Experts say the report is meaningless, since those standards are hopelessly outdated and Voatz helped decide what/how to test.
subscriber.politicopro.com/article/2020/0…
For one thing, it doesn't even address flaws that MIT & @trailofbits identified in their reports.
internetpolicy.mit.edu/wp-content/upl…
blog.trailofbits.com/2020/03/13/our…
“A system can meet all of the requirements of the VVSG and still be massively insecure.”
McBurnett told me that the EAC should “demand retractions from both Pro V&V and Voatz” and change the testing process.
None of the parties here — Voatz, Pro V&V, or the EAC — responded to requests for comment.
He said his lab performed the test that it was contracted to perform but noted that an internet voting system "does not meet the full requirements called out in the VVSG nor can it."
VVSG 2.0 specifically says IV is out of scope.
"I usually don’t like when they make implications or stretch the truth," he said, "but it is out of my hands as long as it is accurate."
"[S]ecurity requirements" for internet voting "are not defined in a way that would allow for assurance that these types of systems are safe for use in U.S. elections."
The EAC points out that those labs can conduct whatever tests they want, and the results "should not be viewed as implicit approval" by the EAC that the system is safe or meets all VVSG reqs.