On June 14, 2023, I emailed the media email address, email@example.com, given on Dominion Voting Systems' contact page. After identifying myself as a Seattle-based freelance journalist and so on, I asked six questions, the last of which was:
6) Does Dominion object to Dominion's proprietary software having been distributed via ShareFile by Atlanta-based data forensics firm SullivanStrickler, four of whose employees participated in the January 2021 Coffee County elections office breaches? Has Dominion or its representatives done anything to object to that violation of its intellectual property rights? For instance, has Dominion or its representatives filed complaints in response to SullivanStrickler's distribution of Dominion's intellectual property? Has Dominion or its representatives attempted to stop further distribution of its intellectual property? (See for instance the deposition of Sullivan Strickler's Dean Michael Felicetti in Curling v. Raffensperger, Case 1:17-cv-02989-AT Document 1489-2 Filed 09/19/22.) (See also for instance the sworn declaration of computer security expert Kevin Skoglund also in Curling v. Raffensperger, Case 1:17-cv-02989-AT Executed on December 5, 2022.)
Stephanie Walstrom, Managing Director, Strategy replied, also on June 14, 2023, that she didn't "have anything for" me "on all of these questions" (you know thorough me and all my questions) but I could attribute the following to a Dominion spokeswoman. (How magnanimous of her! Hmm, Dominion spokeswoman. You know, her. I never agreed, in blood or otherwise, to obey any word in any email sent by some corporate marketer, but let's play along a little.)
(Thus sprach a Dominion spokeswoman:)
"More than two years after the 2020 election, no credible evidence has ever been presented to any court or authority that voting machines did anything other than count votes accurately and reliably in all states. Our customers' certified systems remain secure."
Note the laughable boilerplate of her final sentence: Our customers' certified systems remain secure. Compare that with Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA)'s advisory and tracking (last revised 3 June 2022) of Common Vulnerabilities and Exposures (CVEs) for the Dominion devices in question.
Also, not "having anything for" me is an undecidable blur between Dominion didn't object and Dominion ain't answering one way or the other. Just a further example of Dominion's longstanding silence on the Coffee breach.
I emailed her back, again on June 14, 2023 -- busy day! -- to ask the following questions three:
First, how does Dominion Voting square "Our customers' certified systems remain secure." with a), the December 2022 sworn declaration of Kevin Skoglund, Curling v. Raffensperger computer security expert for the plaintiffs, that the Coffee County breach operatives collected and distributed "protected software from almost every component of Georgia's election system," meaning "adversaries may use the software in disinformation campaigns or study it to learn how to subvert its operation," and as a result, "all of Georgia's counties and other states must endure increased risks" -- or square it with, b) the Security Analysis of Dominion Ballot Marking Devices, unsealed for the first time today, carried out by J. Alex Halderman, Curling v. Raffensperger computer security expert for the plaintiffs, who said "The ICX BMDs are not sufficiently secured against technical compromise to withstand vote-altering attacks by bad actors who are likely to attack future elections in Georgia. Adversaries with the necessary sophistication and resources to carry out attacks like those I have shown to be possible include hostile foreign governments such as Russia--which has targeted Georgia's election system in the past --and domestic political actors whose close associates have recently acquired access to the same Dominion equipment that Georgia uses through audits and litigation in other jurisdictions"?
Second, Halderman's newly unsealed declaration notes: "Over the past six months, I have repeatedly offered (through Curling Plaintiffs' counsel) to meet with Dominion and share my findings, so that the company could begin developing software fixes where possible, but they have yet to take me up on this offer." Why hasn't Dominion Voting taken up the offers of Professor J. Alex Halderman -- a world-expert on this topic -- to help your company with fixing bugs/vulnerabilities?
Third and finally, does Dominion Voting endorse the security through obscurity approach over the open security paradigm?
She replied on -- if you guessed June 14, 2023, we have a winner -- to sprach spokeswomanly for Dominion that she'd "refer to this page (linked off the homepage) which addresses a lot of this." She then provided the hyperlink to the page in question -- https://www.dominionvoting.com/mitre-report/ -- and noted "That's all I have for you on this, but appreciate you reaching out!"
Dominion's preferred MITRE report is refuted by world-class computer security expert J. Alex Halderman in a short version here.
This footnote created by Douglas Lucas on 15 June 2023.