Voting by App Is a Thing, and It’s Spreading, Despite the Fears of Election Security Experts

Mark Sullivan

In this age of extreme concern – even paranoia – over election security, you might be a little surprised to hear that some voters in parts of the country are voting from home, using an app.

So far the vote-by-app option has been reserved for military people serving overseas and elderly people who might have physical difficulty getting to the polls. One state (West Virginia) and a number of cities and counties have already used a voting app called Voatz in elections, mainly small ones.

Voatz, a Boston-based startup that’s raised almost $10 million in venture capital, birthed its app at a SXSW hackathon in 2016, and went through the TechStars incubator. Its technology is unique in that it utilizes the biometric security features (such as fingerprint readers and facial recognition cameras) of newer smartphones to verify the voter’s identity. Those security technologies are already used to secure sensitive transactions like sharing financial information and making online purchases.

But election security people have raised concerns about internet-connected voting technologies. The Mueller report exposed numerous attempts by foreign hackers to infiltrateU.S.voting systems via the internet during the 2016 election. Since then, states and counties have rushed to disconnect all voting systems – including voting machines, tabulators, and administrative technologies – from the public internet. The Voatz app’s use of the internet is the main reason it’s caught the attention of the election security community.

It certainly got the attention of Senator Ron Wyden (D-OR) recently, who has taken a leading role in Congress to advance voting security oversight legislation. The senator wrote a letter to the heads of the National Security Agency and the Department of Defense, asking that the agencies conduct a security audit of the Voatz app.

Wyden also wrote that Voatz claims to have had its technology audited by two independent auditors, but has released neither the details of the audits nor the identities of the auditors.

A Voatz spokesperson told Fast Company that ShiftState Security had completed an independent audit on the technology, but provided no results data.

Voatz says its technology has now been used in 54 elections, including pilots in aWest Virginiastate election, a municipal election inDenver, and a county election inUtahCounty(the second-largest county inUtah). Until theUtahCountypilot in 2019, the Voatz app had been used to collect the ballots of foreign service members only.UtahCountyis using it as a tool for allowing disabled people to vote from home.

Voting officials in the above jurisdictions have all called the Voatz pilots successful. TheWest Virginiasecretary of state’s office reported that someone attempted to hack into the Voatz app during the 2018 midterm election, but the app’s security software immediately detected and thwarted the attack.

“We just noticed a certain group of people from a certain part of the country tried to access the system,” Voatz cofounder and CEO Nimit Sawhney told CNN’s Kevin Collier. “We stopped them, caught them, and reported them to the authorities.”

I asked Sawhney via email how his app might be used in the 2020 elections. I wanted to know if the app’s use would continue to be confined to disadvantaged voters like overseas service members and the disabled, or whether the company hopes that one day all voters can use the app to cast their ballot. But Sawhney didn’t respond to the questions.

But Maurice Turner, an election security expert at the Center for Democracy and Technology, points out that the way jurisdictions collect ballots from disadvantaged or overseas voters now isn’t very secure.

“The outcomes of experiments like this will help officials respond to the inevitable demands for digital voting,” Turner told The Denver Post.

A Wyden spokesperson told me Thursday that the NSC and DOD have so far not responded to the senator’s letter requesting an audit. Voatz says Wyden never contacted them directly.