Internet Security Issues

No, its not the time for more electronics in Connecticut’s voting

An Op-Ed in the CT Mirror: It’s time to modernize the way Connecticut votes.

The main trust is that we should do more electronic automation of the election process in Connecticut such as electronic transmission of results and electronic pollbooks, and alluding to less pens and paper in voting.

Perhaps we can forgive the author for accepting at face value the claims of vendors and their customers that have sunk unnecessary millions into questionable technology. Sometimes it works well and saves time and effort, sometimes it doesn’t!

  • Lets start with electronic submission of results. That idea has a couple of basic flaws…

Our bottom line: Never change from Voter Marked Paper Ballots unless there is some dramatic technological breakthrough. Avoid connectivity for voting machines. Cautiously consider electronic pollbooks, with mandatory paper backup systems. Keep using our current AccuVoteOS until they really need replacing – perhaps better more economical alternatives will become available, perhaps they will comply with the new Federal standards expected soon.


Kim Zetter investigates NC pollbook for Russian hack — And additional FL incidents!

From Politico: How Close Did Russia Really Come to Hacking the 2016 Election?

Why does what happened to a small Florida company and a few electronic poll books in a single North Carolina county matter to the integrity of the national election? The story of Election Day in Durham—and what we still don’t know about it—is a window into the complex, and often fragile, infrastructure that governs American voting…

The fact that so many significant questions about VR Systems remain unanswered three years after the 2016 election undermines the government’s assertions that it’s committed to providing election officials with all of the timely information they need to secure their systems in 2020. It also raises concerns that the public may never really know what occurred in 2016.

John Oliver on election integrity

You may not believe Scientists, yet John Oliver does…

Jimmy Carter says a full investigation would show Trump lost in 2016, we are not so sure.

Former President Jimmy Carter questioned the legitimacy of Donald Trump’s presidency on Thursday, saying he would likely not be in the White House if the Russians did not interfere in the 2016 presidential election.

“I think a full investigation would show that Trump didn’t actually win the election in 2016. He lost the election, and he was put into office because the Russians interfered on his behalf,”

I have the greatest respect for President Carter, especially after his presidency, including his work for election integrity across the Globe. Yet we need actual actions not speculation.

The Cyber War? We will all be victims.

NYTimes, David Sanger: U.S. Escalates Online Attacks on Russia’s Power Grid

To me, the basic story is a ho hum. Russia and China are lurking in our power grid and its been known for sometime we are in Russia’s. I would be concerned if we weren’t attempting to match them. All of that is covered in Sanger’s book, The Perfect Weapon, which I am reading right now.

There are two things that are scary in all this:

Four pieces of testimony on five bills, including Blockchain and RCV

On Wednesday the GAE Committee held testimony on another raft if bills.

The bills, and links to my testimony, in priority order: (Take a look at all the testimony <here>, best to look by bill number than date)

H.B.5417 A proposed study to use blockchain to solve some undefined problem in voter registration. I opposed, perhaps the only one in the room who is a computer scientist. In summary, if someone wants to sell you or asks you to invest in blockchain – Run. Run fast and keep your eye on your wallet and passwords! …

Merrill: “likely to increase audits”

Merrill said her office will likely also increase its audits. Currently it randomly selects voting precincts to have primary results audited following elections; five percent of polling places that use optical scan machines are subject to the audit, as prescribed by Connecticut General Statutes 9-320f. Those counts are then matched against vote totals from optical scan machines.


the Myth of “Secure” Blockchain Voting

From David Jefferson at Verified Voting: Verified Voting Blog: The Myth of “Secure” Blockchain Voting <read>

Internet voting has been studied by computer security researchers for over twenty years. Cyber security experts universally agree that no technology, including blockchains, can adequately secure an online public election. Elections have unique security and privacy requirements fundamentally different from and much more stringent than those in other applications, such as e-commerce. They are uniquely vulnerable because anyone on Earth can attack them, and a successful cyberattack might go completely undetected, resulting in the wrong people elected with no evidence that anything was amiss….

Election security is a matter of national security. Blockchains, despite all the hype surrounding them, offer no defense against any of these well-known threats to which all online elections are vulnerable.

Israeli Firm Proves Our Point: Fax is as risky as Online Voting

As we have been saying for years, Online/Internet voting risks include email and fax voting.
<Since 2008>

Story today in the Washington Post:
Report: Hackers Target Fax Machines
Phone Line Connected To Computer Network Can Offer Access

Georgia: New information enhance title as a Most Vulnerable State

article from McClatchy: Georgia election officials knew system had ‘critical vulnerabilities’ before 2016 vote

Georgia election officials got a friendly warning in August 2016 that their electronic voting system could be easily breached.

But less than a month before the November election, a state cybersecurity official fretted that “critical vulnerabilities” persisted, internal emails show.

The emails, obtained through a voting security group’s open records request, offer a glimpse into a Georgia election security team that appeared to be outmatched even as evidence grew that Russian operatives were seeking to penetrate state and county election systems across the country…

The disclosures add to alarms about the security of Georgia’s elections — not only in 2016, but also heading into this fall’s midterm elections.