[This article, constructed as a handout for concerned voters and election officials, was originally posted to Medium by Jennifer Cohn on 2/17/2018 and is cross-posted in full here with her permission. This article is also available for easier printing and sharing as a PDF here - BF]
Our elections are under attack. Intelligence officials concur that Russia plans to target the 2018 midterm elections. One hundred experts in the fields of computer science and statistics have recommended paper ballots and post-election statistical audits to protect our democracy. But some election officials have undermined efforts to implement these security measures with irresponsible and false assurances that it would be difficult for hackers to alter the outcome of a national election under our current system.
This handout strives to break through this disinformation with sourced facts that expose the truth about our computerized voting systems. We hope that concerned citizens will use this handout as a tool to persuade decision-makers of the urgent need for paper ballots, robust post-election audits, and other security measures...
On today's BradCast: How hackers in Las Vegas over the weekend confirmed what we've been yelling and screaming about for nearly 15 years. Namely, every single computer voting, tabulation and registration system used in the U.S. is absurdly vulnerable to manipulation that would likely go undetected unless hand-marked paper ballots exist and are actually counted, by hand, by human beings. [Audio link to full show posted below at end of article.]
We're joined today for some of the amazing details on what happened in Vegas (in hopes that it doesn't just stay there!) by DR. DAVID JEFFERSON, a longtime computer scientist at Lawrence Livermore National Laboratory and Chair of the Board of Directors at VerifiedVoting.org. Jefferson, who has a been a pioneer in the field of voting system security for some 20 years, serving as an advisor to five successive Secretaries of State in California (both Republican and Democratic) also presented at the wildly popular DefCon "Voting Village".
"It was a wild time, I have to tell ya. This hacking village was set up --- really, in just six weeks it came together --- and in that short a time, they managed to gather all these voting machines," he says. It was quite a contrast from the "cloak and dagger" days when folks like us had to obtain voting machines from secret sources to share with independent investigators in order to have any kind of independent analysis of system vulnerabilities.
"That room was just crowded from morning to night," Jefferson says, describing the room at DefCon. "And the amazing thing is that all of those successful hacks, these were by people who, most of them, had never seen a voting machine before, and certainly not the system sitting in front of them, and they had not met each other before. They didn't come with a full set of tools that were tailored toward attacking these machines. They just started with a piece of hardware in front of them and their own laptops and ingenuity, attacking the various systems. And it was amazing how quickly they did it!"
Jefferson tells me, after all of these years, he is now seeing a major difference among the public, as well as election and elected officials (a number of whom were also in attendance), regarding the decades-long concerns by experts about electronic voting, tabulation and registration systems.
"I am seeing a kind of sea change here. For the first time, I am sensing that election officials, and the Department of Homeland Security, and the FBI, and the intelligence community, and Congress, and the press, are suddenly, after the 2016 election experience, receptive to our message that these systems are extremely vulnerable and it's a serious national security issue. As you know, in a democracy, the legitimacy of government depends on free and fair and secure elections. And people are beginning to realize that we haven't had those for a long time."
He explains how hacking methods attributed by many to Russians following the 2016 elections "are the same methods that anyone on Earth could use --- insiders, criminal syndicates, nation-states other than Russia, as well, or our own political partisans. The fear, of course, is that these hacking attempts will be totally undetectable. But even if they are detectable, it's difficult often to determine who did it, whether it's an insider, or a domestic partisan, or some foreign organization."
He also confirms what I've been trying to point out since the 2016 election, that despite officials continuously claiming that no voting results were changed by anyone, be it Russia or anybody else, "they cannot know that. They simply can't know. Certainly in those states where there are no paper ballots, such as in Georgia, for example, it's impossible for them to know. And even in states where there are, if they don't go back and either recount the paper ballots, or at least recount a random sample of them, no, they can't know either."
"Election officials have fooled themselves into believing the claims of their [private voting machine] vendors that the systems are secure from all kinds of attack. And it's just never been true," Jefferson argues.
But will the weekend's short order hacks of every voting system presented at DefCon actually help the U.S. to finally move toward systems that are overseeable by the public? And what does that mean, exactly? Is replacing old computer election systems --- many of which still run on no-longer-supported software like Windows 2000 --- with new ones the answer? Are paper ballots, which voting systems experts call for, enough? Particularly given that we saw, after the 2016 election, how it's nearly impossible, even for a Presidential candidate, to see those ballots publicly hand-counted ("Democracy's Gold Standard") in order to confirm results?
"We have to change the way we think about securing elections. Instead of trying to harden the voting systems themselves against all forms of attack --- I think that is going to be a hopeless task for as far into the future as computer scientists can see. Instead of hardening those systems themselves, we need to design systems so that after the election is over we can verify that the results were correct. And then if they're not, we have to be able to change the results accordingly. So the emphasis is on detection and correction, not prevention."
I hash all of that out and much more with my friend Dr. Jefferson today, who also details DefCon's plans to make the "Voting Village" a permanent fixture of its annual convention, which just spectacularly wrapped up its 25th year.
Also on today's show: Trump fires his incoming White House Communications Director Anthony "The Mooch" Scaramucci before he even officially begins in his new role, and the mop-up from last week's health care repeal disaster for Republicans in the Senate continues, as the White House demands the U.S. Senate vote on nothing else until they can vote to repeal the Affordable Care Act, despite a new poll finding Americans want Congress to move on, and Vermont Sen. Bernie Sanders vowing to introduce a single-payer healthcare bill in the U.S. Senate...
While we post The BradCast here every day, and you can hear it across all of our great affiliate stations and websites, to automagically get new episodes as soon as they're available sent right to your computer or personal device, subscribe for free at iTunes, Stitcher, TuneIn or our native RSS feed!
* * *
MONTHLY BRAD BLOG SUBSCRIPTION
(Snail mail support to "Brad Friedman, 7095 Hollywood Blvd., #594 Los Angeles, CA 90028" always welcome too!)
Today we covered two stories I've been trying to get to for a while on The BradCast, and they're both related.
The first is the story of the state lottery insider who hacked the system to "win" a $14 million jackpot --- begging the question: if a state run lottery with a multi-million dollar security system can't protect against insider manipulation, how can a local election official do it, particularly with Internet Voting systems that partisans and profiteers continue to push for?
The second also relates to the first. Computer science and security expert Jeremy Epstein of Virginia Verified Voting joins me to discuss the immediate decertification of 1/5 of Virginia's voting systems after a state analysis found what many of us had been warning about for years: the AVS WINVote system is so simple to hack that, Epstein says, if it hadn't already been hacked in the decade its been in use there, "it was only because no one tried."
A must-listen version of The BradCast, if I say so myself. Or you can wait until Halloween if you're looking for something really scary.
We also covered some encouraging economic news out today, and who to "blame" for it; Missouri Republicans overriding the Democratic Governor's veto to cut off public assistance to children and families; and what the NRA wants you to get mom for Mother's Day...
While we post The BradCast here everyday, and you can hear it across all of our great affiliate stations and websites, to automagically get new episodes as soon as they're available sent right to your computer or personal device, subscribe for free at iTunes, Stitcher, TuneIn or our native RSS feed!
* * *
Please help support The BRAD BLOG's fiercely independent, award-winning coverage of your electoral system and much more --- now in our TWELFTH YEAR! --- as available from no other media outlet in the nation...
MONTHLY BRAD BLOG SUBSCRIPTION
(Snail mail support to "Brad Friedman, 7095 Hollywood Blvd., #594 Los Angeles, CA 90028" always welcome too!)
Virginia has decided to learn what much of the country already knows. The 100% unverifiable touch-screen voting systems they have long been using in their public elections are also 100% hackable.
After ignoring the warnings and using them anyway for more than a decade --- and three Presidential elections --- a recent incident on Election Day in 2014 led the Commonwealth to finally do what they should have and could have done long ago: test the machines to find out how vulnerable they actually are.
Well, they finally did so and --- boy howdy! --- did they discover what the rest of us have been warning about for years.
There is a reason, after all, that Virginia was the last state in the union to continue using the WINVote system made by the ironically named Advanced Voting Solutions (AVS). And there is a reason why, after finally bothering to test them, Virginia has now immediately decertified one-fifth of the voting systems used across the state, even though it will leave some jurisdictions scrambling for new ways to hold their primary elections scheduled for early June.
We've been noting problems with the WINVote system almost as long as The BRAD BLOG has been in existence. One example is our short report from 2007, when we discussed problems with the AVS systems before the company eventually went out of business entirely and after the WINVote system had been decertified by Pennsylvania when the company refused to pay the federal testing lab examining a newer version of the system for federal certification. Before those tests were discontinued at the time, we reported, the lab had "found 1,946 source code anomalies, 25 serious documentation problems, and an unauthorized change of motherboards."
As we wrote in 2007, "Elections officials want to ignore those problems." The elections officials in Virginia were precisely among those we were talking about.
But, no more. Once VA officials finally decided to do their own long-overdue security analysis of the systems, "Security deficiencies were identified in multiple areas, including physical controls, network access, operating system controls, data protection, and the voting tally process," according to the 6-page report [PDF] released by the Virginia Information Technologies Agency (VITA) this week.
"The combination of critical vulnerabilities in these areas, along with the ability to remotely modify votes discretely, is considered to present a significant risk. This heightened level of risk has led VITA security staff to conclude that [a] malicious third party could be able to alter votes on these devices," they wrote, adding tersely: "These machines should not remain in service."
The details of the Commonwealth's findings (now that they've looked for them) are so mind-blowingly startling that some Virginia localities who are losing their voting systems are now perfectly happy with the idea that they may have to --- gasp! --- hand count paper ballots in their upcoming elections...
You may have already heard at least some of the bizarre story about three "Tea Party" supporters of Mississippi's Republican U.S. Senate candidate Chris McDaniel who found themselves locked inside the Hinds County Courthouse around 2am on primary election night last Tuesday. McDaniel himself is now locked in a run-off for the Republican nomination for U.S. Senate against six-term Senator Thad Cochran, after the nail-biter on Tuesday which left the two men reportedly about 1,400 votes apart out of more than 300,000 cast.
Ultimately, neither candidate received more than 50% of the vote, so they'll face each other again in a run-off for the GOP nomination on June 24. But the incident that left the three McDaniel supporters calling for help to let them out of the courthouse in the middle of the night after the last election official had locked the door and left almost three hours earlier is more than curious. It has many wondering what the hell the three were doing at the location where ballots are tallied and vote tabulators stored, in one of the last counties to come in with their results on the squeaker of an election night.
The details of the story, and why the three --- one a top campaign official for McDaniel (and a former Presidential campaign staffer for Newt Gingrich) --- were there at all, remain murky. On Wednesday, the Hinds County Sheriff's office said that there were "conflicting stories from the three of them." But by Thursday evening, despite what a Sheriff's spokesman described as a "fabrication" from the President of the Central Mississippi Tea Party who contacted a fellow Hinds County Republican executive committee member to seek his help in getting out of the courthouse, the county decided that she and the two men caught in the courthouse caper along with her broke no laws.
"Based on our findings and subsequent conclusion," the County Sheriff's office announced in a statement, "there is no reason to believe that the three individuals engaged in any criminal activity nor do we believe any laws were broken."
But with one of the original headlines about the story focused on the fact that the three had been locked in the empty courthouse "with ballots on Election Night," there remain a number of questions about what actually happened, despite initial reportage indicating that "ballots had been secured prior to the intrusion" and a subsequent report noting that "some precinct information wasn't sealed."
So, The BRAD BLOG contacted the Hinds County Election Commissioners to get more information on the exact type of voting system used there, which aspects of it might have been vulnerable to the three McDaniel supporters alone inside the courthouse, and what type of information was left unsealed there on election night.
We received detail answers to our questions from one of the five Hinds County Election Commissioners --- the one who would, perhaps, have the most reason to be suspicious of the trio of McDaniel supporters...
On Tuesday, we highlighted some of the many failures of e-voting systems in the Jackson, Mississippi (Hinds County), metropolitan area during their statewide primary election that day. Apparently enough systems failed, touch-screen systems that simply malfunctioned and refused to allow votes to be cast, names missing from electronic "ballots," etc., that the Clarion-Ledger quoted a senior Democratic party official yesterday offering this remarkable statement:
“What the public needs to know is that there is no election at this point,” said Claude McInnis, vice chairman of the Hinds County Democratic Executive Committee. “All we have is numbers from precincts. Until the committee verifies the election, we don’t have one.”
What? Verify an election before announcing results?! Candidates refusing to concede before that's done?! And how exactly will they be able to "verify" those numbers from 100% unverifiable electronic voting systems? My goodness. It's anarchy in Mississippi!...
Yet another touch-screen voting machine broke down, in yet another "hotly contested" election, in yet another Democratic-leaning district yesterday. Due to the failure, the actual results are completely unknown, unreliable, and unverifiable, and yet, one candidate (the Republican, as coincidence would have it) has been named the "winner" by 89-votes out of 12,000 cast in the Fairfax County, VA, Board of Supervisors special election.
We are as completely sick of writing these stories by now, as we're sure you are of reading about them, so we'll bury the details below the fold, for those who want the skinny on what happened...You're welcome...
Three Pennsylvania counties are considering pulling their old lever voting machines out of mothballs for this November's general election. The counties' "Plan B" comes in the wake of a refusal by e-voting machine company Advance Voting Systems (AVS) to pay the bill to federal "Independent Testing Authority" (ITA) lab iBeta Quality Assurance which has, according to NJ's Express-Times, found "thousands of source code irregularities and 24 documentation irregularities with AVS machines."
A problem in AVS's currently certified systems in PA makes them impossible to use as is in the upcoming elections.
iBeta is one of the private testing labs recently given approval by the U.S. Elections Assistance Commission (EAC) to test voting systems at the federal level. The labs, however, are still paid by the voting machine companies themselves.
The EAC's letter [PDF] also indicated that iBeta discovered AVS machines, contrary to the submitted documentation, used a different motherboard than those on the machines submitted for testing.
It's unclear, according to some of the reports from the PA papers, whether lever machines may legally be used in their elections, or if the counties may have to move to....wait for it...paper ballots in this November's municipal elections.
The Express-Times reveals the extraordinary arrogance of the voting machine companies, who, until heat has recently been brought to bear on both the EAC and the companies, had for years received a rubber-stamp for qualification of their systems by federal testers --- no matter how poorly the systems were built. After the EAC notified the company that certification testing was being suspended at iBeta due to lack of payment, "Howard Van Pelt, Advanced Voting Solutions president, maintained the machines are certified, regardless of what the commission says," according to the Express-Times.
Van Pelt, however, is wrong. But he, and the others like him, are used to receiving a free pass from the EAC and other Federal and local authorities for so many years that they may still be under the impression they can do whatever they want, despite what the federal government tells them and despite what the law says.
Yet AVS may not be the only voting machine company we may soon find unwilling --- or unable --- to pay for testing of voting systems, which could subsequently plunge elections in other states and counties into danger of not being carried out at all...