Is Voting by Mobile App a Better Security Option or Just ‘A Bad Idea’?
Paper ballots and risk-limiting audits — the manual sampling of votes — have become the new best practices for protecting US elections in the aftermath of Russia’s election meddling and hacking of voter registration databases during the 2016 presidential campaign.
Adding a paper trail to electronic voting to ensure ballots get accurately counted in the digital age may seem, well, a bit counterintuitive. But while some election officials and system security experts double down on old-school practices of paper and manual ballot counts to ensure election integrity, a hotly debated movement also is underway for casting votes via personal mobile devices.
Election jurisdictions in several states have tested mobile app-based voting for state, federal, county, and municipal elections — mainly military and civilian residents stationed overseas to cast votes from their smartphones and tablets in lieu of traditional email, fax, and paper methods. West Virginia offered mobile voting for both state and federal elections in 2018; Utah County, Utah and Denver County, Colo., offered it for their municipal elections this year. In all, 29 counties across five states have tested Voatz’s mobile-voting app in official elections.
The underlying goal of mobile voting, its organizers say, is to encourage more voter participation by making the process easier and more accessible. Oregon’s Jackson and Umatilla counties, as well as Utah County, recently extended their mobile-voting pilots for municipal general elections to include civilian stateside voters with disabilities.
Critics argue that this method of voting is inherently risky and insecure: Vulnerabilities are regularly unearthed in both Android and iOS, and cybercriminals and nation-state actors increasingly are waging mobile exploits to target their victims.
Mobile voting is “a bad idea,” says Ibrahim Baggili, who is the founder and co-director of the Cyber Forensics Research and Education Group and an associate professor at the University of New Haven. “Until we can have secure devices for every voter, I don’t think it’s worth it,” he says.
More Secure Than the Status Quo?
But proponents of mobile-voting maintain that the apps and process are more secure and private than the standard practice of sending PDF-based ballots via unencrypted email to military personnel overseas.
Some mobile-voting technology contains built-in security and vetting functions: The Voatz app used in Colorado, Oregon, Utah, and West Virginia, for example, comes with three layers of user authentication, and its blockchain distributed-ledger technology encrypts the data and provides privacy and an audit trail, its proponents say. The app also scans the voter’s device for malware and proper Apple or Google digital certificates before allowing the voter to cast his or her ballot.
Sheila Nix, president of Tusk Philanthropies, the nonprofit that’s funding the Voatz-based mobile-voting pilots in the four states, says she’s well aware of security concerns about mobile voting, which is why the group has hired outside security experts to test and evaluate the security of the technology.
“My overall theory is we don’t want to promote something that’s not secure. Then our goal backfires,” she says.
Snake Oil?
Mobile voting seems like a natural progression for a society of users who already bank, shop, share, and communicate via their smartphones. Some experts believe its adoption, in some form, may be inevitable in the future despite the current misgivings about its security. But mobile technology is fraught with vulnerabilities, and blockchain security remains a big question mark, opponents say.
Among the critics of mobile voting is DEF CON Voting Village organizer Harri Hursti, who believes mobile voting won’t survive beyond the pilot phase.
“It’s going to be fizzled out after all the money has been milked [from it],” he says. “It’s truly profitable for companies promoting this. The whole idea of snake oil always [sells] well.”
Hursti was one of the first researchers in the world to hack voting machines. As part of a 2006 project organized by a nonprofit election watchdog group called Black Box Voting, Hursti, along with Hugh Thompson, found major security vulnerabilities in Diebold voting machines. The project was profiled in the HBO documentary Hacking Democracy.
He says he worries about the risk of voter coercion in mobile voting; merely having your smartphone as your personal voting machine leaves a voter vulnerable to pressures from other individuals. And smartphones are far too prone to malware and other cyberthreats to be considered a reliable voting tool, he says.
“Just because Apple improved security doesn’t mean you’re secure as a user,” he says.
Security services and consulting firm ShiftState Security has been analyzing the Voatz mobile platform on behalf of Tusk. Jason Truppi, co-founder of ShiftState and a former FBI cybersecurity agent, says there’s no such thing as unbreakable security, and he definitely gets why critics are wary of mobile voting.
“I’ve seen all the threats,” says Truppi, referring to his past work investigating nation-state and cybercrime breaches while with the FBI and in the security field the past two decades. “So if you want to talk skeptical, I’m as skeptical as the industry itself.”
But Truppi also believes voting methods are gradually changing. “It’s hard to imagine a world that’s still going to the [physical] polls 10 to 15 years from now,” he says. “Mobile voting is an eventuality. Why not solve some of the [security] problems now?”
Coming into Focus
It wasn’t until the past three years that the security of voting and elections received much public attention at all. That changed dramatically after the 2016 presidential election and was punctutated by the DEF CON hacking conference’s maiden Voting Village event in 2017, where it took just 90 minutes for the first two security researchers to hack voting machines using flaws they discovered.
Marian Schneider, president of nonprofit Verified Voting, told attendees at a presentation during the 2019 Voting Village this past August in Las Vegas that mobile device vulnerabilities could be abused in the voting process — and voters’ personal information could be exposed.
“I understand the worthy desire to increase voter participation and to remove a barrier to voting,” Schneider said. “But voting with my mobile app is not the way to do it. It’s opening the door to the county and state to an attack.”
She noted that when the mobile app sends the vote back to the voter to ensure its accuracy, this also opens up privacy holes to the voter. “How is the app developer not able to see it,” as well as the biometric and other data provided by the user, she argued.
Schneider’s organization has been one of the leaders in pushing for paper ballots in elections as a way to validate vote counts, and one of its board members in May co-authored a report calling out Voatz for a lack of transparency in providing the details of its blockchain implementation.
A researcher who was one of the first to hack voting machines in the Voting Village in 2017 also considers mobile voting too risky. “It’s a good first step, but there are a lot of things missing,” such as a privacy layer atop the blockchain, says Carsten Schuermann, an academic expert in election security who has been studying election security for a decade.
Schuermann, a computer scientist at the IT University of Copenhagen in Denmark, compromised a WinVote voting machine on the Wi-Fi network at the 2017 Voting Village, exposing real election and voting data that was still stored on it.
{STORY CONTINUES ON PAGE 2}
Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio
