Voatz Internet Voting App Is Insecure

0 views
Skip to first unread message

Joshua N Pritikin

unread,
Feb 17, 2020, 8:16:43 AM2/17/20
to ni4...@googlegroups.com
https://www.schneier.com/blog/archives/2020/02/voatz_internet_.html

josiah moss

unread,
Feb 17, 2020, 10:46:01 AM2/17/20
to ni4...@googlegroups.com
So is paper ballots the only real way to vote?


Sent from Yahoo Mail for iPhone

On Monday, February 17, 2020, 8:16 AM, Joshua N Pritikin <jpri...@pobox.com> wrote:

https://www.schneier.com/blog/archives/2020/02/voatz_internet_.html

--
You received this message because you are subscribed to the Google Groups "National Citizens Initiative for Democracy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ni4dus+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ni4dus/20200217131634.vglxrynjcv5kzmoc%40cocoa.

Joshua N Pritikin

unread,
Feb 17, 2020, 10:58:45 AM2/17/20
to 'josiah moss' via National Citizens Initiative for Democracy
On Mon, Feb 17, 2020 at 03:45:52PM +0000, 'josiah moss' via National Citizens Initiative for Democracy wrote:
> So is paper ballots the only real way to vote?

I don't think that's the conclusion.

Online voting systems must be designed with extreme care. What we've
seen so far is extreme carelessness.

Evan Ravitz

unread,
Feb 17, 2020, 11:50:10 AM2/17/20
to ni4...@googlegroups.com
The thing is that all voting systems are ultimately run by humans and humans are not good at the "extreme care" that Joshua says is necessary for system design. 

The simple reason that most Security Experts say voting should not be by internet (or by phone) is that voting in America is by secret ballot. 

We do billions of financial transactions a day securely online because everyone is identified. So if there's a problem, your bank calls you and asks you if you really made the transaction. This is impossible with secret ballot voting. Secret votes can't be "verified."

Maybe someone could make a secure block chain voting system, but humans would  eventually take shortcuts and leave it insecure. I believe that's how Bitcoins have been stolen in spite of the blockchain's supposed perfect record keeping.

So I think paper voting is the way to go and, at least until voting software is open source, the ballots should be hand counted as they are in Canada France Germany and many other places. 

Evan 

Evan Ravitz, guide, photographer, writer, editor. Ex-not-so-tight-rope artist. Working for direct democracy since 1988. The unlikely takes longer...
http://EvanRavitz.com


On Mon, Feb 17, 2020, 6:16 AM Joshua N Pritikin <jpri...@pobox.com> wrote:
https://www.schneier.com/blog/archives/2020/02/voatz_internet_.html

--
You received this message because you are subscribed to the Google Groups "National Citizens Initiative for Democracy" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ni4dus+un...@googlegroups.com.

Michael Grant

unread,
Feb 17, 2020, 5:10:30 PM2/17/20
to ni4...@googlegroups.com

Evan, I totally agree.  Paper and an open auditable election is the way to go.

 

There are several reasons why ballots are secret:

 

  1. If your ballot is not secret, then, you might be discriminated against, for example fired for not voting the way your employer desired
  2. If you could show how you voted, you could sell your vote

 

Let alone the possibilities of online voting fraud where votes are not counted correctly, or through some malware, you vote but some malware changes your vote, either in your device or on the server.  Can we really trust the software?

 

Scientific American reports that there may be something viable in the works: https://www.scientificamerican.com/article/truly-secure-voting-is-on-the-way/

 

Some quotes from the article:

 

“ElectionGuard. It uses a technique called homomorphic encryption to maintain voter anonymity while allowing anyone to verify that votes have been correctly counted.”

 

However, it’s not clear to me how you could verify your vote in such a way that you still could not be able to sell your vote or prove to someone how you voted.  Maybe we just have to put up with this detail in exchange for electronic voting?  I suppose even today one could take a photo/video of their voting process and sell their vote based on that, so you could argue this is no worse.

 

I can imagine a system where you might vote online and later, you could appear in person and using a combination of some private key and the voting place’s key, your vote could be verified, but you must be alone in the place where they decode your vote.

 

Voatz is also mentioned in this article.

 

However, today and for the foreseeable future, it’s paper.

 

Michael Grant

nicholas holthaus

unread,
Feb 17, 2020, 5:37:30 PM2/17/20
to ni4...@googlegroups.com
Hi all
  I totally agree with Mike Grant here with his "However, today and for the foreseeable future, it’s paper."
  I DO see a day where e-voting will be a viable option for those who wish to do so, but that there
should also be traditional paper ballots too.
  One thing I hope you guys caught in the Schneier article is the word "permissioned" placed right before
"blockchain."  Yikes.  The point of blockchain is that it has no "overseer."  No "permission granter"
or even a manipulator possible.
  A true blockchain--especially using certain cyphers they're implementing such as those that change every second--
would be unbreakable.  True blockchains supposedly already are, even without said cypher codes.
  The problem, for now and the near future, as it always has been, is WHO counts the vote (i.e. WHO makes
the machine and/or tallies and reports the numbers?).  Some corporation? 
Nico


Joshua N Pritikin

unread,
Feb 18, 2020, 6:12:07 AM2/18/20
to ni4...@googlegroups.com
On Mon, Feb 17, 2020 at 10:10:22PM +0000, Michael Grant wrote:
> “ElectionGuard. It uses a technique called homomorphic encryption to
> maintain voter anonymity while allowing anyone to verify that votes
> have been correctly counted.”
>
> However, it’s not clear to me how you could verify your vote in such a
> way that you still could not be able to sell your vote or prove to
> someone how you voted.

It's a zero knowledge proof. The math exists, but it's going to take a
long time before regular people understand and accept it.

> However, today and for the foreseeable future, it’s paper.

Yeah
Reply all
Reply to author
Forward
0 new messages