Comelec explores online overseas voting via app flagged by MIT

MANILA — The Commission on Elections (Comelec) on Wednesday gave a peek of its ongoing exploration of internet voting targeted for overseas Filipinos, unveiling its partnership with US startup Voatz, whose voting application was flagged by researchers from the Massachusetts Institute of Technology (MIT) in 2020 for its "vulnerabilities."

• Comelec signs deals with 2 voting solutions firms for overseas online voting test runs

In a virtual press launch, Comelec spokesman James Jimenez said around 670 signed up to participate in the pilot simulation of online voting from Sept. 11 to 13, either through the Voatz's mobile or web-based application. 

Comelec commissioner Rowena Guanzon, in charge of the poll body's Office for Overseas Voting (OFOV), said the result of the test run would serve as basis whether they would recommend the technology for the 2025 elections. 

Under Republic Act 9189 or the Overseas Voting Act, Comelec is allowed to "explore" other methods of voting for the benefit of overseas Filipino voters. 

"As you know, Congress has to pass a law to make this possible... It is impossible to use this in 2022."

"If these test runs are efficient, effective, and cost efficient, I will recommend to the Comelec en banc that we request Congress to consider passing a law to use mobile voting app in the future. We're looking at 2025, that's quite possible," she added.

Guanzon also clarified the Comelec did not spend for the simulations.

"I have to appreciate the tech suppliers doing this, such as Voatz, for doing this at no cost to the commission," she said. 

 HOW SECURE IS VOATZ

In the briefing, representatives of Boston-based tech company Voatz laid out how its voting technology works.

For the initial sign up alone, Voatz said participants have to go through "highest levels" of authentication. 

"We need to get you authenticated... For this test run, we're stressing highest levels of security. We're going to go through the identity verification process which asks voters to take pictures of their passport, we do all kinds of check here... You're also asked to do a video selfie," said Jesse Andrews Voatz director of sales & business development. 

Voatz CEO and co-founder Nimit Sawhney added safeguards are in place to ensure the integrity of the voting process is intact in case there are attempts to "intercept."

"One of the things the application does is as you're trying to on board, it does security checks so if the app determines that you're handset is rooted, jailbroken, or compromised in any other way, or even if you're using unsafe wifi and somebody is intercepting, the app will not let you proceed to submit a ballot," Sawhney said. 

CLASH WITH MIT RESEARCHERS

In a "security analysis" published by MIT researchers in Feb. 2020, it found flaws in the application. 

"We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a sidechannel attack in which a completely passive network adversary can potentially recover a user’s secret ballot. We additionally find that Voatz has a number of privacy issues stemming from their use of third party services for crucial app functionality," the study's abstract read. 

"Methodologically, our analysis was significantly complicated by Voatz’s lack of transparency," the researchers added.

Five months later, Voatz released a technical analysis of the MIT study, highlighting its "errors and misrepresentations."

"It is also evident that the authors of the report were ideologically motivated to oppose any progress in the field of internet voting," Voatz said. 

Voatz criticized the study's for its "sole reliance on the partial reverse engineering; usage of a series of incorrect assumptions; lack of real world evidence; lack of experience and maturity in terms of how to build, test and deploy an election system."

 FUTURE OF ONLINE VOTING IN PH

Guanzon, who is set to retire in Feb. 2022, said tech providers must satisfy the following criteria before the poll body can push for its use in future elections. 

"There are three things that are major considerations for me as a decision-maker. One is security, two is the access of voters, and three is the cost. If we are satisfied in OFOV, we can recommend this to the commission en banc and of course, Congress for 2025," Guanzon said. 

Voatz is only one of the tech firms tapped to conduct the simulation. Indra Sistemas and Smartmatic are also scheduled to hold similar tech runs in the coming weeks.