From Politico: How Close Did Russia Really Come to Hacking the 2016 Election?
Why does what happened to a small Florida company and a few electronic poll books in a single North Carolina county matter to the integrity of the national election? The story of Election Day in Durham—and what we still don’t know about it—is a window into the complex, and often fragile, infrastructure that governs American voting…
The fact that so many significant questions about VR Systems remain unanswered three years after the 2016 election undermines the government’s assertions that it’s committed to providing election officials with all of the timely information they need to secure their systems in 2020. It also raises concerns that the public may never really know what occurred in 2016.
One of the key issues this year is the purchase of Ballot Marking Devices (BMDs) for all voters vs. Voter Marked Paper Ballots. In recent weeks, two board members have resigned from Verified Voting over a perception that VV is doing too much to tout Risk Limiting Audits (RLAs) of BMDs to the detriment of secure, evidence based elections. An extensive article in the NY Review of Books highlights the issues with BMDs: How New Voting Machines Could Hack Our Democracy. By mid-week Verified Voting had issued a clarification that states its general opposition to BMDs.
Editorial: We should not be wasting Federal and state money on BMDs except for those with disabilities. Instead, we should be using a portion of the savings on developing better BMDs that better serve those with disabilities.
In the hypothetical that all states agreed to the compact, Aram thinks some election reforms would be in order:
“One of the things that I think should be done, that would need to be done, after enough states sign onto this but before it goes into effect – there should be some standardization of the balloting process, and the counting process, so we can get a reliable national tally.”..
“I’ve advocated for states to adopt this idea, but defer implementation until say 2032. So, Florida would adopt it today, but say ‘our adoption takes effect when you get to 270, but no earlier than 2032,” Amar said. “That would both give Congress time, in the meanwhile, to iron out any logistical wrinkles of the kind that you just mentioned. And it would also defuse the wrongheaded, but persistent, assumption that some people have that this is going to help one political party and hurt the other.”
Unfortunately, his recommendations do not go far enough to cure the problem he now recognizes..
From Bloomberg Expensive, Glitchy Voting Machines Expose 2020 Hacking Risks
Paper ballots may be safer and cheaper, but local officials swoon at digital equipment…
Cybersecurity experts are baffled by local election officials choosing the computerized voting machines. “It’s a mystery to me,” said Rich DeMillo, a Georgia Tech computer science professor and former Hewlett-Packard chief technology officer. “Does someone have 8 x 10 glossies? No one has been able to figure out the behavior of elections officials. It’s like they all drink the same Kool-Aid.”
The animus is mutual. At conferences, election administrators swap complaints about cyber experts treating them like idiots, said Dana DeBeauvoir, head of elections in Travis County, Texa
We have long agreed with all those calling for Voter Marked Paper Ballots. Paying double or more for machines that are risky and lead to long lines can most easily be explained by the extensive lobbying of election officials and legislative bodies.
Earlier we described the general situation with regard to the recent Bridgeport Primary and some steps in the wrong direction.<read part 1> Today we will discuss some steps that could be taken to prevent these same problems in Bridgeport, Hartford, Stamford, and elsewhere in Connecticut.
Increase Enforcement Monitor Elections With Independent Monitors Randomly Audit Absentee Votes, Envelopes, and Applications Do for Elections What We Have Done for Probate
Remember the 1st law of holes: “When you are in a hole, stop digging!”
The election integrity story in Connecticut lately has been the Bridgeport Primary where Marilyn Moore won the primary for mayor in the polling places and Joe Ganim won the absentee votes by enough to win by a comfortable margin of 270 votes, with an absentee margin of 3 to 1. You can read our Recent News links on our home page for more of the details. Bridgeport is known for absentee problems and a high energy absentee operation, mostly by party insiders who in this case support Ganim the incumbent. Yet the extent of this year’s operation seems to be even greater than usual. Neither campaign is looking very professional at this point.
The questions are: 1) To what extent has this operation resulted in lots of illegal absentee ballots? 2) To what extent did illegal activities change the result? 3) Should there be a rerun of the primary? 4) What should/can be done to prevent this from happening again in Bridgeport or anywhere in Connecticut? 5) What should not be done – what would not help?
We will address what not to do today and what we could do, later in part 2.
States and the Federal Government are pumping millions into cybersecurity and new voting systems. That is all good, especially when the new systems are for Voter Marked Paper Ballots and Ballot Marking Devices for those with disabilities. Yet ultimately, it can provide a false sense of security. No matter how strong the cybersecurity and the quality of software, based on Turing’s Halting Problem, it is impossible to secure a computer system from errors and hacking. it is also impossible to secure systems from insiders and others with physical access.
Op-Ed in Politico by two former secretaries of state, one D and one R: Election Security Isn’t That Hard
First, we need to dispel one misconception. Many people (including many election officials) believe that if a voting system or scanner is never connected to the internet, it will always be safe. Alas, that’s not the case…
What this means is that while we must make our election infrastructure as secure as possible, we need to accept that it is essentially impossible to make those systems completely secure.
Overall, we agree as far as this op-ed goes. Yet, Risk Limiting Tabulation Audits alone are not sufficient. We need additional audits to check the rest of the process, “process audits” e.g. chain-of-custody/ballot security audits, check-in process audits (appropriate voters allowed or excluded from voting?), accuracy of the voter registration database and lists etc. Like many officials the authors focus on cyber attack, yet we must also protect our systems from insider attack. Connecticut has a way to go to meet these standards. We do have voter marked paper ballots and air-gaped systems. Yet we have insufficient protection of those paper ballots and insufficient election audits.
A new paper demonstrates how to steal an election by manipulating ballot images: Unclear Ballot: Automated Ballot Image Manipulation. In fact, it is a neat solution that changes the image before the CVR is created, in a way that would be hard to detect.
For the non-technical this may seem difficult, yet for those with the appropriate computer skills it is a straight-forward task. Then anyone with access to election computer systems could install the code maliciously, unknowingly, or under threat.
