Category: Reports

Email and Internet Voting: The Overlooked Threat to Election Security

New report Email and Internet Voting: The Overlooked Threat to Election Security

This report reviews the research that has been conducted by the federal government concluding that secure online voting is not yet feasible…

States that permit online return of voted ballots should suspend the practice.

New report Email and Internet Voting: The Overlooked Threat to Election Security <read>

This report reviews the research that has been conducted by the federal government concluding that secure online voting is not yet feasible…

Until there is a major technological breakthrough in or fundamental change to the nature of the internet, the best method for securing elections is a tried-and-true one: mailed paper ballots. Paper ballots are not tamper-proof, but they are not vulnerable to the same wholesale fraud or manipulation associated with internet voting. Tampering with mailed paper ballots is a one-at-a-time attack. Infecting voters’ computers with malware or infecting the computers in the elections office that handle and count ballots are both effective methods for large-scale corruption.

Military voters undoubtedly face greater obstacles in casting their ballots. They deserve any help the government can give them to participate in democracy equally with all other citizens. However, in this threat-filled environment, online voting endangers the very democracy the U.S. military is charged with protecting.

Considering current technology and current threats, postal return of a voted ballot is the most responsible option. States that permit online return of voted ballots should suspend the practice.

VoteAllegheny Analysis of Election Risks in One County

VoteAllegheny presents a report by Carnegie-Mellon researchers on the vulnerabilities in a single county in a swing state. The biggest takeaway for us is understanding that a top-down analysis of vulnerabilities can yield the most cost-effective areas to focus on preventing election fraud. Where we spend our resources can make a difference in the results!

VoteAllegheny presents a report by Carnegie-Mellon researchers on the vulnerabilities in a single county in a swing state.  The biggest takeaway for us is understanding that a top-down analysis of vulnerabilities can yield the most cost-effective areas to focus on preventing election fraud. Where we spend our resources can make a difference in the results!

As Connecticut spends $5million+ in Federal election security dollars, perhaps an independent study like this one for Connecticut would be the most effective use of the 1st $1.00, pointing to the most cost-effective use of the rest of the $5million+.

American Progress Report: State Election Security Readiness

American Progress Report: Election Security in All 50 States

The report gives every state grades based on some detailed criteria. Connecticut was graded ‘B’, which it shared with several other states as the highest grade awarded. Yet there are problems and limitations with such reports. We would give Connecticut lower grades in some areas, higher in others, and are uncomfortable with other grades.

The report is useful and provides directions for improvement in many areas in every state. Election officials, legislators, and voters should act to improve our voting systems and laws in the near term.  We would give the authors A+ for effort and the report a grade of B.

American Progress Report: Election Security in All 50 States  <read>

The report gives every state grades based on some detailed criteria. Connecticut was graded ‘B’, which it shared with several other states as the highest grade awarded – it sets pretty stiff criteria for an ‘A’, yet we doubt that any state deserves an ‘A’.  Yet there are problems and limitations with such reports. We would give Connecticut lower grades in some areas, higher in others, and are uncomfortable with other grades.

The criteria at a high level:

1.Minimum cybersecurity standards for voter registration systems
2.Voter-verified paper audit trail
3.Post-election audits that test election results
4.Ballot accounting and reconciliation
5.Return of voted paper absentee ballots
6.Voting machine certification requirements
7.Pre-election logic and accuracy testing
The criteria are good at first glance, yet I question why only “minimum” standards for voter registration systems, criteria should include “recounts” and standards for security of voted paper ballots.
A big weakness in such reports is that much of the information is based on self-reporting by election officials,who can be biased, limit their views to their state’s practices, and may not have the technical expertise to evaluate many of the criteria.  Also state statutes may be misread or not represent the actual implementation in practice:
The information included in this report is derived primarily from state statutes and regulations, as well as interviews with state and local election officials.
The ratings in each category ranged from Unsatisfactory, Mixed, and Fair, to Good.  Connecticut received a ‘B’ from category ratings of:
Fair     1.Minimum cybersecurity standards for voter registration systems
Good   2.Voter-verified paper audit trail
Mixed 3.Post-election audits that test election results
Fair    4.Ballot accounting and reconciliation
Fair    5.Return of voted paper absentee ballots
Fair    6.Voting machine certification requirements
Fair    7.Pre-election logic and accuracy testing
The factors and category ratings were somewhat complex, with some categories providing a score of 0 or 1 and others scoring 0 to 3 based on the number of criteria matched. resulting in totals leading to the final letter grade.  So, where do we question Connecticut’s scores?  The details for Connecticut can be found starting on page 50 of the report.  Our comments and concerns:
Minimum cybersecurity standards for voter registration systems. This criteria is difficult to judge. The criteria is likely only based on interviews with officials. I suspect there is a tendency to say ‘Yes’ as often as possible. And even with accurate answers it is difficult to judge how well those criteria are met in practice.  Yet, for Connecticut it is clear that officials are concerned and working on cybersecurity for of all our systems, not just election systems.  As a central mainframe system managed by the State, the voter registration system is subject to every protection applied to that environment.
We would give Connecticut higher grades.  Connecticut was downgraded because the voter registration system was judged over 10 years old. We disagree with that broad-brush criteria and the definition of Connecticut’s system as over 10 years old. As an IBM Mainframe, CICS, DB2 system our voter registration system is presumably regularly upgraded with new versions of the operating system, CICS, and DB2. The hardware may also be less than 10 years old. In addition, the registration system itself has been enhanced.
Post-election audits that test election results. Here we would downgrade the “mixed” results. As has been repeatedly reported by the Citizen Audit, the conduct of the audit falls short of what would be reasonably expected of any effective audit. While it is true the statutes require that the audit be completed before certification, in practice that is impossible in some elections since certification must be complete before the date the audits can commence. It also depends on the definition of “complete”. In practice, the overall audits are not complete until the Secretary of the State receives the final report from UConn and files that with the SEEC.  The reports for all elections since November 2011 are yet to be filed and only one report  for a primary (2014) has been filed in that period.
Ballot accounting and reconciliation. Once again we would downgrade Connecticut’s score. In practice, ballot accounting and reconciliation do not always occur.  In recent years in almost every election, the Citizen Audit, has documented instances where write-in ballots (up to 151) have been read into the scanner at the end of election day in error. That results in counts that exceed the number of checked-off voters. In most instances those discrepancies have been discovered only by the audit, showing that they had not been discovered or addressed in the closing of the polls, nor in the review of results by both registrars and municipal clerks.
Voting machine certification requirements.  Here we would upgrade Connecticut’s score. Connecticut was downgraded because our optical scanners are just over 10 years old – their design and circuits are even older in technology. Yet, they are working fine and from random survey’s of the Citizen Audit are not showing signs of age. There are incrementally better systems available today, yet voter marked paper ballots will continue to protect our votes. We expect they will need to be replaced in the next 5 to 10 years, but not yet. The longer we wait the better options will become available, at lower cost, and will also last that many years longer.
Missing Criteria Recounts:  About half the states have close-vote recounts.  Connecticut has close-vote recanvasses, which fall short of the best adversarial manual recounts in some other states.  Connecticut should have more open, adversarial recounts, with more time to call for and perform recounts, with stronger criteria than the upper limit of 2000 vote differences which is too low a threshold ( as low as 0.12% in statewide elections).  We should also allow for candidates, parties, or citizens to call for a limited number of directed recounts of specified districts, perhaps at a reasonable fee. We would rate Connecticut mixed in this criteria, as our recanvasses are actually conduced, usually fairly, yet not conduced uniformly and in accordance with the law.  Sadly, that mixed rating would put us in the top 50% of all States in the recount category.
Protection of Paper Ballots. Here, once again, we would rate Connecticut mixed. Connecticut has an inadequate law for the protection of paper ballots and the actual practices in the vast majority of towns do not provide credible evidence that ballots were not tampered with. Once again, see the Citizen Audit reports.  Despite inadequate law and practice, the distributed nature of Connecticut’s election system mean that for statewide elections it is doubtful that enough ballots could be manipulated in the same direction to change anything but the closest of outcomes.  Unfortunately, that leaves local and regional elections vulnerable, protected only by trust in every election official and other local staff that frequently have access to voted ballots.
Finally, despite flaws, the report is useful and provides directions for improvement in many areas in every state. Election officials, legislators, and voters should act to improve our voting systems and laws in the near term.  We would give the authors A+ for effort and the report a grade of B.

RoundUp: Spy vs Spy, while Officials and Voters lose

Almost every day lately there is news on the potential of future and past hacking, including election hacking. Today we suggest three recent articles and a report.

The N.S.A. bans its analysts from using Kaspersky antivirus at the agency, in large part because the agency has exploited antivirus software for its own foreign hacking operations and knows the same technique is used by its adversaries.

If Russia can attack our election, so can others: Iran, North Korea, ISIS, or even criminal or extremist groups.

Exactly a year after U.S. intelligence issued a stern warning about Russian interference in the 2016 presidential election, the Trump administration has failed to fill key homeland security posts responsible for preventing another Kremlin assault on the voting system…

It sounds like science fiction, or at least “Ocean’s 11,” but cybersecurity experts are frantically waving their hands, trying to get Americans to see that in foreign capitals, the American voting system just looks like easy opportunity.

Almost every day lately there is news on the potential of future and past hacking, including election hacking. Today we suggest three recent articles and a report.

Lets start with the story of a hack involving software from Kaspersky Labs in the New York Times: How Israel Caught Russian Hackers Scouring the World for U.S. Secrets  <read>

Before we read the story, remember there is some history here.  Russia is the enemy of choice for the U.S. these days.  The media and Government are biased to attribute any attack to Russia, exaggerate any attack from Russia, and to conflate anything Russian with the Russian Government.  The infamous Stuxnet attack which disabled some of Iran’s nuclear centrifuges was allegedly carried out by Israel and the United States – Kaspersky Labs was one of the main contributors in the discovery and investigation of the attack. We remain skeptical of claims that are not highly documented, yet aware undocumented claims may be true.

The Russian operation, described by multiple people who have been briefed on the matter, is known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed. What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.

The current and former government officials who described the episode spoke about it on condition of anonymity because of classification rules…

Kaspersky Lab denied any knowledge of, or involvement in, the Russian hacking. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage efforts,” the company said in a statement Tuesday afternoon. Kaspersky Lab also said it “respectfully requests any relevant, verifiable information that would enable the company to begin an investigation at the earliest opportunity.”…

The N.S.A. bans its analysts from using Kaspersky antivirus at the agency, in large part because the agency has exploited antivirus software for its own foreign hacking operations and knows the same technique is used by its adversaries.

Nobody knows who actually exploited the Kaspersky software, yet it could have been Israel:

The report did not name Israel as the intruder but noted that the breach bore striking similarities to a previous attack, known as “Duqu,” which researchers had attributed to the same nation states responsible for the infamous Stuxnet cyberweapon. Stuxnet was a joint American-Israeli operation that successfully infiltrated Iran’s Natanz nuclear facility, and used malicious code to destroy a fifth of Iran’s uranium centrifuges in 2010.

Kaspersky reported that its attackers had used the same algorithm and some of the same code as Duqu, but noted that in many ways it was even more sophisticated. So the company researchers named the new attack Duqu 2.0, noting that other victims of the attack were prime Israeli targets.

This week the DEFCON report on its Election Hacking Village was published:  Report on Cyber Vulnerabilities in
U.S. Election Equipment, Databases, and Infrastructure  <read>

It is a significant event with a short 18 page report.  Well worth reading.  The Forward summarizes it well:

last year’s attack on America’s voting process is as serious a threat to our democracy as any I have ever seen in the last 40+ years–potentially more serious than any physical attack on our Nation. Loss of life and damage to property are tragic, but we are resilient and can recover. Losing confidence in the
security of our voting process–the fundamental link between the American people and our government–could be much more damaging. Inshort, this is a serious national security issue that strikes at the core of our democracy…

If Russia can attack our election, so can others: Iran, North Korea, ISIS, or even criminal or extremist groups. Time is short: our 2018 and 2020 elections are just around the corner and they are lucrative targets for any cyber opponent. We need a sense of urgency now. Finally, this is a national security issue because other democracies–our key allies and partners–are also vulnerable…

For over 40 years I voted by mailing an absentee ballot from wherever I was stationed around the world. I assumed voting security was someone else’s job; I didn’t worry about it. After reading this report, I don’t feel that way anymore. Now I am convinced that I must get involved. I hope you will read this report and come to the same conclusion.

Douglas E. Lute
Former U.S. Ambassador to NATO
Lieutenant General, U.S. Army, Retired

From Newsweek: Russians Still Have An Open Path to U.S. Election Subversion  <read>

Although some of the references to Russian interference in the following story have been withdrawn and questioned, the basic theme that Congress and the Administration are basically not in action is cause for concern that noting of substance will be accomplished.

Exactly a year after U.S. intelligence issued a stern warning about Russian interference in the 2016 presidential election, the Trump administration has failed to fill key homeland security posts responsible for preventing another Kremlin assault on the voting system…

“The second thing is, the administration doesn’t seem to want to have anybody head up to the Hill and testify on issues that would be hot-button issues, namely anything to do with election security, cyber security, or the Russian acts from last year.”

Unless the administration puts its own political appointees in place at DHS, analysts say, the department will struggle to get protective systems up and running in time for the 2017 primaries and state and local races, let alone the 2018 elections.

And from Politico:  Hacker study: Russia could get into U.S. voting machines  <read>  Not just Russia, however:

American voting machines are full of foreign-made hardware and software, including from China, and a top group of hackers and national security officials says that means they could have been infiltrated last year and into the future. American voting machines are full of foreign-made hardware and software, including from China, and a top group of hackers and national security officials says that means they could have been infiltrated last year and into the future…

“From a technological point of view, this is something that is clearly doable,” said Sherri Ramsay, the former director of the federal Central Security Service Threat Operations Center, which handles cyber threats for the military and the National Security Agency. “For us to turn a blind eye to this, I think that would be very irresponsible on our part.”

Often, voting machine companies argue that their supply chain is secure or that the parts are American-made or that the number of different and disconnected officials administering elections would make a widespread hack impossible. The companies also regularly say that since many machines are not connected to the internet, hackers’ ability to get in is limited.

But at the DEFCON event in Las Vegas, hackers took over voting machines, remotely and exposed personal information in voter files and more…

It sounds like science fiction, or at least “Ocean’s 11,” but cybersecurity experts are frantically waving their hands, trying to get Americans to see that in foreign capitals, the American voting system just looks like easy opportunity.

Skepticism now, Skepticism tomorrow, Skepticism forever

Recent events are a reminder that we must be eternally skeptical. We need to be especially skeptical of the mainstream media as well as other sources.

Today we add the most recent flurry about the “21 states hacked by Russia before the 2016 election”, and more.  The story continues to fall apart, bit by bit. Yet, we suspect the truth is far from common knowledge.

And an Intercept story by Kim Zetter reviewing a report by Kaspersky Lab Masquerading Hackers Are Forcing a Rethink of How Attacks Are Traced. The title pretty much says it all.  Attribution is difficult, yet often possible.

Not expecting to paraphrase George Wallace, a person about as far me politically or as a humanist as one can be.  Yet, recent events are a reminder that we must be eternally skeptical. We need to be especially skeptical of the mainstream media as well as other sources. <here> <here>

Today we add the most recent flurry about the “21 states hacked by Russia before the 2016 election”, and more.  The story continues to fall apart, bit by bit. Yet, we suspect the truth is far from common knowledge:

  • There is no solid evidence available to the public and experts to verify
  • Its not necessarily Russia but people who may be Russian
  • Two years ago the context would have been fears of China, so then many hacks were allegedly Chinese
  • At most one state had data changed, at most otherwise it was attempting to find vulnerabilities — that occurs multiple times a day to almost every server from multiple individuals and groups.
  • The latest is that, so far, two of the states were in correctly included. Yet Another Major Russia Story Falls Apart. Is Skepticism Permissible Yet?  <read>  As we commented on the link:

Our skepticism was justified, it would be even if the story proved true.

I am not a fan of the Russian government system, we should be concerned about China, Russia, and our own actions. Yet, I often read and learn from RT articles.  I find them biased toward publishing factual articles supporting their point of view, yet no more so than FOX, CNN, MSNBC or many other players in the U.S. media.  Like Al Jazeera, RT is journalism and largely accurate, often covering important stories not available elsewhere.  RT and Al Jazerra are hardly Radio Free Europe or Tokyo Rose.  The U.S. is far from innocent when it comes to manipulating elections.  Right now I am in the middle of reading “In the Shadows of the 20th Century”  Here is a quote:

According to a compilation at Carnegie Mellon University, between 1946 and 2000 the rival superpowers intervened in 117 elections, or 11 percent of all the competitive national-level contests held worldwide, via campaign cash and media disinformation.  Significantly, the United States was responsible for eighty-one of these attempts (70 percent of the total) – including eight instances in Italy, five in Japan, and several in Chile and Nicaragua stiffened by CIA paramilitary action.

Now an Intercept story by Kim Zetter reviewing a report by Kaspersky Lab (another company recently trashed because it is Russian) Masquerading Hackers Are Forcing a Rethink of How Attacks Are Traced <read>

The title pretty much says it all.  Attribution is difficult, yet often possible.

We add yes, but without trusted, multiple, third-parties reviewing the evidence and, even better, generating the evidence independently there is little basis for blind trust, while strong skepticism is justified – especially if the claims match the bias and agenda of the source.

 

Report: Presidential Election Audit: Suffers Two Blows to Credibility

Citizen Audit: Two Blows to Connecticut Election Audits
Leave Them Weaker, Less Credible

 

From the Press Release:

In spite of growing national concerns about election integrity, election credibility in Connecticut has suffered two devastating blows:

  • The Connecticut General Assembly cut post-election audits in half from 10% to 5% of voting districts, and failed to fix glaring weaknesses in the state’s audit law.
  • Shockingly, Connecticut has become the first state to replace verifiable hand-count audits with unverifiable electronic audits. Now the public can’t verify audit results.

“It need not be this way. Electronic audits can be manually verified without sacrificing efficiency,” said Luther Weeks, Executive Director of Connecticut Citizen Election Audit. “Because audits are conducted by the same officials responsible for conducting elections, audits must be transparent and publicly verifiable,” he said.

The Citizen Election Audit also found continuing problems with how municipalities conducted audits. “The Secretary’s Office should take the lead in ensuring that audits are complete, credible, and publicly verifiable,” Weeks said. “The public, candidates, and Secretary Merrill should expect local election officials to organize audits that produce accurate audit reports,” he said.

Citizen Audit: Two Blows to Connecticut Election Audits
Leave Them Weaker, Less Credible

From the Press Release:

In spite of growing national concerns about election integrity, election credibility in Connecticut has suffered two devastating blows:

  • The Connecticut General Assembly cut post-election audits in half from 10% to 5% of voting districts, and failed to fix glaring weaknesses in the state’s audit law.
  • Shockingly, Connecticut has become the first state to replace verifiable hand-count audits with unverifiable electronic audits. Now the public can’t verify audit results.

“It need not be this way. Electronic audits can be manually verified without sacrificing efficiency,” said Luther Weeks, Executive Director of Connecticut Citizen Election Audit. “Because audits are conducted by the same officials responsible for conducting elections, audits must be transparent and publicly verifiable,” he said.

The Citizen Election Audit also found continuing problems with how municipalities conducted audits. “The Secretary’s Office should take the lead in ensuring that audits are complete, credible, and publicly verifiable,” Weeks said. “The public, candidates, and Secretary Merrill should expect local election officials to organize audits that produce accurate audit reports,” he said.

Electronic audits were conducted for six municipalities, while 22 towns conducted manual audits. Post-election audits are required by law.

<Press Release .pdf> <Full Report pdf> <Detail data/municipal reports>

Evidence-Based Elections

We favor “Evidence Based Elections”.  We recently reread this 2012 paper by Phil Stark and David Wagner,  Evidence-Based Elections

It covers at a high level the requirements to provide the public and losing candidates the evidence necessary to convince that its very likely the candidate favored by the voters actually was declared the winner of an election (or determining, if possible, the winner).

Compared to all the states in the Union, Connecticut would rank slightly above average, yet far from approaching credible evidence-based elections. We have paper ballots, inadequate post-election audits, close-vote recanvasses, no compliance audits, and atrociously weak ballot security.  This is a case where a rating/ranking should be the result of multiplying the factors, rather than adding them:

Paper Ballots(1.0)  x  Post-Election Audits(0.3)  x  Self-Correcting(0.4)  x  Compliance(0) = 0

We favor “Evidence Based Elections”.  We recently reread this 2012 paper by Phil Stark and David Wagner,  Evidence-Based Elections <read>

It covers at a high level the requirements to provide the public and losing candidates the evidence necessary to convince that its very likely the candidate favored by the voters actually was declared the winner of an election (or determining, if possible, the winner).

  • Paper ballots (To date there is no other viable voter-verified record).
  • Software Independent Voting Systems – the whole system, computer, human etc. can produce an accurate result (independently) even if the computer and software systems are in error.
  • Compliance Audits – that the election was conducted as intended. e.g. we can trust the paper ballots and the check-in records.
  • Risk-Limiting Audits – that demonstrate that there is a certain chance that if a contest was wrongly decided, the audit would have detected that.  e.g. 90% or 95%.
    (A 95% detection risk does not mean that there is a 5% chance that the election was wrongly decided. Only that if there was error or fraud 19 times out of 20 if would be detected e.g. if there was a 95% chance a person would be caught each time they used a cell phone while driving, few would risk it.)
  • The overall election and canvass process should correct its own errors.

Finally, the authors point to the limitations of certification and testing of election equipment and the advantages of easing the constraints of setting unrealistic expectations for certification requirements.

Sadly, no state has full risk-limiting audits.  Only about half have audits at all. Few have compliance audits.  About half have close-vote recounts, which provide self-correction when the initially reported results are close.

Compared to all the states in the Union, Connecticut would rank slightly above average, yet far from approaching credible evidence-based elections. We have paper ballots, inadequate post-election audits, close-vote recanvasses, no compliance audits, and atrociously weak ballot security.  This is a case where rating/ranking should be the result of multiplying the factors, rather than adding them:

Paper Ballots(1)  x  Post-Election Audits(0.3)  x  Self-Correcting(0.4)  x  Compliance(0) = 0

 

 

April Presidential Primary Audit – Does Not Make the Grade

Checks on State Voting Machines Do Not Make the Grade
Do Not Provide Confidence in Election System, Says Citizen Audit

From the Press Release:

Audits of the recent presidential primaries are so faulty that exact final vote tallies cannot be verified, says the non-partisan Connecticut Citizen Election Audit. Unless state and local election officials make changes, the same will be true for the November elections.

“State law requires audits to verify the accuracy of optical scanner voting machines as a check for errors and a deterrent to fraud. Local registrars gather officials to manually count paper ballots and compare their totals to the totals found by the scanners, explains Luther Weeks, Executive Director of Connecticut Citizen Election Audit.

Issues reported by the group were:

  • Incomplete or missing official reports of vote counts from town registrars;
  • The lack of action on the part of the Secretary of the State’s Office to check that all required reports are submitted and all submitted reports are completed fully;
  • Of 169 municipalities required to submit lists of polling places before the election, the Secretary of the State’s Office recorded only 68, with 101 missing;
  • Poor security procedures to prohibit ballot tampering;
  • Not following procedures intended to ensure “double checking” and “blind counting” rather than having scanner counts as targets while counting manually;

“The public, candidates, and the Secretary of the State should expect local election officials to organize proper audits and produce accurate, complete audit reports. The public and candidates should expect the Secretary of the State’s Office to take the lead in ensuring the audits are complete. Yet, due to a lack of attention to detail and follow-through the audits do not prove or disprove the accuracy of the reported primary results,” Weeks said.

<Press Release .pdf> <Full Report pdf> <Detail data/municipal reports>

Checks on State Voting Machines Do Not Make the Grade
Do Not Provide Confidence in Election System, Says Citizen Audit

From the Press Release:

Audits of the recent presidential primaries are so faulty that exact final vote tallies cannot be verified, says the non-partisan Connecticut Citizen Election Audit. Unless state and local election officials make changes, the same will be true for the November elections.

“State law requires audits to verify the accuracy of optical scanner voting machines as a check for errors and a deterrent to fraud. Local registrars gather officials to manually count paper ballots and compare their totals to the totals found by the scanners, explains Luther Weeks, Executive Director of Connecticut Citizen Election Audit.

Issues reported by the group were:

  • Incomplete or missing official reports of vote counts from town registrars;
  • The lack of action on the part of the Secretary of the State’s Office to check that all required reports are submitted and all submitted reports are completed fully;
  • Of 169 municipalities required to submit lists of polling places before the election, the Secretary of the State’s Office recorded only 68, with 101 missing;
  • Poor security procedures to prohibit ballot tampering;
  • Not following procedures intended to ensure “double checking” and “blind counting” rather than having scanner counts as targets while counting manually;

“The public, candidates, and the Secretary of the State should expect local election officials to organize proper audits and produce accurate, complete audit reports. The public and candidates should expect the Secretary of the State’s Office to take the lead in ensuring the audits are complete. Yet, due to a lack of attention to detail and follow-through the audits do not prove or disprove the accuracy of the reported primary results,” Weeks said.

<Press Release .pdf> <Full Report pdf> <Detail data/municipal reports>

Highly Recommended: Hacking Elections Is Easy!

From the Institute for Critical Infrastructure Technology: Hacking Elections Is Easy <read>. It is the most layperson accessible comprehensive overview of the problems we face protecting our elections that I have seen in a long time.  It is 23 pages yet very readable.  The main points are:

  • We face multiple risks our elections:  Registration systems, voting systems, reporting systems, and ballot security.
  • We face risks from multiple actors: Nations with interests in manipulating our elections, corporations, U.S. Government agencies, sophisticated hackers, and insiders at all levels.
  • For the unsophisticated, Hacking Is Easy.  There are simple insider attacks, simple cyber attacks, and kits on the Internet to compromise results or simply disrupt elections.
  • Most election officials are of high integrity.  Yet, blind trust in all officials, machines, and that hacking is difficult is perhaps our greatest risk.

Just a couple excerpts from the Introduction:

To hack an election, the adversary does not need to exploit a national network of election technology. By focusing on the machines in swing regions of swing states, an election can be hacked without drawing considerable notice. Voter machines, technically, are so riddled with vulnerabilities that even an upstart script kiddie could wreak havoc on a regional election, a hacktivist group could easily exploit a state election, an APT could effortlessly exploit a national election and any corrupt element with nothing more than the ability to describe the desired outcome could order layers of exploits on any of the multitude of deep web forums and marketplaces. Yes, hacking elections is easy…

From the Institute for Critical Infrastructure Technology: Hacking Elections Is Easy <read>. It is the most layperson accessible comprehensive overview of the problems we face protecting our elections that I have seen in a long time.  It is 23 pages yet very readable.  The main points are:

  • We face multiple risks our elections:  Registration systems, voting systems, reporting systems, and ballot security.
  • We face risks from multiple actors: Nations with interests in manipulating our elections, corporations, U.S. Government agencies, sophisticated hackers, and insiders at all levels.
  • For the unsophisticated, Hacking Is Easy.  There are simple insider attacks, simple cyber attacks, and kits on the Internet to compromise results or simply disrupt elections.
  • Most election officials are of high integrity.  Yet, blind trust in all officials, machines, and that hacking is difficult is perhaps our greatest risk.

Just a couple excerpts from the Introduction:

To hack an election, the adversary does not need to exploit a national network of election technology. By focusing on the machines in swing regions of swing states, an election can be hacked without drawing considerable notice. Voter machines, technically, are so riddled with vulnerabilities that even an upstart script kiddie could wreak havoc on a regional election, a hacktivist group could easily exploit a state election, an APT could effortlessly exploit a national election and any corrupt element with nothing more than the ability to describe the desired outcome could order layers of exploits on any of the multitude of deep web forums and marketplaces. Yes, hacking elections is easy…

Manufacturers and voting officials have constructed an illusion of security based on the semblance of complexity when, in reality, voting machines are neither secure or complex. In general, these stripped down computers utilizing outdated operating systems possess virtually every conceivable vulnerability that a device can have…

Attackers’ ability to exploit vulnerabilities in the systems that support the American democratic process is not exclusive to election machines. Catastrophically disrupting the campaign of just about any political candidate can be done with little more than a DDoS attack on fundraising links and web properties, spam widgets on social media platforms, an insider threat who delivers a malicious payload on a USB drive or unsuspectingly by clicking a link in a spear phishing email, and a ransom ware variant to encrypt important donor lists to further cripple fundraising. A pseudo tech savvy adversary could create a network of spoofed sites to confuse voters and this is just the beginning. By combining attack vectors and layering attacks, an adversary can manipulate the democratic process by inciting chaos, imbuing suspicion, or altering results.

an eighteen year-old high school student could compromise a crucial county election in a pivotal swing state with equipment purchased for less than $100, potentially altering the distribution of the state’s electoral votes and thereby influencing the results of the Presidential election…

An unskilled threat actor may begin a campaign by sending phishing emails or using free script
kiddie tools to remotely attack undefended local networks to compromise email and exfiltrate
internal documents that reveal the types of systems used in an election as well as their storage
conditions.

Report: Secret Ballot At Risk

A new report from the Electronic Privacy Information Center, articulates some of the risks of losing the the Secret Ballot: Secret Ballot At Risk: Recommendations for Protecting Democracy <Exec Summary> <Report>

We recommend reading the Executive Summary and at least the section of the report covering the history of and the need for the secret ballot, pages 4-9 and the section for your state, e.g. Connecticut pages 54-55.

Our only criticism is that the report does not cover the risks to the secret ballot and democracy posed by photos, most often seen in selfies of voters with the voted ballot taken in the voting booth.  Nor does it cover the risks  to the secret ballot posed by absentee voting.

A new report from the Electronic Privacy Information Center, articulates some of the risks of losing the the Secret Ballot: Secret Ballot At Risk: Recommendations for Protecting Democracy <Exec Summary> <Report>

We recommend reading the Executive Summary and at least the section of the report covering the history of and the need for the secret ballot, pages 4-9 and the section for your state, e.g. Connecticut pages 54-55.

Our only criticism is that the report does not cover the risks to the secret ballot and democracy posed by photos, most often seen in selfies of voters with the voted ballot taken in the voting booth.  Nor does it cover the risks  to the secret ballot posed by absentee voting.

From the Executive Summary:

The right to cast a secret ballot in a public election is a core value in the United States’ system of self-governance. Secrecy and privacy in elections guard against coercion and are essential to integrity in the electoral process. Secrecy of the ballot is guaranteed in state constitutions and statutes nationwide. However, as states permit the marking and transmitting of marked ballots over the Internet, the right to a secret ballot is eroded and the integrity of our elections is put at risk…

Our findings show that the vast majority of states (44) have constitutional provisions guaranteeing secrecy in voting, while the remaining states have statutory provisions referencing secrecy in voting. Despite that, 32 states allow some voters to transmit their ballots via the Internet which, given the limitations of current technology, eliminates the secrecy of the ballot. Twenty-eight of these states require the voter to sign a waiver of his or her right to a secret ballot. The remainder fail to acknowledge the issue.

From the Report:

The secret ballot reduces the threat of coercion, vote buying and selling, and tampering. For individual voters, it provides the ability to exercise their right to vote without intimidation or retaliation. The secret ballot is a cornerstone of modern democracies. Prior to the adoption of the secret ballot in the United States in the late 19th century, coercion was common place. It was particularly strong in the military…

The establishment of the secret ballot helped prevent that type of coercion in the military. It also changed coercive practices in the workplace. But has our society evolved so much that we no longer need the secret ballot?

The answer is, simply, no. The secret ballot also protects individuals from harassment as a result of their vote. In February 2009, The New York Times reported that “some donors to groups supporting [California’s “Proposition 8” re: same-sex marriage] have received death threats and envelopes containing a powdery white substance, and their businesses have been boycotted.” The Times reported that a website called “eightmaps.com” collected names and ZIP codes of people who donated to the ballot measure and overlaid the data on a map, contributing to the harassment and threats of violence.

Further, employer-employee political coercion is alive and well in the United States. A recent article in The American Prospectdocumented a number of instances of political coercion in the workplace, including:

  • An Ohio coal mining company required its workers to attend
    a Presidential candidate’s rally – and did not pay them for their time.
  • Executives at Georgia-Pacific, a subsidiary of Koch Industries which employs approximately 35,000 people, distributed a flyer and a letter indicating which candidates the firm endorsed. “The letters warned that workers might ‘suffer the consequences’ if the company’s favored candidates were not elected.”

Thanks to the secret ballot, employers cannot lawfully go so far as to “check” on how an employee actually voted. But if ballots were no longer secret, many employees would risk losing their jobs if they voted against the recommendations of management. Our democracy would no longer be free and fair. Our need for privacy protections is just as strong today as it was when the secret ballot was adopted

Connecticut Constitution and statutes:

Constitutional provision re: right to secret ballot Conn. Const. Art. 6 § 5
In all elections of officers of the state, or members of the general assembly, the votes of the  electors shall be by ballot, either written or printed, except that voting machines or other mechanical devices for voting may be used in all elections in the state, under such regulations  as may be prescribed by law. No voting machine or device used at any state or local election  shall be equipped with a straight ticket device. The right of secret voting shall be preserved

”’

Conn. Gen. Stat. Ann. § 9-366
Any person who […]does any act which invades or interferes with the secrecy of the voting
or causes the same to be invaded or interfered with, shall be guilty of a class D felony.