General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsOh Good, Another Voting App Might Have Some Problems
Oh Good, Another Voting App Might Have Some Problems
By AARON MAK at Slate
FEB 13, 20204:32 PM
Voatz would allow people to vote remotely.
https://slate.com/technology/2020/02/a-voting-app-is-under-scrutiny-after-researcher-find-flaws.html
"SNIP....
Two weeks after a malfunction in a vote-reporting app helped make a mess out of the Iowa caucuses, another election app is stirring up anxieties.
Voatz, which allows voters to submit their ballots virtually, is facing scrutinynot for the first timeas researchers at the Massachusetts Institute of Technology published a report on Thursday identifying what they claim to be major security flaws in its infrastructure that should deter anyone from using it. This comes just as an undisclosed number of counties are set to start implementing itin the presidential election for absentee voters. As the report states, Given the severity of failings discussed in this paper, the lack of transparency, the risks to voter privacy, and the trivial nature of the attacks, we suggest that any near-future plans to use this app for high-stakes elections be abandoned.
As is the case with any election technology, the specter of interference is a major obstacle to implementation. Voatz purports to harness end-to-end encryption, facial recognition, and blockchain, which is the network technology that facilitates cryptocurrency, to identify voters and make sure that ballots are not tampered with. The researchers say, however, that these measures still leave open a number of vulnerabilities that would allow a malicious party to negate or change votes, as well as spy on a users ballot. The paper claims, for example, that a hacker could launch a brute force attack to discover a users PIN for their account or gain administrative privileges to a smartphone to manipulate the app.
Because of Voatzs alleged lack of transparency, the researchers reverse-engineered the app by using information that the company had made publicly available in order to run their tests. In a blog post responding to the study, Voatz stated, With qualified, collaborative researchers we are very open; we disclose source code and hold lengthy interactive sessions with their architects and engineers. The company has also alleged that the MIT study is inherently flawed, in part because the version of the app that the researchers were testing was outdated, not connected to Voatzs servers, and only the Android version. And in a particularly barbed portion of the post, Voatz attacks the researchers for trying to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.
......SNIP"
live love laugh
(13,109 posts)The last election there were mailed absentee ballots left sitting at the post office until well after the election was called. I dont remember the locations but I remember the strategy. So mailing paper ballots is also a problem. Protocol for receiving ballots needs to be scrutinized and monitored or even changed.
As for the app the same people (absentees) are targeted.