Security risk versus access: DNC committee divided on whether to approve Alaska mobile voting plan
"It's a complicated state," said one committee member.
Less than two months after voting to reject the "virtual" caucus plans set forth by the Iowa and Nevada Democratic parties, the Democratic National Committee panel tasked with approving all state party delegate plans is faced with the decision of whether to allow the Alaska Democratic Party to implement a mobile voting absentee ballot option for its presidential primary.
The committee was holding an executive session on Wednesday where they would again discuss the plan, a member confirmed to ABC News. Voatz, the potential vendor for Alaska -- should the plan be approved -- was invited to call into the meeting, its CEO and founder Nimit Sawhney told ABC News.
A vote by phone option would offer rural Alaskans across the massive state an opportunity to participate in the state's primary process. Some have never been able to do so before, due in part to the state's unique, mostly inaccessible terrain.
While new territory for a presidential election, the mobile voting landscape isn't completely uncharted. It's been successfully used by military members and overseas voters in West Virginia in 2018, and Denver in 2019.
DNC members are so divided over what to do with Alaska that the committee postponed a decision to conditionally approve the state party's delegate plan without the mobile voting method on Friday.
Some members argued that Alaska's small population and later primary date make it a good test pilot for this kind of technology, but others want to err on the side of caution, given Russia's election interference in 2016 and the constant threats to that domain.
Similar plans for Iowa and Nevada were scrapped after the DNC chairman and technology teams recommended they not go forward due to security concerns.
"I think we ought to go ahead and do this," committee member Harold Ickes said Friday. "It's a complicated state. It's a huge state. I don't even know how they vote up there. But if the whole thing is a flop and a failure, this republic is not going to fall."
In making her pitch to the committee, Casey Steinau, chairwoman of the Alaska Democratic Party, said that her party needed to develop a plan that addressed Alaska's distinct challenges.
While the party has 40 polling locations reserved for its April 4 primary day, and also a method of by-mail absentee voting, a mobile voting option would most significantly impact about 12,000 rural Alaskans, and particularly natives, who live in "off the road systems" -- a full 90% of the state that's literally inaccessible by roads.
Many of the people who live there have never participated in a presidential nomination, Steinau said, because they couldn't physically get to a caucus location. Even by forgoing the caucus and switching to a primary ahead of the 2020 cycle, weather and lack of roads still pose challenges for in-person voting and by-mail absentee voting.
However, Steinau said, "Those members do have phones."
Despite DNC tech teams' and committee co-chairs' stance that there isn't a "system available that is sufficiently secure, reliable and at scale to be used given the importance of this process," Steinau said the risk is worth it for Alaska.
"Let's not let perfection be the enemy of good," she told members. "All I ask is that we be bold."
"Theoretically, no system is 100% safe," Voatz's Sawhney conceded in an interview with ABC News. "But our goal here is to make the practical aspect of [hacking] very, very difficult, if not close to impossible. … Any slight detection of a threat or impropriety, the system will shut you down and tell you to use another form of voting."
Voatz, an application available on most iPhones and Android devices, was the mobile voting vendor used by West Virginia and Denver. Once approved by the election jurisdiction, voters then go through a multi-factor authentication process, and once their identity is verified, it's compared against the user's voter registration. The data is securely stored on one's device, and locked by a PIN that the user creates or a "biometric credential" like a fingerprint or face ID. Once all of this is completed, the user is ready to cast the ballot. Users get a digitized, anonymous receipt, and voters can then check their ballots and make sure their votes were accurately recorded.
"I'll be honest, I was impressed ... mainly because most companies think about security as a build-on after the fact," said former FBI cyber special agent Andre McGregor, whose company, Shift State, was hired to give an independent assessment of the security of Voatz's system. "They had thought of security from day one, which is just rare for any company, let alone a company that's specifically in the voting space."
McGregor applauded the vendor's multi-factor authentication system, as he said that's one of the most effective ways to thwart attacks.
Asked about the possibility of a vote being changed by a bad actor after-the-fact, Sawhney said that "there's no practical way for them to do it, and remain undetected," due to the blockchain technology the app uses, which is, by design, hard to manipulate once it's been recorded. Cautioning again that "no system is 100% safe," he said that the ability to make modifications after a ballot's been cast is "practically as close to impossible as you can get."
Others, however, are worried about parity and argue that election systems deemed too risky for some states shouldn't be used in any.
"We think every vote counts and every vote matters and, so ... if you're not willing to do it for certain voters in certain states, why would it be OK to say to other voters, 'Oh, go ahead and use it because your vote may not count as much,'" Edgardo Cortés, an adviser to the Brennan Center's election security team, told ABC News.
He warned against any form of voting that uses the internet, saying that U.S. elections are always under threat and voting this way "just opens the door for increased risk of your election results being undermined and being impacted by these efforts to influence elections."
"When we look at kind of the overall landscape and the threats that are out there ... this really isn't the time, I don't think, to be attempting to use these systems that are so much more prone to this potential malicious activity from foreign actors to allow people to cast votes," he said.
Several committee members were in agreement with the DNC tech teams' and outside cyber security experts' recommendation that mobile voting "not be permitted."
Former interim DNC Chairwoman Donna Brazile, who was personally impacted by the WikiLeaks email dumps in the 2016 election, said the committee should heed the tech teams' recommendation and revisit the idea in 2024, after the 2020 election can be evaluated.
"The notion that we're going to, at a time when the president of the United States is calling on foreign governments to interfere in our elections, we're going to try something new -- I'm all about new ... but this is not the time to try to test, even in a small area," she said.
Barry Goodman said that if Alaska does implement this plan, and there is a hack, the DNC and the Democratic Party "would look foolish."
"We'll sow doubt in the process nationally, despite taking the process to Alaska only," he said.