Author: Luther Weeks

Do Not Hide Voter Information

Voting as we know it, depends on two important keys that are often difficult for the public, media, and sometimes even experts to understand.

Voting rolls and check-in lists need to be available to every citizen, young and old, so that the public can be assured that only registered voters voted, that they voted in the correct primary, that the number of ballots match the number of voters checked in, and that those checked in actually did vote. Otherwise there is no basis for trust in democracy.

Public voting rolls provide the only means for individuals and news organizations to independently investigate voting fraud; they provide officials with the credible proof that fraud is limited; and they help the public to trust in decisions by the State Elections Enforcement Commission.

 

Voting as we know it, depends on two important keys that are often difficult for the public, media, and sometimes even experts to understand.  One is the need for anonymous voting, aka the “secret ballot”.   The other is the need for voting rolls and the record of who voted to be public.  We addressed that second one in a letter published in the Hartford Courant today:

Do Not Hide Voter Information

I was surprised to learn that Dan Barrett, Connecticut ACLU legal director, was against “any old person on the street [being] able to access [voter rolls].”

Voting rolls and check-in lists need to be available to every citizen, young and old, so that the public can be assured that only registered voters voted, that they voted in the correct primary, that the number of ballots match the number of voters checked in, and that those checked in actually did vote. Otherwise there is no basis for trust in democracy.

Public voting rolls provide the only means for individuals and news organizations to independently investigate voting fraud; they provide officials with the credible proof that fraud is limited; and they help the public to trust in decisions by the State Elections Enforcement Commission.

Not so long ago, UConn students used that data to expose the extent to which the rolls included deceased voters. That same data was used by officials to demonstrate, in a way that could be verified, that very few of those entries were associated with actual fraud. More recently, those public rolls were used to uncover and confirm that a state representative had voted for several years and had been elected based on an illegal residence. Currently, there is a criminal investigation underway in Stamford based on absentee voters checked off who did not actually vote.

What prompted this letter was an article with the quote along with quotes from several officials proposing to restrict access to voter rolls Lawmakers Seek More Voter Privacy <read>

 

Join us in the Battle for the Internet

Its actually a battle for the information necessary for citizens to maintain democracy:

Battle fro the Internet: Write the FCC and contact Congress: <Battle For the Net>

Its actually a battle for the information necessary for citizens to maintain democracy:

Battle fro the Internet:  Write the FCC and contact Congress:  <Battle For the Net>

Response to ill-advised Presidential Commission risks democracy

There is much to criticize in the Trump Commission.  Yet there is no excuse for officials to unilaterally disobey the law.  There are reasons for voting lists and voting history to be public documents.  Perhaps we can providing a teaching moment.

Editor’s Note: We sent the following letter to the Hartford Courant in response to their recent editorial. They along with apparently the rest of the media opposed the Trump Commission, in our opinion, for the wrong reasons.  There is much to criticize in the Trump Commission.  Yet there is no excuse for officials to unilaterally disobey the law.  There are reasons for voting lists and voting history to be public documents.  Perhaps we can providing a teaching moment.

To the Editor,

I share the concerns for the ill-conceived Presidential Advisory Commission on Elections shared by Secretary of the State Denise Merrill, officials nationwide, and your editorial on 7/6/2017. Yet in a rush to respond to a clumsy request, the rule of law and the importance of transparent voter rolls is overlooked, at our peril.

Connecticut’s Freedom of Information law is constantly under official attack. We should never condone a unilateral act to disobey the law based on an official’s view of the requester or how they might use the data.  This is no different than the county clerk who refused to follow the law and issue marriage licenses to those she did not approve.

Voter rolls are constantly made available to both political parties. Recently a contractor for the Republican Party exposed all that data and more.  Last year data, likely including voter rolls and more, was insufficiently secured by the Democratic Party.

There is a reason government data, including voter rolls are required to be public.  Not so long ago, UConn students used that data to expose the extent to which the rolls included deceased voters. That same data was used by officials to demonstrate in a way we could verify that hardly any were associated with actual fraud. More recently those pubic rolls were used to uncover and confirm that a state representative had voted for several years and been elected based on an illegal residence.

Public voting rolls provide the only means for individuals and news organizations to independently investigate voting fraud; they provide officials with the only means to provide credible proof that fraud is limited; and for the public to trust in the related decisions by the State Elections Enforcement Commission.

 

4th of July Suggestion

As we often do, a suggested reading for the 4th of July weekend.  It has been a while since we have read the Declaration.  As we said six years ago:

This weekend is a great time to [re-]read the Declaration of Independence. We find it very inspiring to read it sometime around the 4th of July each year.  As we have discussed before, some believe that the right to vote is more fundamental than the Constitution. Here is a link to a copy for your reading <Declaration of Independence>

The Declaration of Independence asserts our rights to determine and change our form of government – without voting integrity we lose that most fundamental of rights.

“The right to vote… is the primary right by which other rights are protected” – Thomas Paine

As we often do, a suggested reading for the 4th of July weekend.  It has been a while since we have read the Declaration.  As we said six years ago:

This weekend is a great time to [re-]read the Declaration of Independence. We find it very inspiring to read it sometime around the 4th of July each year.  As we have discussed before, some believe that the right to vote is more fundamental than the Constitution. Here is a link to a copy for your reading <Declaration of Independence>

The Declaration of Independence asserts our rights to determine and change our form of government – without voting integrity we lose that most fundamental of rights.

“The right to vote… is the primary right by which other rights are protected” – Thomas Paine

Russians not the only threat to our elections

Many articles on the Congressional hearings on the “Russian” hacking or not hacking of our elections.  Brad Friedman and Mark Karlin come closet to my opinions:

Recent article by Mark Karlin referencing Brad Friedman:  Beyond the Russians, Electronic Voting Machines Are Vulnerable to Any Hackers  

Journalists and activists have been sounding the alarm about electronic voting machines and their proprietary software for years. The vulnerability of these machines to hacking has not been front and center for some time — primarily due to the failure of the corporate media and legislative bodies to take it seriously. That changed, to some extent, with the charges about Russian hacking from US intelligence agencies. However, the current emphasis is on the Russians allegedly attempting to influence the 2016 election, not on the flawed electronic voting machines that make hacking possible…

Meanwhile, our Secretary of the State continues to spread myths about the safety of voting systems not connected to the internet and “tamper-proof” seals that are at best “tamper-evident”. 

We add that paper ballots are insufficient.  They need protection from tampering.  We need sufficient audits and recounts.  Audits and recounts that are comprehensive and convincing.  Audits and recounts that are transparent and publicly verifiable.f

Many articles on the Congressional hearings on the “Russian” hacking or not hacking of our elections.  Brad Friedman and Mark Karlin come closet to my opinions:

Recent article by Mark Karlin referencing Brad Friedman:  Beyond the Russians, Electronic Voting Machines Are Vulnerable to Any Hackers   <read>

Journalists and activists have been sounding the alarm about electronic voting machines and their proprietary software for years. The vulnerability of these machines to hacking has not been front and center for some time — primarily due to the failure of the corporate media and legislative bodies to take it seriously. That changed, to some extent, with the charges about Russian hacking from US intelligence agencies. However, the current emphasis is on the Russians allegedly attempting to influence the 2016 election, not on the flawed electronic voting machines that make hacking possible…

Ironically enough today, in the U.S. Senate Intelligence Committee, top intelligence officials from the FBI and DHS testified in regard to concerns about alleged Russian manipulation of the 2016 election. Neither they, nor the elections officials who also testified today, seemed to know much of anything about the actual vulnerability of U.S. voting systems. Or, if they did, they certainly offered a whole lot of demonstrably inaccurate information about whether voting systems are connected to the Internet (they are), whether our decentralized voting and tabulation systems make it impossible to hack a  Presidential election (it doesn’t), and whether actual voting results were manipulated in the 2016 President race (they claimed that they weren’t, even while the DHS finally admitted they never actually checked a single machine or counted a single ballot to find out!)

On the other hand, one computer scientist and voting machine expert, Dr. Alex Halderman of the University of Michigan, also testified today and he actually knows what he’s talking about, because he’s personally hacked just about every voting system in use in the U.S. today, including 10 years ago when he first hacked the exact same 100% unverifiable touch-screen voting machines used in the state of Georgia during Tuesday’s Special Election for U.S. House, the most expensive such election in U.S. History. As he explained in his prepared remarks [PDF] today, 10 years ago, he “was part of the first academic team to conduct a comprehensive security analysis of a DRE [touch-screen] voting machine.” It was a Diebold touch-screen machine, the exact same type used in GA yesterday, as obtained from a source of mine and given to his crew at Princeton University at the time…

The Russian hacking makes for a profitable corporate media narrative — particularly with tweeter Trump tossing gas on the fire. However, if we are looking to secure our voting system from foul play, shouldn’t we also start paying major legislative attention to the electronic voting machines themselves?

I could hardly say it better.

Meanwhile, our Secretary of the State continues to spread myths about the safety of voting systems not connected to the internet and “tamper-proof” seals that are at best “tamper-evident”.

We add that paper ballots are insufficient.  They need protection from tampering.  We need sufficient audits and recounts.  Audits and recounts that are comprehensive and convincing.  Audits and recounts that are transparent and publicly verifiable.

Hacking voting systems is/was easy

Article in the Atlantic summarizes some of the bad news from the last couple of weeks:  There’s No Way to Know How Compromised U.S. Elections Are <read>

So let us not be complacent. Just because you do not understand something, does not mean that hundreds and thousands of others can’t easily hack it.

Article in the Atlantic summarizes some of the bad news from the last couple of weeks:  There’s No Way to Know How Compromised U.S. Elections Are <read>

While the NSA concluded the attack was carried out by the most sophisticated of hackers—the Russian military—their entry methods were relatively vanilla. They gained access to the credentials and documents of a voting system vendor via a spear-phishing attack, and then used those credentials and documents to launch a second spear-phishing attack on local elections officials, which if successful could have compromised election officials’ systems and whatever voter data they possessed.

While the NSA concluded the attack was carried out by the most sophisticated of hackers—the Russian military—their entry methods were relatively vanilla. They gained access to the credentials and documents of a voting system vendor via a spear-phishing attack, and then used those credentials and documents to launch a second spear-phishing attack on local elections officials, which if successful could have compromised election officials’ systems and whatever voter data they possessed…

The splintered digital infrastructure across and within states; the use of multiple vendors; the overlapping interfaces between municipalities, counties, and states; and the reliance on of volunteers for data entry and verification in both registration and voting mean that there are literally thousands of entry points to compromise elections in each state.

Another case study is the state of Georgia, where organizations have filed lawsuits against the state over the security of its elections in advance of the special election in the 6th Congressional District. A June 14 Politico investigation revealed just how insecure the entire system is, and how much more insecure it was in the past. Last August, cybersecurity researcher Logan Lamb probed the Kennesaw State University’s Center for Election Systems—which programs voting machines for the entire state—and found a structure that basically begged to be hacked.

It had no password protection, and was available on a public site without encryption and lacking even basic security updates. Lamb found millions of registration records, credentials for the central elections server, files for the electronic ballot equipment, and database information for the Global Election Management Systems (GEMS) used by many states for preparing ballots and counting votes. In other words, with rather basic tools that fall well outside the realm of sophisticated “hacking,” as it is known, Lamb would have had a wide-open entry point to disrupting Georgia elections last fall, had he been a malicious actor.

So let us not be complacent. Just because you do not understand something, does not mean that hundreds and thousands of others can’t easily hack it.

If [Connecticut] Voting Machines Were Hacked, Would Anyone Know?

NPR story by Pam Fessler:  If Voting Machines Were Hacked, Would Anyone Know?   Fessler quotes several experts and election officials including Connecticut Assistant Secretary of the State Peggy Reeves:

Still, Connecticut Election Director Peggy Reeves told a National Academies of Sciences, Engineering, and Medicine panel on Monday that many local election officials are ill-equipped to handle cybersecurity threats.

“Many of our towns actually have no local IT support,” she said. “Seriously, they don’t have an IT director in their town. They might have a consultant that they call on if they have an issue. So they look to us, but we’re a pretty small division.”

Reeves said the best protection against hackers is probably the fact that the nation’s voting system isso decentralized, with different processes and equipment used in thousands of different locations.

We certainly agree with that and the cybersecurity experts quoted.

NPR story by Pam Fessler:  If Voting Machines Were Hacked, Would Anyone Know? <read>  Fessler quotes several experts and election officials including Connecticut Assistant Secretary of the State Peggy Reeves:

Still, Connecticut Election Director Peggy Reeves told a National Academies of Sciences, Engineering, and Medicine panel on Monday that many local election officials are ill-equipped to handle cybersecurity threats.

“Many of our towns actually have no local IT support,” she said. “Seriously, they don’t have an IT director in their town. They might have a consultant that they call on if they have an issue. So they look to us, but we’re a pretty small division.”

Reeves said the best protection against hackers is probably the fact that the nation’s voting system isso decentralized, with different processes and equipment used in thousands of different locations.

We certainly agree with that and the cybersecurity experts quoted.

 

A cut below the rest: National beacon or bad example?

Every year Connecticut’s Citizen Election Program is under assault.  This year is no different.

Here is the bottom line:  The Citizen’s Election Program is a drop in the bucket.  A small percentage of what we pay for the General Assembly and its staff;  A smaller percentage of the state budget; $10 million a year compared to billions in the budget.  Just one bad decision against the people can cost us several times that $10 million.

Read more from the In These Times article: Ten Years Ago, Connecticut Got Big Money Out of Its Elections. Now Democrats Are Gutting the Program

Every year Connecticut’s Citizen Election Program is under assault.  This year is no different.

Here is the bottom line:  The Citizen’s Election Program is a drop in the bucket.  A small percentage of what we pay for the General Assembly and its staff;  A smaller percentage of the state budget; $10 million a year compared to billions in the budget.  Just one bad decision against the people can cost us several times that $10 million.

Read more from the In These Times article: Ten Years Ago, Connecticut Got Big Money Out of Its Elections. Now Democrats Are Gutting the Program  <read>

Connecticut’s introduction of the Citizens’ Election Program (CEP) in 2005, seriously curbed the influence of corporations and the rich on state elections. Yet, this beacon of democracy could soon dim, as the state legislature is on the verge of gutting the law that gave the state its democratic promise.

Amid Charges Russia Hacked U.S. Election, Keith Alexander Encourages eVoting for Canada

Former NSA Chief and now CEO cyber security contractor says Canada needs more cyber security, cyber weapons,  and should deploy electronic voting:  Don’t let cyberattack threat deter Canada from online voting, says former head of NSA

foreign interference that may have influenced the U.S. election should not deter Canada and other countries from embracing online voting, says the former head of the U.S. National Security Agency.

Retired U.S. general Keith Alexander, speaking at a defence industry trade show in Ottawa, also said it is important the Canadian military have some kind of offensive cyber capacity, even if that ability is limited.

There is no going back to a manual voting system, Alexander said in an interview with CBC News following his remarks to defence contractors, in which he warned that both government and private sector networks are vulnerable to a rising tide of “destructive” cyberattacks…

The U.S. experience is something to learn from, he said, but it should not make countries like Canada leery of e-voting.

Former NSA Chief and now CEO cyber security contractor says Canada needs more cyber security, cyber weapons,  and should deploy electronic voting:  Don’t let cyberattack threat deter Canada from online voting, says former head of NSA <read>

Former National Security Agency director Keith Alexander, seen here testifying before the U.S. Senate intelligence committee in March, says Canada may need to develop an offensive cyber security posture or the ability to shut down cyberattacks. (Susan Walsh/Associated Press)

foreign interference that may have influenced the U.S. election should not deter Canada and other countries from embracing online voting, says the former head of the U.S. National Security Agency.

Retired U.S. general Keith Alexander, speaking at a defence industry trade show in Ottawa, also said it is important the Canadian military have some kind of offensive cyber capacity, even if that ability is limited.

There is no going back to a manual voting system, Alexander said in an interview with CBC News following his remarks to defence contractors, in which he warned that both government and private sector networks are vulnerable to a rising tide of “destructive” cyberattacks…

The U.S. experience is something to learn from, he said, but it should not make countries like Canada leery of e-voting.

“You can create a system where people can authenticate and vote online,” said Alexander, who in addition to running the NSA during the Edward Snowden leaks, was also head of the U.S. military’s cyber command.

We agree that everyone including all levels of the U.S. Government need to beef up cyber security.  Yet, no system is yet, or ever will be completely secure. There are several reason against Internet Voting at this time:

  • No system has proven secure and likely cannot be made secure.  Especially a system used over the Internet, presumably on consumers’ computers and smart phones.
  • Encryption is not sufficient and is not even safe, with holes provided by organizations within the U.S. Government.
  • Proposed systems for public online voting implementation do not and cannot provide voter verification and publicly verifiable auditing of results.
  • No commercial system has successfully passed a credible security audit or open security test.  Most vendors have resisted any such testing.

Meanwhile it is pretty clear that U.S. voter registration systems were hacked before the November election.  Consider the latest document leaked to the Intercept: Top-Secret NSA Report  Details Russian Hacking Effort Days Before the 2016 Election <read>  No evidence yet that the 2017 election was manipulated or deterred by such an attack, nor actual evidence that the Russian Government was involved.  There is also little evidence to the contrary.  A difficult thing to prove either way.  One problem with the Internet and cybersecurity is that it is easy to make it look like someone else did it.  Evidence that looks like Russian hackers could come from elsewhere,  and even then its a far cry from Russian hackers to determining it was the Russian Government.  From the Intercept:

The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.

While the document provides a rare window into the NSA’s understanding of the mechanics of Russian hacking, it does not show the underlying “raw” intelligence on which the analysis is based. A U.S. intelligence officer who declined to be identified cautioned against drawing too big a conclusion from the document because a single analysis is not necessarily definitive.

The United States should make ballots verifiable—or go back to paper.

Article in The Atlantic: The Case for Standardized and Secure Voting Technology 

It’s time to fix the voting process.

American voting systems have improved in recent years, but they collectively remain a giant mess. Voting is controlled by states, and typically administered by counties and local governments. Voting laws differ depending on where you are. Voting machines vary, too; there’s no standard system for the nation.

Accountability is a crapshoot. In some jurisdictions, voters use machines that create electronic tallies with no “paper trail”—that is, no tangible evidence whatsoever that the voter’s choices were honored. A “recount” in such places means asking the machine whether it was right the first time.

We need to fix all of this.

Article in The Atlantic: The Case for Standardized and Secure Voting Technology <read>

It’s time to fix the voting process.

American voting systems have improved in recent years, but they collectively remain a giant mess. Voting is controlled by states, and typically administered by counties and local governments. Voting laws differ depending on where you are. Voting machines vary, too; there’s no standard system for the nation.

Accountability is a crapshoot. In some jurisdictions, voters use machines that create electronic tallies with no “paper trail”—that is, no tangible evidence whatsoever that the voter’s choices were honored. A “recount” in such places means asking the machine whether it was right the first time.

We need to fix all of this. But state and local governments are perpetually cash-starved, and politicians refuse to spend the money that would be required to do it.

Among many other needed measures promoted by nonprofit and nonpartisan Verified Voting, Congress should require standardized voting systems around the nation. It should insist on rock-solid security, augmented by frequent audits of hardware and software. Recounts should be performed routinely and randomly to ensure that verified-voting systems work as designed. The paper ballot generated by the machine should be the official ballot.

What Congress should emphatically not do is allow or encourage online voting. The sorry state of cybersecurity in general makes clear how foolhardy it would be to go anywhere near widespread “Internet voting” in the foreseeable future…

As we have long said in Myth #9, paper alone is insufficient:  “Myth #9 – If there is ever a concern we can always count the paper.”