Cybersecurity and election integrity advocates say West Virginia is setting an example of all the things states shouldn’t do when it comes to securing their elections. Cybersecurity West Virginia's voting experiment stirs security fears

West Virginia is about to take a leap of faith in voting technology — but it could put people's ballots at risk.

Next month, it will become the first state to deploy a smartphone app in a general election, allowing hundreds of overseas residents and members of the military stationed abroad to cast their ballots remotely. And the app will rely on blockchain, the same buzzy technology that underpins bitcoin, in yet another Election Day first.


“Especially for people who are serving the country, I think we should find ways to make it easier for them to vote without compromising on the security,” said Nimit Sawhney, co-founder of Voatz, the company that created the app of the same name that West Virginia is using. “Right now, they send their ballots by email and fax, and — whatever you may think of our security — that's totally not a secure way to send back a ballot.”

But cybersecurity and election integrity advocates say West Virginia is setting an example of all the things states shouldn’t do when it comes to securing their elections, an already fraught topic given fears that Russian operatives are trying again to tamper with U.S. democracy.

“This is a crazy time to be pulling a stunt like this. I don't know what they're thinking,” said David Jefferson, a computer scientist at Lawrence Livermore National Laboratories who is on the board of Verified Voting, an election security advocacy group. "All internet voting systems, including this one, have a host of cyber vulnerabilities which make it extremely dangerous.”

Morning Cybersecurity A daily briefing on politics and cybersecurity — weekday mornings, in your inbox. Email Sign Up By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Voting integrity advocates are in overall agreement about the best way to secure elections, and they have pressed states to stick with technology that includes auditable paper trails — even suing Georgia over that issue. They’ve urged the Department of Homeland Security to advise states against having modems in voting machines. And they have pressed the government to warn state election officials against any kind of online voting.

So the security experts are not thrilled to see blockchain entering the picture.

“Why is blockchain voting a dumb idea?” University of Pennsylvania cybersecurity expert Matt Blaze tweeted in August. “Glad you asked. For starters: - It doesn't solve any problems civil elections actually have. - It's basically incompatible with ‘software independence’, considered an essential property - It can make ballot secrecy difficult or impossible.”

Blockchain is essentially a decentralized digital ledger that uses information stored on multiple computers to track any type of transaction — including payments, in the case of bitcoin and other cryptocurrencies. It also appends the information into a “block” of encrypted data that is designed to be tamper-proof, and it provides anonymity so that it's difficult to trace a transaction to any particular person.

The Voatz app restricts access to registered voters who have successfully applied through the Uniformed and Overseas Citizens Absentee Voting Act, which sets the legal basis that allows members of the military and U.S. citizens to vote while outside the U.S.

The move to mobile was largely due to West Virginia Secretary of State Mac Warner, who says he could not vote while stationed in Afghanistan during the 2012 and 2014 elections because of the lack of reliable access to a fax machine or postal services.

“Not providing a means by which military men and women who are fighting for our democracy can participate in our democracy themselves, just doesn’t sit well with not only Secretary Warner but our county clerks here,” Mike Queen, the secretary’s deputy chief of staff and director of communications, told POLITICO.

“Mainstream mobile voting presents a much higher risk than this particular application does for military and overseas voters,” Queen said, adding that the state would stop the program immediately if any information came out showing Voatz was compromised.

Here's how the app works: A voter first uses it to scan the bar code on his or her government-issued ID, then uses its facial recognition and fingerprint scanning to double-check that the ID is accurate. After the person selects the candidates and submits the vote, the app sends the voter an email verifying that the vote is correct. For added security, Voatz once again scans the voter’s fingerprint and face before sending the ballot to the West Virginia secretary of state’s office.

In addition to sending mobile votes, Voatz will send a printable duplicate. It will email those ballots to county clerks who can verify them if any results are disputed.

West Virginia tested the app in two counties during this year’s primaries. After declaring that run of only 16 total votes successful, the state decided to broaden the test. Twenty-four counties will allow mobile voting in the general election, when the state hopes 300 to 400 people will use the app to cast their votes.

If this run is deemed successful, the secretary of state’s office may include all 55 counties — with an estimated 8,000 voters — in upcoming elections.

But critics say voting with this sort of technology makes it difficult to determine whether anyone has manipulated the vote. If a voter’s phone or tablet is infected with malware, for instance, it can record or change the person’s votes, or even infect an entire state’s election infrastructure, the security experts say.

“This is a fundamental fact of computer science: There is no foolproof way of determining if a machine has malware,” Jefferson said.

And blockchain is not a method of securing mobile apps before or while the vote is cast, election integrity advocates say. It’s only a way to offer tamper-proof records after the record is added to the blockchain. In a recent study by the National Academies of Sciences, Engineering and Medicine, researchers said a vote can be compromised a number of ways before it reaches the ledger.

“If malware on a voter’s device alters a vote before it ever reaches a blockchain, the immutability of the blockchain fails to provide the desired integrity, and the voter may never know of the alteration,” the report says.

Sawhney and West Virginia officials acknowledge that risks exist but say the small chance that a voter’s phone could be compromised is worth taking to make voting easier and more seamless for people who can’t get to the polls. And if this works on Election Day in West Virginia, expect Sawhney to be shopping the app to other states ahead of 2020.

“Nothing is 100 percent safe, and so that's true of paper ballots or any other system as well, and so that's why we have a process of having an audit before and after the election,” he said. “Once this election is over, we definitely hope that we’ll be able to replicate this in many more states.”