Voting By Cell Phone Is A Terrible Idea, And West Virginia Is Probably The Last State That Should Try It Anyway

from the industrialized-incompetence dept

So we've kind of been over this. For more than two decades now we've pointed out that electronic voting is neither private nor secure. We've also noted that despite this several-decade long conversation, many of the vendors pushing this solution are still astonishingly-bad at not only securing their products, but acknowledging that nearly every reputable security analyst and expert has warned that it's impossible to build a secure fully electronic voting system, and that if you're going to to do so anyway, at the very least you need to include a paper trail system that's not accessible via the internet.

Having apparently learned nothing, reports emerged this week that West Virginia is considering launching an initiative that would let some state residents vote via cellphone. To be clear, the effort initially appears focused on letting troops stationed overseas vote. Not surprisingly, more than a few folks were quick to highlight to CNN how this would be an arguably terrible idea:

"Mobile voting is a horrific idea," Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, told CNN in an email. "It's internet voting on people's horribly secured devices, over our horrible networks, to servers that are very difficult to secure without a physical paper record of the vote."

Marian K. Schneider, president of the election integrity watchdog group Verified Voting, was even more blunt. Asked if she thought mobile voting is a good idea, she said, "The short answer is no."

Given security analysts routinely aren't sure whether or not our existing voting systems may have been compromised by actors foreign and/or domestic, and the federal government just got done making it clear election security isn't a priority with an idiotically-partisan vote, it seems like a pretty terrible time to begin trying to implement new online voting efforts. And if you've watched West Virginia's blistering corruption when it comes to sectors like the telecom industry, the state is probably the last state in the union that should be attempting such a voting system overhaul.

Judging from online conversations, the company that's building the new West Virginia system (Voatz) may not be the best choice either, since it doesn't appear capable of securing its own website:

Comforting. Ideally, the system would involve a user first registering by taking a photo of their government-issued ID and a selfie-video of their face, which are then registered via the app. Voatz claims the company's facial recognition software will then ensure the photo and video submitted are of the same person, with users then able to cast their ballot using the Voatz app. Documents the company circulates at trade shows indicate the company utilizes the blockchain to ensure its systems are more secure and "fundamentally different than touchscreen or online voting." But the company has failed to clarify how.

There's roughly a million and one ways this entire process could go to hell, from SS7 vulnerabilities to man in the middle attacks everywhere along the chain between your device and the Voatz database. And if there's not a hard paper trail, it opens the door to any number of undetectable changes that could happen during transit. Of course this has all been repeatedly stated countless times over the last few decades, but it's a message that's still not apparently getting through.

Filed Under: blockchain, e-voting, electronic voting, mobile voting, security, west virginia
Companies: voatz


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    James Burkhardt (profile), 8 Aug 2018 @ 12:36pm

    Computerized Voting: My stance

    I have voted in two areas in my life. San Jose and Las Vegas. All my voting experience came after the infamous Handing Chad incidents which lead to the federal government dumping money into voting improvements. Las Vegas and San Jose took 2 very different approaches.

    Las Vegas in 2012 was using a e-voting system. Touchscreen, lots of info, and in the end it was printing a clear, human readable paper receipt (on what appeared to be standard receipt paper), that was stored with the machine and I could not access. A decent safeguard in the vein of security recommendations, but a recount or tampering verification using the paper receipt would be...difficult.

    San Jose, despite, or perhaps because of, being in the middle of tech ground zero, uses paper ballots. Its a clean, clear system - there are arrows pointing to your choices, with a gap in each one. Fill in the appropriate gaps, and that is your ballot. It does have issues with accessability for those with carpel tunnel, and is time consuming in large elections.

    I recognize the security issues with e-voting, but would prefer an e voting system for ease of use.

    Here is my solution. An e-voting system, that prints your selections to a card stock ballot similar to the one used by San Jose, that you then verify is accurate and turn in. Those ballots are then machine counted (as I assume they are now). This produces a gap between the voting and the counting that reduces security issues, hopefully speeds up voting, and produces a solid paper trail that is easy to count and verify for accuracy of the machine count. The ease of e voting with the security of a paper ballot. Best of both worlds.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.