In light of a recent article focused on Voatz, we wanted to share our perspective and address some of the incorrect claims made about the 2018 West Virginia pilot. While the questions raised are not unique for a startup company like ours operating in this space, we want to make it very clear that there was nothing in the voting process or the post-election audit process that was a concern.
The article failed to accurately portray the added protections that the mobile blockchain infrastructure provides, or the fact that this pilot was a significant improvement to the current voting methods (fax, email, postal mail) offered to UOCAVA voters.
Delays in sending and receiving absentee ballots via postal mail for overseas military locations are well known, as is the unreliability of the process. Similarly, the return of marked ballots via unencrypted email or traditional fax is hardly a secure or privacy-protecting methodology by any standard.
West Virginia’s mobile voting pilot allowed UOCAVA voters to cast their ballots using the convenience of a personal smartphone after completing a strict identity proofing and verification process, while maintaining the secrecy of the cast ballot for the first time. Every voter received a voter verifiable digital receipt, and an actual, tabulatable paper ballot was generated for each mobile vote received. This is a significant improvement from the current options offered to UOCAVA voters (fax, email, postal mail), which often require manual transcription to tabulatable paper ballots on behalf of the jurisdiction, often revealing anonymity of the voter or inviting the potential for human error.
The county clerks were able to conduct a pre-tabulation audit (unprecedented in US election history) by comparing anonymized copies of the voter verified digital receipts with the marked paper ballots prior to feeding the paper ballots into the scanners for seamless tabulation alongside the primary voting system. There was a 100% match and no discrepancies were detected. Notably, the use of a blockchain-based infrastructure facilitated the security of the aggregate vote, provided unprecedented levels of tamper resistance from a data security perspective and enabled a post-election audit of the end-to-end voting process for the first time. For further detail, please visit our FAQ and refer to this article, which address several misconceptions about our technology.
The pilot was additionally audited by multiple independent security auditors (including former members of the FBI’s elite cyber division), which came back clean with no indications of any successful interference or hacking. Security is never static in time and multiple audits are conducted on a frequent basis as the platform evolves, as new features are incorporated and as new threat vectors emerge.
Voatz was also the first elections company worldwide to launch a public bug bounty program via HackerOne to further vet upcoming versions of its platform from a security perspective.
One of key learnings from the West Virigina pilot was the need to make the post-election audit process easier for a lay person to comprehend without needing to dive into the technical details around cryptography or the blockchain infrastructure. One such enhancement was implemented for the recent pilot elections in Denver, CO wherein a rigorous post-election audit was conducted to verify each submitted mobile ballot, and the audit met the requirements of the jurisdiction. Each submitted mobile ballot produced three records to facilitate this audit: (1) a voter verified digital receipt, sent to the voter at the time of voting (alongside an anonymized copy to the jurisdiction), (2) an actual marked paper ballot, anonymized, formatted for printing and tabulation along with the rest of the jurisdiction’s ballots on Election Day, and (3) the anonymous blockchain records for each marked oval. In Denver’s case, the general public was invited to sign up and participate in a public-facing audit to compare all three records, and to ensure that all votes were counted as submitted. For more information on this unprecedented and historic citizens audit, please read more here.
Lastly, the article fails to recognize the basic nature of how well-designed pilots are conducted (especially in highly regulated, contentious environments such as the elections industry), and the need for startups to protect their IP during this process. We have worked hard to strike a fine balance in this respect while staying committed to being transparent about our technology and the elections we work on as we continue to leverage innovative solutions to improve our election infrastructure.
For stories on how this new voting method facilitated UOCAVA voters to vote more conveniently and securely from their far-away locations, we invite you to read these voter testimonials from Africa, Europe and the Far East.