STUPID: Voting by Mobile Phone

Information Theory 101: if code touches a bit, it can introduce error.

Two counties in Oregon and some jurisdictions in Washington, are offering voting via mobile phone app for overseas armed forces personnel. The app, called “Voatz,” according to a recent MIT paper, has elementary security flaws that would allow someone to see and intercept votes as they’re transmitted from mobile phones to the voting company’s server. An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately.

Elections officials in the affected counties don’t seem to have gotten the message. “This is very, very new to me,” said Kim Lindell, elections manager of Umatilla County. “It’s said to be very secure, and I think that our overseas people will benefit from it if they decide to give it a try.”

“It is said to be very secure?” Not by MIT, it’s not! This is the person who is supposed to be making security decisions. It sounds like she’s making security decisions based on marketing brochures.

Jackson County Clerk Christine Walker seems to have a kind of Jetson’s, gee-whiz, “it’s-tech-it-must-be-good”, so-last-century attitude toward the whole thing: “My grandkids, great grandkids, great-great grandkids, aren’t going to want anything to do with a polling place, let alone a paper ballot,” she said. “Their expectation is that they have it easily accessible on one of their devices.” Really? She has interviewed her great grandkids and great-great grandkids about their expectations for voting technology? A person in charge of running elections blithely dismisses paper ballots? Based on what? Psychic interviews with her unborn progeny?

In any case, she inadvertently betrays that this is not going to stop with overseas military voting. Either that or all her descendants are going to be stationed overseas.

And what are the benefits?

They say mobile voting (it’s specifically mobile phone voting) will allow overseas voters to vote “within minutes,” but State law already requires the ballots to be sent at least 45 days prior to the election, and there have *never been any problems*. What is the hurry?

On the other hand there are definite problems with the Voatz system. Security holes. The private company running the system has not been transparent, audited, or forthcoming with security analysis. I work for a company that relies heavily on Web services. We have to undergo highly strenuous audits for security and reliability. We hire people to attack our systems and try to find flaws. This is industry standard. Why isn’t this same standard applied to our elections?

The Oregon Secretary of State said that she relied on the say-so of West Virginia officials with regard to security of the Voatz app. Did they conduct an audit? Where may we see the results?

They mention voter turnout as an advantage of online voting. But Oregon already has the highest turnout in the country, using vote by mail.

Another reason given is that President Trump threatened to take the US out of the Universal Postal Union, the UN’s international postal agency. But that issue was resolved in September 2019, in plenty of time for normal mail voting.

Why is this being implemented in Oregon and Washington, states with exemplary 10- and 20-year histories of vote by mail? My guess is that it’s because we have robust vote-by-mail systems.

And why are these systems being pioneered in backwater, low-population, low-media-attention counties?

Enter “Tusk Philanthropies,” and its man-behind-the-curtain, Bradley Tusk. Bradley Tusk was Michael Bloomberg’s campaign manager. He has written a book titled The Fixer: Saving Startups From Death by Politics. According to the Wall St. Journal, “Mr. Tusk’s new book, ‘The Fixer,’ describes how he helped companies like Uber and Walmart ‘take on the system’.”His “philanthropy” specializes in helping corporations fight government regulation.He ran a campaign to remove the cap on the number of taxi cabs in New York City, and eliminate laws requiring minimum earnings for drivers. “The problem is not only did this happen in New York, but now it’s going to happen everywhere,” laments Mr. Tusk, who worked as a consultant for Uber Technologies from 2010 to 2015. For this he was paid in Uber stock, now worth $100 million.

So they want to replace a perfectly good government-run system not just with a high-tech startup, but they want our voting system to be run with the usual libertarian tech-bro hostility to regulation and “get-out-of-my-face” hostility to public scrutiny.

Links for further reading:
Sen. Ron Wyden’s letter to Oregon Secretary of State

Security experts raise alarm over mobile app planned for Oregon and Washington elections

Bradley Tusk made $100 million helping Uber conquer New York, and he’s not apologizing