Hacking attempt reported against West Virginia’s mobile voting app
The FBI is investigating an alleged hacking attempt against the mobile app that West Virginia officials used to collect ballots from some overseas voters during the 2018 election cycle, the Justice Department announced Tuesday.
Mike Stuart, the U.S. attorney for West Virginia, said that during last year’s election cycle, his office received a report from West Virginia Secretary of State Mac Warner pertaining to an “attempted intrusion by an outside party” to access the app, Voatz, which Warner’s office has heralded as the future of voting for expat U.S. citizens, especially deployed members of the military. The attempt, Stuart continued, appeared to be unsuccessful, with no actual intrusion or effect on the 144 ballots that were cast in last year’s general election.
“No penetration occurred and the security protocols to protect our election process worked as designed,” Warner said at a press conference Tuesday in Charleston, the state capital.
Still, Warner said, the attempted intrusion was referred to the FBI for investigation as a “deterrent” against attempts by outside actors to interfere with the state’s election process.
“This is to caution people to not even attempt to mess with an election,” he said. “Even if well intentioned, the mere act of attempting to probe a voter registration list, a mobile device, or any aspect of the election process may amount to a criminal offense.”
West Virginia last year became the first U.S. jurisdiction to offer its overseas residents the ability to cast a vote through a mobile app when it partnered with Voatz, a Massachusetts software firm that developed its voting app using blockchain encryption, for a pilot project. The experiment, which was paid for by Bradley Tusk, a venture capitalist with several investments in blockchain and cryptocurrency companies, was designed as an alternative to votes collected under the Uniformed and Overseas Citizens Absentee Voting Act, the federal law that guarantees U.S. expats the right to mail, fax or email their ballots back home.
Since its use in West Virginia, Voatz has gone on to test its app in other jurisdictions, including Denver, which used the app in its mayoral election last May, and Utah County, Utah, which offered it in a set of local races. Election officials in both West Virginia and Denver said the Voatz app boosted participation rates from military and overseas civilian voters, and Utah County recently conducted a public audit of its test run.
Despite misgivings from election-security experts advocating that electronic voting poses too many risks, Voatz has defended its software as secure. The app uses multiple layers of biometric identification, including facial recognition and fingerprint scanning, before showing users their ballots. The company says its app then registers the completed ballots to a “permissioned” blockchain, accessible only by the relevant election offices, which can then print out and count the digital ballots alongside other votes.
West Virginia ordered several third-party audits of its use of the app last year, all of which yielded “positive results,” according to Warner’s office. But, at one point, Voatz detected something was amiss.
“However, during the pilot rollout, the application vendor identified activity that could have been an attempt to gain uninvited access to the system,” Warner’s office said Tuesday.
Nimit Sawhney, Voatz’s founder and chief executive, told StateScoop via email that his company’s app “worked as designed and intended.”
“The attempt was detected, thwarted at the gate and reported to the authorities,” Sawhney said. “We fully support the West Virginia Secretary of State’s office and the law enforcement agencies in their investigations under the purview of the law. Given that our elections infrastructure is classified as critical infrastructure under the Department of Homeland Security, we will continue to report any such attempts in the future.”
Warner has said West Virginia again plans to offer Voatz as an option to its overseas voters in 2020.
“Heading into the presidential election of 2020, it is time to communicate with our voters that we take every single potential threat very seriously,” he said Tuesday. “We want our voters, and especially every bad actor, to know that no expense will be spared to investigate even unsuccessful attempts of gaining uninvited access to any portion of any election system.”