Denise Merrill, Secretary of the State and President of the National Association of Secretaries of State and Neil Jenkins from Homeland Security spoke on NPR on election integrity. <listen>
We disagree with both their similar statements:
.”Because our system is highly decentralized there’s no way to disrupt the voting process in any large-scale meaningful way through cyber attacks because there’s no national system to attack,” [Merrill] said Tuesday at a hearing before the U.S. Election Assistance Commission on the impact of the critical infrastructure designation.
Jenkins was quoted as saying “having thousands of elections offices each with their own systems making hacking elections nearly impossible”
Others may wish to believe differently, but based on science, recent history, and common sense, we point out:
- Secretary/President Merrill is almost correct when she says “Because our system is highly decentralized there’s no way to disrupt the voting process in any large-scale meaningful way through cyber attacks because there’s no national system to attack,” However, it is possible to attack Federal elections in a “meaningful’ way, especially a non-cyber way, in that a few thousand votes could sway a state’s electoral votes, senator, or representatives. That may or not be large-scale, but it is meaningful. Put a few of states together and it could change the apparent President and the balance in the Senate and House. In 2016 attacks in three states, PA, MI, and WI, could have done the job. In 2000, FL, and 2004, OH, just one state could have changed the result.
- Elections are not as decentralized as the Secretary and Jenkins imply. It is inaccurate to say that thousands of jurisdictions have their own systems: I.e. all of Connecticut’s scanners are programmed and maintained by a single out-of-state vendor. That same vendor does the same for most of New England. Nationwide some jurisdictions are very large in many states such as LA County in CA, Cuyahoga County OH, or several FL counties. Some cities are rather large. In this past election there were major errors in Detroit. Philadelphia all votes are “counted” on unauditable touch screen machines.
- A single entity is now responsible for the non-random auditing of all of Connecticut’s memory cards, reporting on our post-election election audits, and programming and supervising the software dependent machines now doing our electronic post-election “audit”.
- Connecticut’s new voting machines for those with disabilities are programmed by another single entity, not tested in a meaningful end-to-end way, and are now used in most municipalities to test the optical scanners in a way that reduces the value of the pre-election tests. (Rather than an actual test of the interface, a canned set of ballots is printed by the machine. Those ballots produce huge black squares rather than filled in bubbles. When they are used to test the scanners it does not test that the scanners actually detect bubbles at the correct coordinates.)
These do not meet my definition of decentralized (or independent). I am not necessarily arguing for more centralization. I am arguing for more skepticism, more vigilance, more awareness, more transparency, and less obfuscation.
We and officials cannot prove negatives, that there were no cyber-attacks; that there were no conventional attacks; that there were no significant errors in the results reported.
Officials have not proven that the election results were accurate enough to support the . With paper ballots uniformly required, with effective post-election audits, and process audits they would be able to prove it.
*****Update 4/15/2017
Alex Halderman agrees <read>
Halderman said that most people think that the United States’ voting machines are secure because they are different in each county and they aren’t connected to the Internet. “In fact, many of these things break down,” said Halderman.
Halderman said an attacker can select the machines that are the most vulnerable or attack the third-party vendors that provide the memory cards for each machine. By using this method, an attacker could have altered the votes in 75 percent of Michigan counties, according to Halderman. He said that although he thinks that no states carried out sufficient forensics to determine whether their voting machines were hacked, he does not believe that those votes were manipulated.
