West Virginia says mobile voting via blockchain went smoothly

West Virginia officials say a mobile voting app based on blockchain technology successfully allowed absentee military members and their families living overseas to participate in this year's mid-term elections using only their smartphones.

The West Virginia Secretary of State's office estimated that 144 West Virginia absentee voters living in 30 different countries cast ballots using an application on approved mobile devices that records the ballots anonymously using blockchain.

The state used the app, which was developed by Boston start-up Voatz, to allow  absentee voting by military members deployed overseas. The absentee voters would otherwise have had to submit paper absentee ballots via mail or vote over a land line telephone.

The state now plans to conduct an audit of the results that it expects to take two to three months; it then plans to publish the results of the audit.

West Virginia Secretary of State Mac Warner told State Scoop the mobile voting app is not a trend but the "wave of the future."

"For the first time in our nation's history, military and overseas citizens were able to cast ballots in a federal election using a mobile device. If this technology were not available, many of those soldiers and citizens would not have had the opportunity to participate in our democracy," Warner said in a statement.

"If our expectations hold true," he said, "the application's biometric safeguards, coupled with blockchain technology and a voter-verified digital trail of their ballot, will prove to be a secure alternative to the burdensome absentee voting processes traditionally available to the men and women protecting our freedom."

After he took office in January 2017, Warner tasked IT staffers to investigate mobile voting options for 8,000 West Virginian military members overseas. Warner, a retired U.S. Army officer with four children who are also all current or former Army officers, cited his own inability to vote when deployed in Afghanistan as one reason for his efforts.

Just 6.9% of eligible military personnel and overseas citizens cast a ballot in the 2016 presidential election, according to a 2018 report by the Federal Voting Assistance Program.

"With his personal experience in mind and stats that proved the problem is vast, one of Secretary Warner's first challenges to his Elections Division was to eliminate the hurdles in overseas voting that contributed to the very low voter participation rate for our deployed military and overseas citizens," Warner's office said in a statement.

"Having conducted two pilots with this technology, all the facts point to one common solution to the specific problem of absentee voting for military and overseas citizens: technology," the statement said. "Secretary Warner plans to continue improving the voting experience for our military and overseas citizens. As other states follow West Virginia's lead, we can expect to see technology evolve for the betterment of our democracy without sacrificing the integrity of our election processes or results."

Mike Queen, Warner's deputy chief of staff, said the state has no plans to expand the use of the Voatz mobile app beyond military absentee voters.

"We have done a ton of due diligence on this process and we've seriously considered every complaint and concern about blockchain," Queen said in an earlier interview. "Not only does blockchain make it secure, but Voatz has a really unique biometric safeguard system in place as well that involves facial recognition and thumb prints."

West Virginia conducted two pilots of the mobile voting app prior to the general election. In May, a pilot was conducted in two West Virginia counties: Harrison and Monongalia. In that limited pilot, 13 voters from six different countries cast a ballot using the technology. In a follow-on, several independent post-election audits were conducted by multiple security companies, the Secretary of State's office said.

Following those audits, the Secretary of State's Office Information Technology Division reviewed the reports and deemed the pilots a success. After that, a second company hired to review the audit results concluded that "the application, votes, blockchain and overall system were secure and no nefarious activity compromised the integrity of the ballots cast or voters' personal information."

How the technology works

The Voatz application uses a permissioned blockchain based on the HyperLedger framework first created by IBM and now supported by the Linux foundation. In the general election, eight verified validating nodes will be used, split evenly between AWS and Microsoft Azure, each of which are geographically distributed, according to Voatz.

Military personnel and their families who used the Voatz app only needed an Apple or Android smartphone and a state or federal ID.

Voatz

On the Voatz app, authentication is a three-step process that uses the smartphone's camera and its biometric feature (either fingerprint or facial recognition). First, the voter scans their state driver's license or passport; then they take a live facial snapshot (a video "selfie"), and finally they touch the fingerprint reader on the smartphone, which ties the device to the specific voter.

Once a voter is authenticated, the app matches the voter's "selfie" to the facial picture on their passport or driver's license and confirms eligibility to vote by checking the state's voter registration database.

Voatz said it has conducted more than 30 successful pilots of its technology that range from state party conventions to student government elections. In the largest election, more than 15,000 votes were cast, the company said in a blog post.

Security concerns

Michela Menting, digital security research director at UK-based ABI Research, said mobile voting applications have shortcomings involving both ease-of-use concerns and security fears. For one, not everyone has a top-of-the-line smartphone.

"Also, that hardware piece would need to securely store a hash of your biometric information in order to use the biometric modalities on the phone to verify your identity," Menting said via email.

On the back end, the company processing the biometric information must ensure it's done securely and can't be stolen for unauthorized use. "So, a company like Voatz would have to ensure that it is applying the highest security standards to the security and management of that data," she said.

That said, Menting believes absentee voting is a good use case for blockchain, which is a distributed ledger technology that creates an immutable record of any data entry. The pre-verified user behind any data entered on a blockchain is hidden by a hash key, so the identity remains anonymous except for the administrator of the distributed ledger.

"It provides a more transparent method for voters and also better security from voter fraud," Menting said.

In time, similar blockchain applications could be used for other purposes, such as setting up a government identity, getting a driver's license, paying taxes or for credit ratings, Menting added.

"There are many potential use cases where these could be tied in together to the benefit of the individual who remains in control of their data and gains visibility into what and how that data can be used," Menting said.