Voatz wishes to acknowledge the enormous effort it must have taken for the team of researchers, until this point anonymous to us, to produce “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S Federal Elections”.
Our review of their report found three fundamental flaws with their method of analysis, their untested claims, and their bad faith recommendations.
First, the researchers were analyzing an Android version of the Voatz mobile voting app that was at least 27 versions old at the time of their disclosure and not used in an election. Had the researchers taken the time, like nearly 100 other researchers, to test and verify their claims using the latest version of our platform via our public bug bounty program on HackerOne, they would not have ended up producing a report that asserts claims on the basis of an erroneous method.
Second, as the researchers admitted, the outdated app was never connected to the Voatz servers, which are hosted on Amazon AWS and Microsoft Azure. This means that they were unable to register, unable to pass the layers of identity checks to impersonate a legitimate voter, unable to receive a legitimate ballot and unable to submit any legitimate votes or change any voter data.
Third, in the absence of trying to access the Voatz servers, the researchers fabricated an imagined version of the Voatz servers, hypothesized how they worked, and then made assumptions about the interactions between the system components that are simply false. This flawed approach invalidates any claims about their ability to compromise the overall system. In short, to make claims about a backend server without any evidence or connection to the server negates any degree of credibility on behalf of the researchers.
The researchers have labeled Voatz as “not transparent”. With qualified, collaborative researchers we are very open; we disclose source code and hold lengthy interactive sessions with their architects and engineers. We educate them on the critical demands of election security; they give us feedback and educate us on new best practices based on their practical knowledge of security drawn from other industries.
Voatz has worked for nearly five years to develop a resilient ballot marking system, a system built to respond to unanticipated threats and to distribute updates worldwide with short notice. It incorporates solutions from other industries to address issues around security, identity, accessibility, and auditability.
We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues. Pilot programs like ours are invaluable. They educate all election stakeholders and push innovation forward in a responsible, transparent way. For nearly two decades, the researchers and the community to which they belong have waged a systematic effort to dismantle any online voting pilots. These attempts effectively choke any meaningful conversation and learnings around the safe integration of technology to improve accessibility and security in our elections. The effect is to deny access to our overseas citizens, deployed military service men and women, their families, and citizens with disabilities.
It is clear that from the theoretical nature of the researchers’ approach, the lack of practical evidence backing their claims, their deliberate attempt to remain anonymous prior to publication, and their priority being to find media attention, that the researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.
The reality is that continuing our mobile voting pilots holds the best promise to improve accessibility, security and resilience when compared to any of the existing options available to those whose circumstances make it difficult to vote.