Open letter to CA's Sec. of State calls for 'urgent mitigating action' with an immediate mandate for statewide post-election Risk-Limiting Audits...
By Brad Friedman on 9/2/2021, 11:35pm PT  

Eight of the nation's top cybersecurity and voting systems experts warned in a letter sent to California's Secretary of State on Thursday night that "emergency action is warranted" in response to a recent leak of key voting system software used in nearly 60% of state jurisdictions amid CA's ongoing Gubernatorial recall election.

The bluntly --- and urgently --- worded, 3-page letter [PDF] from the longtime experts in this field to CA Sec. of State Dr. Shirley Weber calls for a specific type of public, post-election audit as the "one critical action" that should be announced immediately, in response to software recently stolen from Mesa County, Colorado and Antrim County, Michigan. The software in question, Dominion Voting's Election Management System (EMS), was released over the Internet for broad download during a so-called "Cyber Symposium" run by Trump supporter, conspiracy theorist and pillow impresario, Mike Lindell three weeks ago. The EMS software, used in both CO and MI and many other states, including CA, is used to manage virtually every aspect of elections, from ballot creation to tabulation. Forty of California's 58 counties, according to AP's coverage of this matter tonight, use a version of the Dominion EMS that, according to the experts' letter, while "not identical" is virtually the same with only "relatively minor" differences.

"The release materially elevates threats to the trustworthiness of the ongoing California recall election and to public trust in the election," the experts inform Weber, as they urge her to, in advance of the election, mandate a robust statewide post-election audit in each county in the state.

The computer scientists explain that "a statewide risk-limiting audit (RLA) of trustworthy paper ballots...can substantially mitigate these threats," as posed by the recent breach. They define "trustworthy" as hand-marked paper ballots with a secure chain of custody, and advise that Weber mandate RLA's to both to ensure accuracy of computer-tallied results of those ballots and to offer confidence to the public in the results, no matter the outcome of the September 14th GOP recall targeting Democratic Governor Gavin Newsom.

One of the letter's signatories, Prof. Philip B. Stark of UC-Berkeley, is the inventor of the well-regarded RLA protocol. It consists of a manual, public tally of a certain percentage of ballots as devised by the protocol to gain scientific certainty in the computer-tallied results. Stark recently discussed the alarming new security breach on The BradCast, comparing this release of proprietary election software into the wild as akin to having a life-sized, identical version of a bank and its vault with which to practice breaking into it...

“If I were trying to break into a bank, how helpful would it be to have blueprints of the bank and the bank vault?," Stark asked rhetorically. "How helpful would it be for me to have an actual exact copy of the bank, completely at my disposal, to try different ways of breaking in and so forth? Not even a scale model, but literally the exact same thing, just in a different place. That's what having a copy of these disks amounts to."

The letter is also signed by several other esteemed experts in the field such as Finnish cybersecurity and voting system expert Harri Hursti; founder of Georgia Tech's School of Cybersecurity and Privacy, Dr. Richard DeMillo; Univ. of South Carolina's Duncan Buell; retired Livermore National Laboratory scientist and voting system advisor to five successive CA Secretaries of State, David Jefferson and a number of other top experts.

"As of August 2021, thousands of unknown people can study the code and find weaknesses to plan attacks on elections," they write. "The attacks can be deployed by non-technical accomplices, including voters, building maintenance personnel, and election workers. Unfortunately, even extensive pre-election testing of the voting equipment may not deter or detect such attacks."

"In raising our concerns about the Dominion software release we are not accusing Dominion of wrongdoing. Nor do we have evidence that anyone currently plans to hack the recall election," they make clear. "However, it is critical to recognize that the release of the Dominion software into the wild has increased the risk to the security of California elections to the point that emergency action is warranted."

They go on to draw a distinction between the action they are urging from the Sec. of State, and the less-than-scrupulous so-called "audits" carried out recently, without public oversight, in places like Maricopa County, Arizona by inexperienced, private entitles with a partisan agenda...

Emergency measure to secure the election and maintain voter confidence

This newly heightened risk can be mitigated by critical but straightforward action. We urge you to use your authority to mandate a statewide post-election risk-limiting audit of the outcome for the two questions on the recall ballot. RLAs have become the widely acknowledged gold standard of post-election auditing. This proposed audit should be done completely transparently, with citizen observation, and under guidance from your office (not vendors or third parties) and under the auspices of local county election officials to maintain Californians’ strong voter confidence. RLAs of the outcome require a trustworthy paper trail of hand marked paper ballots with limited use of machine-marked ballots. At least 17 of California’s 58 counties --of vastly different sizes and using a broad spectrum of voting systems from different vendors --- have already conducted pilot RLAs, so the process is well understood by local election officials. Because the same two contests are on every ballot in the state, a RLA of the recall election is especially straightforward and efficient.

If an actual cyberattack silently changes the outcome of the election, or any other procedural or software error does, a properly conducted RLA based on trustworthy paper ballots will detect it and correct it (with high probability). If the election outcome is correct in the first place the RLA will provide strong public evidence that it is, creating a “firewall” against litigation and disinformation seeking to discredit the outcome.

The letter's authors stress the importance of committing to such a post-election verification of results before Election Day. "Otherwise, it may appear to be a partisan decision, and there may be calls for other kinds of 'audits' that are neither scientifically grounded nor probative, and that would likely undermine public confidence in the election."

Over the past several weeks, beginning on the day of the unauthorized release of the Dominion EMS software into the wild, we have been covering this story, and trying to help both national media and CA state election officials understand this serious new threat to elections around the country --- where the same or substantially similar Dominion EMS software is used in some 30 states --- and, specifically, to the ongoing California recall, where the threat is currently most immediate and acute.

In recent days, a number of national media outlets --- Washington Post and Associated Press, for example --- have finally issued stories highlighting the concern of experts and the seriousness of the breach which is partly tied to Mesa County, CO County Clerk Tina Peters. She appeared at MyPillow magnate Lindell's forum in South Dakota last month, after sneaking into a secure area of the the County's Elections Division earlier this year with two accomplices late at night, turned off the security cameras, and made unauthorized copies of two hard drives containing the Dominion software.

While the recent national coverage has been good in general, those stories failed to connect the dots between the breach and California's critical Recall election. It is hoped that the letter to CA's SoS from the cybersecurity and voting system experts on Thursday night, along with AP's new coverage of same, may finally bring the needed attention to this urgent matter.

The exposure of the EMS software follows just days after new revelations in a long-running lawsuit challenging the use of Dominion's touchscreen Ballot Marking Devices (BMDs) in Georgia, by the tenacious, non-partisan Coalition for Good Governance (CGG). In that federal suit, expert witness Prof. J. Alex Halderman, Director of the University of Michigan’s Center for Computer Security and Society was allowed to examine [PDF] Dominion's touchscreen systems and discovered previously unknown "highly exploitable vulnerabilities" that could allow an attacker with physical access to one of the machines --- including a voter --- to change votes by inserting malware that could be passed from machine to machine and eventually back to corrupt the EMS software.

"If you have someone who can do the technical work of devising a cyberattack, then it could actually be deployed by a voter, by an insider, by a vendor, by whoever," he told AP. The new software breach "just really multiplied the number of people who are in a position to do harm to our elections by a very large factor."

Halderman's report, detailing the newly documented vulnerabilities on behalf of plaintiffs in CGG's case, was "so sensitive," according to the experts' letter to the CA SoS on Thursday, that the federal judge overseeing the case ordered it to be sealed, even from plaintiffs and defendants in the case. They urge Secretary Weber "to file a motion with Judge [Amy] Totenberg to obtain a confidential copy of Prof. Halderman’s sealed report to inform your cybersecurity team of the vulnerabilities he discovered."

CGG also issued a press release late on Thursday, citing the need for action as detailed by the experts' new letter, and quoting a number of them to highlight its urgency.

"The impact on the California recall election should not be underestimated," Georgia Tech's DeMillo warns. His concerns are echoed by Univ. of South Carolina's Buell, another letter author and expert witness in CGG's lawsuit against Georgia's Sec. of State. "It is imperative that California immediately address the breach of the Dominion election management system to provide the mitigation that can only be achieved by the use of hand marked paper ballots counted by scanners with the outcomes tested in thorough post-election audits," urges Buell.

"California is facing a grave security risk that can easily result in the loss of voter confidence if the danger is not mitigated with a rigorous post-election audit," notes CGG's Executive Director, Marilyn Marks. "California has often led the way in election security initiatives and is well positioned to swiftly solve this critical problem." She underscores the need for the state to take "immediate action" by declaring a statewide RLA "to ensure that voter confidence is earned in a way that sets the standard for all other states as they conduct their November elections."

* * *
Please support The BRAD BLOG's fiercely independent, award-winning coverage of your electoral system, as available from no other media outlet in the nation, with a much-needed DONATION to help us keep going!

Share article...