California Republicans know they can't win normal statewide elections. Hence, the attempted Recall election of progressive Democratic Gov. Gavin Newsom amid several crises that the GOP candidates hoping to replace him will make considerably worse. But now, voting system and cybersecurity experts tell The BradCast there is reason to be very concerned about the voting and tabulation systems used in some 60 percent of the state, following the recent theft and release on the Internet of Election Management System software, allegedly by a far-right County Clerk in Colorado during the MyPillow CEO's so-called "Cyber Symposium" last week in South Dakota. One of those experts joins us to explain the concerns, and what can be done about it, today. [Audio link to full show is posted at end of this summary.]
But, first up, the circus of some 46 candidates on the ballot hoping to become Governor of the nation's most populous state, if Newsom is removed by the first question on the Recall ballot, serves as a reminder that this special election, while seemingly ridiculous, is also potentially deadly for residents of the Golden State. Nonetheless, recent polling suggests that it is currently a dead heat as to whether Newsom will be removed and then replaced by someone likely to get little more than 20% of the vote on the ballot's second question about who should take his place.
In the middle of a debate between several GOP "front-runners" on Tuesday in Sacramento, one of the candidates, multi-millionaire John Cox (the guy who actually campaigns with a grizzly bear), got served in a Court process as he was introducing himself, as "ordered" by a San Diego Superior Court Judge finding that he owes about $100,000 to a contractor the Republican businessman failed to pay during his failed run against Newsom in 2018.
While neither of the top Republican or Democratic candidates on question two of the ballot were at the debate (Trump-loving, climate change denying, woman-hating Rightwing radio talk-show host Larry Elder and Democratic real-estate millionaire Kevin Paffrath), both of them oppose Newsom's mask and vaccination mandates. The BRAD BLOG's Ernie Canning, in a "Progressive's Guide to the California Recall" published today, explains why CA voters must vote "NO" on the Recall's first question, before he goes on to explain who he believes progressives should support on question two.
Sky-rocketing rates of infections, hospitalizations and deaths under GOP Governors like Florida's Ron DeSantis and Texas' Greg Abbott (who tested positive himself on Tuesday), should serve as another reminder of the importance of both elections and having Governors who do not place political ambition over science. Despite pleas to the contrary from health officials, both DeSantis and Abbott have issued edicts blocking local governments and school districts from instituting mask mandates, even as hospitals in both states are reaching or exceeding capacity, and children under 12 (unlike Abbott and DeSantis) are ineligible to become vaccinated. (Fortunately, President Biden reiterated today that the federal government will cover the salaries of school officials who chose to protect children, even if their paychecks are cut by the TX and FL Governors. And one school district in TX has come up with a very clever way of trying to get around Abbott's ban on mask mandates.)
Meanwhile, thanks to Newsom's various statewide mask and vaccine mandates here in California, infection, and death rates are all now coming back down once again.
Of course, facts such as these mean little to those pushing for the removal of Newsom, and many on the right have demonstrated of late that there is little they won't do in order to "win" an election. Thus, the theft and release of important voting system software by a far-right County Clerk in Mesa County, Colorado last week during Mike Lindell's "cyber symposium" (at which he didn't release the promised "absolute proof" that China stole the 2020 election from Trump), has a number of actual cybersecurity and voting system experts very concerned today.
We've been covering this story in detail over the past week, as both the national media and California media haven't covered it at all. But they should. Colorado media finally jumped in, a bit, this week after their Sec. of State on Monday announced that Mesa County Clerk Tina Peters --- who appeared on stage several times at Lindell's forum last week --- was behind the theft and copying of two hard drives at the Mesa County Election Division containing Dominion Voting's Election Management System (EMS) software.
Democratic CO Sec. of State Jenna Griswold's office, in a news release Monday night, explained how Peters pulled off the heist with two accomplices in the middle of the night back in May, before the software was released into the wild during last week's symposium. Since then, we have reported on this show about the concerns expressed by voting system and cybersecurity experts like Harri Hursti, who warns that the release of the critical software "lowers the barrier for attack planning and therefore increases the likelihood of future attacks." That, just after another top expert in the field, University of Michigan's J. Alex Halderman, filed a 50,000 word report in a long-running federal lawsuit in Georgia, which seeks to ban Dominion's unverifiable touchscreen voting systems. The report, which he says [PDF] details disturbing, newly discovered vulnerabilities in those systems, which reportedly could allow votes to be changed without detection, has now been sealed by the federal judge due to its sensitivity --- even from the plaintiffs and defendants in the case!
Dominion's vulnerable touchscreens are used in several large jurisdictions in California, even as the recall is now ongoing, including San Diego County, San Francisco and Riverside County. Their EMS software --- released to the Internet and downloaded by thousands just last week --- is used to tabulate votes, both hand-marked paper ballots and touchscreen votes, in every county where Dominion's systems are used. The software is used broadly in enough counties here that it could easily effect the computer-tallied results of the Recall election.
Another top expert who is worried about all of this joins us on today's program to explain why, and what can now be done about this serious security breach. University of California-Berkeley Professor PHILIP STARK is an expert witness in the Georgia case, the inventor of the post-election Risk-Limiting Audit protocol, and currently serves on the Board of Advisors of the U.S. Election Assistance Commission.
He joined Hursti this week in telling me that they were both dubious about vague claims from the CO Sec. of State's office that the U.S. Cyber Security and Infrastructure Security Agency (CISA) was not particularly concerned about the leak of the Dominion software.
"It is a serious risk," Stark makes clear today. "The best metaphor I've been able to come up with is, if I were trying to break into a bank, how helpful would it be to have blueprints of the bank and the bank vault? How helpful would it be for me to have an actual exact copy of the bank, completely at my disposal, to try different ways of breaking in and so forth? Not even a scale model, but literally the exact same thing, just in a different place. That's what having a copy of these disks amounts to."
"To the extent that these systems were not that secure in the first place, this doesn't make the systems more vulnerable. But it gives a would-be evil-doer lots of help and information to plan an attack, figure out what's going to work, which then can be conducted later by someone with less technical skill," Stark warns.
He explains that "these Election Management Systems are used, among other things, to configure the ballot marking devices" as well as "results from the precinct-based scanners" and the high-speed centralized scanners used to tabulate Vote-by-Mail ballots. "The release of the EMS code gives someone a blueprint for how to write malware to infect the ballot marking devices, etc., when they're configured using these systems."
We go on to discuss what can and should now be done by California in regards the ongoing Recall election (as well as other jurisdictions, with elections coming up in November, where Dominion systems are used in more than a dozen states) to ensure that results are accurately tabulated and reported, and can be known by the public, after the election, as such. His recommendations include the use of both hand-marked paper ballots and a far more robust post-election audit process than is currently mandated by CA state law.
Moreover, he cites a critical lesson that should be learned from Tina Peters, the Republican County Clerk in Mesa, CO who is alleged to have brought accomplices into the Elections Division in the middle of the night on May 23rd, and turned off the security cameras in order to steal the software and copy it for release into the wild. (She is now under criminal investigation and has been relieved of her duties by CO's Secretary Griswold.) "This is a very clear reminder that insider threats are real," observes Stark. "This is a wake-up call. It is very difficult to mitigate insider threats."
We are still waiting for a response from the CO Sec. of State's office, as to who they spoke with at CISA and what exactly that person said, given that the cybersecurity folks I've spoken with are quite dubious that the nation's top cybersecurity watchdog actually downplayed this voting system breach. Or, if they did, that they fully understood it. Meanwhile, CA's Sec. of State, to my knowledge, has said nothing about any of this publicly. But that may be because neither state nor national media --- other than us --- have bothered to connect the dots between California and these very serious concerns...
(Snail mail support to "Brad Friedman, 7095 Hollywood Blvd., #594 Los Angeles, CA 90028" always welcome too!)