Geoffrey Fowler’s Aug. 18 Economy & Business column on Covidwise, “I downloaded a coronavirus exposure app. You should too.,” mentioned our analysis, which indicates that fake notifications could be directed toward specific populations during an election, leading individuals to self-isolate and not vote en masse. The potential scale of such an attack could be used for effective voter suppression in swing states during the upcoming election. Similarly, fake notifications could also be directed at U.S. Postal Service facilities, potentially pushing an already brittle vote-by-mail system into chaos. 

Though it is encouraging to see Mr. Fowler raising this concern, unfortunately the described countermeasure is not sufficient to prevent such an attack. Well-motivated attackers can be willing to get themselves infected to legally obtain an authorization code. Similarly, it is not unlikely that a black market for such codes would develop. 

In the absence of a more secure technology (which, by the way, is available), a much safer solution would be to discontinue notifications for the weeks leading to Election Day. 

Rosario Gennaro, Adam Krellenstein and James Krellenstein, New York

The writers are cryptoscientists.