A note on security
Every day our democracy becomes less representative and less responsive to the people. National elections see too many Americans waiting in endless lines to exercise their right to vote, with broken machines, inconvenient polling places, and incomplete voter rolls.
We launched The Mobile Voting Project in 2018 to fix this by bringing safe, secure and convenient mobile voting options to U.S. elections. In just two years we’ve successfully completed seven mobile voting pilots across five states.
We’ve encountered our fair share of critics and started a national debate about voting security. It is natural for concerns to be raised when new technology is introduced into a system, but it would be a mistake to let security concerns prevent efforts to make improvements. That’s why these experiments in mobile voting are so important—to stress-test the concept and strengthen our cybersecurity capabilities in more controlled settings.
This is why Tusk Philanthropies has invested heavily in security. While we are vendor agnostic and each jurisdiction chooses the platform they use, every mobile voting vendor we work with undergoes a thorough technology vetting process. This includes:
- a full corporate infrastructure security review as well as a penetration test to allow us to understand the platform capabilities which would be deployed in a pilot;
- working with an independent cyber security firm which repeatedly assesses each vendor and continuously evaluates the vendors after pilots and on frequent intervals;
- negotiating increasingly deeper “white box” assessments that are broader and deeper in scope and evaluate security at the structural, design, and code levels;
- encouraging vendors to be open source so those in the tech, security, and privacy community can view the code and suggest fixes to vulnerabilities;
- supporting development of election standards and government oversight;
- requiring an auditable paper trail for every mobile election; and
- only funding pilots that either apply only to very small groups of voters, or to low stakes elections so that we can advance new ways of making voting easier without taking material risk.
We have also engaged Trail of Bits to go through our portfolio of vendor options and review the security of mobile voting platforms. Last year we began working with their team to perform the deepest review possible of the security of the Voatz mobile voting platform. Given their findings and our commitment to transparency, we are making those findings public today so other companies in this space have guidance on how to improve their security. The full security report from Trail of Bits can be found here.
We hope that by making this report public, it is clear that Tusk Philanthropies is only interested in finding and using solutions that meet the security needs of the purpose they’re designed for. We have no interest or incentive to engage with mobile voting options that aren’t secure.
The choice between security and participation isn’t binary. We want elections that are secure as possible, and we want turnout that’s as high as possible. It’s true that without secure elections, there’s no faith in the outcome. But without sufficient turnout, we lose faith too.
We knew when we started this campaign that it would be difficult, complex and long. There will always be critics who continue to say electronic voting could be dangerous, but to us, the greater risk to our democracy is doing nothing at all.