their auditing process; although Voatz claims it has been subjected to security audits by independent technology firms, it has not been forthcoming with the results. For example, when reporters have reached out to auditors they did not hear back,[5] and Voatz has insisted that these same companies sign non-disclosure agreements prior to investigating the company.[6]

Voatz was created by Nimit Sawhney in 2014, and was developed as a side project at a SXSW hackathon.[7] As of October 2019, the startup has conducted over 31 pilots and completed a $7 million Series A in June.[8]

Technology

Voatz uses blockchain technology and biometrics in order to verify voter identities, forgoing the storage of sensitive personal information in a database. The blockchain infrastructure of Voatz includes 32 identically arranged verifying servers that are distributed across Amazon's AWS and Microsoft's Azure.[9] Each server runs an identical copy of Hyperledger, an open source blockchain software.[10]

Once a user downloads the Voatz app, they verify their phone number, provide a photo ID, as well as a "selfie". Facial recognition and voter rolls are used to verify identity and confirm a match between the picture and ID submitted. After the user is offered a secure token (activated through the use of a fingerprint) applicable to eligible elections, the user's biometric information is removed from the Voatz system.[11] After all votes are submitted to Voatz, votes are printed on a paper ballot and fed into a machine.

The Voatz mobile application offers an interface available to administrators of the election incorporating Voatz. Election officials are able to view ballots, add voters, and publish results if needed.[12] Voatz does not allow voters to interact with the mobile application’s blockchain-specific functions. Thus, rather than voters using wallet addresses, tokens, or private keys, voters are able to designate a 6-digit code or use biometric verification as their private key.[12]

2018 West Virginia

From March to May 2018, West Virginia implemented a temporary mobile voting solution for a series of pilot studies that recorded votes for deployed members of the military.[13] Core functionalities included, but were not limited to, the ability to spoil a ballot, post-election audits, and automatic "tabulatable" audits.[10] In order to run the applications, Voatz implemented minimum software and hardware requirements for participants. iPhone users needed to own an iPhone 5s or later with iOS 10+. Android users required a functioning Android OS version 6+ with KNOX support.[10]

2016 Massachusetts Democratic State Convention

In June 2016, Voatz was used to authenticate delegate badges at the 2016 Massachusetts Democratic State Convention.[14] Over 2,000 Democratic leaders and elected officials from Massachusetts traveled to Lowell for the party’s state convention.[15] Voatz created a QR code for each delegate on a list provided by the Massachusetts Democratic Party. Before being able to vote, every delegate was required to verify their identity through the Voatz app's photo recognition. Voatz was used at the Massachusetts Democratic State Convention alongside a paper ballot. Veronica Martinez, Executive Director for the Massachusetts Democratic Party, reported that the party intends to use Voatz in the future.[16] Photo comparison and identification were additional ballot-specific identity features tested. Once voters scanned their QR code and cast their vote — all while using the same device — voters could use their device to take a picture with them in it. Every time a voter used another station or device in order to vote, the voter would take another picture of themselves and compare it to the first picture they took of themselves.[12]

2017 Tufts Community Union (TCU) Senate Election

At Tufts University in Medford, Massachusetts, Voatz was used to assist in the Tufts Community Union (TCU) Senate election. The Tufts Registrar created a list of students in order for Voatz to create QR codes for every student. The QR codes were sent to student emails on the day of the election.[17] Students used their smartphone to scan their Tufts Student ID card in order to verify their identity.[18]

The TCU Senate has continued to use Voatz in every election since 2017. After 2017, the TCU Senate created two options for student voting. The first option is to vote online. Tufts students may download the Voatz app, which can only be downloaded by signing up with an official Tufts email address. Tufts students can also check their email for a security key and vote on the Voatz Lite Web Portal. Alternatively, students can vote in person. On the day of elections, students can arrive to a designated campus center with the security key sent to their email. There, they can vote using Voatz tablets provided by Voatz representatives who are there to assist and answer questions.[19]

Business Model

Voatz makes revenue from operating elections that use its technology. In 2018, a $2.2 million investment[20] by Overstock — an American internet retailer —was made in order to further Overstock’s vision of bringing Voatz to election season[21] and to also rebrand Overstock as a financial technology company.[22] Overstock’s blockchain subsidiary — Medici Ventures — invests in several sectors: Payments & Banking, Capital Markets, Identity, Property Management, Supply Chain, and Voting. Medici Ventures has invested in 19 blockchain firms including Voatz.[23]

Poor Security and Criticism from Security Experts

Voatz has received criticism from several security experts. Josh Benaloh, senior cryptographer at Microsoft Research, argues that Voatz's scheme is insecure and over complicated, stating that "blockchains just don't help".[24] Ron Rivest, a professor of computer science at the Massachusetts Institute of Technology, supported Benaloh's conclusion regarding the privacy properties of mobile voting solutions in general, stating that "It could be that the program on your computer is secretly shipping your information off to a government agency and telling them how you voted."[24]

In 2020, a security assessment was released by the security auditing firm Trail of Bits (co-founded by Alexander Sotirov). 48 technical issues were reported (plus 31 threat model findings for a total of 79 findings), a third of which were rated 'high severity.'[25] 8 of the 48 technical issues were addressed.[25] The report also confirmed security issues reported earlier by MIT researchers,[26] despite Voatz's denial.[27]

FBI Investigation

In 2018, it was reported that there had been an attempted intrusion into the West Virginia military voting system by an unknown source. In relation to the attack, the FBI is investigating students from the University of Michigan[28] enrolled in EECS 498-009,[29] an Electrical Engineering special topic course at the University of Michigan. The course description states its objective is to "provide a deep examination of the past, present, and future of elections, informed by perspectives from computer security, tech policy, human factors, and more." [29] According to Alex Warner, West Virginia's Secretary of State, in a press conference on October 1, 2019, "the IP addresses from which the attempts were made have been turned over to the FBI for investigation. The investigation will determine if crimes were committed."[30] A CNN report[31] on October 4, 2019 reported that Mike Stuart, the U.S. Attorney for the Southern District of West Virginia, was informed that the IP addresses in the investigation matched the IP addresses for the University of Michigan.

References

  1. ^ "When You Vote, How Do You Know It Counts?". Blog @ Voatz. 2019-10-03. Retrieved 2019-10-09.
  2. ^ Stuart, Alix (2016-10-06). "7 Startups Today's Presidential Candidates Can't Campaign Without". Inc.com. Retrieved 2019-10-09.
  3. ^ Kevin Collier. "FBI investigating if attempted 2018 voting app hack was linked to Michigan college course". CNN. Retrieved 2019-10-09.
  4. ^ Reporter, Liat Weinstein Daily Staff. "University of Michigan students implicated in potential voting app hack". The Michigan Daily. Retrieved 2019-10-09.
  5. ^ Kirby, Jen (2018-08-17). "West Virginia is testing a mobile voting app for the midterms. What could go wrong?". Vox. Retrieved 2019-11-20.
  6. ^ Silva, Matthew De. "FBI investigating West Virginia blockchain-based midterm elections". Quartz. Retrieved 2019-11-20.
  7. ^ "Cyber Saturday: Denver Votes on Blockchain, Facebook Password Snafu, Norsk Ransomware". Fortune. Retrieved 2019-11-07.
  8. ^ "Voatz raises $7M for its mobile voting platform". Built In Boston. Retrieved 2019-11-07.
  9. ^ "Cyber Saturday: Denver Votes on Blockchain, Facebook Password Snafu, Norsk Ransomware". Fortune. Retrieved 2019-11-08.
  10. ^ a b c Sawhney, Nimit (2019). "UNDER THE HOOD: The West Virginia Mobile Voting Pilot" (PDF). {{cite journal}}: Cite journal requires |journal= (help)
  11. ^ November 1, Daniel Huizinga |; 2016; Edt, 7:32 (2016-11-01). "Voting online? This startup is making that dream a reality". NewBostonPost. Retrieved 2019-10-09. {{cite web}}: |last2= has numeric name (help)CS1 maint: numeric names: authors list (link)
  12. ^ a b c Zhang, Joyce (October 2018). "Addressing Voting Inefficiencies Resulting from Identity Challenges with Blockchain" (PDF). GovLab: 12 – via NYU Tandon School of Engineering.
  13. ^ State of West Virginia, “Pilot Project: Secure Military Mobile Voting Solution,” white paper, March 28, 2018.
  14. ^ Kirby, Jen (2018-08-17). "West Virginia is testing a mobile voting app for the midterms. What could go wrong?". Vox. Retrieved 2019-10-09.
  15. ^ Young, Shannon (2016-06-03). "Massachusetts Democrats to hold annual convention in Lowell Saturday". masslive. Retrieved 2019-11-20.
  16. ^ "This startup wants to secure absentee voting with a blockchain". finance.yahoo.com. Retrieved 2019-11-20.
  17. ^ Verhulst, Stefaan G.; Young, Andrew (December 2018). Toward an Open Data Demand Assessment and Segmentation Methodology. Inter-American Development Bank. doi:10.18235/0001529.
  18. ^ "Editorial: Use of Voatz is a step in the right direction". The Tufts Daily. 2017-09-28. Retrieved 2019-10-09.
  19. ^ "Voting". Tufts Community Union. Retrieved 2019-11-08.
  20. ^ Vigna, Paul. "Overstock's Founder Bets on Blockchain, Not Bedsheets". WSJ. Retrieved 2019-11-08.
  21. ^ "The Magazine for People in Politics | Campaigns & Elections". www.campaignsandelections.com. Retrieved 2019-11-08.
  22. ^ Alexandra Semenova. "After Voting Startup Fails to Pick Up, Overstock Needs to Rethink Its Blockchain Future | Times Square Investment Journal". Retrieved 2019-11-08.
  23. ^ "Mapping out Medici Ventures' portfolio". finance.yahoo.com. Retrieved 2019-11-08.
  24. ^ a b "Can Blockchain Bring Voting Online?". www.govtech.com. Retrieved 2019-10-09.
  25. ^ a b "Our Full Report on the Voatz Mobile Voting Platform". trailofbits.com. Retrieved 2020-04-06.
  26. ^ "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections" (PDF). internetpolicy.mit.edu. Retrieved 2020-04-06.
  27. ^ "Voatz Response to Researchers' Flawed Report". Blog@Voatz. Retrieved 10 April 2020.
  28. ^ Reporter, Liat Weinstein Daily Staff. "University of Michigan students implicated in potential voting app hack". The Michigan Daily. Retrieved 2019-11-13.
  29. ^ a b "EECS 498-009: Election Cybersecurity". www.eecs.umich.edu. Retrieved 2019-11-13.
  30. ^ Silva, Matthew De. "FBI investigating West Virginia blockchain-based midterm elections". Quartz. Retrieved 2019-11-13.
  31. ^ Kevin Collier. "FBI investigating if attempted 2018 voting app hack was linked to Michigan college course". CNN. Retrieved 2019-11-13.