Legislature(2021 - 2022)BUTROVICH 205

03/16/2021 03:30 PM STATE AFFAIRS

Note: the audio and video recordings are distinct records and are obtained from different sources. As such there may be key differences between the two. The audio recordings are captured by our records offices as the official record of the meeting and will have more accurate timestamps. Use the icons to switch between them.

Download Mp3. <- Right click and save file as

* first hearing in first committee of referral
+ teleconferenced
= bill was previously heard/scheduled
*+ SB 95 SEARCH AND RESCUE SURPLUS STATE PROPERTY TELECONFERENCED
Heard & Held
-- Testimony <Invitation Only> --
*+ SB 66 MEMBERS LEG COUNCIL; LEG BUDGET & AUDIT TELECONFERENCED
Heard & Held
-- Testimony <Invitation Only> --
+= SB 39 BALLOT CUSTODY/TAMPERING; VOTER REG; MAIL TELECONFERENCED
Heard & Held
-- Testimony <Invitation Only> --
+ Bills Previously Heard/Scheduled TELECONFERENCED
**Streamed live on AKL.tv**
        SB 39-BALLOT CUSTODY/TAMPERING; VOTER REG; MAIL                                                                     
                                                                                                                                
4:07:51 PM                                                                                                                    
CHAIR SHOWER  announced the consideration  of SENATE BILL  NO. 39                                                               
"An Act  relating to elections;  relating to  voter registration;                                                               
relating to ballots  and a system of tracking  and accounting for                                                               
ballots;  establishing an  election offense  hotline; designating                                                               
as a  class A  misdemeanor the collection  of ballots  from other                                                               
voters; designating as  a class C felony  the intentional opening                                                               
or tampering  with a  sealed ballot,  certificate, or  package of                                                               
ballots without  authorization from the director  of the division                                                               
of elections; and providing for an effective date."                                                                             
                                                                                                                                
[SB  39  was  heard  previously   on  1/28/21,  2/2/21,  2/11/21,                                                               
2/16/21, and 2/25/21. This is the 6th hearing on the bill.]                                                                     
                                                                                                                                
SENATOR  SHOWER  said  he  was   awaiting  a  proposed  committee                                                               
substitute  for  SB 39  from  Legal  Services. The  committee  is                                                               
considering  ballot election  concerns  regarding data  security,                                                               
chain of custody, voter validation,  and ballot authentication in                                                               
the bill.  These issues are  especially important when  there are                                                               
significant  numbers of  mail-in and  absentee ballots.  He said,                                                               
"I've tried  to make clear  to folks  we're not opposed  to those                                                               
things  specifically; we're  trying to  make sure  that they  are                                                               
secure when we use them. So, we're not trying to prevent them."                                                                 
                                                                                                                                
SENATOR   SHOWER  remarked   that  the   Division  of   Elections                                                               
previously testified that currently there  is no chain of custody                                                               
for tracking  from the time ballots  are mailed out to  when they                                                               
are  returned to  the division.  In  fact, voters  must call  the                                                               
division to find out if their ballots were received, he said.                                                                   
                                                                                                                                
SENATOR SHOWER reported  that the [Alaska Supreme  Court ruled in                                                               
October 2020 Arctic  Village Council et al v. Meyer  et al.] that                                                               
Alaskans voting by  mail are not required to  have witnesses sign                                                               
their  absentee ballots.  [The October  12, 2020  decision upheld                                                               
the  lower  court  ruling  that  the  requirement  "impermissibly                                                               
burdens the right to vote" during the pandemic].                                                                                
                                                                                                                                
4:09:35 PM                                                                                                                    
SENATOR SHOWER  said he introduced  SB 39  as a means  to improve                                                               
the integrity  of Alaska's election  system and  restore people's                                                               
faith.  He invited  Chris Miller,  Oracle NetSuite,  to help  the                                                               
committee and public understand election technology.                                                                            
                                                                                                                                
4:10:13 PM                                                                                                                    
CHRIS  MILLER,  CPA;  Distinguished Solution  Specialist,  Oracle                                                               
NetSuite,   Lehi,  Utah,   presented  a   PowerPoint  on   Modern                                                               
Technology  Applications for  Voter Security  & Trust.  He stated                                                               
that  his  role  at  Oracle   has  three  functions:  accounting,                                                               
internal controls,  and developing new products,  but his primary                                                               
role is finding solutions to problems.                                                                                          
                                                                                                                                
4:10:52 PM                                                                                                                    
MR.   MILLER  stated   that  his   PowerPoint   would  focus   on                                                               
technological   changes  that   may   provide  applications   and                                                               
advantages  for the  state  to make  changes  to Alaska's  voting                                                               
process.                                                                                                                        
                                                                                                                                
4:12:16 PM                                                                                                                    
MR.  MILLER  reviewed  slides  3   and  4  by  making  disclosure                                                               
statements.  He said  he  is  not making  promises  on behalf  of                                                               
Oracle,   addressing  the   committee  as   an  official   Oracle                                                               
representative,  or  looking  to  sell anything.  He  stated  his                                                               
intent  is to  inform  committee members  on software  technology                                                               
that  is  available.  He  clarified that  he  was  speaking  from                                                               
Oracle's perspective, but companies  such as Microsoft and Amazon                                                               
Web Services (AWS) also offer good cloud products.                                                                              
                                                                                                                                
MR.  MILLER turned  to slide  5, What  Voters of  Alaska Deserve,                                                               
which  highlighted  Domino's  tracking system  to  illustrate  an                                                               
effective  system  that  could  be used  to  track  ballots.  For                                                               
example,  when people  order Domino's  pizza online,  the company                                                               
uses a "pizza  tracker" system to verify the  pizza ordered, when                                                               
the pizza  was being  prepared, and  when the  pizza was  out for                                                               
delivery. He said his PowerPoint  would outline the equivalent of                                                               
using a  system similar to  the "pizza tracker" to  track ballots                                                               
and votes.                                                                                                                      
                                                                                                                                
MR. MILLER  highlighted Stephen Covey's  [The 7 Habits  of Highly                                                               
Effective People] relating fundamental  questions that arise when                                                               
changes are made:                                                                                                               
                                                                                                                                
   • Why do we need to make a change?                                                                                           
   • What do we need to change?                                                                                                 
   • How do we make a change?                                                                                                   
                                                                                                                                
4:14:39 PM                                                                                                                    
MR. MILLER  reviewed his agenda items  on slide 7. He  offered to                                                               
focus  on what  needs to  change in  a voting  system and  how to                                                               
implement these  changes. The text  inside the  graphics' bubbles                                                               
on the slide read:                                                                                                              
                                                                                                                                
     Key voting issues for Consideration                                                                                        
     Technology Building Blocks                                                                                                 
     What Might a System Look Like?                                                                                             
     Q&A Session                                                                                                                
                                                                                                                                
4:14:34 PM                                                                                                                    
MR.   MILLER  reviewed   what  is   necessary  to   create  voter                                                               
confidence: "The How,  What, and Why" by reading the  text in the                                                               
bubbles on slide 8:                                                                                                             
                                                                                                                                
     Security - Freedom from Outside Interference                                                                               
     Auditability - Transparent and Accurate Results                                                                            
     Accessibility - Reduce Voter Friction                                                                                      
     Voter Confidence                                                                                                           
     One Voter                                                                                                                  
     One Vote                                                                                                                   
                                                                                                                                
MR.  MILLER discussed  what creates  voter  confidence for  voter                                                               
security,  auditability  and  accessibility.  He  emphasized  the                                                               
necessity  to  "reduce  friction"  in  a  transaction  to  attain                                                               
accessibility. He  stated his  intent to  demonstrate how  to use                                                               
technology  to  reduce  friction  for voters,  not  to  make  the                                                               
barriers harder, but to maintain the integrity of the system.                                                                   
                                                                                                                                
4:15:25 PM                                                                                                                    
MR. MILLER referenced  a quote from Thomas Jefferson  on slide 9,                                                               
which emphasizes  the goal to  strive to  have as many  people as                                                               
possible participate in the voting process. It read:                                                                            
                                                                                                                                
       We do not have government by the majority. We have                                                                       
     government by the majority who participate.                                                                                
                                                                                                                                
MR. MILLER reviewed five technologies listed on slide 10:                                                                       
                                                                                                                                
Cloud Infrastructure/Economics                                                                                                  
Multi Factor Authentication                                                                                                     
Blockchain Ledger                                                                                                               
Tokenization                                                                                                                    
Digital Wallet                                                                                                                  
                                                                                                                                
MR. MILLER  said he  would explain each  how each  technology can                                                               
provide auditability/transparency, security, and accessibility.                                                                 
                                                                                                                                
4:16:28 PM                                                                                                                    
MR.  MILLER  discussed  "Cloud Infrastructure"  and  the  "Oracle                                                               
Cloud Infrastructure  Global Footprint" on slides  11-12. He said                                                               
he  would focus  on Cloud  infrastructure in  the US  and not  on                                                               
Oracle's  worldwide   scope.  In  the  US,   Oracle  has  created                                                               
government zone cloud infrastructure  warehouses that are FedRAMP                                                               
[Federal  Risk and  Authorization Management  Program] certified.                                                               
Data  remains  in the  United  States  in Phoenix,  Chicago,  and                                                               
Ashburn.  Another cloud  warehouse is  planned for  San Jose,  he                                                               
said. He reported that all  countries in the European Union (EU),                                                               
Canada  and  China require  their  data  to remain  within  their                                                               
borders.  Keeping data  within borders  represents a  fundamental                                                               
core security requirement for businesses  to better protect their                                                               
data and to prevent hackers from accessing it.                                                                                  
                                                                                                                                
MR. MILLER  reviewed Oracle's security  measures in the  Cloud on                                                               
slide 13. He  explained three areas for  security measures Oracle                                                               
has  developed,   including  Zero  Trust   Architecture,  Maximum                                                               
Security  Zones and  its  Oracle database.  First,  Oracle has  a                                                               
"Zero  Trust Architecture."  This means  Oracle employees  cannot                                                               
see  their  customers' data  and  their  customers cannot  access                                                               
Oracle's  programming  code.  This prevents  people  from  having                                                               
access  to   manipulate  Oracle's   code.  Second,   Oracle  uses                                                               
preconfigured  mandatory  security  best practices  for  critical                                                               
reduction    workloads,    which   helps    eliminate    customer                                                               
misconfiguration. These  best practices  help ensure  that people                                                               
do  not accidentally  make mistakes.  Finally, Oracle's  database                                                               
uses "Data Safe and OS Security."                                                                                               
                                                                                                                                
4:18:51 PM                                                                                                                    
MR. MILLER  described the  technical, layered  protections Oracle                                                               
uses  to provide  stronger isolation  and control  from "core  to                                                               
edge"  of its  database. He  directed  attention to  an image  on                                                               
slide  15 that  illustrated  Oracle's layered  control to  manage                                                               
data stored  in the Cloud.  This included a  protection structure                                                               
under   edge   services,   monitoring,   virtual   network,   and                                                               
data/database headings. First, he  described the internet edge as                                                               
similar to castle walls. At  that point, security includes denial                                                               
of  service  and DNS  (Domain  Name  System) protections  against                                                               
security  attacks.  Monitoring  and   logging,  the  next  layer,                                                               
protect against access  to data. He emphasized  the importance of                                                               
keeping  informational  ledgers  and identification  ledgers  for                                                               
voting systems. The voting ledger  will identify how ballots were                                                               
cast and  the identification ledger would  list authorized voters                                                               
who have  not yet  voted, he said.  These layered  controls could                                                               
provide complete confidence in the  overall identity security, he                                                               
said.                                                                                                                           
                                                                                                                                
4:20:06 PM                                                                                                                    
MR. MILLER reviewed the Oracle  Data Management platform scale or                                                               
the data processed.  Alaska may have up to  750,000 voters voting                                                               
in one day.  However, Oracle and other major  cloud providers can                                                               
process 43 billion API  [Application Programming Interface] calls                                                               
per  day in  real time.  Further,  Oracle can  also increase  its                                                               
2,200 computer servers by 750  more within 12 minutes. This means                                                               
Oracle is elastic  and could handle a massive  Election Day spike                                                               
that cannot crash, he said.                                                                                                     
                                                                                                                                
4:21:08 PM                                                                                                                    
MR.  MILLER highlighted  the  Oracle  Cloud Infrastructure  (OCI)                                                               
compliance  and   audit  programs   typically  used   in  global,                                                               
government, industry,  and regional categories as  shown on slide                                                               
16. First,  FedRAMP federal  cybersecurity standards  provide the                                                               
highest   security  standards,   used  by   federal  intelligence                                                               
agencies.    Amazon's    JEDI     (Joint    Enterprise    Defense                                                               
Infrastructure)  Cloud  is being  built  to  these standards,  he                                                               
said.  The slide  listed several  audit  programs used  globally.                                                               
Audit programs are  important because they confirm  data has been                                                               
protected from hackers.  Since costs are spread  out among users,                                                               
these programs  provide a cost-effective means  to receive world-                                                               
class security at  a reasonable cost. He offered  his belief that                                                               
data maintained  in infrastructure  warehouses, such  as Oracle's                                                               
firewall are as secure as Fort Knox.                                                                                            
                                                                                                                                
4:23:17 PM                                                                                                                    
MR.  MILLER  briefly   reviewed  multifactor  authentication.  He                                                               
directed  attention to  the  images for  Target  or Fortnite  2FA                                                               
shown on slide 16. Many companies  do not rely solely on customer                                                               
passwords  for authentication.  Instead, these  companies send  a                                                               
code via  the customer's  text or email  on file  to authenticate                                                               
his/her identity.                                                                                                               
                                                                                                                                
4:24:48 PM                                                                                                                    
MR.  MILLER  identified  the types  of  factors  for  multifactor                                                               
verification,   including   knowledge,   possession,   inherence,                                                               
location,  and  time.  He  said  knowledge  refers  to  a  person                                                               
entering  a  password to  log  in.  Possession means  the  person                                                               
receives  a cell  phone text  to  authorize a  log in.  Inherence                                                               
refers to the  person using something inherent  to an individual,                                                               
such as a  fingerprint, to verify their  identity. Location means                                                               
tracking  the  internet  protocol   (IP)  address  to  confirm  a                                                               
person's location,  such as  an authorized  computer in  a voting                                                               
booth.   Time   would   limit  verification   within   prescribed                                                               
timeframes, such as voting hours, he said.                                                                                      
                                                                                                                                
4:25:47 PM                                                                                                                    
MR.   MILLER   identified   two  applications   for   multifactor                                                               
verification related to voting:  Election Database with Sensitive                                                               
Information  and  Voter  Identity   Broker.  Since  the  election                                                               
database   has   sensitive  information,   voter   identification                                                               
requires authentication  and tracking.  However, it  is important                                                               
to allow authorized people to  have access to information without                                                               
providing them with the ability  to compromise the data. This can                                                               
be done  by ensuring  proper segregation of  duties to  limit who                                                               
can access data to prevent unauthorized access.                                                                                 
                                                                                                                                
MR. MILLER  reviewed the current  process most polls  use. Voters                                                               
provide  identification at  the polling  place. Election  workers                                                               
find  the person  in  a  printout of  registered  voters for  the                                                               
precinct  and the  voters  sign the  registered  voters' log.  He                                                               
suggested  using technology  to  create a  voter identity  broker                                                               
system.  Voters  would  upload  their  photo  identification  and                                                               
authenticate it by  using a multifactor process  via cellphone or                                                               
email. This  would provide a  means to  guarantee identification,                                                               
reduce fraud, and rely on an electronic system.                                                                                 
                                                                                                                                
4:27:25 PM                                                                                                                    
CHAIR SHOWER  asked if China and  Russia allows Oracle to  use US                                                               
servers to control information during their elections.                                                                          
                                                                                                                                
MR.  MILLER  answered  no;  neither  country  allows  citizen  or                                                               
business  data  to cross  their  borders.  While Oracle  conducts                                                               
substantial  business  in  China,  its data  centers  are  solely                                                               
located  in China.  The European  Union (EU)  has a  similar data                                                               
governance policy, he said.                                                                                                     
                                                                                                                                
CHAIR SHOWER recalled that Alaska  experienced two data breaches.                                                               
In 2019,  the Permanent Fund  Division experienced a  data breach                                                               
and in  2020, the  Division of  Elections had  a data  breach. He                                                               
asked how  the types of  systems he was discussing  would prevent                                                               
future data breaches.                                                                                                           
                                                                                                                                
4:29:42 PM                                                                                                                    
MR.  MILLER answered  by directing  attention to  the diagram  on                                                               
slide 14 that  illustrates the protective layers  the state could                                                               
implement, such  as two-factor authentication and  segregation of                                                               
duties. For example, two-source  authentication will limit access                                                               
by  unauthorized  people  such   as  hackers  from  impersonating                                                               
someone  in  an attempt  to  access  personal data.  Implementing                                                               
segregation of duties could  prevent employees from inappropriate                                                               
access  to data  by  limiting their  access  while allowing  them                                                               
enough access  to do  their jobs. Once  segregation of  duties is                                                               
established, it would take collusion  by multiple parties to hack                                                               
the system, he said.                                                                                                            
                                                                                                                                
4:33:27 PM                                                                                                                    
CHAIR  SHOWER asked  how Alaska  could incorporate  a multifactor                                                               
authentication  process for  mail-in or  absentee voting  without                                                               
creating obstacles  for voters.  He stated  his intent  to ensure                                                               
that eligible voters  can easily vote while  maintaining a secure                                                               
voting system.                                                                                                                  
                                                                                                                                
MR.  MILLER responded  he would  discuss other  technologies that                                                               
can help do so later in the presentation.                                                                                       
                                                                                                                                
MR. MILLER  turned to slides  20-21, Oracle  Blockchain Platform.                                                               
He  highlighted   that  blockchain  technology  has   real  world                                                               
applications   beyond   cryptocurrency.  For   example,   Walmart                                                               
currently  uses blockchain  technology  to track  crops from  the                                                               
point   of  harvest   through   the  packinghouse,   transporter,                                                               
exporter,   processor,  and   distributor   to  Walmart   stores.                                                               
Blockchain technology  can provide the ultimate  chain of custody                                                               
to track  contaminated produce.  This analysis can  be done  in a                                                               
matter  of seconds  since each  transaction  in the  distribution                                                               
process is tracked.                                                                                                             
                                                                                                                                
4:37:00 PM                                                                                                                    
MR.  MILLER  referenced  slide   22,  Technology  Challenges.  He                                                               
reviewed  slide  23,  Characteristics of  Blockchain  Technology.                                                               
Blockchain  technology is  tamper-proof, shared  and transparent,                                                               
consensus based, and provides  security and privacy. Corporations                                                               
and major  banks use blockchain  technology because it  creates a                                                               
sense  of  trust.   All  parties  can  see  both   sides  of  the                                                               
transaction  history,   he  said.  He   characterized  blockchain                                                               
technology  as providing  a single  source  of truth.  Blockchain                                                               
technology creates a digital ledger  that records information and                                                               
tracks products or transactions each step of the way.                                                                           
                                                                                                                                
MR. MILLER explained  how Blockchain technology could  be used in                                                               
the context of  voting. Voters would have the  ability to confirm                                                               
their  votes   via  a  blockchain  by   accessing  their  private                                                               
accounts. This can provide voters  with assurance that their vote                                                               
was  processed and  counted. In  addition, blockchain  technology                                                               
allows  votes  to  be  stored in  essentially  a  digital  public                                                               
ledger.  Blockchain technology  allows for  quick tabulation  and                                                               
data  analysis,   or  data  mining,   to  quickly   identify  any                                                               
inconsistencies  or  discrepancies. Since  Blockchain  technology                                                               
allows  for  incredibly fast  calculations,  it  could count  all                                                               
votes during  an election in  a few  hours. If early  or absentee                                                               
ballots are counted  ahead of time, the processing  time would be                                                               
even  less.   This  automated   and  transparent   process  could                                                               
ultimately  eliminate  substantial  manual labor  and  paperwork.                                                               
While  blockchain technology  could eventually  allow all-digital                                                               
records, current discussions surround  how to use this technology                                                               
to manage paper ballots.                                                                                                        
                                                                                                                                
4:39:47 PM                                                                                                                    
MR.  MILLER   explained  how   Blockchain  technology   works  by                                                               
reviewing  blockchain characteristics  on  slide  24. This  slide                                                               
depicted two flowcharts to illustrate  how users would access the                                                               
ledger and  the bank would  hold the primary or  "golden record".                                                               
Currently,  banks maintain  their ledgers  and customers  receive                                                               
account statements,  which consist of  their own ledgers.  A bank                                                               
considers its  records as  the source  of truth  and correctness.                                                               
When customers  discover an  error, they  must convince  the bank                                                               
that a problem exists based on their own research.                                                                              
                                                                                                                                
MR. MILLER  explained that blockchain  data distribution  has one                                                               
ledger and all nodes have some  level of access to it. This means                                                               
that no one  person or server can access the  entire ledger. Node                                                               
replication  makes  using  blockchain very  fraud  resistant.  In                                                               
fact, someone would have to change  over 51 percent of the entire                                                               
distribution  nodes  simultaneously  to commit  fraud  or  change                                                               
data. The source of a  potential discrepancy arises when a single                                                               
node  appears  different  from  the  rest  of  the  nodes,  which                                                               
pinpoints where to investigate.                                                                                                 
                                                                                                                                
MR.  MILLER noted  that accountants  and financial  professionals                                                               
characterize  a blockchain  as double-entry  accounting that  has                                                               
evolved  to triple-entry  accounting.  Entities  can use  double-                                                               
entry accounting but  a blockchain essentially stamps  it. If any                                                               
discrepancy or  disagreement arises, the blockchain  ledger shows                                                               
how and when the transaction occurred.                                                                                          
                                                                                                                                
MR. MILLER  offered his view that  the State of Alaska  could use                                                               
blockchain technology  for production  data and  severance taxes,                                                               
with the blockchain ledger essentially  becoming a public ledger.                                                               
The  state could  also  track division  orders  and payments  and                                                               
create  an immutable  chain of  custody for  recording land-lease                                                               
deeds. In terms of voting,  a blockchain would create blocks that                                                               
show  the specifics  of the  vote  tally. He  said this  provides                                                               
auditability.                                                                                                                   
                                                                                                                                
4:43:21 PM                                                                                                                    
MR. MILLER  described permissioned and  permissionless blockchain                                                               
shown  on  slide  25. In  permissioned  blockchain,  members  are                                                               
invited to join the network.  Since parties are known in advance,                                                               
it provides a more secure  model. In a permissionless blockchain,                                                               
or public  blockchain, anyone on  the internet may join  and have                                                               
access to  the ledger information.  It is less secure  and offers                                                               
less  governance since  the  parties are  not  known in  advance.                                                               
Blockchain and Ethereum use permissionless blockchain, he said.                                                                 
                                                                                                                                
4:44:08 PM                                                                                                                    
MR. MILLER suggested  that to create confidence,  a voting system                                                               
would  use a  permissioned blockchain  network. The  system would                                                               
permit authenticated  voters to join, receive  their ballots, and                                                               
vote  at authorized  times in  specific  elections. He  explained                                                               
that these permissions would provide confidence in the election.                                                                
                                                                                                                                
MR. MILLER  highlighted using a token,  such as a QR  code [Quick                                                               
Response] in  the voting  process. Each vote  could be  traced in                                                               
the  blockchain   record,  but  it  would   still  protect  voter                                                               
identity. Analytical capabilities  are available immediately with                                                               
blockchain  technology, including  tabulating voting  outcomes by                                                               
location or district.                                                                                                           
                                                                                                                                
4:46:29 PM                                                                                                                    
MR.  MILLER turned  to  slide  26, which  described  when to  use                                                               
database  blockchain tables.  He  said blockchain  tables can  be                                                               
used  when there  is  no  trust between  people  but the  parties                                                               
partially  trust a  neutral service  provider. Blockchain  tables                                                               
act  as  a registrar  and  maintain  the  chain of  custody.  The                                                               
advantage of using Oracle or  AWS managed permission processes is                                                               
that Oracle stands behind their process.                                                                                        
                                                                                                                                
4:47:44 PM                                                                                                                    
SENATOR  HOLLAND asked  if any  state  currently uses  blockchain                                                               
technology to ensure voter integrity.                                                                                           
                                                                                                                                
MR. MILLER replied that Utah  allowed a limited blockchain voting                                                               
system primarily for overseas military  ballots but there has not                                                               
been statewide use.                                                                                                             
                                                                                                                                
MR.   MILLER  recalled   that  the   Republican  and   Democratic                                                               
Conventions  used blockchain  technology  but it  was limited  to                                                               
internal nomination voting. In  addition, several other countries                                                               
such as  Russia and  India used  blockchain technology  for their                                                               
election  security  and  a  few others  are  considering  it.  He                                                               
maintained that  every major company  is looking for ways  to use                                                               
blockchain technology. "We are at the beginning," he said.                                                                      
                                                                                                                                
SENATOR REINBOLD thanked him for the presentation.                                                                              
                                                                                                                                
CHAIR SHOWER asked if individual  states should develop their own                                                               
voting systems  using blockchain  technology or if  states should                                                               
use  an  outside  server.  He  expressed  concern  that  Alaska's                                                               
Division of Elections  might not be able to take  on such a large                                                               
task.                                                                                                                           
                                                                                                                                
MR.   MILLER  replied   that  Microsoft   Assure,  Oracle   Cloud                                                               
Infrastructure (OCI),  and AWS are  three vendors  with excellent                                                               
security  and  similar  capabilities  and  skills  to  provide  a                                                               
service  far better  than the  state  could achieve  on its  own.                                                               
Almost every major technological application  is on the Cloud and                                                               
very few  companies try  to do  this on  their own.  For example,                                                               
Zoom runs  on Oracle  Cloud Infrastructure,  he said.  He offered                                                               
his belief  that the outsourcing  cost-benefit ratio  makes sense                                                               
because companies  provide expertise and cost  certainty. He said                                                               
if he  had a startup, he  would only consider using  Oracle, AWS,                                                               
or Microsoft.                                                                                                                   
                                                                                                                                
CHAIR SHOWER  highlighted that  cost is always  an issue  for the                                                               
legislature. He related that the  committee was focused on how to                                                               
create a good  voting system in a cost efficient  way while still                                                               
providing the  necessary level of  service and security.  He said                                                               
the  legislature   often  struggles  with  whether   to  contract                                                               
services out  or try to  do it  in-house. Based on  the foregoing                                                               
information, he  surmised that the  state lacks the  expertise to                                                               
do this on its own.                                                                                                             
                                                                                                                                
4:54:47 PM                                                                                                                    
CHAIR SHOWER highlighted some issues,  including how to introduce                                                               
transparency  in  vote  tracking while  ensuring  voter  identity                                                               
remains secret. He  recalled that when voters  fax their ballots,                                                               
the  state's  website  cautions  that  someone  might  see  their                                                               
ballot. He asked  Mr. Miller how voter  transparency and tracking                                                               
would work while maintaining anonymity through the process.                                                                     
                                                                                                                                
MR.  MILLER, in  response,  turned to  slides  27-30, related  to                                                               
anonymity. The  key to  anonymity is  tokenization, he  said. For                                                               
example, when  someone buys  goods from  Amazon using  One Click,                                                               
Apple  Pay or  Google  Pay, the  company  uses tokenization.  The                                                               
company receives the credit card  information, translates it into                                                               
a complex  hash algorithm that  is transferred to a  token vault.                                                               
This information  is matched  via a map  to the  person's account                                                               
number  and   personal  information  to  correctly   process  the                                                               
transaction.                                                                                                                    
                                                                                                                                
4:57:10 PM                                                                                                                    
MR.  MILLER turned  to slide  31, Tokenization  and Controls  for                                                               
Anonymity. He directed  attention to the flowcharts  on the slide                                                               
to describe  the secure voting  process. First, a voter  would go                                                               
to  a kiosk  or voting  booth  to cast  a  vote or  apply for  an                                                               
absentee  ballot, similar  to a  kiosk at  an airport.  The voter                                                               
would  submit  biometrics,  such  as  a  fingerprint,  or  use  a                                                               
multifactor  authentication   to  voting  booth   interface.  The                                                               
identity verifier  system receives and certifies  the information                                                               
and approves an  ID key on the Blockchain, creating  a token that                                                               
authorizes a specific ballot. This  system creates a voter key or                                                               
token in the interface called  a "blind token." The ballot cannot                                                               
identify  an  individual  voter  and  the  authentication  system                                                               
cannot  identify  any  specific   ballot  selections,  which  are                                                               
separated by a wall. After  voting, the agency issuing the ballot                                                               
receives the "blind token" and  the voter receives a confirmation                                                               
printout with a hashtag and a ballot number.                                                                                    
                                                                                                                                
5:00:49 PM                                                                                                                    
MR.  MILLER described  the process  for a  voting system  using a                                                               
paper  ballot. The  voter would  use the  same voter  eligibility                                                               
process but after validation, the  ballot would be printed with a                                                               
hashtag.  After   voting,  the   ballet  would  be   scanned  and                                                               
transmitted via a  blockchain based on the  hashtag. Again, voter                                                               
identity would not be linked  via the hashtag or the verification                                                               
system.                                                                                                                         
                                                                                                                                
MR.  MILLER  summarized  that   these  systems  provide  absolute                                                               
confidence that  an authorized person voted  by using multifactor                                                               
authentication. It would also maintain  voter secrecy and provide                                                               
correct vote tallies.  A voter could use their  hashtag number to                                                               
verify that his/her vote was included in the total vote tally.                                                                  
                                                                                                                                
MR.  MILLER, in  response to  Chair Shower,  apologized that  his                                                               
explanation was  more technology oriented to  describe blockchain                                                               
technology than he would have preferred.                                                                                        
                                                                                                                                
5:03:32 PM                                                                                                                    
MR. MILLER  turned to  slide 32, Potential  System Flow.  He said                                                               
the  graphic  from  followmyvote.com  ties  the  five  pieces  of                                                               
technology   to   build  the   system.   A   person  would   gain                                                               
authentication via  a digital wallet  to access the  secure cloud                                                               
infrastructure.   Tokenization   technology   ensures   that   an                                                               
authorized  voter  casts  his/her  ballot  using  a  dual-purpose                                                               
system of  blind tokens  to create  anonymity whether  the system                                                               
uses electronic,  absentee or in-person paper  ballots. A secured                                                               
vote enters a blockchain ballot  box, is counted, the results are                                                               
tallied, and analytics are performed.                                                                                           
                                                                                                                                
MR. MILLER said  the digital wallet allows voters  the ability to                                                               
verify  that their  vote was  counted correctly  and confirm  the                                                               
results. The  key principle  is that the  absentee, mail,  or in-                                                               
person  voting process  will maintain  voter  security and  voter                                                               
privacy, he said.                                                                                                               
                                                                                                                                
MR. MILLER referred  to a patent diagram on slide  33 that the US                                                               
Post Office  filed in August  2020 to create a  blockchain system                                                               
for mail-in ballots.  He said the USPS is using  the same concept                                                               
in  its  patent. If  approved,  the  USPS  could be  a  potential                                                               
supplier for absentee ballots or all by-mail voting in Alaska.                                                                  
                                                                                                                                
5:06:08 PM                                                                                                                    
MR. MILLER  turned to slide  34, How, What,  and Why. He  said he                                                               
hopes the  PowerPoint helps the  committee understand how  to use                                                               
blockchain technology  to create a secure,  auditable, accessible                                                               
election  system  and translate  that  knowledge  to good  policy                                                               
decisions.  The  idea is  to  provide  voter confidence  of  "one                                                               
voter, one vote" in an efficient election.                                                                                      
                                                                                                                                
CHAIR  SHOWER   remarked  that  the  information   on  blockchain                                                               
technology  could  help  the  committee   find  ways  to  address                                                               
election integrity and  restore people's faith in  the system. He                                                               
maintained  his interest  in ensuring  that eligible  voters have                                                               
easy access to voting in a reliable voting system.                                                                              
                                                                                                                                
CHAIR SHOWER highlighted  that rural Alaskan voters  often do not                                                               
have reliable  cell phone, internet  access or  connections. This                                                               
means SB  39 must allow a  variety of ways to  vote. For example,                                                               
the  USPS  is considering  using  a  blockchain. This  technology                                                               
could  have positive  implications for  voting. He  expressed his                                                               
interest in working with Mr. Miller to address specific issues.                                                                 
                                                                                                                                
5:08:32 PM                                                                                                                    
MR.  MILLER,  in   response  to  Senator  Holland,   said  he  is                                                               
physically located in Lehi, Utah.                                                                                               
                                                                                                                                
[CHAIR SHOWER held SB 39 in committee.]                                                                                         

Document Name Date/Time Subjects
SB 95 Fiscal Note 3291.pdf SSTA 3/16/2021 3:30:00 PM
SB 95
SB 95 Sectional Analysis.pdf SSTA 3/16/2021 3:30:00 PM
SB 95
SB 95 Sponsor Statement.pdf SSTA 3/16/2021 3:30:00 PM
SB 95
SB 95 Bill v.A.PDF SSTA 3/16/2021 3:30:00 PM
SB 95
SB 66 Bill v.A.PDF SSTA 3/16/2021 3:30:00 PM
SB 66
SB 66 Sectional Analysis.pdf SSTA 3/16/2021 3:30:00 PM
SB 66
SB 66 Sponsor Statement.pdf SSTA 3/16/2021 3:30:00 PM
SB 66
SB 95 Amendment 1.pdf SSTA 3/16/2021 3:30:00 PM
SB 95
SB 95 Amendment 2.pdf SSTA 3/16/2021 3:30:00 PM
SB 95
SB 39 Modern Technology Applications.pptx SSTA 3/16/2021 3:30:00 PM
SB 39
SB 66 v.B.pdf SSTA 3/16/2021 3:30:00 PM
SB 66