According to the Associated Press, Donald Kersey, general counsel for the West Virginia Secretary of State, said the state decided against using Voatz in May because of security concerns raised about the app in an MIT report.
Instead, West Virginia, which recently passed a law allowing people with physical disabilities to electronically mark ballots, will adopt Democracy Live for its primary. Through Democracy Live, voters with physical disabilities can fill out their ballots online thanks to an Amazon cloud portal.
West Virginia, however, has not completely closed the door on Voatz yet. The app could make an appearance in the state’s general election later this year, provided that the company addresses cybersecurity concerns.
“If the security community comes out and says you've answered these questions, they'll be an option,” Kersey said, according to NBC.
Voatz, which has been featured in election pilots in Colorado, Utah and Oregon, has disputed the study from MIT, claiming that the researchers examined an iteration of Voatz that “was at least 27 versions old at the time of their disclosure and not used in an election.” The researchers noted in their study that they had to reverse-engineer Voatz’s Android application in order to test it.
NBC also reported that election security experts Matt Blaze and Maurice Turner commended West Virginia for its decision to forego using Voatz in its primary, but they still shared reservations about the state’s planned utilization of Democracy Live, which has played a role in more than 1,000 elections in the last 10 years.
West Virginia isn’t the only entity that now has questions about Voatz after incorporating it in an election. Tufts University, a private school in Massachusetts, has offered Voatz as a voting option in its student government elections since September 2017. Yet Voatz suspended its own Web portal right before a Tufts student election on Feb. 5 due to a “heightened state of security alert.” This incident, along with the MIT researchers’ findings, has given university stakeholders pause about the blockchain app.
Despite calls for more audits of the Voatz system from officials and cybersecurity experts, no evidence at this point suggests the app has been compromised during an election. A hacker targeted Voatz during West Virginia’s 2018 midterm election, but the FBI, Voatz CEO Nimit Sawhney and election officials indicated that the attempted attack was immediately thwarted.
Moreover, a Voatz summary of an analysis from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) shows that CISA “did not detect threat actor behaviors or artifacts of past activities on the in-scope portions of the Voatz networks.”
