Posted: 4 Min ReadElection Security

Voting by Smartphone: How to Make it Safe and Secure

A growing effort is underway to develop ways to secure voting by phone, seen as a potential boon to voter turnout

Voting and smartphones seems a match made in electoral heaven. It could solve one of the biggest problems with elections, low turnout, particularly in mid-term elections like the one coming up in November. Typically, fewer than 40 percent of eligible voters turn out for the mid-terms. In 2014, only 36 percent voted.

Given the ubiquity of smartphones, there are those who believe it makes sense to let people launch an app, validate their identity, and then tap a few buttons to vote. Add in blockchain to guarantee security and it seems like a slam-dunk.

West Virginia is so much of a believer that it has launched a pilot program to allow overseas military members to cast absentee ballots via a smartphone app — the first state to allow that. Using an app from a startup called Voatz, members of the military are already casting their ballots.

To do it, a voter uses a cellphone’s biometric authentication to validate his or her identity. He or she casts their vote on the app, which sends it over the internet to be counted, and records it in a private blockchain. Only phones that meet certain security requirements and that have the latest version of an operating system can be used to cast votes. Voatz claims the app also detects if the operating system has been tampered with or compromised, and if so, doesn’t allow the voting to proceed.

But the system is controversial, with many security and election experts claiming it’s too easy to hack. Blockchain, they argue, can’t solve the security problems inherent in online voting, and may introduce its own set of vulnerabilities.

Given the ubiquity of smartphones, there are those who believe it makes sense to let people launch an app, validate their identity, and then tap a few buttons to vote.

Matt Blaze, a cryptography and security researcher and assistant professor at the University of Pennsylvania, warns in a tweet that blockchain “introduces new vulnerabilities that didn’t exist before” and that security for voting “is more easily, simply and securely done with other approaches.”

Marian K. Schneider, president of Verified Voting, agrees. She told the MIT Technology Review that blockchain can’t protect information as it’s being sent over the internet. She said that while a lot of claims have been made, there’s little reason to justify “any increased confidence in what they are doing versus any other internet voting system.”

The Brookings Institute, meanwhile, is a big backer of West Virginia’s plan and the use of blockchain for voting in general. Two of its fellows wrote, “Mobile voting using a safe and tested interface could eliminate voter fraud and boost turnout. It will make it more convenient for citizens to vote while abroad, irrespective of the distance and time. It is also a beneficial tool for the election commission to maintain transparency in the electoral process, minimize the cost of conducting elections, streamline the process of counting votes and ensure that all votes are counted.”

ABI Research’s Digital Security Research Director Michela Menting takes a middle ground on the issue. She notes that, “Online voting is not a new technology, and if you look at Estonia for example, they have successfully been deploying it for almost a decade. They use a combination of user identity, encryption keys, and secure channels to register their votes.”

However, she warns that for voting by smartphones to be secure, “You need a secure smartphone, one that has a secure hardware element in it to store encryption keys and digital certificates….not all smartphones have those capabilities, so that might be an issue although most of the flagship phones from all the big brands usually have those capabilities.”

She concludes, “It is critical that the entity processing voters’ biometric information is doing this in a secure way. Any compromise of biometric info could lead to voter fraud and ID theft.”

Symantec Senior Manager, Marketing Brian Duckering, says that from his perspective, “The most secure way to do an election is to make people physically come to a place and vote.” However, he adds, that’s not always possible. “The military don't really have that opportunity to do that,” he says, “so we need to make sure that there's a way for them to vote. And there should be a way for them to do it securely.”

He says that a blockchain-based system like Voatz should be considered only a partial security solution. “If the blockchain system is a viable way to provide an element of authentication in securing the process, great,” he says. “But we need to look at some other things that can enhance security. What’s needed is an approach with multiple layers.”

As for the gold standard for elections, he points to some countries, where if you want to vote, “you walk 20 miles to vote and then you got a purple stain on your finger for the next three days. That's a pretty secure system. Until you can really replicate that level of validated, authenticated, individual identity in a mobile system, I don't think you're helping yourself from a fraud standpoint.”

If you found this information useful, you may also enjoy:

Symantec Enterprise Blogs
You might also enjoy
Election Security2 Min Read

Elections Security: It’s Not all Doom and Gloom

Advanced technologies can flag phony websites, offering practical help that state and election officials can leverage to improve their security

About the Author

Preston Gralla

Technical Writer

Preston Gralla has written thousands of articles and nearly 50 books about technology. His work has been published in Computerworld, PC World, PC Magazine, USA Today, the Dallas Morning News, the Los Angeles Times and many others.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.