Information Theory 101: if code touches a bit, it can introduce
Two counties in Oregon and some jurisdictions in Washington, are offering voting via mobile phone app for overseas armed forces personnel. The app, called “Voatz,” according to a recent MIT paper, has elementary security flaws that would allow someone to see and intercept votes as they’re transmitted from mobile phones to the voting company’s server. An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately.
Elections officials in the affected counties don’t seem to have
gotten the message. “This is very, very new to me,” said
Kim Lindell, elections manager of Umatilla County. “It’s said to
be very secure, and I think that our overseas people will benefit
from it if they decide to give it a try.”
“It is said to be very secure?” Not by MIT, it’s not! This is the person who is supposed to be making security decisions. It sounds like she’s making security decisions based on marketing brochures.
Jackson County Clerk Christine
Walker seems to have a kind
of Jetson’s, gee-whiz, “it’s-tech-it-must-be-good”,
toward the whole thing: “My
grandkids, great grandkids, great-great grandkids, aren’t going to
want anything to do with a polling place, let alone a paper ballot,”
she said. “Their expectation is that they have it easily
accessible on one of their devices.” Really? She has interviewed
her great grandkids and great-great grandkids about their
expectations for voting technology? A
person in charge of running elections
blithely dismisses paper ballots? Based
on what? Psychic interviews with her unborn progeny?
In any case, she inadvertently
betrays that this is not going to stop with overseas military voting.
Either that or all her
descendants are going to be stationed overseas.
And what are the benefits?
They say mobile voting (it’s specifically mobile phone voting)
will allow overseas voters to vote “within minutes,” but
State law already requires the ballots to be sent at least 45 days
prior to the election, and there have *never been any problems*. What
is the hurry?
On the other hand there are definite
problems with the Voatz system. Security holes. The private company
running the system has not been transparent, audited, or forthcoming
with security analysis. I work for a company that relies heavily on
Web services. We have to undergo highly strenuous audits for security
and reliability. We hire people to attack our systems and try to find
flaws. This is industry standard. Why isn’t this same standard
applied to our elections?
The Oregon Secretary of State
said that she relied on the say-so of West Virginia officials with
regard to security of the Voatz app. Did they conduct an audit? Where
may we see the results?
They mention voter turnout as an advantage of online voting. But
Oregon already has the highest turnout in the country, using vote by
Another reason given is that President Trump threatened to take
the US out of the Universal Postal Union, the UN’s international
postal agency. But that issue was resolved in September 2019, in
plenty of time for normal mail voting.
Why is this being implemented in Oregon and Washington, states
with exemplary 10- and 20-year histories of vote by mail? My guess is
that it’s because we
have robust vote-by-mail systems.
why are these systems being pioneered in backwater, low-population,
Enter “Tusk Philanthropies,” and its man-behind-the-curtain,
Bradley Tusk. Bradley Tusk was Michael Bloomberg’s campaign manager.
He has written a book titled The Fixer: Saving Startups From Death
by Politics. According to the
Wall St. Journal, “Mr. Tusk’s new book, ‘The Fixer,’
describes how he helped companies like Uber and Walmart ‘take on
in helping corporations fight government regulation.He
ran a campaign to remove the cap on the number of taxi cabs in New
York City, and eliminate laws requiring minimum earnings for drivers.
“The problem is not only did this happen in New York, but now
it’s going to happen everywhere,” laments Mr. Tusk, who worked
as a consultant for Uber Technologies from 2010 to 2015. For this he
was paid in Uber stock, now worth $100 million.
So they want to replace a perfectly good government-run system not just with a high-tech startup, but they want our voting system to be run with the usual libertarian tech-bro hostility to regulation and “get-out-of-my-face” hostility to public scrutiny.
Links for further reading:
Sen. Ron Wyden’s letter to Oregon Secretary of State
Security experts raise alarm over mobile app planned for Oregon and Washington elections
Bradley Tusk made $100 million helping Uber conquer New York, and he’s not apologizing