30 Reasons (Part 3) to believe that Georgia’s computerized voting system may not be as secure as election officials claim

Reasons 1-10 are here, and 11-20 can be found here.

These are reasons 21-30:

  1. Georgia election officials consistently misstate operating characteristics and functionality of the computerized election system.  These misstatements are designed to convey an impression that the system has security and recovery features that, in fact do not exist. For example, in sworn testimony before Fulton County Judge Adams, the  Fulton County chief election administrator claimed under cross-examination that Accuvote TS voting machines maintain a voter verified trail because an image of the voter’s ballot is stored in memory. Unsupported claims of isolation, multi-layered protection and proper user authentication abound in statements from election officials.
  2. Election officials raise problems with alternative methods of verifying votes, where none exist.  Richard Barron (Fulton County administrator) for example, claimed that paper ballot counts have 5% error rates (and are therefore at least as error-prone as any method of counting votes).  There have been scientific studies of this matter. Barron is off by an order of magnitude.  Proper hand counting methods have error rate up to 0.5% and even low-cost methods have error rates of only 2%.
  3. Physical security  of devices and chain of custody are important to election security in Georgia, and the use of tamper-proof seals is often cited as an important link in the security chain. Not only are tamper-proof seals of the type used in Georgia readily online, election workers often break the seals and re-seal devices without prior authorization.  That type of breach for example might be prompted by a desire to check a machine for damage as was observed by independent 3rd parties during the June 20 runoff.
  4. According to CES Executive Director Merle King, Georgia’s computerized voting systems use a version of Windows that dates from the early 2000 and is unpatched and unsupported by Microsoft. Unpatched operating systems are vulnerable to malware of all type and significantly increase the likelihood of successful hacks.
  5. There has never been an independent security evaluation of Georgia’s computerized election system.
  6. Georgia’s election officials have never looked to see whether their systems have been hacked. Despite claims to the contrary, no one in CES or the Secretary of State’s Office has actually checked to see whether the election system has been hacked.  This includes the immediate aftermath of the CES break-in, during which it would have been appropriate to see whether malware had been introduced or the systems had otherwise been compromised.  A representative from the US Department of Homeland Security  testified to the Senate Intelligence Committee that DHS has not conducted such an analysis either.
  7. CES Executive Director has stated publicly that CES scrounges for used and reconditioned equipment to replace its aging components.   Information about information assurance measures for these devices has not been released.  Nor does CES have any idea about whether these parts have ever been connected to the Internet.
  8. Secretary of State Brian Kemp was one of the few secretaries of state objecting to DHS offer in 2016 to designate election systems as critical national infrastructure, which would have dramatically increased the security-related resources available to the state. In fact, Kemp used the occasion to pick a fight with DHS by accusing the agency of a “massive attack” on Georgia’s systems.  That accusation was refuted thoroughly by DHS Inspector General in an open letter.
  9. Secretary of State Brian Kemp issues dismissive statements to the press, but has yet to respond to this letter or this letter about Georgia’s system security posed by a group of distinguished computer scientists.  These questions were designed to increase the public confidence in the security of the underlying system.
  10. The premise underlying Georgia’s approach to paperless DRE voting systems was undermined in 2003, shortly after the implementation of HAVA and the chartering of the Election Assistance Commission (EAC), when the National Institute of Standards  (NIST) was asked to formulate the alternatives to a voter verified paper trail.  NIST in turn chartered the Auditability Working Group to conduct an exhaustive study.  The 2011 report of the NIST Working Group rejected the very idea of paperless voting. The report begins with the main conclusion: AWG Conclusions In other words, the paperless system in use in Georgia is, by design, perfectly engineered to incorporate a fatal flaw: there is always the possibility of undetectable errors in the recording of vote. The NIST study means that the high confidence expressed by election officials in the security of Georgia’s computerized voting system has no scientific basis.

Author: mayorlarryvaughn

My name is Larry Vaughn. You last saw me In 1975 in Amity, New York. I was the town's mayor when a rogue sheriff tried to frighten 4th of July tourists with talk of a great white shark lurking off the shallow waters. Needless to say, I was not pleased with the panic that ensued. "No danger!" I said. "Fun in the water!" Then the shark started gobbling people up. I now regret that I did not do more to protect the people who trusted me, and I want to make sure the same thing does not happen to the voters of Georgia. There are sharks lurking offshore (in Russia, for example) who want to hack your votes. Like me your elected leaders are quick to shout "No danger!"

1 thought on “30 Reasons (Part 3) to believe that Georgia’s computerized voting system may not be as secure as election officials claim”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s