United Nations Association (Westchester Branch)
By Jennifer Cohn @jennycohn1
September 5, 2019
The purpose of this piece is to identify some specific voting system vulnerabilities and obstacles to securing our elections. Other participants will focus on solutions. My own thoughts as to solutions are discussed in a separate piece linked here: https://link.medium.com/53xrp8U2IZ.
I also strongly support the current effort (discussed within) to persuade the House of Representatives to subpoena testimony from the voting machine vendors about ownership and other issues, as fraud loathes transparency.
The centralization of America’s election system.
Just two vendors — Election Systems & Software, LLC (ES&S) and Dominion Voting — account for eighty percent of US election equipment. Thus, corrupt insiders or foreign hackers could wreak havoc on elections throughout the United States by infiltrating either of these vendors.
ES&S, which by itself accounts for 44 percent of US election equipment, received its initial financing from the families of Nelson Bunker Hunt and Howard Ahmanson, Jr., right-wing billionaires who also contributed substantially to the Chalcedon Foundation, Christian Reconstruction’s main think tank.
Hunt and Ahmanson were also prominent early members of the Council for National Policy, a networking group for the Religious Right and billionaires whose recent members have included Kelly Anne Conway, Steve Bannon, Mike Pence, Richard DeVos, Wayne LaPierre of the NRA, Robert and Rebekka Mercer, and Bob Dallas, a convicted embezzler whose nonprofits have been closely linked to massive voter data leaks.
In 2000, ES&S’s founder, Bob Urosevich, was appointed President and Chief Operating Officer of another mega-vendor, Global Election Systems, which later changed its name to Diebold and was acquired by ES&S in 2009. Urosevich’s brother remained at ES&S the whole time as a Senior VP.
Global’s largest shareholder & Senior Vice President was Jeffrey Dean, a convicted embezzler who programmed voting machines for the company. According to the Guardian, Dean programmed ⅓ of the machines in 37 states used in the 2004 presidential election.
In August 2004, the Department of Homeland Security issued a Cyber Security Bulletin regarding Diebold’s “GEMS” central tabulator, stating that “a vulnerability exists due to an undocumented backdoor account, which could [allow] a local or remote authenticated user [to] modify votes.”
The control cards that transfer the vote totals from the precincts to the central tabulators are another potential target for bad actors. From 2000 through at least 2017, ES&S got its control cards from a company called Vikant whose owner refused to tell an investigative reporter where the cards were made.
Meanwhile, as reported in Bloomberg and Salon, ES&S (Diebold) voting machines in both Tennessee and Georgia seem to be “losing” large numbers of votes from predominantly black neighborhoods. It was concerned citizens, rather than election officials or campaigns, who discovered these problems by reviewing precinct totals (as shown on precinct poll tapes). The missing black votes in Georgia are now the subject of a citizen-funded lawsuit filed by the nonprofit Coalition for Good Governance. The House has opened an investigation as well.
Compared to ES&S, even less is known about Dominion, which accounts for 37 percent of US election equipment. Dominion was a Canadian company that became a major player in US elections when the Department of Justice forced ES&S to sell some of Diebold’s assets because the combined ES&S/Diebold company had accounted for a whopping 70 percent of US election equipment.
It was Dominion that rose from obscurity to buy those Diebold assets. We don’t know if Dominion is related to ES&S, or if it’s a legitimate competitor because it is also owned by private equity. Dominion does its programming in Serbia.
The National Election Defense Coalition, Public Citizen, OSET, the NAACP, the League of Women Voters and other election-integrity groups have asked the House Administration Committee, which is chaired by Representative Zoe Lofgren, to conduct a hearing and call the vendors to provide testimony, presumably about ownership and other security concerns. But it is not at all clear that the Committee will oblige.
Vendor deception re: election security
Voting machine vendors have an alarming history of deception. In July 2018, cybersecurity journalist Kim Zetter reported that, despite ES&S’s prior denials, ES&S’s election-management system (EMS) computers were sold with remote access software between 2000 and 2006. ES&S won’t say where it installed the remote access software that it lied about, but insists it’s been removed.
ES&S’s installation of remote access software in EMS computers is a big deal because these are centralized county or state computers used to program all voting machines in the county or state. According to Zetter’s reporting, some of these computers also include the central tabulators that aggregate all precinct totals.
But the lies don’t end there. On August 8, 2019, Zetter further reported that these ES&S EMS computers connect to the internet, something else that ES&S had said was not the case but that leading election-security experts had long suspected.
Meanwhile, ES&S installed wireless modems in ballot scanners in Florida, Wisconsin, and Illinois starting in about 2015. Although some election officials claimed that these modems do not connect to the internet, this too was a lie, as further reported by Zetter.
Vendors’ misleading new definition of “paper ballots.”
In terms of solutions, experts say that the only way to know for sure if electronic vote totals have been altered is to compare a hand tally of the paper ballots to the electronic totals.
But over the past several years vendors, have changed the meaning of “paper ballot” to include not only unhackable hand marked paper ballots, but also hackable machine-marked summary cards with barcodes from expensive new electronic ballot marking devices (BMDs). The barcode, which voters can’t read, is the only part of the printout counted as your vote.
Although the printouts also include a human readable summary, the BMDs can be hacked to change or omit the selections on the summary.
We’ve seen the problems with vote-flipping touch screen voting machines in Mississippi, Georgia, and Texas. The situation will be no better if voters notice vote flipping or deletions on the paper printouts marked by these new BMDs. As before, the concern will not be the voters who notice and correct problems, but rather those who don’t.
This is extremely problematic because any manual audit or recount based on a corrupted paper trail will produce a corrupted result. Thus, according to leading election-security experts, BMDs cannot assure the will of the voters and should be purchased only for those voters who are unable to hand mark their ballots.
The corruption fueling the purchase of dangerous new barcode ballot marking devices (BMDs).
Despite objections from leading election-security experts and advocates, jurisdictions throughout the United States are flocking to these new barcode BMDs and purchasing them for use by all voters. It appears that corruption is enabling and fueling many of these decisions. Here are some indicators of this corruption:
- ES&S has donated $30,000 to the Republican State Leadership Committee — which houses the Republican Secretary of State’s Association — since 2013.
- Both ES&S and Dominion have made donations to Senate Majority Leader Mitch McConnell’s campaign. He, in turn, is blocking all federal election-security legislation, including the SAFE Act, which would ban barcode BMDs altogether.
- South Carolina’s top election official sat on voting machine vendor ES&S’s secret advisory board & received trips, lodging, & dining worth $20,000 from ES&S. The entire state recently signed a $51 million contract for ES&S’s ExpressVote barcode BMDs.
- New York City’s top election official also sat on ES&S’s secret gift-giving advisory board and is pushing the City to buy ES&S’s ExpressVote XL barcode hybrid BMDs for early voting.
- The Pennsylvania Auditor General reported earlier this year that election officials in at least 18 Pennsylvania counties have accepted gifts from voting machine vendors.
- ES&S used lobbyists to make donations to the two decision markers in Philadelphia who ignored leading experts and election-security advocates by choosing ES&S’s risky barcode “hybrid” BMDs, rather than hand marked paper ballots.
- Dallas County, Texas rejected unhackable hand marked paper ballots in favor of hackable machine-marked printouts with barcodes from ES&S’s ExpressVote machines after the county’s election administrator attended a lavish ES&S boondoggle in Las Vegas.
- Voting machine vendor ES&S’s agent in North Carolina, Printelect, has also sweetened the pot with donations to the governor of North Carolina and many others in the state. A few weeks ago, the North Carolina Board of Elections ignored leading experts and election-security advocates by certifying the ExpressVote barcode BMD system.
Confusion over competing election-security bills.
The only election-security bills in the Senate with any traction are the Secure Elections Act (SEA) and the SAFE Act. The SAFE Act would ban barcode BMDs, require that jurisdictions give voters the option to vote with hand marked paper ballots, and require robust manual audits. The SEA would do none of these things. It would provide a false sense of security.
But the SEA is the only bill with bipartisan support thus far. Although it failed in the senate’s last session, Republicans for the Rule of Law have been promoting it, and Senator Lankford (R) said in August that it will be re-introduced and that Mitch McConnell is open to it.
The US government’s opposition to transparency.
In 2017, a U.S. Air Force veteran and NSA contractor named Reality Winner leaked a classified report, which showed that Russia had successfully penetrated three election-service providers, one of which was VR Systems, which services eight states. The next day, the Election Assistance Commission, which is responsible for certifying voting equipment, tweeted out election-security guidance and recommendations, using the #RealityWinner hashtag. Key state election officials told the media that they had been unaware of Russian hacking before Reality Winner leaked the report.
The leaked report also seems to have been the catalyst for election officials in North Carolina to finally submit its VR Systems electronic poll books, which had failed spectacularly in 2016 in Durham County, to the Department of Homeland Security for forensic analysis.
But the US government opposes such transparency. It imprisoned Reality Winner for five years due to the leak and won’t disclose the names of the other two vendors that were breached by Russia. Nor will it tell the public the name of the second Florida county whose voter registration system is confirmed to have been penetrated by Russia. It is unclear whether it will tell the public the result of its forensic analysis of North Carolina’s electronic poll books.
The myth that transparency will depress voter turnout.
As noted by journalist Sue Halpern in an election-security piece for the New Yorker, there is indeed a school of thought that telling the public the truth about hacking and election-system vulnerabilities will depress voter turnout. But in a Harris poll conducted in 2018, voters said they were more likely to vote due to concerns about hacking. Thus, the apparent rationale for keeping the public in the dark on these vital issues may be a fallacy.
Not only that, this lack of transparency may actually hinder meaningful change by dampening the outrage that apparently is needed to overcome the corruption plaguing the system.
Thus, in addition to hand marked paper ballots and robust manual audits, I recommend supporting current efforts to further transparency by subpoenaing congressional testimony from the vendors.