In the more than 15 years that Filipino marketing executive Jennie Lee-Fricke has lived overseas, she’s never cast a vote in a Philippine election. Not when she was studying in Beijing, not when she moved to Germany to work for DHL, the logistics company. Highly educated and working at a multinational corporation, Lee-Fricke, like many of her friends, sees voting as a waste of time.
If people like her could vote on their smartphone, would they?
That was the question top of mind for the Philippines’ Commission on Elections (Comelec), when it recently ran mock trials on blockchain-enabled voting.
The promise of remote voting is exciting nations around the world, but it’s especially alluring for the Philippines, which has a large diaspora known as OFWs — or “overseas Filipino workers.” For the upcoming 2022 polls, only about 1.6 million people overseas have registered, out of an estimated eligible population of between 7 to 10 million OFWs.
“Regardless of who you ask, voters always say that the low voter turnout is primarily because it is such a hassle for them to go to the embassies and consulates just to vote,” said James Jimenez, spokesperson for the Comelec.
Three companies are vying to change that — U.S.-based Voatz, U.K.-headquartered Smartmatic, and Spanish firm Indra Sistemas. Voatz is a startup that’s purely focused on blockchain voting, Smartmatic offers both election software and hardware such as vote-counting machines, and Indra is a consultancy for infrastructure projects like railway and airport management but is now trying to break into the elections business. The trials were held in mid-September, and each company was given a 48-hour window to show off their voting technology.
Why blockchain voting
Voatz claims to have participated in 82 elections around the world and served 2 million voters so far, including in Canada, Venezuela and the U.S. Voatz made history last year when a vote for U.S. president using its app was cast in Utah, and likewise when it was used in the 2020 state Republican conventions in Utah, Arizona and Colorado. West Virginia also used the Voatz app in the midterm election in 2018, but made a sudden turnaround and disallowed it for the primaries in May 2020, according to NBC News.
Voatz is hoping to participate in the U.S. midterm elections in 2022.
Governments around the world, big and small, are looking at whether blockchain and other digital technologies can solve three perennial problems in elections: low voter turnout, voter fraud and the auditability of results. In theory, blockchain can help improve all three. Its biggest draw is what’s known as the immutability feature.
During the recent Voatz demo in the Philippines, participants were able to cast votes via a mobile app, web browser and assisted kiosks. Identities were verified twice, and voters also had to take a live selfie. Users marked ovals that mimic paper ballots, which the system then records as an individual, anonymous transaction on the blockchain.
“Once something is written, it cannot be tampered with very easily,” explained Nimit Sawhney, co-founder and CEO of Voatz. “Which means even if someone’s a system administrator, someone’s at government, someone has full access to the system — it’s written in a manner that it can’t be changed.”
Being a distributed ledger, blockchain will also allow anyone to come in and audit the results post-election.
And then of course, there’s the convenience factor. Voting in many countries hasn’t changed much since the invention of paper ballots, and the pandemic has underscored the need to modernize — and socially distance — the process.
Can blockchain voting be trusted?
But Voatz, all of 5 years old, has already run into some bad press. In February 2020, the Massachusetts Institute of Technology (MIT) put out a report identifying a string of vulnerabilities in Voatz’s app, saying these “allow different kinds of adversaries to alter, stop or expose a user’s vote.”
It concluded with: “Given the severity of failings discussed in this paper, the lack of transparency, the risks to voter privacy, and the trivial nature of the attacks, we suggest that any near-future plans to use this app for high-stakes elections be abandoned.”
The Boston-headquartered firm has repeatedly pushed back against the MIT findings, saying the researchers reverse-engineered an outdated version of the app. “Unfortunately, the folks who wrote the paper, they used a somewhat of an older version, which wasn’t actually even used in a real election,” Sawhney told Forkast.News. He said the researchers have never been able to break into the system.
“We came at this from a very security-focused baseline. Many of us have a background in the cyber industry,” Sawhney added. ”It’s not a mobile app we built and then layered security [on top of]. It was actually the other way around. It was a security infrastructure. And then we slowly added the usability and the experience to that.”
Voatz did admit to making improvements after the MIT report came out, specifically around something called a side-channel attack, in which a hacker can potentially recover a user’s secret ballot. Sawhney said that the issue was “remediated” in all the elections they did in 2020.
“Security is a journey here. It’s not a single destination,” added Jesse Andrews, head of business development at Voatz.
The Comelec is well aware of the MIT study, and echoed the vendor’s point that there’s no such thing as a perfect system. “You know, when a technology is new, there will be vulnerabilities,” Jimenez said. “Based on our study of this technology, there are adequate safeguards. There’s still a lot we want to know about it. There’s still a lot of information that needs to be shared, and technology that needs to be transferred. But in general, it is not as scary as it might have been when that study came out.”
Smartmatic comes with baggage, too. It’s been the Philippines’ main election provider since 2010, though every cycle has brought allegations of fraud. Following the 2019 midterms, President Rodrigo Duterte asked Comelec to drop the firm and “look for a new one that is free of fraud.”
“The people don’t like it,” Duterte said.
Independent auditors have actually found that Smartmatic’s vote-counting machines yield an accuracy rate of more than 99%, but Duterte is right about one thing — the firm faces an uphill battle getting Filipinos to trust more of its technology.
For its demo, Smartmatic used a proprietary platform called the Trust Innovation Verifiability Integrity (TIVI), which uses blockchain and other technologies to “[guarantee] voter privacy and vote security.” Smartmatic authenticated users through a unique code sent via email, and did not require proof of “liveness.” Voters can log in to their system from any device without having to download an app.
“We are not a mobile app-based solution, we are a browser-based solution,” said Miguel Avila, tech solutions manager for Smartmatic Asia Pacific. “We believe that this is the solution that offers more security. You don’t have to install anything in your phone, you don’t have to install anything in your mobile device. It’s not another layer of security concern.”
Smartmatic’s biggest proof of concept right now is Estonia, which has fully embraced internet voting since 2005.
As for Indra Sistemas, the Spanish firm lamented having to go last in Comelec’s mock trials. Of 669 test voters, a whopping 46% did not even attempt to access their system during the voting period.
“We were thinking perhaps it was due to Indra being the last among the three companies conducting the test run, so maybe it was due to registration fatigue,” said Ryan Earl So, managing consultant at Indra.
Biometrics and border patrols
It’s worth noting that Indra had the most number of steps and requirements — from capturing biometrics and uploading documents to the tester recording a video of themselves saying their name. Among the issues that came up, Indra identified “[authentication] emails taking some time to get to the user” and “connection bandwidth” as key — underscoring the idea that blockchain voting is going to be a quantum leap for the Philippines, where internet infrastructure is still unreliable.
One other hurdle the vendors haven’t gotten ahead of is country-specific firewalls. “There are some locations, particularly in countries such as China and Iran, where the internet voting facility may actually be blocked,” William Emmanuel Yu, a member of the Comelec Advisory Council as well as an independent poll watchdog group, told participants during the mock trial. “So [that] requires the use of additional technology, just to allow the voter to vote.”
Still, the Comelec thinks it’s gathered enough data from the mock trials to start drafting a proposal to Congress and file it by the end of the year. From there, it will likely go through the long legislative mill before internet voting actually becomes law.
“Do we allow both mail-in voting and Internet voting at the same time? Do we allow mail-in, internet and on-premise voting at the same time?,” Yu asked. “Are we doing a one-and-done voting process where you can only vote once and you cannot replace your vote? Or do we do the Estonia style [where] you can vote as many times as you like, but only the last vote is counted?”
There are no concrete answers right now, but the Comelec is all in on new technology. “I don’t know yet if we can do it in time for the 2025 [midterm] elections. But that’s certainly the target that we’re working towards,” Jimenez said.