Researchers say Voatz voting app has big security flaws, 4 states using it for 2020 elections anyway

Originally published at: https://boingboing.net/2020/02/13/researchers-say-voting-app-has.html

…

It’s the XKCD comic come to life.

Welcome to America, or …

Look at the upside. Maybe the Voatz employees who created the app, also set up their website security.

Clearly the researchers are shills for rival app Interferenz.

I didn’t read the MIT paper, but I did read the linked Vice article, and it discusses all the attacks that are possible if the phone is rooted.
Well, duh. Are there even any theoretical ways to securely run software on a rooted platform?

Anyways, this is all stupid. Oregon has the best way to vote remotely, and I have zero idea why they are testing voting by phone in Oregon.
We have vote by mail. 3 weeks before the election, the state mails our ballots in the mail. We also get a voters guide.

1. I get sent a ballot to my mailing address.
2. At the same time, because I registered my phone, I get a text message that my ballot was sent. If I hadn’t, I could check the status on the state’s website.
3. I fill out the ballot, put it in a secrecy envelope, sign the outer envelope, then mail it in or drop it off at an official site (Libraries, elections offices, city halls, etc)
4. When the ballot office receives the ballot, it checks the signature against the one on file. Assuming it matches, I get a text message saying as much, that my ballot will be counted.
5. My ballot gets removed from the outer envelope and placed with the other accepted ballots
6. On election day, it gets run through the counting machine (scantron style ballot).
7. On election day, I get texted a virtual “I Voted” sticker.
8. There is a paper trail, and it is easy to audit and recount votes.

We have automatic voter registration through the DMV. If under 18, they are still registered, they just don’t start getting a ballot until they are 18.

Potential voters can register any time prior to the ballots being sent out, 21 days before the election.

Registered voters can change their party at any time via a state website.

My senators are intelligent and make pretty good calls on legislation. One got in trouble with more liberal voters for supporting the Trans Pacific Partnership, but generally good.

Remember that thing a few days ago about the CIA owning a cryptography company secretly?
I’m not saying this is the case for Voatz, but if I were a rogue state looking to subtly influence elections around the world…
A good lesson I guess, in how important it is to have technologically skilled individuals assessing your technology purchases.

I would have had concerns about it before this news. Could they have maybe chosen a name that isn’t similar to a far right reddit clone?

Ok, it’s irredeemable now.

American election and party officials care more about giving their cronies juicy contracts than they do about secure voting.

This article doesn’t name any of the “at least four states”. I realize it’s in the Vice article, but I think it might’ve been nice if it were in this one too

I would say that’s an unreasonably charitable interpretation. A more reasonable one is that anyone who thinks we should be using software to vote primarily cares about being able to rig the elections, and any juicy contracts are just a nice side effect.

I don’t know. The utter ignorance of establishment politicians regarding technology is persistent, even in 2020. The people who run companies like the one that makes Voatz aren’t exactly the creme-de-la-creme of the tech world. They’re usually former campaign volunteers and staff who blew the minds of people like Clinton and Biden with their ability to make changes on an HTML page or set up a Gmail filter. Then, when the campaign is over, these “tech geniuses” do a political tech startup and get funding because of their connections and (most important to their politician patrons) their loyalty. It’s a revolving door for the mediocre that also brought us the clown who set up Clinton’s infamous e-mail server and the incompetents who created the Iowa voting app.

I do agree, per the XKCD cartoon, that software-based voting “solutions” are dangerous garbage, and that there have been instances of contracts where there was an undertone of election rigging on behalf of the GOP. But I’m willing to start by using Hanlon’s Razor, along with some low-level favour-banking corruption, when it comes to the DNC. That may change this primary season, though.

Bloo

15h

This article doesn’t name any of the “at least four states”.

I wondered too. From the Vice article:

Voatz has been surrounded by controversy ever since West Virginia used it in a pilot program to allow military and overseas voters to cast ballots via their phone. The software has also been used in pilot projects in elections in Denver and parts of Oregon, Utah and Washington State. West Virginia recently announced plans to expand its use of Voatz to disabled voters in this year’s presidential elections.

Is it too late to go back to paper ballots everywhere?

Shit like this is why I’ll fight to prevent the elections here in Canada from moving away from a mark on a piece of paper. Even using this outdated technology, we still somehow manage to get election results within hours of polls closing.

Electronic voting seems to be particularly popular with a certain political orientation with whom the majority of e-voting vendors seem to identify though, so I suspect there’d be a lot of resistance to changing that.

This topic was automatically closed after 5 days. New replies are no longer allowed.