Pages

Tuesday, November 17, 2020

There are Issues with Dominion Voting Systems Software

Image courtesy of NYT 6/22/2020 

Dominion Voting Systems (Dominion), a Canadian company, is the voting system software where a "glitch" switched 6,000 votes from Trump to Biden in Michigan. That glitch peaked our interest to look further into Dominion.

Using the Internet Wayback Machine that archives website pages, this report reflects that in September 2020 Dominion deleted from its website the names and bios of its top management team:

Between September 6 and September 16, Dominion deleted a lot of information from its website, including the names and bios of the management. These actions do not increase public trust.
On November 13, 2020, Dominion updated its website with rebuttal statements in bold capital letters.  Dominion claims there were no software glitches but that does not appear to be true because we know of issues in multiple counties. Dominion may think ranting in bold capital letters is good PR but does it make people trust them more?

What else should we understand about Dominion software since it was used in a number of the key battleground states. 

In October 2019, Dominion presented its Democracy Suite 5.5-A system to the Texas Secretary of State for examination and certification. The exam was conducted according to Texas election law by numerous expert examiners appointed by the Texas Secretary of State and Attorney General. On January 24, 2020, the Deputy Secretary of State denied certification of Dominion Voting Systems' Democracy Suite 5.5-A system for use in Texas elections.
The Democracy Suite 5.5-A system is an updated version of the Democracy Suite 5.5 system, which was denied certification by the Office on June 20, 2019.

The examiner reports identified multiple hardware and software issues that preclude the Office ofthe Texas Secretary of State from determining that the Democracy Suite 5.5-A system satisfies each of the voting-system requirements set forth in the Texas Election Code. Specifically, the examiner reports raise concerns about whether the Democracy Suite 5.5-A system is suitable for its intended purpose; operates efficiently and accurately; and is safe from fraudulent or unauthorized manipulation. Therefore, the Democracy Suite 5.5-A system and corresponding hardware devices do not meet the standards for certification prescribed by Section 122.001 of the Texas Election Code.
Dominion was rejected for certification three times in Texas and the reports by the expert examiners regarding each of those rejections are found here.

Some of the specific issues raised by the expert examiners include: 

As was the case with THE 5.5 System, Some of the hardware in the Democracy 5.5-A System can be connected to the internet through Ethernet ports.

In the 5.5 System examination, the rolling ballot box dividers for provisional or disputed ballot storage were not present.  

Without question, one or more of the components of the 5.5-A System can be connected to an external communication network and this can only be avoided if the end-user takes the proper precautions to prevent such a connection.  

Many of the security features of the 5.5-A System are not automatic, but again depend on the end-user following the best practices promoted by Dominion. …Leaving these security measures to the local jurisdiction is not in alignment with this standard [Texas law].  
During the installation of the Adjudication software on the EMS server, the installation failed multiple times. 
...general concerns about the system’s ability to be implemented by counties with low technical expertise due to the complexity of the configuration and installation process are still present.  
Installation was complicated and not intuitive. 
The Ballot Marking Device has an indicator light connected by USB port and an examiner was able to connect his phone to the Device and scan files from his phone…a system log of the event was made without enough details about the incident and no audit log caught the presence of the phone connected.

Error messages were visible for only several seconds before they disappeared.

The issues identified should be of concern to everyone, especially to voters in Georgia, because Georgia was having to rush implementing their new Dominion voting system for a Presidential election year.

Lawsuits and complaints were filed about the system Georgia had used for almost 20 years - Election Systems and Software (ES&S) - that Georgia subsequently put out a solicitation for a replacement voting system. According to this July 2019 report   
Dominion, a Denver-based company, won the contract in large part because it offered Georgia the lowest-cost system among three companies that submitted bids, according to evaluation score sheets. Though ES&S scored higher on the government’s criteria for a replacement voting system, Dominion came out on top when the price of its system was taken into account.
Georgia had to rush the implementation of Dominion, which the expert examiners in Texas stated was complicated to install, for the Presidential Primary in March. 

The New York Times reported on June 11, 2020
As Georgia elections officials prepared to roll out an over $100 million high-tech voting system last year, good-government groups, a federal judge and election-security experts warned of its perils. The new system, they argued, was too convoluted, too expensive, too big — and was still insecure.
The potential for problems with the new system was somewhat well known from the state’s small-scale test in the 2019 elections, when a software glitch in the electronic poll books caused delays in most of the six counties where the test took place. 
According to a November 12, 2010 The Epoch Times article, critics who filed a lawsuit in 2017 about Georgia's previous system contend the "new system was subject to many of the same security vulnerabilities as the one it was replacing." 
In an Aug. 24 [2020] declaration from Harri Hursti, an acknowledged expert on electronic voting security, provided a first-hand description of problems he observed during the June 9 statewide primary election in Georgia and the runoff elections on Aug. 11.
Hursti's Declaration filed on August 24, 2020 is found here. He observed at the Fulton County Tabulation center that it was a technician from the vendor Dominion who was operating Dominion's Election Management System server. Hursti stated that Fulton County Elections Department personnel admitted to having limited knowledge and or control over the EMS server and its operations. Hursti considered that dangerous and high risk.

Hursti concluded in August: 

The voting system is being deployed, configured and operated in Fulton County in a manner that escalates the security risk to an extreme level and calls into question the accuracy of the election results. The lack of well-defined process and compliance testing should be addressed immediately using independent experts. The use and the supervision of the Dominion personnel operating Fulton County’s Dominion Voting System should be evaluated.
According to The Epoch Times article referenced above: 

In an Oct. 11 order, just weeks prior to the presidential election, U.S. District Judge Amy Totenberg agreed with the concerns associated with the new Dominion voting system, writing that the case presented “serious system security vulnerability and operational issues that may place Plaintiffs and other voters at risk of deprivation of their fundamental right to cast an effective vote that is accurately counted.”
“The Court’s Order has delved deep into the true risks posed by the new BMD voting system as well as its manner of implementation. These risks are neither hypothetical nor remote under the current circumstances,” Judge Totenberg wrote in her order. 
Despite the court’s misgivings, Totenberg ruled against replacing the Dominion system right before the presidential election, noting that “Implementation of such a sudden systemic change under these circumstances cannot but cause voter confusion and some real measure of electoral disruption.”
Judge Totenberg's Order stated "The Court assumes that cost considerations, among others, may have played a role in this purchasing decision..". Dominion was the lowest bidder but their system scored lower with regards to George's criteria for a new system than another vendor ES&S. 

We do not know the procurement laws in Georgia but the issues raised begs the question about awarding such a contract on the basis of cost. After reading about the issues identified by voting security experts and the Judge's Order above, can Georgia voters feel warm and fuzzy about the Dominion Voting System?

In addition, Politico reported there were "glitches" in two Georgia counties the morning of Election Day that has not been adequately explained. 
A spokesperson for the secretary of state’s office has not responded to multiple inquiries seeking further details about the problem and what caused it. Dominion also would not say what the problem was or answer questions about what the company did to fix the issue.
In December 2019, this Washington Post article reported concerns about Georgia rolling out the new Dominion voting system. 

According to this November 13, 2020 Washington Examiner report, Democrat Senators Elizabeth Warren, Ron Wyden, and Amy Klobuchar and Democrat Congressman Mark Pocan were very concerned about our voting systems security and vulnerabilities. They were so concerned they wrote a 5 page letter on December 6, 2019 to the three private equity firms who have controlling interests in the three leading election technology companies, including Dominion owned by Staple Street Capital Group.

The letters can be found at Senator Elizabeth Warren's Senate website where she warns about voting system vulnerabilities, states concerns about the lack of transparency provided by these voting systems vendors and accuses these vendors have "skimped on security in favor of convenience", leaving voting systems across the country "prone to security problems."

Examples in the warning letters from these Democrats included:

In 2018 alone ''voters in South Carolina [were] reporting machines that switched their votes after they'd inputted them, scanners [were] rejecting paper ballots in Missouri, and busted machines [were] causing long lines in Indiana." In addition, researchers recently uncovered previously undisclosed vulnerabilities in "nearly three dozen backend election systems in 10 states." And, just this year, after the Democratic candidate's electronic tally showed he NJ received an improbable 164 votes out of 55,000 cast in a Pennsylvania state judicial election in 2019, the county's Republican Chairwoman said, "[n]othing went right on Election Day. Everything went wrong. That's a problem." These problems threaten the integrity of our elections and demonstrate the importance of election systems that are strong, durable, and not vulnerable to attack.
NBC News reported in January 2020:
The three largest voting manufacturing companies — Election Systems & Software, Dominion Voting Systems and Hart InterCivic — have acknowledged they all put modems in some of their tabulators and scanners. The reason? So that unofficial election results can more quickly be relayed to the public. Those modems connect to cell phone networks, which, in turn, are connected to the internet.
Dominion was the only one of these three vendors to NOT respond to NBC's request for how many of these vulnerable modems were currently in use on their systems. 

Democrats in the House were so concerned about voting systems vulnerabilities that the House Administration Committee held a Hearing on 2020 Election Security on January 9, 2020. According to CSPAN coverage of the hearing:
Voting system vendors, local election officials and computer science professors testified on 2020 election security before the House Administration Committee. Among the witnesses were Election Systems and Software CEO Tom Burt and U.S. Election Assistance Commissioner Donald Palmer. Election vendor CEOs told lawmakers they had not seen any evidence of election system tampering. Other topics discussed included election infrastructure and supply chain security, voting equipment testing and election system modernization efforts.
In February 2020, the Denver Post reported:
In the rush to replace insecure, unreliable electronic voting machines after Russia’s interference in the 2016 U.S. presidential race, state and local officials have scrambled to acquire more trustworthy equipment for this year’s election, when U.S. intelligence agencies fear even worse problems.
Some of the most popular ballot-marking machines, made by industry leaders Election Systems & Software and Dominion Voting Systems, register votes in bar codes that the human eye cannot decipher. That’s a problem, researchers say: Voters could end up with printouts that accurately spell out the names of the candidates they picked, but, because of a hack, the bar codes do not reflect those choices. Because the bar codes are what’s tabulated, voters would never know that their ballots benefited another candidate.
Even on machines that do not use bar codes, voters may not notice if a hack or programming error mangled their choices. A University of Michigan study determined that only 7 percent of participants in a mock election notified poll workers when the names on their printed receipts did not match the candidates they voted for.
Nearly 1 in 5 U.S. voters will be using ballot-marking machines this year, compared with less than 2% in 2018, according to Verified Voting, which tracks voting technology.
Pivotal counties in the crucial states of Pennsylvania, Ohio and North Carolina have bought ballot-marking machines. So have counties in much of Texas, as well as California’s Los Angeles County and all of Georgia, Delaware and South Carolina. The machines’ certification has often been streamlined in the rush to get machines in place for presidential primaries.
Ballot-marking devices were not conceived as primary vote-casting tools but as accessible options for people with disabilities.
In April 2020, Forbes reported about the HBO documentary on election security. HBO spent 4 years talking to and following around the foremost experts on election issues, including aforementioned expert Harri Hursti.
There are three primary vendors for voting machines: Election Systems & Software (ES&S), Dominion Voting Systems, and Hart InterCivic, and very little is known about the security of these companies’ own IT systems. Some voting machines are optical scanners, some have touch screen voting, some use QR codes or bar codes, and others send votes in clear text back to vendors to be tallied. They can all be hacked or compromised. If almost all of the voting precincts in our clunky system use equipment from these vendors, an attacker only needs to hack the equipment to reach all of the voters.
When Stauffer [former cyber analyst for the Air Force] tested ES&S’s DS200 machine, they found multiple vulnerabilities that would enable an attacker to gain full access to the system, change configurations, and install a modified operating system without election officials knowing. Stauffer states that the vulnerabilities would enable a hacker to gain the highest level of privilege and gain remote access into the system and do whatever they wanted to do, “whether its change an election or shut the system down.” He found similar vulnerabilities in Dominion’s Democracy Suite voting equipment that would enable remote code execution, denial of service attacks, and off-line ballot tampering. “How can a vendor sell a voting system with this many vulnerabilities?” he asks.
Husti says, “Every single system we have, there is a place where it touches the Internet…it might be indirect, it might be infrequent, but it is always there.” When Hursti powers up a machine he purchased off eBay, the first thing it wanted to do was connect to the Internet. Additionally, election officials are less alert between elections, so hackers can infect a machine and the malware can remain dormant in machines between cycles. Jeff Moss, founder of the BlackHat and DEFCON conferences, points out that it would not be difficult to hack these simple machines and erase any traces.
Also interesting is that voting systems vendor ES&S bought Diebold's voting system named "Premier" in September 2009 without any objections by the Obama DOJ. In March 2010, as a result of an anti-trust lawsuit, Obama's DOJ [Holder - Mueller] forced ES&S to divest and sell off Premier….to supposedly restore competition to the American voting systems market.

Dominion Voting Systems, who had little market share in the US at the time, acquired Premier in May 2010. Then immediately after that purchase, Dominion bought Sequoia Voting Systems, the third largest voting system in the US, on June 4, 2010. The Obama DOJ said nothing.

Since those purchases, it has been reported that Dominion has about 40% of the voting systems market share in the US. So much for restoring competition to the US voting systems market.

Dominion Voting Systems software is used in 30 states included Pennsylvania, Georgia, Wisconsin, Nevada, Minnesota and Arizona.

The Daily Wire reported yesterday that in Nevada, who uses Dominion, a Clark County commission race cannot be certified because of "discrepancies that cannot be explained":
As noted by the news outlet, Registrar of Voters Joe Gloria delivered a full report to county commissioners on Monday and included the following findings:
936 discrepancies in ballots
710 with mail-in precincts
121 in early voting precincts
105 on election day
6 voters voted twice
“The Clark County Registrar of Voters Joe Gloria stated that they had found issues related to tracking, moving from signature to manual signature verifications as well as in the ballot curing process,” the report said. “Some of the discrepancies found in the early voting and election day results according to Gloria included: ‘Inadvertent canceled votes,’ ‘Voter check-ins,’ ‘Reactivated voter cards,’ ‘Duplicate activations,’ and ‘Check-in errors.'”
The mainstream media spent the last 4 years reporting and documenting claims made by many Democrats, election security experts, Progressive voting rights organizations and others about issues and concerns with our voting systems. But today's mainstream media narrative now appears to be there are no issues with our voting systems in 2020….nothing to be concerned about so move along. 

And Surprise! 

The Democrats and Progressive organizations, who raised concerns about election security and clamored for years making accusations about issues with our voting systems, have gone silent.

No comments:

Post a Comment