Investigating Domestic Voting Systems
We Call for a Special Investigation into Domestic Voting Systems
Last updated
We Call for a Special Investigation into Domestic Voting Systems
Last updated
In light of recent evidence detailing how easy it is for hostile actors to breach voting equipment in an ongoing security trial, Heal Earth Institute calls for a Congressional Investigation into the cyber security of these systems as an urgent matter of national security.
Software is generally designed in a way that it logs all system activity which can thus be monitored and audited in the event of any system issues. Strangely Dominion voting machine software does not log the activities if a user has the official password login. This type of cyber-security loophole is an indicator that the software is designed to support manipulation and potential vote rigging.
This advisory identifies vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot. The ImageCast X can be configured to allow a voter to produce a paper record or to record votes electronically. While these vulnerabilities present risks that should be mitigated as soon as possible, CISA has no evidence that these vulnerabilities have been exploited in any elections.
Exploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices. Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in this advisory, including technical, physical, and operational controls that limit unauthorized access or manipulation of voting systems. Many of these mitigations are already typically standard practice in jurisdictions where these devices are in use and can be enhanced to further guard against exploitation of these vulnerabilities.
A recent election assessment conducted in Pennsylvania's Fulton County and published in Februrary 2021 found the existence of the Microsoft SQL database on the Dominion Voting Machines in the country.
According to the Fulton County report, the analysis found "no valid reason" for the software to be installed on the system. They also reported that Dominion failed to fill out the appropriate forms regarding the software.
It was an assurance designed to bolster public confidence in the way America votes: Voting machines “are not connected to the internet.”
Then Acting Undersecretary for Cybersecurity and Communications at the Department of Homeland Security Jeanette Manfra said those words in 2017, testifying before Congress while she was responsible for the security of the nation’s voting system.
So many government officials like Manfra have said the same thing over the last few years that it is commonly accepted as gospel by most Americans. Behind it is the notion that if voting systems are not online, hackers will have a harder time compromising them.
But that is an overstatement, according to a team of 10 independent cybersecurity experts who specialize in voting systems and elections. While the voting machines themselves are not designed to be online, the larger voting systems in many states end up there, putting the voting process at risk.
Professor J. Alex Halderman of the University of Michigan, the author of a highly publicized report detailing deficiencies in Dominion's voting machines, testified at an Atlanta trial Thursday in a case filed in 2017 against the state of Georgia.
He demonstrated that Dominion Voting Systems machines were so easily hackable he could use a Bic pen and smart card to copy, edit, and change votes in seconds, according to Law360 Pulse, which is covering the trial.
After the suit, Georgia election officials changed their voting vendor in 2020 to Dominion Voting Systems, which also used a touch-screen ballot but provided voters with a paper ballot containing a QR code containing their vote information.
The Good Governance suit, however, asked a federal judge to order Georgia to stop using Dominion since they claimed their machines remain vulnerable to attack.
The suit also claimed the Dominion machines offer voters a paper QR code that cannot easily be read to verify the accuracy of their vote.
Halderman, who wrote a 96-page report in July 2021, began his demonstration before U.S. District Court Judge Amy Totenberg in Atlanta by asking a plaintiffs' attorney to borrow a pen, Law360 Pulse reported.
The professor then inserted the pen into the Dominion voting machine and held it there for a few seconds, which caused the machine to reboot into "safe mode," according to Halderman.
Halderman then explained that a person could copy or change files on the voting machine, change its operating settings, or install malware.
Halderman said accessing the "terminal emulator" could allow a user to bypass the computer's normal security settings and obtain "super-user" access — something that allows a person to read, monitor, and change "anything," including ballots, on the voting machine with "no limits," Law360 Pulse reported.
"All it takes is five seconds and a Bic pen," Halderman said.
Halderman also inserted a "$10" smart card into the machine. He said such smart cards can be programmed to replicate cards used by poll workers, voters, and technicians to access the voting machines.
The poll worker and voter cards can be used county-wide to "print as many ballots as you would like," Halderman said.
Plaintiffs' attorneys played a video, taken outside the courtroom, showing Halderman using a USB flash drive to alter votes in a way undetectable to voters.
The trial, which began Jan. 9, was over a case filed in 2017 by several voters and the Coalition for Good Governance against members of the State Election Board and then Georgia Republican Secretary of State Brian Kemp.
Judge Totenberg, from the U.S. District Court in the Northern District of Georgia and a sister to NPR's Nina Totenberg, is expected to issue a ruling in late spring or early summer. Totenberg was appointed by then-President Barack Obama.
The plaintiffs say they are not disputing any election results in Georgia, and their case is unrelated to the 2020 election and the defamation lawsuits brought by Dominion, CBS News reported.
After the 2020 election, Dominion claimed it was defamed by several parties, including Fox News, Newsmax, OANN, and several individuals.
In April of 2023, Fox News settled its litigation with Dominion, paying the voting firm $787 million. Dominion's litigation against Newsmax is ongoing in Delaware court.
Newsmax has stated that it acted within the bounds of a media organization to report the public claims of President Donald Trump and his lawyers.
At the time, Newsmax also reported that Dominion had denied all claims made by Trump and his team.
During this period, Newsmax asked Dominion to appear on its network to rebut claims made by the president, but Dominion declined to do so.
"In a democracy, there can be no more issue for important public discussion than the reliability of a voting company's technology, and the current Georgia trial underscores the fact that the vulnerability of Dominion's voting systems, machines and methodology remain highly concerning and of ongoing public interest," Newsmax said in a statement.
"Dominion's lawsuit against Newsmax is nothing more than a political effort to squelch free speech and a free press," Newsmax said.
The network also noted that Dominion's voting systems had been controversial before the 2020 election and was even the focus of a HBO documentary called "Kill Chain: The Cyber War on America's Elections."
The early 2020 documentary alleged that Dominion's machines were hackable and did not offer a verifiable audit of votes.
In the Georgia case, Totenberg has already agreed with the plaintiffs that the direct-recording electronic voting machine system was outdated and "highly susceptible to manipulation and malfunction," Courthouse News Service reported.
In August 2019, she ordered the state to update the election system that had been used since 2002 ahead of the 2020 primaries.
Current Georgia Secretary of State Brad Raffensperger entered a nearly $107 million contract with Dominion to install new ballot-counting devices that record votes in both the system's software and with a printed QR barcode.
Raffensperger continues to stand by the integrity of Dominion's voting software and systems.
"The Halderman report was the result of a computer scientist having complete access to the Dominion equipment and software for three months in a laboratory environment," he explained in a June 2023 letter to the state legislature.
"It identified risks that are theoretical and imaginary. Our security measures are real and mitigate all of them."
Raffensperger also indicated that a MITRE report found Halderman's identified system vulnerabilities were "operationally infeasible."
In a statement to Newsmax, Dominion Voting Systems claimed Halderman’s "experiment did not happen in the real world, and he had far more than a BIC pen."
Dominion noted that the court had ordered Halderman to be "given all the passwords, security cards, exact election files, and more — everything he would need to try to cause trouble."
Despite the unprecedented access, Dominion stated that "he was not able to prove that an election could be successfully hacked."
The voting company said Halderman’s scenario of a hack "would require a criminal conspiracy between an army of US election officials and thousands of in-person American voters." Such a case would also require "unfettered physical access to every election system they want to compromise, during (not after) the election. This is implausible and conspiratorial."
Dominion emphasized that the U.S. Cybersecurity and Infrastructure Security Agency concluded Halderman’s assertions are "mitigated by existing election procedures" which have been strengthened. These mandated election protocols are part of the national and state systems "over 20 years through the work of the bi-partisan EAC, State election officials, and accredited third-party testing laboratories."
Regardless of the claims of Raffensperger and Dominion, those challenging the new system say the devices are not "voter-verifiable, secure, or reliable" and are still susceptible to the problems with the old system.
In the aftermath of the 2020 election, then-President Trump and his surrogates made numerous allegations of voter fraud and abuses, including claims that Dominion's voting systems had been manipulated to give Joe Biden a victory in key states including Georgia.
Ultimately, neither Trump nor his campaign provided evidence to back up claims the machines had been hacked and the state of Georgia, as well as all other challenged states, deemed the results as legal and final.
President Biden won Georgia by roughly 12,000 votes in 2020. The Peach State is one of just two U.S. states that uses the Dominion machines statewide.
Lawyer John Case, under penalty of perjury, files declaration to CO Judge, stating Dominion Voting machines can connect to the internet, can switch votes, and cannot be audited.
ATLANTA, GA, JULY 10, 2024 – The Georgia State Election Board (SEB) heard testimony from three separate experts each of whom countered the Secretary of State Brad Raffensperger’s official narrative that no fraud, errors or irregularities exist in Fulton County’s 2020 General Election results.
The experts upheld claims from SEB2023-025 complainants Kevin Moncla and Joe Rossi who contended that Fulton County certified up to 58,924 votes that have no source justification. These include:
17,852 ballots with certified votes that had no ballot images which are required for vote tabulation;
20,713 ballots with certified votes have no source tabulator from which they should have originated;
3,125 double scanned and double counted ballots
17,234 unsourced ballots were batch uploaded and backfilled into election results by the Center for Technology and Civic Life (CTCL) funded Elections Group to reconcile inexplicable errors
Three well-known technology professionals with over 100 years of total technology experience independently corroborated Moncla and Rossi’s claims. All of them have testified as experts in court cases or prepared expert court case declarations in 2020 election cases.
Phillip Davis, a 30+ year career IT professional specializing in image analysis, confirmed that over 3,900 ballots were double scanned in the recount and double counted in the election results. He described the methodology he used and submitted a presentation to support his analysis.
Clay Parikh, a 20+ year cybersecurity expert and voting system tester who holds a top-secret clearance and many certifications, confirmed that tabulator tapes are missing for over 20,000 in-person cast ballots and that 17,800 certified recount votes have no ballot images.
VoterGA co-founder Garland Favorito, a 40+ year career IT professional with 20 years of voting system research, explained how Georgia’s ballot processing flow works, what a real investigation would have uncovered, and the specific false conclusions Secretary of State legal counsel Charlene McGowan gave to the SEB at the May 7 meeting. His presentation also identified over 1,000,000 ballot election records that are missing in violation of federal and state law. These include:
380,458 missing original in-person ballot images
512,743 missing original Secure Hash Algorithm (SHA) files that authenticate the images
17,852 missing recount ballot images
17,852 missing recount SHA authentication files
20,713 original AND recount ballots are missing tabulation records
17,234 unsourced ballots were batch-uploaded into results to reconcile original count errors
16,198 unsourced uploaded ballots were needed in the results to reconcile recount errors
Attorney Harry MacDougal summarized the veracity of Moncla and Rossi’s claims and the untruthfulness of the Secretary of State’s office investigation. He called for a bonafide independent investigation and independent 2024 election monitors.
He concluded that: “You cannot rely on reports given to you from the Secretary of State’s office. They are sweeping things under the rug.”
Resources
A federal grand jury in South Florida on Thursday indicted Venezuelan-American executive Roger Piñate, founder and president of the voting-machine company Smartmatic, on charges of involving a bribery and money-laundering scheme used to secure elections contracts in the Philippines.