Monday, January 18, 2021

DEF CON security report on e-voting equipment, 2019

 Aug 2019     REPORT CO-AUTHORED BY: MATT BLAZE, GEORGETOWN UNIVERSITY HARRI HURSTI, NORDIC INNOVATION LABS, MARGARET MACALPINE, NORDIC INNOVATION LABS, MARY HANLEY, UNIVERSITY OF CHICAGO, JEFF MOSS, DEF CON, RACHEL WEHR, GEORGETOWN UNIVERSITY, KENDALL SPENCER, GEORGETOWN UNIVERSITY, CHRISTOPHER FERRIS, GEORGETOWN UNIVERSITY

 [excerpts:]   Participants at DEF CON also discovered a set of previously undocumented functions in the Dominion/Diebold/Premier/ES&S AccuVote, enabling remote manipulation of the machine’s memory card when the machine is connected to a network—without any physical access to the memory card, and without breaking or circumventing any physical seals.  Researchers confirmed the existence of these features with a person who has previously been involved with the maintenance of these machines, and an election official who had encountered the feature before.  The investigation of these functions and possible mitigations is ongoing at the time of this report....

Ballot marking devices (BMDs) are machines that allow voters to make choices on a screen and then printout a paper ballot with the voter’s choices, which is the ballot of record.  The paper ballot is then hand counted or tabulated using an optical scanner (see description below).  In general, BMDs should neither  store nor tabulate votes but only allow the voter to record votes on ballots that are then stored and tabulated elsewhere.  Some BMDs produce paper printouts of barcodes or QR codes instead of a voter-verifiable paper ballot, which has become a source of much controversy. 




Historically, security measures provided by the hardware / low-level programming have been systematically turned off in all classes of devices used as part of the election infrastructure. Unfortunately, this was found to be true also with newer generations of voting equipment in the Village. These practices greatly simplify paths to attack the machines and also place increased to unbearable burdens to physical security and chain-of-custody management of the machines over the entire lifetime of the devices.

 …

  Inspection of newer models of e-poll books further underlines the absence of security design both in software, hardware and physical security aspects.  E-poll books are inherently networked devices to synchronize across all devices at a polling place and to avoid cabling, which is often done wirelessly.  Furthermore, many new makes and models of the e-poll books actively communicate in real-time over the Internet to back-end servers hosted in commodity cloud se vices.  So far, the e-poll books studied in the Voting Village have been utilizing general-purpose operating systems on commercial off-the-shelf hardware with no special hardening or security measures.

https://harris.uchicago.edu/files/def_con_27_voting_village_report.pdf

.................................

In the early hours of Nov. 5 a surge of some 20,000 mail-in votes suddenly appeared for Joe Biden, while approximately 1,000 votes for President Trump mysteriously disappeared from his own totals in the critical swing state, where Biden holds a razor-thin lead. A poll watcher noticed the suspicious shift in votes while monitoring the interim election results on the Georgia secretary of state website.

“I concluded from looking at these results that this was an irregularity, since there was no obvious reason for President Trump’s totals to have decreased while former Vice President Biden’s totals increased dramatically,” Voter GA co-founder Garland Favorito swore in an affidavit he filed [last] week with the secretary of state’s office.

Favorito suspects a variety of factors, including that votes were “artificially inflated” for Biden while using the same Dominion Voting system used by Antrim County, Mich., which erroneously transferred 6,000 votes from Trump to Biden.  Last year Georgia contracted with Dominion to automate vote tabulations in all 159 of its counties.  “The software appears to have thrown votes from Trump to Biden here too,” he said in a RealClearInvestigations interview.  “Or Biden ballots were manufactured.”

The large disparity of gains between the two candidates “was something I had never witnessed before in my years of election monitoring,” said Favorito, a career IT professional who has been a leading advocate for election integrity in the state over the past two decades.  He says he is not a Republican or Trump supporter.

But Favorito, who lives in the Atlanta area, said the Fulton County shift was so dramatic it seemed as if someone had “dumped” a huge batch of mail-in ballots for Biden into the system overnight.  “One candidate could not go up by 20,000 and the other do nothing — in Fulton County or any county in Georgia,” he asserted. “That’s just not going to happen.  I think they’re going to find the root cause of the irregularity was something electronic, and I think it’s going to change the results substantially.”

He suggested it may have been the result of a software or equipment malfunction or possibly even vote-swapping “malware” infecting the system.  Of greatest concern however is the possibility of intentional misconduct by an election official or worker.  “There’s always the chance it was an inside job,” Favorito said, though both Republican and Democratic officials in the state say they have found no credible evidence of election fraud.  He oganized for Trusted Elections Results in Georgia--and warned Raffensperger and his staff not to buy the pricey equipment and software from the Canadian company. “They knew good and well they should never have bought this system in the first place,” he said.  “We explained that Dominion was rejected in Texas for failing to meet basic security standards before they bought it.”

“Fulton County elections officials falsely announced that the counting of ballots would stop at 10:30 p.m.,” Georgia Republican Party Chairman David Shafer complained in a recent Tweet.  “Officials unlawfully resumed the counting of ballots after our observers left the center.”

Favorito fears that what he observed on Nov. 5 was not an isolated incident. “There could have been multiple 20,000-batch irregularities,” he said, “but they never got reported because they cleared out the observers.” He does not rule out “ballot harvesting” as the culprit behind the sudden surges of mail-in votes for Biden. He said the hundreds of drop boxes Raffensperger agreed to distribute at shopping centers and other cities throughout the state may have encouraged third parties to collect ballots in the name of other voters and stuff them into the boxes, which is illegal. “That’s just begging for fraud,” Favorito said.

Favorito cited the disproportionately large number of “Biden-only” ballots cast, or ballots that had only the presidential vote marked and filled out for Biden, with no down-ballot races checked, indicating ballots may have been collected from voters and filled out for them — that is, “harvested” — and then delivered to the drop boxes.  Mail-in or drop-off ballots are notorious for creating opportunities for voter error and fraud.  In a typical election, 1 in 20 mailed ballots are rejected, according to recent studies.  More than 534,000 mail-in ballots were rejected during the Democratic primaries alone.  https://thecitizen.com/2020/11/15/georgia-voting-irregularities-the-curious-case-of-bidens-20000-vote-surge/

.................................................................

11-4-2021 12:23 a.m. Democratic challenger stops short of declaring victory but says he is well-positioned to take White House  https://www.timesofisrael.com/liveblog-november-4-2020/

............................................



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)