For more than a decade, it has been an elusive dream for election officials: a smartphone app that would let swaths of voters cast their ballots from their living rooms. It has also been a nightmare for cyberexperts, who argue that no technology is secure enough to trust with the very basis of American democracy.
The debate, long a sideshow at academic conferences and state election offices, is now taking on new urgency. A startup called Voatz says it has developed an app that would allow users to vote securely from anywhere in the world — the electoral version of a moonshot. Thousands are set to use the app in this year’s elections, a small but growing experiment that could pave the way for a wider acceptance of mobile voting.
But where optimists see a more engaged electorate, critics are warning that the move is dangerously irresponsible. In a new report shared with The New York Times before its publication Thursday, researchers at the Massachusetts Institute of Technology say the app is so riddled with security issues that no one should be using it.
In response to the report, the Department of Homeland Security organized a series of briefings in recent weeks for state and local officials who are planning to use Voatz’s technology.
“The choice here is not about turnout,” the report says, “but about an adversary controlling the election result and a loss of voter privacy.”
With security already a dominant theme of the 2020 elections, last week’s debacle at the Democratic caucuses in Iowa — an app used to report results failed to, well, report results — has raised new questions about the role technology should play in American elections and prompted calls for it to be scaled back.
While a return to the analog days of punch cards and hanging chads is unlikely, there is growing unease about how far state and local governments should go in modernizing election infrastructure — from registration databases and electronic poll books to the voting machines themselves.
At the far edge of that debate are systems that let users cast their ballots over the internet, including the platform built by Voatz, the only voting app on the market.
An initial experiment with wide-scale online voting took place in Washington a decade ago. It was called off after researchers hacked into the system, electing HAL 9000 — the computer from “2001: A Space Odyssey” — as mayor and making the University of Michigan fight song play every time a ballot was cast.
Since then, some states have allowed online voting through web portals, emails or digital faxes, despite the security risks. But they have restricted it to groups of people who cannot make it to the polls, mostly overseas military personnel.
Voatz says its technology has overcome the security problems through biometrics and other measures built into newer smartphones, as well as a back-end system that records and stores votes on a blockchain, the technology underpinning Bitcoin. It also says its platform creates a paper trail for election officials and the voters using the app.
Since its debut in 2018, Voatz has run several pilot projects aimed largely at deployed service members, tallying about 600 votes across federal elections in Denver, West Virginia and five counties in Oregon, Utah and Washington state. Now, it is poised to expand its reach in the presidential election as a number of additional states consider whether to use it for some categories of absentee voters.
West Virginia, for instance, is planning to use the app to meet new requirements that it find a way to make sure the disabled and infirm can participate, a move that is likely to add thousands of voters this year.
Until now, security experts have focused criticism on what they described as Voatz’s opaque systems, which make it impossible to verify its security claims.
Beneath that criticism, there is also some very real animus — many in the tightly knit cybersecurity community blame Voatz for helping spur an FBI investigation of a University of Michigan graduate student who tried to breach the company’s systems in 2018. The student says he was conducting research.
In the new paper, the MIT researchers, Michael A. Specter, James Koppel and Daniel J. Weitzner, go beyond speculation and detail how they found serious security issues by reverse-engineering Voatz’s app and recreating what they could of the company’s server from publicly available information.
Flaws in the app, the report says, would let attackers monitor votes being cast — and might even allow them to change ballots or block them without users’ knowledge.
Perhaps the biggest risk, according to the researchers, is that the attacks could create a tainted paper trail, making a reliable audit impossible.
They pointed to the problems in Iowa caucuses as an instructive example. Though those problems were caused by technical faults, not a security breach, officials in Iowa have had to tally votes through paper backups, some of which are not complete. More than a week later, a definitive result has yet to emerge.
“Imagine that on a national scale,” Specter said in an interview.
The researchers took their findings to the Department of Homeland Security in January, setting off a process through which Voatz was made aware of the research and election officials who use the platform were briefed.
In a statement, Homeland Security said that while no one was known to have exploited the flaws found by the researchers, “we will continue to work with our partners to deepen understanding of the risk.”
Voatz, which has reviewed the report, strenuously objected to the researchers’ claims, saying in a statement that the researchers acted in bad faith, used an outdated version of the app and “fabricated an imagined version” of the servers.
The company said that its nine previous elections had gone off without incident, and argued that its pilot projects had pushed “innovation forward in a responsible, transparent way.”
The company is backed by Bradley Tusk, a venture capitalist and philanthropist. In an interview last year with Harvard Business Review, he also brushed aside security concerns. “It’s not that cybersecurity people are bad people per se,” he said. “It’s that they are solving for one situation, and I am solving for another.”
Caught in the back-and-forth between Voatz and the researchers are election officials who must soon make a decision on whether to use the app this year. At least one Voatz client, Mason County, Washington, has already pulled out, citing fear of media blowback.
Others say they are pressing ahead with plans to use Voatz.
The app “is not perfect — nothing is — and security is always a concern for us,” said Donald Kersey, a senior election official in West Virginia. “But this is about using new technologies that give us a way to make sure people who maybe can’t always vote have that opportunity.”