Smartphone Election in Washington State

This year:

King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology.

Once voters have completed their ballots, they must verify their submissions and then submit a signature on the touch screen of their device.

Finney says election officials in Washington are adept at signature verification because the state votes entirely by mail. That will be the way people are caught if they log in to the system under false pretenses and try to vote as someone else.

The King County elections office plans to print out the ballots submitted electronically by voters whose signatures match and count the papers alongside the votes submitted through traditional routes.

While advocates say this creates an auditable paper trail, many security experts say that because the ballots cross the Internet before they are printed, any subsequent audits on them would be moot. If a cyberattack occurred, an audit could essentially require double-checking ballots that may already have been altered, says Buell.

Of course it’s not an auditable paper trail. There’s a reason why security experts use the phrase “voter-verifiable paper ballots.” A centralized printout of a received Internet message is not voter verifiable.

Another news article.

Posted on January 27, 2020 at 6:03 AM22 Comments


Cigaes January 27, 2020 6:15 AM

The lack of voter-verifiable trace is not the only issue. Nothing here guarantees that there is not somebody looking over the voter’s shoulder to check that they vote “right”. It weakens not only security, it also weakens anonymity and secrecy, which are paramount for democracy.

Erik January 27, 2020 6:27 AM

This isn’t even really “online voting,” it’s some sort of weird vote-by-fax-online thing.

Rj Brown January 27, 2020 7:16 AM

So does “voter verifiable” mean that the voter gets a copy of his paper ballot?

If so, then all secrecy is gone again, because he my be under duress to show that copy to an overseer who would verify that he voted “right”, or else suffer some consequences.

If no, then what does the voter have to prove that his vote was tampered with?

Our voting system assumes a reasonably honest population and govenment as a starting point. If we loose that, then we have lost our ability to vote.

Winter January 27, 2020 7:24 AM

Voting with smartphones a good idea?

I have seen that described in (thriller) fiction already:
“The Lafayette Campaign: a Tale of Deception and Elections” by Andrew Updegrove

Spoiler alert: SVoting with smartphones might not be a good idea.

Curious January 27, 2020 8:41 AM

As a European looking at USA from afar, I am inclined to be thinking that this could be some kind of deviced “honey pot”.

Is it even a good idea to allow something like that in this one county, if only as an experiment?

I guess I find it strange that King County is even allowed to have such voting with people’s mobile phones, given the purported desire for having “safe” elections nation wide, my impression anyway. And although I am by far nothing like an expert on security or such tech related issues, I wouldn’t think mobile phone being safe for anything except more trivial stuff, certainly not for voting in an election.

Voting by mobile phone, somehow seems very non-personal. I mean, who would know if a grandmother at age 80 or something really votes in a personal capacity, and not being just a family member using her phone with or without permission. I can imagine how voting by mobile phone, potentially racks up a lot of extra votes within families because of how I imagine mobile phone voting to be something that is very easy, perhaps too easy. If a family member doesn’t want to vote in the first place, how to prevent a vote from being cast?

How personal must a mobile phone be for such type of voting to work? Sounds to me that one single mobile phone, for an entire family, can vote online for all the family members.

Jason January 27, 2020 8:46 AM

I’m curious that anyone thinks their vote is counted or matters as things stand now, but this, moving it to the Internet guarantees your vote will mean nothing.

parabarbarian January 27, 2020 8:58 AM

I saw this one a while back.

It is not a good idea makes and, on the surface, makes no sense to this dumb ‘ol engineer. However, if I evaluate it through my cynic filters there is a weird logic. The first two rules of a successful career in politics are:

  1. Get elected
  2. Stay elected.

Both require not just votes but also voters that are reliable supporters. If a political party perceives that a voting access law will expand the pool of reliable voters more that it expands that of the opposing parties, it is a good idea in their bizarre logic.

The Curley Effect is a real world example of how manipulating voter demographics keeps the party-in-power in power.

David Rudling January 27, 2020 9:21 AM

So possession of a mobile phone is a mandatory requirement to qualify as a voter in King County?

Bobbin January 27, 2020 10:02 AM

@David Rutling
“…and count the papers alongside the votes submitted through traditional routes” suggests that there as other non phone based voting options.

orcmid January 27, 2020 10:03 AM

The smartphone voting is not King County wide. There are a few small municipality elections at this time and one of them is as described. I presume that a smartphone is not required and I agree about signature-matching difficulties. If I had to match the signature on my voter registrations, it would be near-impossible. Considering the different mechanics (and lack of corresponding muscle memory), I find that completely impractical. The presumptions that all smartphones are either iPhones or Android phones of equal capabilities is also ridiculous.

Currently, King County elections are by mail ballot, with provisions for people to vote in person. The preference is mail ballot and using mark-sensed paper ballots had already been in place for over 20 years.

Although one can track confirmation of ballot receipt and handling of the envelope (on which the signature is placed) up until the ballot is removed. There is nothing on the ballot that identifies the voter, so the usual secrecy (and inability to confirm an individual’s ballot treatment) applies.

We don’t have hanging chad to worry about, although recounts and audits can reveal questionable cases in a close election. There was a fierce recount in a past gubernatorial election and this led to considerable improvements in all the back-end and volunteer operations. With postal delivery rather than precinct-level transfer of ballots, some opportunities for mishap have been reduced.

orcmid January 27, 2020 10:35 AM

The various accounts are confusing. Here’s an official statement.

A couple of tid-bits. The ballot period runs until February 11. People can use computers, tablets, etc., say in public libraries, and they can simply choose to print the (completed?) ballot and mail it in. The ballot is for one of two candidates. This is not a conventional political election.

The election is sort-of King County wide, although not everywhere. I am a registered voter in Seattle (population 700k) and I have received nothing about it. While 1.2 million voters are considered eligible for this particular seat, past experience on this particular annual ballot is 1%. (The county population is over 2.2 million. In the 2016 Presidential Election, 1 million ballots were cast throughout the county.)

MarkH January 27, 2020 12:22 PM

@Rj Brown:

Though I live in a rather “backward” region (in more ways than one), shortly after the 2000 election debacle my county got computerized voting machines with the only kind of verification system I would trust.

When the voter indicates to the machine that his/her ballot is completed, the machine prints the vote selections on a paper tape which is visible just behind a glass window, and prompts the voter to confirm yes that’s right, or no it ain’t.

If the voter selects yes, the machine cuts the paper tape (like a cash register receipt); if not, it prints something like “VOIDED”, cuts the tape, and gives the voter the opportunity to re-do the ballot (or complain to the polling place workers that the machine isn’t working).

Either way, the “receipt” falls into a bin where the paper records are collected for such auditing as may be required.

The voter never gets (or even touches) the receipt, and therefore can’t show it to anybody in response to bribery or duress.

In theory, somebody could keep careful track of comings and goings, and try to guess who voted in which way by the order in which the paper slips pile up in the bin. But that was possible (and in fact, much more practical) in our previous system of pencil-marked optically scanned ballots.

That sequence-of-paper attack was not possible with the older lever-and-counter voting machines … but those were completely impossible to audit, and open invitations to “fiddling”.

Clive Robinson January 27, 2020 12:26 PM

@ bob,

~10 point swings.

There are three possibilities there,

1, from honest to dishonest.
2, from dishonest to honest.
3, the demographic changed.

The last one might be the cause. That is the change caused younger voters to vote and older voters not to.

The one thing that is noticable in the UK is the young don’t vote, they’ve basically had enough of what they see is an unfair process they can not change. It got noticably bad under the Blair years where in some places well under half the elegable voters voted.

But also there is a legacy of distrustin the UK the voter rolls have been made available for other reasons, most often those that are prejudicial. Thus the young have realised they won’t be allowed to change the system to be more fair to them, but worse if they do register it’s just going to help the move to “Papers Now” from the authorities, and that’s not what they want.

Especially when the voter rolls sold on to companies have been used to stalk people.

Thus they view registering to vote as worse than usless in fact positively harmfull…

Bob January 27, 2020 12:42 PM


The swings were from contemporary polls. Polls were showing one thing that was in line with patterns from paper votes. Paperless voting resulted in immediate wild differences from both.

MikeA January 27, 2020 4:19 PM


given the purported desire for having “safe” elections nation wide,

You are just looking at the wrong dictionary entry for “safe election”. To many voters, that means elections that are safe from tampering. For most politicians, it means incumbents (or their party) are safe from any attempt by voters to get rid of them.

Rachel January 28, 2020 1:20 AM

This is intended to be on topic. As a thought experiment, consider the following as a security tactic. In the broadest possible sense.
Make voting compulsory. This would broadly affect the political landscape and voting process in the US. The motivations of candidates would radically change – just imagine.
I raise this as an example of thinking hinky to quote Mr Schneier. Instead of getting caught up in the details.

Don K January 29, 2020 9:12 AM

May I suggest that voting is an area where EXTREME conservatism is appropriate. For entities too large to fit all the interested individuals into a high school gymnasium or smaller room, I think it’d be best to stick with paper ballots for a long time. Until the 2050s or 2060s at least. Only after we really understand how to provide complete and more or less perfect security should we enable electronic voting. Why ask for trouble?

Alejandro January 30, 2020 6:51 AM

Here is the link to Ralph’s privacy policy, which is actually also Krogers privacy policy and thus nationwide:

If you fumble through the entirety of the various TOS and policies it’s clear they are written by expensive lawyers to give the corporation maximum legal advantage.

Just skimming them alternately puts me to sleep or feel an urge to vomit.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.