{"id":4071,"date":"2020-02-07T10:20:10","date_gmt":"2020-02-07T15:20:10","guid":{"rendered":"https:\/\/cointelegraph.com\/magazine\/?p=4071"},"modified":"2020-04-09T10:53:26","modified_gmt":"2020-04-09T14:53:26","slug":"safe-harbor-or-thrown-to-the-sharks-by-voatz","status":"publish","type":"post","link":"https:\/\/cointelegraph.com\/magazine\/2020\/02\/07\/safe-harbor-or-thrown-to-the-sharks-by-voatz","title":{"rendered":"Safe Harbor, or Thrown to the Sharks by Voatz?\u00a0"},"content":{"rendered":"
In looking to address low voter turnout and the difficulty of in-person voting for veterans and people with disabilities, companies have often advocated for the use of technology. Blockchain has been suggested as a solution to archaic voting systems, which could take the form of improving security by assuring that each vote is counted only one time, and is permanently recorded.\u00a0<\/span><\/p>\n But the use of technology is not a cure-all, as anybody paying attention to the Iowa caucus debacle would know. And blockchain voting isn\u2019t necessarily a perfect fix either.<\/span><\/p>\n Voatz, a Massachusetts-based company, has worked with West Virginia; Denver, Colorado; Utah County, Utah; and both <\/span>Jackson and Umatilla Counties in Oregon,<\/span> to pilot its blockchain-enabled mobile voting app. However, the company has met with criticism due to what Joseph Lorenzo Hall, senior vice president for a strong Internet at the Internet Society and former chief technologist at the Center for Democracy & Technology, described as the company\u2019s \u201ccompletely opaque\u201d approach to security.<\/span><\/p>\n Although the company has shared an eight-page white paper and claims to have been audited multiple times, it has <\/span>provided precious little information<\/span><\/a> about what tests were conducted; what the auditors had access to; any vulnerabilities discovered; and whether or not they were fixed.<\/span><\/p>\n Last October, <\/span>CNN revealed<\/span><\/a> that a <\/span>student security researcher<\/span><\/a> was referred to the FBI over what the company says was an intrusion attempt\u2014even though that research appears to have been protected by the safe harbor statement in the company\u2019s bug bounty program. The bug bounty program terms on HackerOne <\/span>were updated<\/span> soon after the FBI referral made headlines, and first noticed by independent security researcher Jack Cable.<\/span><\/p>\n Referring researchers following terms of your bug bounty to the FBI isn’t cool. According to https:\/\/t.co\/OIR3XXB0h8<\/a> Voatz director says the “live election system” was “out of scope”, but this was added to the terms today (https:\/\/t.co\/60b4isZMZZ<\/a>).<\/p>\n \u2014 Jack Cable (@jackhcable) October 5, 2019<\/a><\/p><\/blockquote>\n\n