100 experts on election security (including conservatives, progressives, academics, corporate officials, and member of the national security community) released a letter that lays out a plan for safeguarding the vote. Despite their personal political differences, they are all united in the view that our nation’s rough patchwork of voting security measures is wholly inadequate. Even more importantly, they are united in what to do about it.
Here are their recommended actions
- Phase out the use of voting technologies such as paperless Direct Recording Electronic voting machines that do not provide a voter-verified paper ballot.
- Create firewalls (software barriers) between internet and all voter registration, vote-tabulating machines, ballot delivery, and election management systems. Require layered backup systems to ensure that intrusions and corruption of the databases can be detected and corrected.
- Review and document compliance with the recommendations and checklists prepared by the US Department of Homeland Security for security, penetration testing, network scanning, and detection and management of potential cyber-attacks. Review and track FBI security alerts.
- Ensure that voting systems and information technology that supports voting systems have the latest security patches, and that those patches have been provided from trusted sources on trusted media. Limit physical access and regularly audit sensitive and critical election systems.
- Discourage voters from voting online in any form—via web, email or fax—even in states where it is legal. Inform voters that electronically submitted ballots can be modified, copied, rerouted or simply deleted during transmission.
- Compare random samples of voting system totals to hand counts of the votes on the corresponding paper ballots.
- Audit in a way that has a large chance of detecting and correcting any incorrect electoral outcomes, whatever their cause.
- Recruit technical experts to assist with tests and audits. Resources for finding experts, many of whom may provide pro bono services, include the Election Verification Network, professional societies such as the American Statistical Association, and academic institutions.
- Allow public oversight of all audits, and prominently publicize all testing and audit results.
- Report and publicize ballot accounting and final results in detail before certification.
The American election system is a patchwork of computerized voting systems. There is no over-arching architecture. State and local authorities are largely free to choose the election products that make the most sense for their citizens. That decentralized diversity has been touted as a strength of voting in the U.S. Unfortunately the strength of decentralization falls apart when confronted with a determined, well-funded, state-backed adversary. State and local officials simply cannot keep up.
Let local election officials know that there are alternatives that would greatly enhance public confidence in their systems.
It was overlooked by the news networks, but there was a significant step forward in advancing public understanding of how to secure voting systems in yesterday’s Senate Intelligence Committee hearing. California Senator Kamela Harris opened her questioning with an old cyber security riddle:
Q: How is not being hacked like being hacked?
A: Either way you don’t know.
This has been at the root of public misperceptions of election system security: since you can’t point to a successful vote-changing hack, we must therefore be secure. In fact, most the of the Senate committee seemed hell-bent on propagating this idea by coaxing
No Senator, I don’t know if votes were actually changed in the November election
from witnesses who in fact have never tried to find out.
Alex Halderman tackled both sides of this fallacy with his opening statement. First, he pointed to a supervised hack of a Washington DC election that, over 48 hours changed every vote.
Even more importantly, he recommended risk-limiting post-election audits as a mandatory cost-effective and mathematically sound method of verifying election results:
Specifically, if the reported outcome (usually the set of winner(s)) is incorrect, then a risk-limiting audit has a large, pre-specified minimum chance of leading to a full hand count that reveals the correct outcome. A risk-limiting audit can stop as soon as it finds strong evidence that the reported outcome was correct. (Closer elections generally entail checking more ballots.)
An important bottom line from yesterday’s hearing was an answer to the question whether you can ever know that an election was hacked. You can, if you look.
Step 1: Replace DRE touchscreen systems with paper ballots and optical scanners.
Step 2: Use risk-limiting post-election audits to verify election results.
Step 3: Adopt best Cybersecurity practices and technologies appropriate to the threat.
Georgia is only one of five states that does not use paper backup for its election system. Experts have written to Secretary of State @BrianKemGA asking him to move to paper ballots. The arguments against it are weak, so why does Georgia continue to promote the nonexistent benefits of a this national embarrassment? @HardballChris doesn’t get it either and he’s not shy about calling out the hypocrisy on MSNBC:
There is no more important warrior in the battle to bring transparent, safe voting to the people of the State of Georgia. Foundation leadership works on a volunteer basis. No one associated draws a salary of any kind. 100% of all donations go toward litigation and education about Georgia’s national embarrassment of a voting system. Help #protectGAvote.
Today’s announcement from Upguard that
the data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors
This makes it the largest breach of its kind.
Gizmodo reports that
Deep Root’s server was discovered by UpGuard’s [Chris] Vickery on the night of June 12 as he was searching for data publicly accessible on Amazon’s cloud service. He used the same process last month to detect sensitive files tied to a US Defense Department project and exposed by an employee of a top defense contractor.
It is now becoming clear that the network of voter databases allow well funded actors to combine information from various sources. Someone with bad intentions can piece together enough information to interfere and disrupt elections.
Political operations might view such databases as easily commoditized marketing data that can be discarded after an election. A hacker, on the other hand, might take a longer view, realizing the damage to be done in misusing knowledge of voting patterns.
Georgia election officials, especially Secretary of State @BrianKempGA, are prone to claim that the Georgia election system has never been hacked. It was a pillar of their argument in front of a Superior Court judge a couple of weeks ago. Absence of evidence should be taken as evidence of absence, according to Kemp, evidently not realizing that this is an argument so stupid it actually has a name. It is called argument from ignorance, a logical fallacy.
People make wild claims, and get away with them, simply on the fact that the converse cannot otherwise be proven.
Shame on anyone in a position of authority who falls for this ruse. We should be equally compelled to believe that unseen, undetectable unicorns run amok in our living rooms at night, unpending furniture and littering carpets but cleaning up so thoroughly that we never know about it.
Yet that is exactly what Georgia wants us to believe, because the voting machines in use there have been precisely engineered to support the undetectable unicorn theory:
As Wired magazine’s analysis made clear last week,
Georgia’s voting issues aren’t rooted in any specific hacking threat. The problem instead lies in the state’s inability to prove if fraud or tampering happened in the first place.
According to Pamela Smith, president of the advocacy group @VerifiedVoting,
You have an un-provable system…It might be right, it might not be right, and that absence of authoritative confirmation is the biggest problem. It’s corrosive.
Proudly proclaiming virtues that are impossible to verify should not be rewarded.
The polls in #GA06 indicate a razor-thin margin for Democratic challenger Jon Ossoff over former Georgia Sec. of State Karen Handel. A non-partisan group known as the New Georgia Project has been canvassing minority neighborhoods to get out the vote, but the behavior of Georgia election officials has increased unease about the security of voting machines.
People are really concerned that a couple of hundred votes here, a couple of hundred votes there could be changed, [New Georgia Project director ] Ufot said.
@thinkprogress found voters like new #GA06 voter Jill Meyers who decided not to vote early in the hope that a lawsuit compelling the use of paper ballots would succeed. As the defendants in that litigation pointed out, any voter can request a paper ballot at any time. It was a claim that clearly annoyed Judge Adams, who pointed out that without clear announcements advising voters of their right to vote on paper, such a choice is meaningless.
“We’re a very trusting society,” [Meyers] said, “but these machines are really bad.”
When testifying before the Senate Intelligence Committee regarding Russia, James Comey said:
They’re going to come for whatever party they choose to try and work on behalf of. And they’re not devoted to either, in my experience. They’re just about their own advantage. And they will be back…
There should be no fuzz on this whatsoever. The Russians interfered in our election during the 2016 cycle. They did it with purpose. They did it with sophistication. They did it with overwhelming technical efforts. And it was an active-measures campaign driven from the top of that government. There is no fuzz on that.
And here we are conducting a special House election #GA06 using machines that don’t allow us to verify that the votes cast match the voter’s intent.
Logan Lamb and Chris Grayson emerged this week as heroes of a story that leaves experts and patriots from every political stripe shaking their heads in disbelief. Lamb, who in August 2016 stumbled into an open door at Georgia’s Center for Election Systems at Kennesaw State University, informed the Center’s director of the vulnerability.
In March , a security colleague Lamb had told about the flaw checked out the center’s website and discovered that the vulnerabilities had only been partially fixed…The researcher Chris Grayson, said he, too was able to access the same voter record databases and other sensitive files in a publicly accessible directory.
Grayson and Lamb were questioned by the FBI. Lamb said he wanted to come forward after an NSA report about Russian hacking of U.S. elections became public. Grayson said:
At the end of the day we were doing what we thought was in the best interest of the republic.
Experts have warned Georgia Secretaries of State for years that continued use of its outdated and compromised election technology was risky. Those warning have been dismissed or even ridiculed. @BrianKemp, the current Georgia SOS, seems content to repeat a now-discredited fiction that the state’s election system is “completely secure.”