Voatz, a mobile voting app that’s already been used in several elections in the United States, has more than a dozen critical security flaws, according to a newly released audit. The audit also shows Voatz publicly refuted an MIT report that found flaws in its app even after it received confirmation that it was accurate.
The audit, which was prepared by cybersecurity firm Trail of Bits for Voatz and Tusk Philanthropies, which has partnered with Voatz on some of its pilot voting projects, found 48 technical vulnerabilities, 16 of which were “high-severity issues.”
That’s an unusually high and concerning number of critical vulnerabilities when compared with other penetration test (“pen test”) reports. A Trail of Bits May 2019 audit of the application management software Kubernetes, for example, found 37 technical vulnerabilities, only five of which were high-severity issues.
Voatz has already been used in elections in West Virginia and piloted in Denver, parts of Oregon, Utah, and Washington State. The company claims that since 2016 “more than 80,000 votes have been cast on the Voatz platform across more than 50 elections (including 10 governmental election pilots since March 2018 involving more than 700 pilot voters).” Experts have repeatedly warned that mobile or online voting is not a good idea, and that it is nearly impossible to design an online voting system that doesn’t have serious security flaws.
Jesus: Hey, Dad? God: Yes, Son? Jesus: Western civilization followed me home. Can I keep it? God: Certainly not! And put it down this minute--you don't know where it's been! Tom Robbins in Another Roadside Attraction