MIT Researchers Disclose Vulnerabilities in Voatz Mobile Voting Election App (zdnet.com) 38
Academics from MIT's computer science laboratory have published a security audit today of Voatz, a mobile app used for online voting during the 2018 US midterm elections and scheduled to be used again in the upcoming 2020 presidential election. From a report: MIT academics claim they identified bugs that could allow hackers to "alter, stop, or expose how an individual user has voted." "We additionally find that Voatz has a number of privacy issues stemming from their use of third party services for crucial app functionality," the research team said in a technical paper released today. "Our findings serve as a concrete illustration of the common wisdom against Internet voting, and of the importance of transparency to the legitimacy of elections," researchers added. MIT academics urge states to continue using paper ballots rather than mobile apps that transmit votes over the internet. They say the current paper ballot voting system is designed to be transparent, and allow citizens and political parties to observe the voting process. "Voatz's app and infrastructure were completely closed-source," said James Koppel, one of the MIT academics.
There is only one solution (Score:2)
Paper!
Re: (Score:2)
Yes.
Especially when used in combination with technology.
Mark the ballot, scan it, confirm the scan matches, slide it into the box.
You get the instant count they are looking for but also the paper is the ultimate record. Later, after the paper ballots are scanned officially, they damned well better match the paper or you know something is up.
That will also prevent people form showing up with boxes of marked ballots later.
Narrowing and simplifying the methods of voting is the key to secure elections, not an,
Re: (Score:1)
The real problem now is lack of demand. The black box is simply unacceptable.
Re: There is only one solution (Score:1)
I almost never agree with you. On this point, I agree with you.
Shocked (Score:2)
I'm shocked, shocked I tell you!
Re: (Score:2)
Re: (Score:2)
You mean like every business under the sun trustes their private internal communications to a third party app called "slack".
Lets face it people are stupid and they absolutely deserve the representation or lack their of that they get.
Notabug (Score:1, Interesting)
This wasn't some kind of mistake. The design was to take the air out of the Bernie Sanders campaign by denying him an out-of-the-gate victory in Iowa, and it did just that. I saw this comment on Reddit and will quote it here as it does a great job of explaining why this is all happening:
"The big corporations are scared to death of him. Unlike 99% of politicians, Bernie does not take money from them in the form of Super PACS, which is basically legal bribery to politicians to fund campaigns, which are insa
Re: (Score:2)
A Bernie win would be the beginning of the end of the elitist control of the Democratic Party. That's why they hate him."
Pelosi runs the democratic party, and always will.
Bernie will never be president. His nomination will guarantee another term for Trump.
Re: (Score:2)
Ditto, the only people who will vote for Bernie are his hardcore supporters and that's not a plurality of Democrat voters. Another 4 years of Trump will doom the Justice Dept to be his private goon squad.
Re: Notabug (Score:1)
Almost every Trump voter I know - quite a few - would have voted for Bernie given the chance.
So who else is going to win? (Score:1)
So let's go through the candidates that are left:
1. Bloomberg, who just got caught saying minorities are murders, that minorities caused the 2008 market crash when redlining was banned and in 2016 endorsed Bernie after Hilary lost. You can verify all of these things with a 5 minute google search.
2. Here's a breakdown of why Pete can't win [slashdot.org] and
Re: So who else is going to win? (Score:1)
Mitt Romney. The D Party should nominate Mitt! The one man in America more loathed than crooked Joe.
In the hotly contested world of "most hated" (Score:2)
Re: (Score:1)
The Party's financiers are simply trying to adjust the riot index [ssrn.com].
The credibility crisis awaits the necessary false flag to pacify the savages.
Re: (Score:2)
https://apnews.com/345bbd1af529cfb1e41305fa3ab1e604/ [apnews.com]
Really, the vulns aren't a big deal (Score:3)
Really, there are only two issues that they brought up that I can see:
1. the credentials on-device aren't really safe, and
2. the vote payload isn't signed with the user's credentials.
The problem with these kinds of analyses is that they're done by scaremongers. Given the context of the app and reality, how likely is it that these can actually be exploited at scale?
And in any case, are these issues worse than paper ballots, or a compromise of the analog reporting system? In in-person elections you don't even have to show ID to vote, for the most part. How is that safe and secure?
Most of this analysis is moot anyway. Can you submit a vote without going through the Jumio verification system? If not, the rest of this analysis is a waste of time.
Re:Really, the vulns aren't a big deal (Score:4, Insightful)
At the end of the day, a technical analysis does not matter. The idea of remote voting is fundamentally flawed, as it fails to guarantee an anonymous vote. It does nothing to prevent vote buying, proxy voting by an abusive relative, stealing of votes (for instance, at a retirement home), voter intimidation, etc. A secure voting location is absolutely vital to a fair election. Even absentee ballots need to be minimized - we recently had a tainted election in NC thanks to those.
Vote by mail reduces suppression. (Score:2)
NC's elections problems were tampering with ballots [npr.org]. That can and does happen at election sites. There's been more than one case of voting machines getting dropped off at strange locations for unknown reasons.
Re: Vote by mail reduces suppression. (Score:1)
Despite the manifest inefficiency, we need paper ballot voting. If you one trusts computer systems for anything truly important, one doesn't understand computer security.
Re: (Score:2)
I'm a working class "folk".
I've worked steady since I was 16, I"m 49 now.
And somehow, I've always managed to vote on Tuesday, or whatever day of the week it happens to be. Even when there have been lines.
If you can't manage that....frankly, i don't value your opinion much.
Re: (Score:2)
Extending voting past Tuesday is the solution to that problem, not remote voting.
Despite your claim to the contrary, there is very little documented evidence that in-person voting fraud is significant. This is not an accident - this is due to years of adjustments and fine-tuning of in-person voting procedures. Look at Chicago for historical examples of how badly it used to go. Unlike in-person voting, remote voting can never guarantee the anonymous vote. Every election is inherently at risk when more than a
Re: (Score:2)
The idea of remote voting is fundamentally flawed, as it fails to guarantee an anonymous vote.
That is wrong.
Re: (Score:2)
How is it wrong. How can you prevent me from selling my vote if I vote by mail? How can you prevent an abusive spouse or parent from stealing my vote? How can you prevent a local thug from coming around to collect my vote, making sure I voted for his preferred candidate, and then mailing the envelope himself.
The answer is you cannot prevent any of those things. For any of that, you need a secure location.
Re: (Score:3)
1. the credentials on-device aren't really safe, and 2. the vote payload isn't signed with the user's credentials.
That's a pretty big fucking problem.
Re: (Score:2)
In in-person elections you don't even have to show ID to vote
That is also a huge problem, but it's being addressed despite tremendous push back from Democrats.
It's was struct down after multiple GOP operatives (Score:2)
Re: (Score:3)
So you are saying minorities are idiots that can't get an ID that they almost certainly already have.
Give it up. Your Race Card is so worn, you can see through it.
Re: (Score:2)
Well what happened to my wife the other election after the right wing had taken advice from the American Republican Party on how to fix our (Canadian) ID requirements was she showed up to vote and the name she was registered to vote under had been changed to my name when all her ID was in her name. Took hours to straighten out even with all her ID, marriage certificate and various bills in her name. According to the government web site, she was registered in her name.
As she is a minority that was heavily m
Re: (Score:2)
I see.
And all because she was a minority and not that you both are Canadian immigrants.
Facepalm!
Re: (Score:2)
I'm a Canadian citizen and her family has been here for 1000's of years
No. Just, no. (Score:2)
Given the current state of technology -- and the seeming lack of understanding of that tech by those trying to employ it for voting purposes -- there is no good solution to these mobile voting issues. It is just too easy to botch or manipulate.
Rational Computer People Don't Believe in EVoting (Score:2)
Voatz (Score:2)
Based on that name alone, I wouldn't trust it to count my fingers.
It reminds me of "Survey Monkey", you know if they could go back in time they'd change that one.