Don't look! It's Secure VOTING! I promise!

-
Voatz, an American company, advertises itself beautifully. 

In true tech fashion, it states that they offer;
Secure, accessible voting at your fingertips".

In the US, online voting has used by some overseas voters and military personnel, that cannot vote in person or via postal ballot. [2]

Don't worry peeps, I'm not going to publish any security problems or anything like that. I would not do well in jail. Let's be fair, I would be passed around like currency in the shower room.

However, I will say this.

Any company that prides itself on the security of their application, and then spends time, effort and money to lobby all the way up to the US Supreme Court to make legitimate security testing that is not authorized by them, or testing from an independent security researcher (this would even mean researchers from universities, businesses, independents, or an organization hiring a security assessment to check the security of your system that you have procured) a crime....

Well, then...

They can't have as much confidence in their own product. No way near as much as their sales documentation.

But it continues (extract from the Supreme Court AMICUS):
“Necessary research and testing can be performed by authorized parties,” (authorised in this case, by Voatz) [1]

“Voatz’s own security experience provides a helpful illustration of the benefits of authorized security research, and also shows how unauthorized research and public dissemination of unvalidated or theoretical security vulnerabilities can actually cause harmful effects.”[1]
Ah yes. This is why at my University we always ask students to mark their own thesis. Or why we ask our own teenagers to mark their own homework, and if they get full marks, they can go outside with their friends, and we will give them 50 Euros for a job well done.

Oh wait, I remember. That is insane.

Accepting these restrictions puts governments, companies and more importantly, you - your family and friends, at risk. No matter who you vote for, you should care if your vote was actually counted.

You do not limit criminals with this mindset. You limit the people that want to get the information and knowledge to get to the vulnerabilities first, in order to stop criminals exploiting it.

Now, if anyone needs me, I'm going to make my own PhD certificate that says I am super secure and the best looking Sailor in the world. I'll even make it in MS Publisher. Using comic sans. With word art. 

"Why" I hear you cry "that certificate is worthless, you say?!" 

Yep. Completely agree. And it is worth about as much as one of the proposed Voatz in-house security checks. No one should ever check themselves. It is too important.

[1] N. Van Buren and J. Hubbard, “Supreme Court of the United States BRIEF OF VOATZ, INC., AS AMICUS CURIAE IN SUPPORT OF RESPONDENT IN AFFIRMANCE OF THE DECISION BELOW” [Online]. Available: https://www.supremecourt.gov/DocketPDF/19/19-783/153062/20200903122434600_Voatz%20Amicus%20Brief.pdf

[2] “Washington state expands online voting for military and overseas voters,” The World from PRX, 2020. [Online]. Available: https://www.pri.org/stories/2020-02-03/washington-state-expands-online-voting-military-and-overseas-voters.


Previous
How to: TeXStudio and LanguageTool
Next
Right Tool, Right Job: How the UK lost 16,000 UK positive COVID cases using Excel.... (you read that right)

Add a comment

Email again: