Cyber Experts Warn of Major Election Vulnerabilities Going into 2020 - Simple Changes can Secure It
Updated: Jun 17, 2020
April 29, 2020
Original by Randy DeSoto -- linky here
There are commentaries galore on how "Mail in voting has been done forever" and "It's totally safe", along with "Who's seriously worried about electronic voting? It's always been secure, those guys know what they are doing".
These are fantasies. These are lies, like when the coyote left birdseed for the roadrunner. The seed was a booby trap. These stories are, likewise, booby-traps for you, to lull you into thinking that electronic voting is safe, there is no proof of tampering, and the system has credible oversight and is secure at every level.
Well, if you have read even a few of the articles on this site, or heard any of Professor Matt Blaze seminars or read his papers, explored the literature on the multiple known security vulnerabilities of all voting machines, or read any of Bruce Schneier's articles on his excellent site (https://www.schneier.com/), such as this recent one "Security Analysis of the Democracy Live Online Voting System" - well, if you do any of those things you will see that it is not an opinion but a fact - both mail-in votes and electronic voting machines are insecure. It is not an opinion. It is a fact of how the system itself works - the lack of consistent oversight, the outsourcing of vote tally, the limit of security available on computers. Any system without a credible chain-of-custody cannot be trusted. That's how security works. There must be oversight and accountability, or there is no security.
Here is another excellent article on this topic. This one is a must-read. The above link to the original is also here.
Cyber Experts Warn of Major Election Vulnerabilities Going into 2020
With the November elections quickly approaching, election security experts are warning that the United States is very vulnerable to cyberattacks that could change the results of races, including the presidential contest.
Further, some simple changes could be made that would do much to ensure accurate election reporting, the experts say.
Harri Hursti — one the the world’s foremost election security experts — observed in his newly released HBO documentary, “Kill Chain: the Cyber War on America’s Elections,” that due to the way electronic voting is conducted and the results reported throughout the United States, the system is vulnerable to hacking.
“The problem is once you understand how everything works, you understand how fragile everything is,” Hursti says in the film.
“I keep hearing that the system is unhackable. Everything is hackable, always,” the cyber expert added.
Hursti famously demonstrated to Florida election officials just how easy it was to overwrite voting machine software to change results for his 2006 documentary film, “Hacking Democracy.”
Last month, he told WCBS: “The most frightening thing is that from 2006 to now, nothing changed. The actual software that I hacked in 2005 is still in use. Those machines are still in 20 states.”
Beyond the vulnerability of voting machines themselves to hacking, other vulnerabilities exist in the tallying and transmission of the results.
Two of the biggest misconceptions Americans likely have about how elections are conducted are that votes are counted by state and local election officials and that the vote tallies themselves, even if backed up by paper ballots, are not vulnerable to hacks.
In October 2016, then-President Barack Obama made the oft-repeated argument that due to the decentralized nature of voting in the United States, elections, especially at the presidential level, cannot be hacked or significantly altered.
“There is no serious person out there who would suggest somehow that you could even rig America’s elections in part because they are so decentralized and the numbers of votes involved,” Obama said.
Election security expert Russell Ramsland told The Western Journal Americans need to understand that state and local officials, by and large, do not count the votes on election night, but have contracted private companies to do so.
“It is incredible how many people believe that their county or their state run their elections,” Ramsland said. “They have no idea that all elections are actually conducted by private companies, with virtually no oversight, no transparency.”
“And that private company writes the software, makes and sells the machines, keeps all the voter rolls, and tallies all the votes and reports them,” he added. “It’s totally and completely jobbed out to a private company with private shareholders.”
Far from being decentralized, there are three main companies that tally the votes for election officials, according to “Kill Chain”: Election Systems & Software, Dominion Voting Systems and Hart Voting Systems.
Hursti noted that none of these companies agreed to be interviewed for “Kill Chain.”
There are “commonalities” between all the major companies in their election night reporting, he told The Western Journal.
One thing all the electronic voting systems have in common is a removable drive or memory device, which engages in two-way communication with the database when results from each voting machine are uploaded.
Hursti explained that all these devices are programmed how to organize and communicate the data to the central database.
“The memory cards actually have a programming side,” he said. “Programming can have a lot of logic. So the program can dynamically look [at] what is happening and decide on the spot what is needed to be done in this precinct on this machine” as part of changing the overall result.
“Once you can send that instruction to the election management system, the election management system is sending the same programming into every voting machine,” Hursti continued. “So the only thing you need to do is to modify that program, and there are so many different ways.”
Ramsland created a diagram (shown in original article) to illustrate how votes typically flow from the precinct voting machines to databases maintained by companies like ES&S, Dominion and Hart to be tallied for the election results.
All this information travels over the internet to different databases (as signified by the blue triangles) along the way, which can be hacked.
The “unofficial results” are then made public through companies like Clarity Elections, which is the U.S. division of the Barcelona, Spain-based company Scytl.
The company proudly states on its website that it has “successfully delivered election modernization projects in the US since 2008, and most recently for the 2018 Midterm Elections, when over 70 [million] voters from more than 900 U.S. counties successfully leveraged Scytl’s technology.”
Kentucky is one of its customers, which can be seen in the election results from last fall’s gubernatorial race between Democrat Andy Beshear and then-Republican incumbent Matt Bevin. Beshear edged out Bevin by less than a percentage point.