Valentine’s Day Myth-Busters

No comments yet Permalink
Valentine’s Day Myth-Busters

In celebration of this love-filled day, from the humans behind the screens, we take this moment to bust five not-so-romantic myths about us.

 

MYTH 1: Voatz doesn’t like cybersecurity researchers

TRUTH: Absolutely not! The Voatz team is staffed by cybersecurity experts and technologists – we wouldn’t be here otherwise. We are promiscuous though… we’ve worked with more than 100 other researchers to test and verify their claims on our public bug bounty program on HackerOne using the latest version of our platform.

If someone misled you to believe otherwise, please know – we love you. Slide into our DMs on Twitter @Voatz or out in the open on HackerOne. We will make the connection! We’ve got nothing but love. 

 

MYTH 2: Voatz reported someone to the FBI

TRUTH: Nope! Voatz did not report anyone to the FBI.

The real story goes like this: during the 2018 West Virginia live election pilot, there was an unsuccessful attempt to gain entry into the live election system. We immediately saw the attempt and blocked it like a black hole on stardust. At the time, we had no way of knowing if the attempt was maliciously inclined or not, and protecting the system was most important to us (as it always is!).

Voatz shared the details of this attempt with West Virginia (as we’re obligated to do, helping to run their live election and all). Given the nature of the attempt, and because elections infrastructure happens to be classified by DHS under a fancy, very serious term called “critical infrastructure”, West Virginia felt it necessary to report the attempt to law enforcement. 

Again, the people who made this attempt were targeting the live system during an active election. They were not part of the bug bounty program, which allows you to test the replica system. Targeting a live system during an active election is a no-no because of that fancy “CI” designation, and requires reporting. Testing the replica system as part of the bug bounty program, on the other hand, is allowed. Therein lies the difference between what happened in West Virginia (not allowed: tampering with a live election), versus what could have happened (allowed: testing on public bug bounty program).

We think research is great – please keep researching. Truly. Our world is ever-evolving with security threats and we absolutely, fundamentally need people like you. And, by all means, please do it on our public bug bounty program on HackerOne. It’s free (!). You can access our latest versions of the platform and play with them all you want. And maybe even win money (!). And join nearly 100 researchers who’ve been important, collaborative researchers as part of the program. And, most importantly, you can help all of us, collectively, work toward building solutions rather than trying to tear them down. It takes a village, you know.

 

MYTH 3: Voatz hides its audits

TRUTH: No, we don’t. Voatz is an audacious experiment – not unlike finding true love. We are out in the open. Voatz has several public reports, including from the CISA Hunt and Incident Response Team (HIRT), along with our white papers, which are available on our website here. More reports are coming in the next couple of months – stay tuned. Also, it’s worth mentioning that our pilots are citizen-audited with the NCC, which is the National Cybersecurity Center. You can sign up to be an auditor, too – we all can, and make our elections more assured, and more transparent. Commitment does not get better than this.

 

MYTH 4: Everyone is voting on their smartphones — it’s widespread!!

TRUTH: This is very, very false. Across all of our governmental mobile voting pilots, less than 600 total voters have used our system. That’s an average of 66.66 voters per election — check out that equation.

We are always one of the first to say that mobile voting is far from ubiquitous. We’ve been building the technology for 5 years, now, step-by-step, piloting on a very small scale to test and iterate with church elections, universities, then both major political parties and then, for the first time two years ago, piloting with small numbers of overseas citizens in state and federal elections. These elections are the ones that suddenly threw us on the map with the media, but we’d been at it for 3 years before then.

It’s our belief that these very small pilots are what help us learn, test these technologies, and prepare – deeply – for election resilience for the future. You know, baby steps. Like first dates, then second dates, and so on.

 

MYTH 5: Mobile voting is less secure than what voters currently use

TRUTH: Did you know voters are currently voting by sending their ballots in an email? How about that for security? 

Email is how many of our overseas citizens and military are voting (think yahoo, hotmail, etc. 😱), because paper ballots don’t work for them (think about a village in the middle of West Africa). These voters have to relinquish their right to anonymity, and their jurisdiction has to hand-copy their emailed ballots, oval by oval, onto a paper ballot that can be tabulated. How about that for a long distance relationship – taxing on the jurisdiction, not very secure, and also prone to error.

So, in so many ways, mobile voting is actually a massive improvement to the current methods being used by these voters. It keeps them anonymous, it’s far more secure, it automatically produces a paper ballot for tabulation, and the voter gets a receipt to confirm their vote was counted correctly and to audit that their intent was tabulated. No ghosting, here.

 

Happy weekend, may your hearts be filled with nothing but joy and love for being alive!

About Voatz