After MIT Find Vulnerabilities, Medici Ventures Defends Blockchain Voting App Voatz

Emerging technologies got in the crosshairs of regulators when a mobile software application that had been devised to help calculate the total number of votes in the recent Iowa Democratic caucus reportedly malfunctioned, resulting in the Democratic Party having to delay its public reporting of last Monday’s results.

Jonathan Johnson, CEO of Overstock and president of Medici Ventures, has issued a statement supporting blockchain in voting in response to the technology’s vulnerabilities claims published on Feb. 13.

Following the Iowa caucus scandal, blockchain-based voting apps fell under scrutiny, which resulted in a Massachusetts Institute of Technology’s security analysis of Voatz, the self-styled first Internet voting application used in United States federal elections.

But does blockchain really fail when it comes to elections?

The researchers claimed that they had found vulnerabilities in Voatz that enable “different kinds of adversaries to alter, stop, or expose a user’s vote, including a sidechannel attack in which a completely passive network adversary can potentially recover a user’s secret ballot.”

As such, the authors of the analysis concluded that the app is not secure, adding that “our findings serve as a concrete illustration of the common wisdom against Internet voting, and of the importance of transparency to the legitimacy of elections.”

In the meantime, Voatz carried out its own analysis through the CISA Hunt and Incident Response Team (HIRT) to determine if there was evidence of targeted malicious activity in the app’s network. HIRT concluded:

“HIRT analysts did not detect threat actor behaviors or artifacts of past activities on the in-scope portions of the Voatz networks. HIRT identified some areas where defense-in-depth protections and configurations could be improved to help Voatz’s IT security personnel defend their enterprise network. HIRT commends Voatz for their proactive measures in the use of canaries, bug bounties, Shodan alerts, and active internal scanning and red teaming.”

Tech discussions run to extremes

In his Feb. 13 statement, Johnson backed Voatz, saying that it prevents voting fraud and safeguards the privacy of each voter. He outlined that recent speculations around technology in elections had run to extremes turning to an anti-technology and anti-learning stance. Johnson said:

“I firmly believe this undermines American progress. This false premise is shutting down our pursuit of piloting, testing and developing technologies that not only mitigate risks, but makes voting accessible for populations who cannot physically get to the polls.”

Earlier in February, another major blockchain-powered voting firm, Votem, pointed out that it is still not completely clear what function the app provided for the Iowa Caucus. Pete Martin, CEO of Votem, said in an email to Cointelegraph:

“Our assessment is that this was not truly mobile voting where a verifiably authenticated voter is casting a verifiable and auditable electronic encrypted ballot that is shuffled and publicly tallied. The Caucus is unique in that the voter’s identity is known, but in most cases the voters identity is separated from their ballot to protect their identity, all of which we detail in our «Proof of Vote» protocol.”

Leave a Reply

Your email address will not be published. Required fields are marked *