The Tufts Elections Commission (ECOM) will evaluate its use of the application, Voatz, to conduct student government elections following the publication of a report detailing significant security concerns with the app as well as limited voting accessibility to students in a recent election.
ECOM has contracted with Voatz to conduct Tufts Community Union (TCU) elections since September 2017. Students have typically been able to cast their ballots through the Voatz app, its companion web portal or in-person at the Mayer Campus Center.
However, Voatz notified ECOM the night before the TCU Senate special election on Feb. 5 that students would be unable to vote through the company’s web portal, according to Voatz’s Vice President of Product, Hilary Braseth.
That decision was a precautionary measure taken by Voatz to prevent any potential software interference after it received a heightened state of security alert earlier that day, according to Braseth. It also came less than 24 hours after an election app failure roiled the Iowa Democratic caucuses and sparked a national conversation about the reliability of mobile voting.
“We understand that like any company, Voatz is not perfect, which is why when issues occur, as it did during the special election, we are in communication with Voatz to improve the voting experience of all students,” ECOM Technician Spencer Ha told the Daily in an email. “ECOM is constantly improving as we strive to promote and facilitate student representation here at Tufts.”
Roughly one-third of the votes in TCU elections are typically cast through Voatz’s web portal, according to Braseth. Company representatives remained in the Campus Center for an extended period on Feb. 5 in an effort to mitigate the effect of the web portal’s suspension on student participation.
However, just 6.7% of undergraduates ultimately voted in the February special election — down from the 11.2% that voted in the September 2019 TCU elections. While it is impossible to attribute this decline directly to the suspension of web portal-based voting, ECOM members expressed concern that it may have contributed to the depressed turnout.
“Part of the ECOM’s mission has always been to give the Tufts student body multiple ways of electing candidates. The removal of a major method of voting is obviously concerning to ECOM,” Ha, a sophomore, said. “We are currently in discussions with Voatz to bring back the web portal as well as developing a comprehensive plan to make the app more responsive and enjoyable for the Tufts student body.”
ECOM had already planned to speak with Voatz representatives about its concerns regarding the decision to suspend voting through the web portal before Massachusetts Institute of Technology (MIT) researchers published a scathing report on Feb. 13 that detailed security vulnerabilities in the Voatz app.
The researchers identified weaknesses in Voatz’s Android application that could allow someone to expose or even alter users’ votes. They concluded that a hacker seeking to disrupt an election would find it relatively easy to attack Voatz’s infrastructure due to the lack of transparency it offers around its back-end software.
That practice, known as “security through obscurity,” makes the app particularly vulnerable to interference, according to Josephine Wolff, assistant professor of cybersecurity policy at The Fletcher School of Law and Diplomacy.
“If you put your source code out there and the people who test it and can’t find any flaws are doing that rigorously, then you’ve got that layer of protection that somebody — ideally, multiple people — has tried to find these flaws [and] has pinpointed vulnerabilities that you’ve been able to fix,” Wolff said. “Whereas if you don’t do that, then you only have the bad guys trying to figure out where those vulnerabilities are and how to exploit them.”
Voatz markets its use of blockchain technology, which encrypts and stores digital records, as evidence of its ability to secure voters’ ballots. Nonetheless, the existing blockchain protections do not sufficiently ensure election security, according to Wolff.
“The blockchain piece of this is the part that runs on Voatz servers, so we don’t know a lot about the implementation because they haven’t made it accessible to anyone,” Wolff said. “If you’re relying on software as part of something as critical as the election infrastructure in the country, there should be audits that are overseen at some level by the federal government.”
In fact, the Cybersecurity and Infrastructure Security Agency (CISA), a division of the Department of Homeland Security, completed a review of Voatz’s internal servers and cloud networks in October 2019. CISA did not find any active or past threats to Voatz’s election infrastructure despite identifying areas where protections could be improved, according to a Voatz summary of the classified report’s conclusions.
The MIT researchers’ study is not the first time Voatz has come under fire for its secretive security policies.
The company drew criticism after it reported an attempt to hack its app during the 2018 midterm elections to the Federal Bureau of Investigation (FBI). The alleged hacker — a student enrolled in a University of Michigan election security course — appeared to have acted in accordance with the terms of Voatz’s bug bounty program, but the company revised its policy after its FBI referral became public.
Many cybersecurity experts believe companies like Voatz should give outside programmers greater opportunities to review their software in order to identify any weaknesses.
“If we look at the app that was being used in the Iowa caucuses, it was rolled out very, very soon before the caucuses actually happened — people hadn’t had a chance to test it at all,” Wolff said. “A big piece of relying on software is this idea that people have been using it, and they’ve had an opportunity to test it out and look for any kinds of security flaws, look for usability flows. Voatz has not really been welcoming or open to that so far.”
Voatz has pushed back on this criticism, noting its bug bounty program invites hackers to find software deficiencies and that it has worked with independent auditors in the past. The company also claimed the MIT researchers analyzed a version of its Android app that was never used in an election and had been revised at least 27 times before their report was published, allaying many of its conclusions.
While TCU elections are conducted on a much smaller scale, and with significantly lower consequences than the state and county-level elections that use Voatz software, Wolff did not rule out their susceptibility to interference by hackers.
“Once you have the vulnerabilities laid out for you in a neat report, I would say the hard work [for hackers], to a large extent, has been done,” she said. “On the other hand, if you had a voting app that a lot of security researchers had spent months looking at and hammering all of the vulnerabilities they could find, then finding a new vulnerability in that app probably would require quite a bit of time and resources.”
ECOM Chair Matt Zachem noted that the vulnerability of TCU elections to hacking would be “a cause for concern” and vowed to discuss the security issues with Voatz.
“Depending on how that meeting goes, and whether our concerns are addressed, we may explore switching to a different voting system, one which is more accessible and navigable to students,” Zachem, a sophomore, said.