While we have not been contacted by Senator Wyden or his office directly, we welcome any and all additional security audits by the Department of Defense and NSA regarding our platform.
We remain committed to providing as much transparency as possible about our system while at the same time needing to protect our intellectual property as one of the youngest election companies in the country. We are confident that all additional audits will come to the same conclusions that the West Virginia Secretary of State’s office, the Denver Elections Division, the Utah County Elections Office and independent security organizations such as ShiftState Security have: that all our elections to date have been conducted safely and securely, with no reported issues with the accurate tabulation and recording of ballots, and that the overall system is very robust.
Voatz originated after winning a hackathon and was founded by cybersecurity and mobile technology experts. Security has been our utmost priority since day one. We have conducted 54 successful elections (public and private) over the past 3 years, some of which have involved active attempts to break-in that have all been thwarted in real time. We strongly believe that the technology to enable safe and accessible remote voting for certain demographics is here and ready. At the same time, we have been very deliberate about rolling out the platform to historically disadvantaged demographics (such as military voters, overseas citizens and the disability community) in a slow, step-by-step manner via well-designed pilot programs. Such well-designed pilot programs are extremely necessary to educate all stakeholders and to help improve the overall security of our current absentee voting process wherein voters return ballots via insecure email, facsimile or unreliable postal mail. Mobile voting offers significantly better security, reliability and accessibility when compared to many of the existing options available to several absentee voters.
Our advanced intrusion prevention capability was clearly demonstrated as part of the election pilots we conducted in West Virginia last year. Attempts to tamper with the system were actively thwarted and reported to the relevant jurisdictions for any law enforcement action they may deem appropriate. Voatz was the first election systems provider in the world to launch a public bug bounty program via HackerOne and recently initiated the third cycle of our innovative testing process that actively involves the community at large to help improve the product. We continue to encourage interested security professionals and researchers to join our bounty program and provide us with their valuable feedback.
Voatz has met the standards for blockchain security and auditability as outlined by the National Cybersecurity Center (NCC), and anonymizes and secures ballot information using National Institute of Standards and Technology (NIST) approved encryption algorithms over a highly distributed, resilient and tamper-resistant infrastructure. Starting with the Denver pilots earlier this year, Voatz made an open audit tool available to the public to enable independent tallying and end-to-end auditing of the election. NCC has been managing these citizen audits and has determined all of the audits to be a success. 100% of the voter-verified digital receipts matched the corresponding paper ballots that were tabulated using the optical scanners. There were no issues with the tabulation or recording of the ballots and auditors were pleased with the results overall. We encourage citizens to join the next iteration of our public audit programs which will begin in a few days’ time.
As soon as appropriate standards for remote ballot marking systems are available as part of the VVSG (Voluntary Voting System Guidelines) 2.0, Voatz looks forward to participating in the Federal Election Assistance Commission’s Testing and Certification program in order to receive accreditation that the Voatz platform has all the necessary functionality, accessibility, and security capabilities required under the Help America Vote Act (HAVA). In the meanwhile, Voatz continues to conduct advanced levels of security testing and has already started to collaborate with the DHS NCATS teams to conduct frequent security assessments and ongoing penetration testing.
We look forward to hearing from Senator Wyden directly about this request and working with the DoD and NSA to provide more details about our system. In the meantime, we encourage Senator Wyden and his team to first learn more about how we’ve built our system (HERE), which allows any voter to verify that the vote was counted, and secondly to learn more about how the Voatz system has been built for end-to-end verifiability (HERE).