Category: Electronic Vulnerability

Georgia voter registration system crisis touches Connecticut

Georgia Secretary of State, Brian Kemp, just launched an investigation of the Democratic Party of Georgia, after their consultant pointed out a serious vulnerability in Georgia’s voter registration system/database: Kemp’s Aggressive Gambit to Distract From Election Security Crisis

This touches Connecticut because the vendor for Georgia’s system, PCC, is located in Bloomfield Connecticut and supplies Connecticut’s voter registration and election night reporting systems. It is not certain that the reports so far accurately portray PCC’s role in Georgia and if any of the same vulnerabilities apply to the Connecticut’s system. From our understanding Connecticut has paid a lot of attention to the security of our voter registration system and that PCC supplies the software by is not involved in its operation. We have reached out to the Secretary of the State’s Office suggesting that they address the relevance of the Georgia report to Connecticut.

Georgia Secretary of State, Brian Kemp, just launched an investigation of the Democratic Party of Georgia, after their consultant pointed out a serious vulnerability in Georgia’s voter registration system/database: Kemp’s Aggressive Gambit to Distract From Election Security Crisis <read>

This touches Connecticut because the vendor for Georgia’s system, PCC, is located in Bloomfield Connecticut and supplies Connecticut’s voter registration and election night reporting systems. It is not certain that the reports so far accurately portray PCC’s role in Georgia and if any of the same vulnerabilities apply to the Connecticut’s system. From our understanding Connecticut has paid a lot of attention to the security of our voter registration system and that PCC supplies the software by is not involved in its operation. We have reached out to the Secretary of the State’s Office suggesting that they address the relevance of the Georgia report to Connecticut.

The beginning of the article points to the weakness discovered in the Georgia system and the attempted political deflection of the issue from Brian Kemp’s responsibilities as Secretary of State to the Democratic Party:

When Georgia Democrats were alerted to what they believe to be major vulnerabilities in the state’s voter registration system Saturday, they contacted computer security experts who verified the problems. They then notified Secretary of State Brian Kemp’s lawyers and national intelligence officials in the hope of getting the problems fixed.

Instead of addressing the security issues, Kemp’s office put out a statement Sunday saying he had opened an investigation that targets the Democrats for hacking…

WhoWhatWhy, which exclusively reported on these vulnerabilities Sunday morning, had consulted with five computer security experts on Saturday to verify the seriousness of the situation. They confirmed that these security gaps would allow even a low-skilled hacker to compromise Georgia’s voter registration system and, in turn, the election itself. It is not known how long these vulnerabilities have existed or whether they have been exploited…

“What is particularly outrageous about this, is that I gave this information in confidence to Kemp’s lawyers so that something could be done about it without exposing the vulnerability to the public,” Brown told WhoWhatWhy. “Putting his own political agenda over the security of the election, Kemp is ignoring his responsibility to the people of Georgia.”…

“It’s so juvenile from an information security perspective that it’s crazy this is part of a live system,” Constable said.

It’s Georgia and Brian Kemp’s responsibility but the article also implicates PCC:

A Connecticut-based private contractor, PCC Technologies Inc., has contracts to manage voter registration systems for Georgia and 14 other states. PCC also runs online voter registration for six of them, including Georgia. If these vulnerabilities exist in Georgia, they could also be present in other states where PCC operates.

Matt Bernhard, a Ph.D. student in computer science at the University of Michigan focusing on voting technology, found that personally identifiable information could also be accessed through North Carolina’s voter page, which PCC also manages.

As Georgia’s system has not been audited — if it had, these problems would have been found and fixed, presumably — there are likely other vulnerabilities that could impact the midterm election, according to Constable.

PCC also runs the ElectioNet system, which is used by every county in Georgia to manage the state’s voter rolls. If voter registration data was changed, it would show up in the ElectioNet system. In a declaration as part of a recent lawsuit against the state, Colin McRae, chair of the Chatham County Board of Registrars, disclosed that the ElectioNet system is also responsible for populating the data in the pollbooks of every state.

Our understanding is that PCC just supplies software to Connecticut and does not manage our voter registration system.

Connecticut does not officially use ePollbooks. We use printed paper checkin lists, although some registrars have purchased and use ePollbooks for redundant record keeping. We presume it is PCC code that is used to print the paper checkin lists we use and to load the ePollbooks purchased by some towns.  Any significant errors in either of those could cause chaos and dramatically effect elections.  Once again, there is a strong possibility that vulnerabilities in Georgia may not apply to Connecticut.

 

 

The front line of election security in Connecticut has about 169 weak points

Last week, West Haven paid a $2,000 ransom to hackers to unlock its computer systems. In a statement from the city, the ransom was characterized as a “one-time fee.” The word-choice here reveals an oversimplified view of the reality of ransomware, a cyberattack in which hackers lock data and demand payment.

First, West Haven was lucky to regain access to its systems after paying the ransom. Fewer than a quarter of ransomware victims actually get their files back after paying up. More often, hackers pocket the money and leave the data scrambled.

The notion of a “one-time fee” also fails to account for reputation damage and loss of trust. A city like West Haven — which is already navigating difficult financial straights — needs to rally community support. A blunder like this undermines the momentum it was building…

 

Excellent op-ed in the Courant today, explaining the risks of ransomeware. Cities Must Pay For Cybersecurity, Not Ransoms <read>

Last week, West Haven paid a $2,000 ransom to hackers to unlock its computer systems. In a statement from the city, the ransom was characterized as a “one-time fee.” The word-choice here reveals an oversimplified view of the reality of ransomware, a cyberattack in which hackers lock data and demand payment.

First, West Haven was lucky to regain access to its systems after paying the ransom. Fewer than a quarter of ransomware victims actually get their files back after paying up. More often, hackers pocket the money and leave the data scrambled.

The notion of a “one-time fee” also fails to account for reputation damage and loss of trust. A city like West Haven — which is already navigating difficult financial straights — needs to rally community support. A blunder like this undermines the momentum it was building…

However, the fact is that remediating a cyberattack comes at a much greater cost than preventing one in the first place. While the $2,000 ransom may seem relatively low, tracking how the attack happened, assessing the damage and shoring up defenses quickly is an expensive proposition. Just ask Lansing, Mich., which, even with insurance, paid $500,000 out of pocket for remediation after a 2016 ransomware attack (total cost: $2.4 million).

The best way to bounce back from ransomware is to have a strong backup system, something every organization needs for a number of reasons. The fact that West Haven paid the ransom suggests that there was no effective backup system in place. If that is the case, the city truly did not have a lot of options once the ransomware attack occurred.

Our Editorial

When it comes to elections the problem starts with cybersecurity, yet also requires physical security of voting equipment and voted paper ballots. In most towns in Connecticut ballots and voting equipment are “protected” by a single key, often accessible by multiple single individuals, keys often associated with weak locks and storage closets, all providing access available single individuals for hours, undetected.

The solution is strong security of equipment and especially voted paper ballots, with strong, sufficient recount and audit laws, well followed, with transparency and public verifiability.

Here’s How Russia May Have Already Hacked the 2018 Midterm Elections

New article from Newsweek: Here’s How Russia May Have Already Hacked the 2018 Midterm Elections  <read>

They are talking about PA, but the same could apply to Connecticut:

Even though Bucks County’s Shouptronics aren’t wired, hackers have several ways of compromising them. The most direct and effective way would be to replace a computer chip in the machine that holds instructions on what to do when voters press the buttons with one that holds instructions written by hackers.

New article from Newsweek: Here’s How Russia May Have Already Hacked the 2018 Midterm Elections  <read>

They are talking about PA, but the same could apply to Connecticut:

Even though Bucks County’s Shouptronics aren’t wired, hackers have several ways of compromising them. The most direct and effective way would be to replace a computer chip in the machine that holds instructions on what to do when voters press the buttons with one that holds instructions written by hackers. When this chip is working properly, it ensures that a voter who presses the button next to Mary Smith’s name actually registers a vote for Mary Smith. A hacked chip could be programmed to add that vote to the rival’s tally instead. Or, to avoid detection, it might switch only one in five votes for Mary Smith to her rival.

Or it could simply fail to register a vote for either candidate. This technique is called “undervoting,” because it implies that the voter chose to not vote for either candidate, which voters sometimes do. To further avoid pre- and post-election tests, the hacked chip could be programmed to behave perfectly correctly for an hour or so on election morning, when pre-­election testing is typically done, and also to stop misbehaving just before voting ends, so post-election testing won’t turn anything up.

Swapping a chip would require physical access to the machines, ­either sometime before November 6 or on Election Day itself.

But the Government has assured us that no actual voting machine hacks were discovered after the 2016 election?

It’s possible the Russians ­perfected their attacks on electronic voting ­machines in the 2016 election without tipping their hand. No such ­attacks have been documented—but then again, nobody’s looked. “As far as I know, exactly zero machines were forensically tested after the elections,” says cybersecurity expert Alex Halderman, a computer science and engineering professor at the University of Michigan. In other words, we have no way of knowing if voting machines in Bucks County and other vulnerable counties with tight races for House seats are already primed to report phony results ordered up by Russian intelligence officers.

At least in CT we have paper ballots, if we protect and exploit them sufficiently. That is a big if.

Do Connecticut’s Tamper-“Evident” Seals Protect Our Ballots?

Experts and amateurs have long claimed that so called, tamper-evident seals are easy to defeat.

Experts and amateurs have long claimed that so called, tamper-evident seals are easy to defeat.
See Security Theater: Scary! Expert Outlines Physical Security Limitations.

Matt Bernhard has provided a video showing one easy method of compromising the seals commonly in use in Connecticut. Those that seal perhaps 90% of our ballots and optical scanners:

As Matt says there is a small possibility someone could detect the resealing. I doubt it would happen and if it did it would be doubted. There are no seal protocols in Connecticut.

There is more explanation in a similar video Matt did earlier with a bit different seal:

Don’t worry the bad guys, expert and amateur, have other ways as well. We are not helping them. We are informing those that feel our ballots are secure.

PS: Most voted ballots in Connecticut are sealed in bags or plastic boxes and stored where they can be accessed by multiple single individuals for hours, undetected.

The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

Often, as a computer scientist, I forget that what a very small minority know that becomes almost intuitive, is far from obvious to others approaching magic, a deluded conspiracy, or amateur science fiction.

Any sufficiently advanced technology is indistinguishable from magic. – Arthur C. Clarke
This article from Bloomberg News is a case in point.

Often, as a computer scientist, I forget that what a very small minority know that becomes almost intuitive, is far from obvious to others approaching magic, a deluded conspiracy, or amateur science fiction.

Any sufficiently advanced technology is indistinguishable from magic. – Arthur C. Clarke
This article from Bloomberg News is a case in point. When I tell many election officials that voting machines not connected to WiFi remain unsafe, I am greeted with dismissive looks of unbelief. The conversation ends quickly as they walk away, eager to put space between themselves and this crazy person. The truth is we do not know what is running inside Connecticut’s AccuVote-OS scanners. Is there some rogue code or portion of a chip there from the beginning? During maintenance did an LHS employee replace one chip with a rogue chip indistinguishable from the original?  Was a chip replaced by a lowly or high-level town employee, undetected – perhaps not even a technical novice, but one who has been threatened into the deed?
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies – The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources. <read>

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers…

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get…

One official says investigators found that it eventually affected almost 30 companies, including a major bank, government contractors, and the world’s most valuable company, Apple Inc.

We do not know if any of these motherboards are used for any election equipment – voting equipment, election web sites,voter registration systems, or election reporting systems.  Yet, the point is this or a similar stealth attack could be lie in wait today or be installed soon in existing or new equipment.

The Crisis in Election Security by Kim Zetter

The feature in the NYTmes Magazine by Kim Zetter:  The Crisis of Election Security – As the midterms approach, America’s electronic voting systems are more vulnerable than ever. Why isn’t anyone trying to fix them? <read>  The article is a sad summary of where are and how we got here.

Two years later, as the 2018 elections approach, the American intelligence community is issuing increasingly dire warnings about potential interference from Russia and other countries, but the voting infrastructure remains largely unchanged…How did our election system get so vulnerable, and why haven’t officials tried harder to fix it? The answer, ultimately, comes down to politics and money: The voting machines are made by well-connected private companies that wield immense control over their proprietary software, often fighting vigorously in court to prevent anyone from examining it when things go awry.

 

 

The feature in the NYTmes Magazine by Kim Zetter:  The Crisis of Election Security – As the midterms approach, America’s electronic voting systems are more vulnerable than ever. Why isn’t anyone trying to fix them? <read>

Zetter is the leading author/investigative reporter on electronic security, author of Countdown to Zero Day (STUXNET). The article is a sad summary of where are and how we got here.

Two years later, as the 2018 elections approach, the American intelligence community is issuing increasingly dire warnings about potential interference from Russia and other countries, but the voting infrastructure remains largely unchanged. D.H.S. has now conducted remote-scanning and on-site assessments of state and county election systems, but these are still largely Band-Aid measures applied to internet-facing servers. They don’t address core vulnerabilities in voting machines or the systems used to program them. And they ignore the fact that many voting machines that elections officials insist are disconnected from the internet — and therefore beyond the reach of hackers — are in fact accessible by way of the modems they use to transmit vote totals on election night. Add to this the fact that states don’t conduct robust postelection audits — a manual comparison of paper ballots to digital tallies is the best method we have to detect when something has gone wrong in an election — and there’s a good chance we simply won’t know if someone has altered the digital votes in the next election.

How did our election system get so vulnerable, and why haven’t officials tried harder to fix it? The answer, ultimately, comes down to politics and money: The voting machines are made by well-connected private companies that wield immense control over their proprietary software, often fighting vigorously in court to prevent anyone from examining it when things go awry.

I would add that even machines not connected to the Internet or wireless are still quite vulnerable as articulated by Zetter in Countdown to Zero Day.

 

 

What we don’t understand seems all but impossible and fictional

Like you I don’t know a lot about brain surgery, flying a jet, or hacking a cell-phone. Off-hand I often think of all of those somewhere on a spectrum from taking years to learn, to almost impossible, fictional or magical.  Yet the evidence is different. People learn brain surgery, perform it regularly and well. Just this week we saw a mechanic take-off and fly a jumbo jet, apparently with only some video game experience. Which brings me to my newest proverb:

What we don’t understand seems all but impossible and fictional.

But that is not true. Case in point, DEFCON.

Like you I don’t know a lot about brain surgery, flying a jet, or hacking a cell-phone. Off-hand I often think of all of those somewhere on a spectrum from taking years to learn, to almost impossible, fictional or magical.  Yet the evidence is different. People learn brain surgery, perform it regularly and well. Just this week we saw a mechanic take-off and fly a jumbo jet, apparently with only some video game experience. Which brings me to my newest proverb:

What we don’t understand seems all but impossible and fictional.

But that is not true.  Perhaps I know that because I was once an expert in one software product. In the 1970’s I was an expert in a product by IBM called IMS. It was relatively new and it had occasional problem. IBM gave customers access to its source code. I could occasionally diagnose and cure problems by studying the symptoms and speculating on the possible errors in the code that would cause them, suggesting fixes to IBM often fixing them myself when IBM refused to address them. Few, if any, know how I did it. I knew, it was years of education, interest, access to that code, combined with a job that offered me an opportunity to do good things for my employer.  Others, not everyone, could have done the same thing with enough motivation and interest. Even when I don’t know how to do something, I can understand how others could.  How many of you know how to build apps for an iPhone?  Well thousands have learned how to do that.  And those apps often steal our data and can do many things with our iPhone. Do you trust those apps? Do you trust your iPhone? I rely on mine, yet I know danger always lurks.

A could of weeks ago I spent some time with an election official. He was obviously smart and accomplished, with a wide-ranging prospective. Yet, near the end of our time together, another computer scientist and I were unable to convince him that voting scanners were in any danger because his elections office did pre-election testing, had election definition files encrypted from a vendor, had no scanner internet connectivity, and kept the devices secured. Those all are good practices, yet even altogether they are insufficient with proven vulnerabilities. When we ended that discussion, I could tell he thought I must be crazy as we agreed to disagree.

Anyone who knows computers and software understands the risks. Any who has read in detail about STUXNET understands such threats are real.  Few really understand how much more real and easy are threats from insiders. Every one of those security measures can by broken by outsiders, yet are much more easily broken by a myriad of insiders.

Case in point DEFCON, last week where some threats from outsiders are close to “Child’s Play”, many take just a bit more maturity, experience, and knowledge: US voting systems: Full of holes, loaded with pop music, and ‘hacked’ by an 11-year-old <read>

The first day saw 39 kids, ranging in age from six to 17, try to crack into facsimiles of government election results websites, developed by former White House technology advisor Brian Markus. The sites had deliberate security holes for the youngsters to exploit – SQL injection flaws, and similar classic coding cockups.

All but four of the children managed to leverage the planted vulnerabilities within the allotted three-hour contest. Thus, it really is child’s play to commandeer a website that doesn’t follow basic secure programming practices nor keep up to date with patches – something that ought to focus the minds of people maintaining election information websites…

On the adult side, Premier/Diebold’s* TSX voting machines were found to be using SSL certificates that were five years old, and one person managed to, with physical access, upload a Linux operating system to the device and use it to play music, although that hack took a little more time than you’d get while voting.

Diebold’s Express Poll 5000 machines were even easier to crack, thanks to having an easily accessible memory card, which you could swap out while voting, containing supervisor passwords in plain text. An attacker could physically access and tamper with these cards, which also hold the unencoded personal records for all voters including the last four digits of their social security numbers, addresses, and driver’s license numbers.

Hackers thus found that by inserting specially programmed memory cards when no election official is looking, they could change voting tallies and voter registration information. And take a guess what the root password was? Yes, “Password” – again stored in plain text.

..

Georgia: New information enhance title as a Most Vulnerable State

article from McClatchy: Georgia election officials knew system had ‘critical vulnerabilities’ before 2016 vote

Georgia election officials got a friendly warning in August 2016 that their electronic voting system could be easily breached.

But less than a month before the November election, a state cybersecurity official fretted that “critical vulnerabilities” persisted, internal emails show.

The emails, obtained through a voting security group’s open records request, offer a glimpse into a Georgia election security team that appeared to be outmatched even as evidence grew that Russian operatives were seeking to penetrate state and county election systems across the country…

The disclosures add to alarms about the security of Georgia’s elections — not only in 2016, but also heading into this fall’s midterm elections.

Another article from McClatchy: Georgia election officials knew system had ‘critical vulnerabilities’ before 2016 vote <read>

Georgia election officials got a friendly warning in August 2016 that their electronic voting system could be easily breached.

But less than a month before the November election, a state cybersecurity official fretted that “critical vulnerabilities” persisted, internal emails show.

The emails, obtained through a voting security group’s open records request, offer a glimpse into a Georgia election security team that appeared to be outmatched even as evidence grew that Russian operatives were seeking to penetrate state and county election systems across the country…

The disclosures add to alarms about the security of Georgia’s elections — not only in 2016, but also heading into this fall’s midterm elections.

“I think these emails reveal that they recognized this system was catastrophically insecure,” said Robert McGuire, a Seattle lawyer representing citizen activists in a lawsuit that seeks to force Georgia to scrap its paperless electronic voting machines this fall and shift to paper ballots.

Secretary of State Brian Kemp, whose office oversees the state’s elections, says he was unaware of the system vulnerabilities at the time. Kemp, the Republican nominee for governor in this fall’s election, still maintains Georgia’s system is secure…

As a result, experts say, the system may be an inviting target for operatives from Russia and elsewhere to install software that manipulates votes without detection.

Georgia:  Are you sure you want this man to be your Governor. Are you sure you actually can participate in that choice?

 

 

Top voting vendor, ES&S, admits lying to public and election officials for years

Article from Mother Board by Kim Zetter: Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States <read>

Wyden told Motherboard that installing remote-access software and modems on election equipment “is the worst decision for security short of leaving ballot boxes on a Moscow street corner.”

I would add that lying about ballot boxes being left on a Moscow street corner is equivalent to flat out lying about the software installed on your products. We should expect more from companies whose hands and integrity upon which our elections depend.

Article from Mother Board by Kim Zetter: Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States <read>

Remote access software can be used to take over a computer from a distant computer for maintenance and trouble-shooting, unfortunately also from fraud.

From the article:

The nation’s top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them.

In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had “provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006,” which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. “None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software,” the spokesperson said.

ES&S did not respond on Monday to questions from Motherboard, and it’s not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

Election-management systems are not the voting terminals that voters use to cast their ballots, but are just as critical: they sit in county election offices and contain software that in some counties is used to program all the voting machines used in the county; the systems also tabulate final results aggregated from voting machines.

We point out that because those machines can be used to “used to program all the voting machines”, they can be used to change the software used on those machines and essentially are just as risky to those machines as would be if pcAnywhere were installed on those machines as well.

Wyden told Motherboard that installing remote-access software and modems on election equipment “is the worst decision for security short of leaving ballot boxes on a Moscow street corner.”

I would add that lying about ballot boxes being left on a Moscow street corner is equivalent to flat 0ut lying about the software installed on your products. We should expect more from companies whose hands and integrity upon which our elections depend.

Election Vulnerability: What we can learn from Ed Snowden and the NSA.

Now I have your attention, we can discuss the NSA and Ed Snowden in a bit. Let’s start with an Editorial:

Protecting Against Russian Cyber Risks is Insufficient. The attention on Cybersecurity, election hacking and Russian interference is good. There are cyber risks and Russia is capable. We should improve our cybersecurity across the board, including elections. Every vote should be backed up by a, so called, voter verified paper ballot. Yet that is far from sufficient.

Now I have your attention, we can discuss the NSA and Ed Snowden in a bit. Let’s start with an Editorial:

Protecting Against Russian Cyber Risks is Insufficient. The attention on Cybersecurity, election hacking and Russian interference is good. There are cyber risks and Russia is capable. We should improve our cybersecurity across the board, including elections. Every vote should be backed up by a, so called, voter verified paper ballot. Yet that is far from sufficient.

Cyber risks do not come from Russia alone; do not come from nation states alone; they come from hackers and political actors of all persuasions and motivations. There are also insider attacks, attacks from political actors, and their sympathizers. There is also the risk of error.

We focus too much on preventing attacks and errors, neglecting the equally important areas of detection and recovery. Ultimately prevention, at best, will always be an incomplete, never ending process. Detention and recovery means protecting paper ballots and actually using them. Using them means following up elections with sufficient post-election audits and recounts. Post-election audits with sufficient chance of detecting errors, expanding those audits when errors indicate that the apparent winners may be incorrect, expanding those audits ultimately, when necessary to full recounts. Audits should include process audits to assure that registration lists and voters checked in were accurate enough to guarantee the election was fair. When all else fails, being ready to rerun critically flawed elections.

Snowden and the NSA

This is not about what Ed Snowden did, but how he did it. Snowden was able, because as a single contractor, he had the keys to the kingdom! All the cyber expertise of the NSA came down to one individual who had the information and the capability to expose everything. The motive and opportunity. He could just have easily have gummed up the works of the entire NSA system. Most systems have such people – they know the technology and are key to keeping it working. We need them. The system needs them. How many are there? Likely a lot more than we think. In the NSA, every critical support person with access to the NSA system. Not just with password access to the official system: Also any one who supports the underlying software and hardware systems: application software, compilers, operating systems, mainframes, servers, routers, the network/phone system.

Every election office has those people and vulnerabilities. Every election official who has access to voting machines and memory cards over their lifetime. The contractors who program the memory cards. Postal employees, shippers, and contractors charged with the mail or package delivery of memory cards. The person in the mail room in town hall. How safe is the storage of the machines, memory cards, and paper ballots? How safe is town hall on weekends and overnight? Who is responsible for managing the town network and computers? Who are all the contractors in town hall? Or employed by the voting machine maintenance vendor? Are your election officials and town staff able to do what the NSA could not?

If you don’t believe this, trust me. I have been there in the bowels of a large company and working for small software companies supporting large companies and government agencies.  Consider Chelsea Manning a single specialist at a computer in a war zone. Manning needed no technical expertise. None is required to program memory cards or clandestinely provide access to or conspire with those with expertise.