Posted on July 24, 2020 (July 24, 2020) Election Protection Share: Free Speech For People wrote to the state attorneys general of six states (Colorado, Delaware, Massachusetts, Oregon, Utah, and West Virginia), and the Department of Homeland Security’s Inspector General, calling for an investigation of Voatz, a Boston-based internet voting company, for deceptive and misleading marketing that may violate state laws against consumer deception or fraudulent misrepresentation, and federal laws against misuse of a federal agency’s logo. Background Voatz is developing, aggressively marketing, and soliciting investments in its internet-based voting system that enables voters to cast a ballot from an application loaded on to their mobile phones. Computer and network security experts are virtually unanimous that online voting is an exceedingly dangerous threat to the integrity of U.S. public elections. Nonetheless, Voatz’s successful campaign to promote its online voting system in public elections throughout the United States has included bogus claims of “military grade security.” Though Voatz’s unproven advertisements regarding security successfully persuaded election officials in Utah as well as Colorado, West Virginia, and Oregon, Voatz’s failure to substantiate any of these statements continued to breed distrust. After a devastating report from researchers at the Massachusetts Institute of Technology contradicted Voatz’s claims of security. The report was a stunning catalogue of security gaps and documented multiple vulnerabilities “that allow different kinds of adversaries to alter, stop, or expose a user’s vote.” The MIT researchers had reached out to the Cybersecurity Infrastructure and Security Agency (CISA) at the Department of Homeland Security to share their findings. CISA found the research credible and facilitated communication between the researchers and Voatz to responsibly disclose the security issues to Voatz before the report was made public. Although DHS had validated MIT’s findings, Voatz’s denials and attacks on the MIT report were successful in convincing some of its customers that Voatz’s security claims were valid and that the MIT findings were false. Voatz also distributed what it described as a recently declassified DHS report. The purported DHS report was not a security review but a hunt assessment report – essentially an analysis to determine if Voatz’s network contained any evidence it had been breached. This document was distributed to reporters by the West Virginia Secretary of State and was reported in multiple news stories, serving as a counterweight to the damaging MIT study. But though the West Virginia Secretary of State’s office described the report as a DHS report, and in several cases reported by the media to be a DHS study, it was, in fact, a report drafted and published by Voatz itself purporting to represent what the (still non-public) DHS hunt report found. Our letters We’ve called for investigations by the state attorneys general of Colorado, Oregon, Utah, and West Virginia (four states where Voatz affirmatively misrepresented its security), Massachusetts (where Voatz is headquartered), and Delaware (where it is incorporated), asking for investigations. Our letter to the Delaware Attorney General further asks her to consider whether to revoke Voatz’s corporate charter. We also wrote to the Department of Homeland Security’s Inspector General, asking for an investigation of whether Voatz violated federal statutes regarding misuse of federal agency seals, because the initial version of its “summary” included the CISA logo without apparent authorization, which is a federal crime. Read our letters below: Department of Homeland Security Inspector General (June 4, 2020) Delaware Attorney General (June 4, 2020) Massachusetts Attorney General (June 4, 2020) Utah Attorney General (May 5, 2020) West Virginia Attorney General (May 1, 2020) Colorado Attorney General (Apr. 21, 2020) Oregon Attorney General (Apr. 21, 2020)