In a sane world, I would not need to repeat this...
but this is not a sane world, especially when voting is concerned.
Two years ago, in the USA 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called “Voatz”, that [promises security and integrity of the vote] by using “blockchain, biometrics, a mixnet, and hardware-backed key storage modules on the user’s device.”
In February 2020, some researchers have published a security analysis of Voatz. The conclusions are… interesting.
Not only the app is not secure…
…to the point that the researchers suggest that any near-future plans to use this app for high-stakes elections be abandoned. The funniest, entirely predictable part is this:
all attacks presented in this paper are viable regardless of the app’s purported use of a blockchain, biometrics, hardware-backed enclaves, and mixnets. We join other researchers in remaining skeptical of the security provided by blockchain-based solutions to voting, and believe that this serves as an object lesson in security.
Nothing to see here, really. Online voting is a cretin idea, and we already knew it. Just accept it.
(This post was drafted in April 2020, but only put online in August, because… my coronavirus reports, of course)