1/ Remember Voatz, the “blockchain”-based Internet voting app that doesn’t really use blockchain to send votes? There's an excellent new security analysis by @trailofbits that confirms the issues recently reported by MIT researchers and finds *way* more problems.
2/ Notably, this time @Voatz commissioned the analysis itself, as @rachelegoodman1 and I recently advocated slate.com/technology/202….
It's the first public system-wide security assessment. Election officials should demand this kind of testing before considering such a system.
It's the first public system-wide security assessment. Election officials should demand this kind of testing before considering such a system.
3/ What did it find? "Our security review resulted in seventy-nine (79) findings. A third of the findings are high severity ..."
4/ Just as the MIT researchers claimed, “Anyone with administrative access to the Voatz backend servers will have enough information to fully reconstruct the entire election, deanonymize votes, deny votes, alter votes, and invalidate audit results.”
5/ There’s lots more, some of it even worse than I expected. For instance, it sounds like attackers could easily figure out how everyone voted! 
6/ “This encryption uses a hard-coded static key and IV found in the core server code as well as the Android and iOS application code. [...] It appears the particular key and IV used are also copied from a Stack Overflow answer.”
Oh.
Oh.
7/ Voatz claimed to use a mixnet to anonymize the voted ballots, but apparently this isn’t true!
8/ This is nuts. Voatz’s third-party security analysts *refute* all three of the company’s objections to the MIT security report, including confirming that the app version MIT tested wasn’t meaingfully different from the current release at the time.
9/ Kudos to @trailofbits for this top-notch work. I only wish it had come sooner, before Voatz was used to accept actual ballots in real elections, putting election integrity and voters' privacy at risk.
10/ Security reviews like this are necessary but not sufficient. They can demonstrate critical problems, but they can't rule out that there are more exploitable vulnerabilities left to find.
11/ In the end, Voatz's problems are unsurprising: voting online is one of the hardest security problems. In my view, it will be at least a decade—if ever—before we can vote online safely in major elections, and getting there will take major progress across the security field.
"refute"->"reject"
