In a sane world, I would not need to repeat this...
but this is not a sane world, especially when voting is concerned.
Two years ago, in the USA 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called “Voatz”, that [promises security and integrity of the vote] by using “blockchain, biometrics, a mixnet, and hardware-backed key storage modules on the user’s device."
In February 2020, some researchers have published a security analysis of Voatz. The conclusions are… interesting.
Not only the app is not secure…
…to the point that the researchers suggest that any near-future plans to use this app for high-stakes elections be abandoned. The funniest, entirely predictable part is this:
all attacks presented in this paper are viable regardless of the app’s purported use of a blockchain, biometrics, hardware-backed enclaves, and mixnets. We join other researchers in remaining skeptical of the security provided by blockchain-based solutions to voting, and believe that this serves as an object lesson in security.
Nothing to see here, really. Online voting is a cretin idea, and we already knew it. Just accept it.
(This post was drafted in April 2020, but only put online in August, because… my coronavirus reports, of course)
Who writes this, why, and how to help
I am Marco Fioretti, tech writer and aspiring polymath doing human-digital research and popularization.
I do it because YOUR civil rights and the quality of YOUR life depend every year more on how software is used AROUND you.
To this end, I have already shared more than a million words on this blog, without any paywall or user tracking, and am sharing the next million through a newsletter, also without any paywall.
The more direct support I get, the more I can continue to inform for free parents, teachers, decision makers, and everybody else who should know more stuff like this. You can support me with paid subscriptions to my newsletter, donations via PayPal (mfioretti@nexaima.net) or LiberaPay, or in any of the other ways listed here.THANKS for your support!