Dear Media, It is irresponsible to continue pretending we have a system that allows us to know whether or not our “official” election results are legitimate.
By Jennifer Cohn
July 10, 2018
1. The terrible truth is that neither you, nor I, nor any other voter knows what happened inside the electronic voting machines, election management systems, and tabulators used to count our votes.
2. All voting machines can be hacked through the internet, even if the voting machine itself isn’t connected to it.
3. This is because “all voting machines must accept electronic input files” via a “cartridge or memory card … prepared on an Election Management (EMS) computer” that is itself likely connected to the internet from time to time.
4. Here is another source explaining that Election Management Systems are often connected to the internet and thus present an opportunity for internet hackers to transfer malware to the voting machines.
6. Moreover, results from the precincts are often transmitted into a central tabulator over a local area network, so that the “chain-of-custody of the images is not provable, and images may be manipulated in transmission by network-based attacks.”
7. Central tabulators, in turn, transmit results to online election night reporting systems creating another opportunity for internet hacking of voting machine tallies.
8. In Georgia, for example, a flash drive transfers results from the central tabulator to the online election night reporting system, and that same flash drive is then reinserted into the tabulator for the next round of memory cards.
9. Moreover, Wisconsin election official administrator Michael Haas has acknowledged that some of its voting equipment in 2016 was indeed connected to the internet! https://columbusfreepress.com/article/real-story-recount … …
10. Presumably, he was referring to Wisconsin’s use of DS200 ballot scanners made by election equipment vendor Election Systems & Software (“ES&S”), which “upgraded” them in 2015 to include cellular modems! https://www.democraticunderground.com/12512657652
11. “There are currently over 26,500 ES&S DS200 optical scan vote-counting machines in 25 states. It is not yet known how many of them have the cellular capability.” (Id.)
12. Here’s a screenshot from an ES&S blog in which a Wisconsin county clerk gushes about the DS200’s modeming capabilities:
13. Florida — another swing state — gave a “thumbs up” to the DS200 cellular modems in 2015 as well.
14. According to Computer Science and election security expert Andrew Appel (Princeton University), these new ES&S cellular modems make it easy for a “man-in-the-middle” hacker to alter votes! https://freedom-to-tinker.com/2018/02/22/are-voting-machine-modems-truly-divorced-from-the-internet/
15. Meanwhile, the New York Times recently “outed” ES&S for its past sales of remote access software for election management systems! (Election management systems are centralized computers used to program both scanners and touchscreen voting machines before each election.) https://www.nytimes.com/2018/02/21/magazine/the-myth-of-the-hacker-proof-voting-machine.html
16. ES&S accounts for about 44% of US election equipment. (As shown below, just two vendors, ES&S and Dominion Voting, account for over 80% of US election equipment. So much for our “decentralized” voting system.) https://trustthevote.org/wp-content/uploads/2017/03/2017-whartonoset_industryreport.pdf
17. Each of the states shown in orange below uses at least some type of election equipment from ES&S!
18. Regardless of what vendor you use, it is also easy to insert malware onto voting machines when they are updated. https://freedom-to-tinker.com/2016/09/20/which-voting-machines-can-be-hacked-through-the-internet/ …
19. Optical scanners are very easy to hack, as they use memory cards that can be programmed without detection to +1,000 votes for one candidate and -1,000 for the other candidate (or whatever +/- number a hacker might choose). https://www.dailykos.com/stories/2005/6/1/118600/- …
20. Per computer science expert Alex Halderman (Univ. Michigan), the only way to verify if an electronic tally is correct is to hand count the ballots or to forensically audit the machines. https://medium.com/@jhalderm/want-to-know-if-the-election-was-hacked-look-at-the-ballots-c61a6113b0ba
21. “DHS officials admitted … that they have not conducted a forensic analysis of any voting equipment used in the presidential election”!!
22. Moreover, private vendors block forensic audits on the grounds that their code is proprietary and states have not enacted laws to preclude this! https://www.thenation.com/article/touch-and-go-elections-perils-electronic-voting/ …
23. As to the 2016 recount, the Wisconsin court refused to order that it be conducted by hand. https://www.jsonline.com/story/news/politics/elections/2016/11/29/steins-recount-headed-court-tuesday/94598740/
24. Although a few Wisconsin counties hand recounted voluntarily, most large counties refused. https://d3n8a8pro7vhmx.cloudfront.net/jillstein/pages/28865/attachments/original/1489759688/FinalRecountReport-WI.pdf?1489759688 … …
25. Michigan excluded from the recount those precincts where the number of voters and the number of votes differed and votes from voting machines with broken seals. It was also shut down after only three days! http://www.truth-out.org/news/item/38767-the-republican-sabotage-of-the-vote-recounts-in-michigan-and-wisconsin … …
26. The following states do not require any sort of post-election manual audit to confirm that electronic tallies are legitimate:
- Alabama
- Arkansas
- Connecticut
- Delaware
- Florida
- Georgia
- Idaho
- Kansas
- Illinois
- Indiana
- Louisiana
- Maryland
- Maine
- Michigan
- Mississippi
- Nebraska
- New Hampshire
- New Jersey
- North Dakota
- Oklahoma
- Pennsylvania
- South Carolina
- South Dakota
- Tennessee
- Texas
- Virginia
- Washington
- Wisconsin
27. And computer science professor Alex Halderman says that just two states, Colorado and New Mexico, conduct post-election audits sufficient to detect hacking! (Those two states conduct a type of hand audit called a “risk limiting audit”)
http://editions.lib.umn.edu/electionacademy/2017/07/18/colorado-to-become-first-state-to-require-regular-risk-limiting-audits/ … … …https://pbs.twimg.com/media/DJI75-TUEAAKj91.jpg:large … …
28. Pam Smith at Verified Voting agrees that most state audits are cursory. https://www.politico.com/magazine/story/2016/08/2016-elections-russia-hack-how-to-hack-an-election-in-seven-minutes-214144 …
29. And don’t even get me started about Russia’s infiltration of VR Systems, the election systems provider for voter registration systems in states like North Carolina — considered perhaps the most important swing state in 2016 — which experienced massive problems with those systems during the 2016 election!
“The calls started flooding in from hundreds of irate North Carolina voters just after 7 a.m. on Election Day in November. [Para] Dozens were told they were ineligible to vote and were turned away at the polls, … it felt like hacking”
https://www.nytimes.com/2017/09/01/us/politics/russia-election-hacking.html
30. IF the 2016 election had harmonized with exit polls, there might be some basis to conclude that — despite our use of easily hackable voting machines — the electronic tallies probably were not altered.
31. Instead, there was a significant “red shift” between the exit polls and the official vote tallies, including key swing states: OH (7.9%), PA (5.1%), WI (4.7%). http://tdmsresearch.com/2016/11/10/2016-presidential-election-table/ …
32. Nor can we take comfort in the rigorous vetting of who is allowed to control the voting machines.
33. Diebold/Premier — which accounted for about 30% of US election equipment before it was acquired by ES&S in 2009 — was founded by three criminals. http://freepress.org/article/felons-fingers-us-vote-mail-system …
34. Diebold Election Systems (called “Global” until 2002) brought on convicted felon Jeffrey Dean as majority shareholder and Senior VP just before the 2000 election. https://people.csail.mit.edu/rivest/voting/press/2004-04%20Vanity%20Fair%20-%20Hack%20The%20Vote.pdf [Vanity Fair]
35. Dean had served time on 23 counts of embezzlement involving computer tampering and a “high degree of sophistication and planning”!! https://www.wired.com/2003/12/con-job-at-diebold-subsidiary/ … …
36. According to Wired, convicted felon Dean “wrote & maintained…code used to count hundreds of thousands of votes.” https://www.wired.com/2003/12/con-job-at-diebold-subsidiary/ … …
37. Dean programmed the GEMS central tabulator system, which counted one-third of the votes in 37 states in 2004. https://www.theguardian.com/politics/2005/feb/02/houseofcommons.society … … …
38. No one is vetting the voting machine vendors and thus there is no way to know if Jeffrey Dean or other convicted felons are still involved with the machines! (The Department of Justice forced ES&S to sell Diebold in 2010 because the combined company accounted for 70% of US election equipment. At that point, Diebold purportedly “dissolved” with its assets split between ES&S and Dominion. But some or most of Diebold’s contracts and some of its key personnel remained with ES&S.)
39. I know you know that democracy dies in darkness. Please explain where is the sunlight with our voting machines and vendors?!
40. It is a scandal that states have not even enacted laws to require written confirmation from the voting machine vendors that no one affiliated with the company has committed a felony.
41. Likewise, it is a scandal of democracy-destroying proportions that our elected officials have forced voting machines onto a trusting public without enacting the type of audit laws that would make the electronic results somewhat verifiable.
42. This unacceptable situation will continue as long as we pretend we have a basis to know if our election results are legitimate or not.
43. I understand and share the concern about not wanting to discourage voter turnout. But the solution is not to pretend the system is trustworthy!
44. Rather, the solution is to make it trustworthy, which is an almost impossible task when you continue to gloss over the many security holes.
45. There are lessons to be learned from the many glaring red flags of America’s past elections. But the public has never learned them because the media has failed to report them. As a result, most people are dangerously ignorant of the importance of basic election security protocols that each and every voter must exercise to protect his or her vote. Some of those protocols are discussed in this excellent article by Brad Friedman of bradblog.com. Please read it. http://bradblog.com/?p=10915
46. I plan to write an article supplementing Mr. Friedman’s suggestions in the coming weeks. But I’m not optimistic that the protocols will get the attention they so desperately need given the media’s failure to sound the alarm about the depth of the problem with our computerized election infrastructure.
47. As I’m sure you’ve heard, “those who fail to learn from history are condemned to repeat it.” Please do not condemn America’s elections — and thus America itself — to such a dire fate.
48. Thank you for your consideration.
Updates
8/8/16
Here is a link to my article explaining how voters can help protect their votes and voter registrations (and everyone else’s) against hacking and glitches. https://medium.com/@jennycohn1/simple-tips-to-protect-your-voter-registration-and-vote-cea7a0d56873
Here is my new tip sheet summarizing some of this information. The excellent graphic art was done by @jodi__!
Bio
Background: Jennifer Cohn is an attorney and election integrity advocate in the San Francisco Bay Area who graduated from UCLA and Hastings College of the Law. As an attorney, her areas of practice included insurance coverage and appellate law. She practiced law for more than twenty years, including seven years as a partner with Nielsen Haley & Abbott, LLP in Marin County, California. Since 2016, she has devoted her professional efforts full time toward investigating our insecure election system and potential solutions. She can be contacted through her Twitter account, @jennycohn1.
