The United States’ Federal Bureau of Investigation (FBI) is looking into an attempted hack of the blockchain-based mobile voting app after the West Virginia Secretary of State office revealed that there was “an unsuccessful attempt to gain uninvited access” into its system.
The blockchain technology has grown significantly in the past couple of years as governments and industries across the board have come to realize its true potential. The technology is being used to digitize and modernize some traditional ecosystems in order to make them less cumbersome and more transparent as well as efficient. However, there are certain undeniable downsides that come with the blockchain digitization, the most common being security breaches or hacks.
According to reports on October 5th, Mike Stuart, who is serving as the United States Attorney for the Southern District of West Virginia, revealed some details regarding the ongoing FBI investigation regarding the attempted intrusion into a voting application. During the press conference, he unveiled that the Voatz app was the target, an app that West Virginia has been using since 2018.
The blockchain voting app does not use a public blockchain instead, it uses roughly between 4 and 16 nodes on a permissioned blockchain to verify ballots. The fundamental aim behind employing the Voatz app into the voting ecosystem was to allow overseas and military personnel to vote via their smartphones. The application’s primary function was to authenticate the voters, which it achieves by linking user’s identification with their smartphone through fingerprint or facial recognition.
Per its website, the 1st phase of the West Virginia Mobile Voting Pilot was conducted during the 2018 primary election in Monongalia and Harrison Counties. The second phase of the pilot was conducted during the 2018 midterm elections and was expanded to West Virginia’s UOCAVA voters in 24 counties.
The alleged breach happened during the latter. According to Stuart, he was alerted about an identified activity, which may have been an attempt to gain unauthorized access to the Voatz voting app. Was it the Russians, trying to meddle with the U.S. electoral affairs? Or was it the notorious hermit kingdom of North Korea?
Shockingly it was none of the above, the alleged perpetrator according to the FBI was a U.S. resident and possibly a student from the University of Michigan. Reports claim that the Bureau deduced the connection between the breach and the university because of a course, in which students were to examine the current and proposed mobile voting technology. However, they were specifically instructed not to meddle in existing election infrastructure.
No criminal charges have been filed as the West Virginia’s Secretary of State Mac Warner said that there was absolutely no evidence “that even a single vote had been changed in the 2018 election”, further adding:
Although the details of the investigation cannot be disclosed, we can say that no votes were altered, impacted, viewed or in any way tampered with.
Stuart, during the press release, did mention that the attempt at Voatz was unsuccessful hence the case isn’t as “open and shut” as it may seem. He further added:
No legal conclusions whatsoever have been made regarding the conduct of the activity or whether any federal laws were violated.
Meanwhile, the FBI itself hasn’t revealed further details about the developments of the case. And the university hasn’t made any comments as Rick Fitzgerald, a spokesman for the University of Michigan, reportedly said that they do not “have enough information at this moment to offer any response.”
West Virginia is the only state to have employed the system of Voatz and this matter might have a domino effect on the future of blockchain technology in the state as this highlights one of the most persistent problems in the new systems based on the technology.
However, at the same time, it has managed to improve the existing voting system. Warner shared that the app provides a solution to low voter participation rates among military and overseas voters, further adding:
Because of our hard work and our investments, all of our systems worked according to plan, and more robust security measures and protocols are being deployed ahead of 2020.
The application, on the other hand, does cover its basics when it comes to ensuring security. Voatz participates in the bug bounty program organized by the San Francisco-based HackerOne that welcomes cybersecurity researchers to find vulnerabilities in various systems.
Additionally reports claim that the West Virginia office still has plans to use Voatz again in the 2020 overseas military voting, although it isn’t mandatory for individual counties as they will have the freedom to decide whether to use it or not.