back to article Funnily enough, no, infosec bods aren't mad keen on W. Virginia's vote-by-phone-app plan

The US state of West Virginia plans to allow some of its citizens to vote in this year's midterm elections via a smartphone app – and its seemingly lax security is freaking out infosec experts. Voters living overseas, including military personnel and their spouses, will, in theory, be able to install and use the Voatz mobile …

  1. Shadow Systems

    I'll keep voting by mail...

    It's not very secure & can be hijacked by a MITM attack, but at least it's not relying on an insecure phone over an insecure network through an insecure mobile carrier into the insecure internet to a poorly (if at all) secured server hosted somewhere indeterminate to tally my desire not to elect $ArseholeDuJour.

    Besides, if the company gets bought out by the likes of Google or Microsoft & they start to hoover up all those voting records, $Deity only knows what UI changes they might employ to "improve the voting experience" aka foist Clippy on us. "It looks like you're about to vote for $Person1. Would you like help in voting for $Person2 instead? There, I've helpfully changed your vote to $Person2 as it should be. Thank you for voting through us!"

    =-|

  2. Anonymous Coward
    Anonymous Coward

    You'd think that by now anyone building an "online voting system"...

    ...would have realised that you have to publish EVERTHING.

    No one is anymore stupid enough anymore (I hope) to trust anything else.

    1. Michael Wojcik Silver badge

      Re: You'd think that by now anyone building an "online voting system"...

      No one is anymore stupid enough anymore (I hope) to trust anything else.

      Apparently many election officials are. Or, equally likely, they're mendacious enough to pretend they trust a closed system, for which they're getting kickbacks or some other quae pro quibus.

  3. wsm

    Could I vote?

    On this plan, on my phone? Maybe I'll even vote twice (or more, if it helps).

    1. Anonymous Coward
      Anonymous Coward

      Re: Could I vote?

      Of course you can! Once is enough. My bet is that once the votes are tallied, you and the other 750 million citizens of W. Virginia will be overwhelmingly in favour of it.

    2. BillG
      WTF?

      Re: Could I vote?

      I'm reading this article and I'm shaking my head.

      When Iraq first had free elections in 2005, voters had to overcome terrorists threats, suicide bombers, and gun violence, and they bravely went to the polls anyway.

      Here in the USA we have lazy asses that will vote only if they don't have to put down their bag of potato chips and get off the couch. I'll bet these lazy asses will vote for whichever candidate pays them to stay on that couch.

      1. Michael Wojcik Silver badge

        Re: Could I vote?

        I'll bet these lazy asses will vote for whichever candidate pays them to stay on that couch.

        And the great thing about voting from home is that a third party can confirm how you voted, and reward you appropriately.

      2. Drew Scriver

        Re: Could I vote?

        Very good point. Want to add that requiring voters to show ID is somehow too much of a hurdle/cost, according to a lot of people. Compare that to the voters in Iraq who stood in line for hours, risking their lives in some areas.

        Having said that, even in the early days of the US (and before) it was common to manipulate the elections with sly tactics and alcohol...

        1. Kristian Walsh Silver badge

          Re: Could I vote?

          The story says "Government Issued ID", but neglects to mention that this definition includes a Drivers License ("S"-spelling because that's the name of the document, don't bug me)

          Anyone who's spent time in the USA will know how often people are asked to show this document, and it's commonplace for background-check services to request (and receive) scans of it. So, there's the first hurdle down: I've got someone's ID photo. Now If I project that image onto a balloon, and let the app's phone camera grab it, can I vote for them? I bet I can. Hell, why don't I just run the app under a rooted phone with debug enabled, and simply bypass or fake the validation step. Expensive, yes, but a State Governorship is worth more than a few million dollars, if campaign budgets are any judge.

          The way around this nonsense is simple: Vote in person, make a mark in a box printed on a sheet of paper using a pencil. By all means use computers to assist in the counting of those ballots (and in the first-past-the-post electoral system used across the USA, it is trivial to count ballots optically), but the initial input needs to be handmade.

          All mechanical and digital systems for recording votes are vulnerable to undetectable ballot-stuffing. X-in-a-box systems can at least be subjected to graphological analysis if there's suspicion, but a hole in a card, or a row in a database has no trait that can reveal that it was created in bulk by a single person.

  4. LenG

    Old fashioned

    I rather like the idea of putting an X on a piece of paper using a pencil stub tied to the plywood voting cubicle by a piece of garden twine, after which I can see the vote disappear into a large tin box.

    Later, lots of lucky people get to stay up all night counting (and recounting, if necessary) all the pieces of paper.

    Old fashioned and labour intensive, the system is nevertheless very difficult to hack in a country with a reasonably effective police force. Also, it introduces children to the voting process at an early age as they often get the day off when schools are used as polling stations.

    1. Robert Carnegie Silver badge

      Re: Old fashioned

      If I go to your UK voting centre first I can just say that I'm you. And more people don't vote than do, so they might never know. Maybe we should improve the system, although the main motivation for doing so presumably is to stop political left-leaning people from voting.

      1. strum

        Re: Old fashioned

        >If I go to your UK voting centre first I can just say that I'm you.

        And run the risk of being arrested (because I've already voted). Is it worth it, punk?

        This system has been in place for a century or more, and the combined proven instances of personation wouldn't elect a parish councillor.

      2. tom dial Silver badge

        Re: Old fashioned

        Vote twiddling in its many various forms never has been limited by political party or preference. In the US it typically it has been practiced by those in office upon those interested in replacing them. There have been exceptions, and it may be different in other countries, but I have not seen reports of that and consider it unlikely.

    2. veti Silver badge

      Re: Old fashioned

      And that will work just fine until someone, let's call him "Boris", hacks into the list of registered voters and transfers your record to the next constituency over, so you turn up at your local polling station to be told you're not on the list...

      Or they hack the published list of polling stations, so you turn up and vote exactly as you expect, but the official polling station is two blocks away, and the ballot box you just used goes straight to recycling...

      Or they change your name from 'LenG' to 'Glen', so now you're not on the list at all. Are they still going to let you vote? I'm pretty sure voting under a false name is a crime.

      Or... oh, I'm sure you can see the possibilities. Suffice to say, hacking the actual vote is only the tip of a very large iceberg of mischief.

      1. Wellyboot Silver badge

        Re: Old fashioned

        >>hack the published list of polling stations<< - >>change your name from 'LenG' to 'Glen'<< -

        respectively before & after the polling cards are sent out I presume? UK voter register is used quite extensively by local councils - its linked to taxation.

        We brits have the Electorial Commission and a long developed national system for producing fair voting results, the ancient (& near foolproof) pencil & paper process is use because it works.

        If you want a really secure voting system look at the vaticans system for papal elections - unfortunately it doesn't scale well to millions of voters.

        1. veti Silver badge

          Re: Old fashioned

          Please don't get me wrong, I'm a big fan of pen-and-paper voting. I'm just cautioning against complacency. Just because the votes are recorded and counted auditably, doesn't make the system immune.

          1. Claptrap314 Silver badge

            Re: Old fashioned

            Sounds like you've never worked an election. I've worked about 30.

            1) Election judges are appointed by the county chairmen of the leading party in the district. The alternate is appointed by the other party.

            2) A month before the election, the election judges receive their orders to conduct an election in their precincts. Those that cannot are replaced by alternates.

            3) Two days before the election, the certified judges pick up their election materials. (Yes, government-issued ids are required.) Many of the judges are known to the county election officials. Ballots are numbered. Ballot boxes are sealed with numbered seals. A list of registered voters in the precinct is provided.

            4) The day before the elections, issues with unclaimed materials are resolved.

            5) The day of the elections, the judges set up the voting booths. The alternates usually arrive at about the same time. If for some reason, the building is locked, we have set up under trees. (Yes, Texas is not England--rains are not as big of a problem.)

            6) Voter proof of ID is a heavily contested issue. One party argues that proof of ID is required to prevent fraud. The other argues that requiring ID suppresses turnout. Having worked these elections, I will testify that fraud is a real concern.

            7) Voters sign against their name in the registry and select a ballot. After they vote the ballot, they put it in the box. Spoiled ballots are stored separately (and the voter can choose a replacement ballot.)

            8) Parties and candidates can certify and send election observers to any and all precincts. Observer behavior is tightly constrained.

            9) If there is a concern with an individual voter, they vote a provisional ballot. In this case, the voter loses their anonymity. Based on my experience, I would guess that the challenge rate is less than 1/1000. Most challenges involve problems with the voter registration process. As mentioned, they are ignored unless the vote is close. In that case, a regular judge handles all of the issues relating to resolving the election.

            10) When the elections close, the judges close out the site. They keep a copy of ALL of the elections materials (except the ballots).

            So yes, the integrity of the elections judges is a big deal. The integrity of the county elections office is a bigger deal. But the judges and the office balance each other. With paper ballots, it is impossible for an outside agent to corrupt the process wholesale.

            Not so with electronic voting of any form.

            1. Anonymous Coward
              Anonymous Coward

              Re: Old fashioned

              I'm not against voters having to show IDs. I am against making it difficult for people with low incomes, reduced mobility, and or the elderly from being able to get the required ID. If voting is a right then the correct ID should be provided to each person eligible to vote by the government. The government does need to go out of its way to ensure all eligible voters are able to vote; otherwise, the system is flawed and needs to be fixed. It is that simple.

              1. onefang

                Re: Old fashioned

                "If voting is a right then the correct ID should be provided to each person eligible to vote by the government."

                Last time I voted in Australia, which was the last state election, each registered voter was sent a single use ID card. You handed over your ID card, you got a ballot paper. Not saying it was any good, but at least they tried that.

        2. onefang

          Re: Old fashioned

          "If you want a really secure voting system look at the vaticans system for papal elections"

          Would that include the careful inspection of candidates testicles, to ensure they don't accidentally elect a female pope again? Sure I'm friends with the local city councilor, and I'd vote for him again, but we aren't THAT close.

      2. tom dial Silver badge

        Re: Old fashioned

        In most US states there are provisions to accommodate issues like address and (minor) name mismatch. Usually these are handled by allowing the voter to submit a provisional ballot, subject to after-election verification. Sometimes provisional votes are counted only if there are enough of them that they might change the outcome (e. g., 100 provisional ballots in an election contest where a losing candidate would win by receiving all of them). The real issue with this is that it could increase congestion at voting locations, doubt about election integrity and result in discouraged voters leaving the queue before casting a ballot.

        The second paragraph appears to require setting up an entire bogus voting location complete with imitation officials, flags, ballots, equipment, and so on. The probability that such a thing would go unnoticed for more than an hour after the official start of voting is approximately zero, and notice would be followed quickly by shutdown, arrests, and publicity. It would, of course, have no effect on the increasingly common practice of voting by mail.

    3. Tom Paine

      Re: Old fashioned

      There are attacks on pencil-and-paper, human-tabulators, but they don't scale.

  5. ThatOne Silver badge
    Joke

    If it's just about "cheap & simple"

    Call a number, listen through the introduction, then press "1" for the first candidate, "2" for the second, and so on.

    I'm pretty sure vote participation would soar to really unprecedented heights...

  6. a_yank_lurker

    Obligatory

    We now need an obligatory hillbilly joke about how stupid hillbillies are. Based on my WV cousins (real ones) I surprise they have enough people in the state government that can spell 'computer'.

    1. Anonymous Coward
      Anonymous Coward

      Re: my WV cousins

      That are also your sisters and wives?

  7. Anonymous Coward
    1. A. Coatsworth Silver badge
      Alert

      Re: NO

      Your vote for "YES" has been recorded and will be counted towards the total.

      Thank you for using Mobile Voting.

      We hope to see you again soon.

  8. The Man Who Fell To Earth Silver badge
    WTF?

    Blockchain?

    So, how one voted isn't confidential with this system?

  9. Anonymous Coward
    Anonymous Coward

    What's Russian for ...

    ... all your Elected Representatives are belong to US(SR) ?

  10. Wellyboot Silver badge

    Lawyers wet dream

    Was this system put together as a proof of concept exercise?

    Shonky out of date backend, lack of paper trail, removal of vote details from phone leaving only a candidate result list with a number of 'votes', it's on a device designed for snooping etc...

    It took months to sort out the hanging chads fiasco in Florida when lawyers just argued over how much of a physical imprint counted as a vote, here an anonymous loser shouts 'hacked result' and the vote has less legitimacy than one in your average banana republic.

  11. Pascal Monett Silver badge

    There is so much to be wary of here . . .

    "Voatz also disputed claims its systems are vulnerable and untested"

    But of course it would say that. I reckon we'll be reading about just how secure it is shortly after the upcoming election.

    "Before going into the pilot, Voatz submitted the smartphone voting app to an independent security firm for review"

    Oh really ? Which one ? And what was the verdict ? It's all very nice to hear these things, but if the company was available at securityreviewsforyou@gmail.com, then excuse me if I'd prefer a more reliable name.

    "Voatz is not particularly open about how its system works under the hood"

    A time-tested hallmark of quality in this domain, to be sure.

    Security by obscurity, again. That works IRL, but not where computing is concerned. The only people who believe otherwise are the ones not competent enough to understand the true situation. Not telling people how your system works just means you're a hack who can't do things properly and you don't want people to know how shoddy your system really is.

    A truly secure voting process is like encryption : you can know everything about how it works without having any means to subvert the system other than brute force - which is very time-consuming for little reward.

    And blockchain ? Really ? With all the stuff I've already outlined it seems we have a Security Bingo winner. This will only end in tears.

    1. Robert Helpmann??
      Childcatcher

      Re: There is so much to be wary of here . . .

      Once I got to the point where the name of the app was given (Voatz), my mind just shut off. Seriously? This is what we are trusting with our democracy?

      1. DJSpuddyLizard

        Re: There is so much to be wary of here . . .

        Once I got to the point where the name of the app was given (Voatz), my mind just shut off.

        Why do I have pictures of stoats in my mind?

        And on the radio, they're trying to convince me to mispronounce 'Disqus" as if it had an extra S on the end.

        Mind you, they also promoted an elder assist program that helped with "lighthouse keeping" instead of "light housekeeping"

        1. onefang

          Re: There is so much to be wary of here . . .

          'Mind you, they also promoted an elder assist program that helped with "lighthouse keeping" instead of "light housekeeping"'

          My grandfather used to run a lighthouse, don't think he needed any assistance though, no matter how elderly he was at the time.

      2. Michael Wojcik Silver badge

        Re: There is so much to be wary of here . . .

        Once I got to the point where the name of the app was given (Voatz)...

        Agreed. I'd like to see them banned everywhere merely for the crime of horrible branding.

      3. Anonymous Coward
        Anonymous Coward

        Yo dawg I herd u liek voatz

    2. teebie

      Re: There is so much to be wary of here . . .

      "Oh really ? Which one ?"

      probably the one that denied ever working from them. "Voatz submitted the smartphone voting app to an independent security firm for review" has a silent "unsolicitedly", "much to their bafflement", "never head back from them" and "because their screams of despair were too loud"

  12. John Robson Silver badge

    And of course...

    When voting on a mobile phone there is no possibility that you be being forced to vote for someone against your will (actually that's a problem with postal votes as well, but hey)

  13. Dan Wilkie

    You have to take a photo that matches the scanned copy of your ID? Presumably it's been rigorously tested to make sure you can't just look someone up on Facebook and take a photo of their most official looking photo? Like used to happen to me a lot with old style face unlock systems on my phone down the pub and caused numerous embarrassing Facebook posts...

  14. coffeecupbananapen

    Apart entirely from the infosec issues, in a polling booth no one can see your actual vote. Whatever else is wrong with it, in a polling booth no one knows how you voted...no matter who or what is pressuring you outside. With any form of remote voting (snail mail or otherwise) there is no way to verifiy that the person is not being observed by someone. Perhaps that is not a concern for rich world citizens too busy to get engaged but there are many parts of the world (and no doubt some parts of the UK) where pressure is brought to bear on people.

  15. MiguelC Silver badge

    What about vote secrecy?

    "(...)officials send a token to each voter, which is credited to the ledger in their smartphone app.

    Then, when a vote is submitted over the internet (...) the token is debited from the voter's ledger and credited to the selected candidate's ledger."

    And then, officials, knowing which voter got which token, can now identify who everyone's voted for... nice one!

  16. Cuddles

    Sounds entirely secure

    "a scan of the photo on your government ID has to match a selfie taken by your phone"

    How exactly do they guarantee it's an actual selfie, taken by the correct person correct time? Even aside from the all the potential ways a compromised phone could push any random picture to the app, what's to stop someone just printing out a picture of whoever they fancy voting as and taking a photo of it?

  17. 2Nick3

    Smartphone only voting???

    Way before you even start talking about the (abundant) technical issues with this, the concept of requiring a smartphone to vote should be getting challenged. If requiring an ID to vote is seen as trying to make voting too hard for certain demographics, what is requiring a smartphone?

    Where is the ACLU on this??

    1. Drew Scriver

      Re: Smartphone only voting???

      The argument generally is that requiring an ID-card disenfranchises potential voters because of the cost and/or effort involved in obtaining an ID-card. Even making ID-cards available at no charge to low-income voters does not satisfy the groups that object to identification.

      Usually the statement is that "Exercising a right that is explicitly guaranteed by the Constitution may not be hindered by cost or effort."

      If this were the true reason for their objections we would be hearing calls for eliminating taxes, fees, waiting periods, and the ID-requirement associated with purchases made per the rights under the Second Amendment...

      This inconsistency begs the question what the real motives are.

    2. Tom Paine

      Re: Smartphone only voting???

      It's not mandatory, it's just another option isn''t it? They'll still be running normal polling stations, unless they really are completely away with the fairies...

  18. GnuTzu
    Alert

    How We Vote

    I don't know about other states, but I don't ever remember hearing of citizens getting to vote on how we vote: http://www.fairvote.org/

    1. Anonymous Coward
      Anonymous Coward

      Re: How We Vote

      This is a good site too :)

      https://www.fairvote.ca/

      and, of course, there are many varieties:

      https://en.wikipedia.org/wiki/Proportional_representation

  19. Michael Wojcik Silver badge

    Ah, yes, more barriers

    If, for any reason, the voter falls off the voter registration rolls, the jurisdiction will no longer send a mobile ballot and the voter must restart the process of registration and authentication.

    I believe the Voatz shill meant: "If, in order to promote the party of their choice, election officials remove the voter from the voter registration rolls, our system will have imposed additional hoops to be jumped through in order to be restored. And there won't be any provisional ballot, so if the voter only finds out on election day, tough luck."

    Everyone involved in this firm needs court-ordered remedial training in civics. (Where's Julie Robinson when we need her?)

  20. GBE

    Kill it just because of the spelling

    I don't care if it is secure and it does work. "Voatz" should be eliminated (with prejudice) just for the spelling of the name. It takes a special sort of idiot to think that misspelling is clever, and we don't want to encourage those sorts.

  21. Charlie van Becelaere
    Black Helicopters

    Once again

    xkcd is very timely.

    https://xkcd.com/2030/

  22. teebie

    "It's nothing we haven't considered before."

    'what if something terrible happens'

    'we thought of that'

    'and...?'

    ' '

    ' '

    ' and what?'

    'and what is your plan for if something terrible happens'

    'we though of it'

  23. Tom Paine

    Pay no attention to the intern behind the curtain!

    "Those are from a summer project which an intern worked on as a test project two-plus years ago," a spokesperson for Voatz said. "It doesn't have anything to do with our system deployed currently."

    Nothing at all, except that if an intern coiuld have done this two years ago, what makes them think another intern couldn't do the same thing next week?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like