|Image courtesy of NYT 6/22/2020|
Dominion Voting Systems (Dominion), a Canadian company, is the voting system software where a "glitch" switched 6,000 votes from Trump to Biden in Michigan. That glitch peaked our interest to look further into Dominion.
Using the Internet Wayback Machine that archives website pages, this report reflects that in September 2020 Dominion deleted from its website the names and bios of its top management team:
What else should we understand about Dominion software since it was used in a number of the key battleground states.
Dominion was rejected for certification three times in Texas and the reports by the expert examiners regarding each of those rejections are found here.The Democracy Suite 5.5-A system is an updated version of the Democracy Suite 5.5 system, which was denied certification by the Office on June 20, 2019.
The examiner reports identified multiple hardware and software issues that preclude the Office ofthe Texas Secretary of State from determining that the Democracy Suite 5.5-A system satisfies each of the voting-system requirements set forth in the Texas Election Code. Specifically, the examiner reports raise concerns about whether the Democracy Suite 5.5-A system is suitable for its intended purpose; operates efficiently and accurately; and is safe from fraudulent or unauthorized manipulation. Therefore, the Democracy Suite 5.5-A system and corresponding hardware devices do not meet the standards for certification prescribed by Section 122.001 of the Texas Election Code.
As was the case with THE 5.5 System, Some of the hardware in the Democracy 5.5-A System can be connected to the internet through Ethernet ports.In the 5.5 System examination, the rolling ballot box dividers for provisional or disputed ballot storage were not present.Without question, one or more of the components of the 5.5-A System can be connected to an external communication network and this can only be avoided if the end-user takes the proper precautions to prevent such a connection.Many of the security features of the 5.5-A System are not automatic, but again depend on the end-user following the best practices promoted by Dominion. …Leaving these security measures to the local jurisdiction is not in alignment with this standard [Texas law].
During the installation of the Adjudication software on the EMS server, the installation failed multiple times.
...general concerns about the system’s ability to be implemented by counties with low technical expertise due to the complexity of the configuration and installation process are still present.
Installation was complicated and not intuitive.
The issues identified should be of concern to everyone, especially to voters in Georgia, because Georgia was having to rush implementing their new Dominion voting system for a Presidential election year.The Ballot Marking Device has an indicator light connected by USB port and an examiner was able to connect his phone to the Device and scan files from his phone…a system log of the event was made without enough details about the incident and no audit log caught the presence of the phone connected.
Error messages were visible for only several seconds before they disappeared.
Lawsuits and complaints were filed about the system Georgia had used for almost 20 years - Election Systems and Software (ES&S) - that Georgia subsequently put out a solicitation for a replacement voting system. According to this July 2019 report
Georgia had to rush the implementation of Dominion, which the expert examiners in Texas stated was complicated to install, for the Presidential Primary in March.Dominion, a Denver-based company, won the contract in large part because it offered Georgia the lowest-cost system among three companies that submitted bids, according to evaluation score sheets. Though ES&S scored higher on the government’s criteria for a replacement voting system, Dominion came out on top when the price of its system was taken into account.
As Georgia elections officials prepared to roll out an over $100 million high-tech voting system last year, good-government groups, a federal judge and election-security experts warned of its perils. The new system, they argued, was too convoluted, too expensive, too big — and was still insecure.
The potential for problems with the new system was somewhat well known from the state’s small-scale test in the 2019 elections, when a software glitch in the electronic poll books caused delays in most of the six counties where the test took place.
Hursti's Declaration filed on August 24, 2020 is found here. He observed at the Fulton County Tabulation center that it was a technician from the vendor Dominion who was operating Dominion's Election Management System server. Hursti stated that Fulton County Elections Department personnel admitted to having limited knowledge and or control over the EMS server and its operations. Hursti considered that dangerous and high risk.In an Aug. 24  declaration from Harri Hursti, an acknowledged expert on electronic voting security, provided a first-hand description of problems he observed during the June 9 statewide primary election in Georgia and the runoff elections on Aug. 11.
According to The Epoch Times article referenced above:The voting system is being deployed, configured and operated in Fulton County in a manner that escalates the security risk to an extreme level and calls into question the accuracy of the election results. The lack of well-defined process and compliance testing should be addressed immediately using independent experts. The use and the supervision of the Dominion personnel operating Fulton County’s Dominion Voting System should be evaluated.
In an Oct. 11 order, just weeks prior to the presidential election, U.S. District Judge Amy Totenberg agreed with the concerns associated with the new Dominion voting system, writing that the case presented “serious system security vulnerability and operational issues that may place Plaintiffs and other voters at risk of deprivation of their fundamental right to cast an effective vote that is accurately counted.”“The Court’s Order has delved deep into the true risks posed by the new BMD voting system as well as its manner of implementation. These risks are neither hypothetical nor remote under the current circumstances,” Judge Totenberg wrote in her order.
Judge Totenberg's Order stated "The Court assumes that cost considerations, among others, may have played a role in this purchasing decision..". Dominion was the lowest bidder but their system scored lower with regards to George's criteria for a new system than another vendor ES&S.Despite the court’s misgivings, Totenberg ruled against replacing the Dominion system right before the presidential election, noting that “Implementation of such a sudden systemic change under these circumstances cannot but cause voter confusion and some real measure of electoral disruption.”
We do not know the procurement laws in Georgia but the issues raised begs the question about awarding such a contract on the basis of cost. After reading about the issues identified by voting security experts and the Judge's Order above, can Georgia voters feel warm and fuzzy about the Dominion Voting System?
In addition, Politico reported there were "glitches" in two Georgia counties the morning of Election Day that has not been adequately explained.
In December 2019, this Washington Post article reported concerns about Georgia rolling out the new Dominion voting system.A spokesperson for the secretary of state’s office has not responded to multiple inquiries seeking further details about the problem and what caused it. Dominion also would not say what the problem was or answer questions about what the company did to fix the issue.
According to this November 13, 2020 Washington Examiner report, Democrat Senators Elizabeth Warren, Ron Wyden, and Amy Klobuchar and Democrat Congressman Mark Pocan were very concerned about our voting systems security and vulnerabilities. They were so concerned they wrote a 5 page letter on December 6, 2019 to the three private equity firms who have controlling interests in the three leading election technology companies, including Dominion owned by Staple Street Capital Group.
The letters can be found at Senator Elizabeth Warren's Senate website where she warns about voting system vulnerabilities, states concerns about the lack of transparency provided by these voting systems vendors and accuses these vendors have "skimped on security in favor of convenience", leaving voting systems across the country "prone to security problems."
Examples in the warning letters from these Democrats included:
NBC News reported in January 2020:In 2018 alone ''voters in South Carolina [were] reporting machines that switched their votes after they'd inputted them, scanners [were] rejecting paper ballots in Missouri, and busted machines [were] causing long lines in Indiana." In addition, researchers recently uncovered previously undisclosed vulnerabilities in "nearly three dozen backend election systems in 10 states." And, just this year, after the Democratic candidate's electronic tally showed he NJ received an improbable 164 votes out of 55,000 cast in a Pennsylvania state judicial election in 2019, the county's Republican Chairwoman said, "[n]othing went right on Election Day. Everything went wrong. That's a problem." These problems threaten the integrity of our elections and demonstrate the importance of election systems that are strong, durable, and not vulnerable to attack.
Dominion was the only one of these three vendors to NOT respond to NBC's request for how many of these vulnerable modems were currently in use on their systems.The three largest voting manufacturing companies — Election Systems & Software, Dominion Voting Systems and Hart InterCivic — have acknowledged they all put modems in some of their tabulators and scanners. The reason? So that unofficial election results can more quickly be relayed to the public. Those modems connect to cell phone networks, which, in turn, are connected to the internet.
Democrats in the House were so concerned about voting systems vulnerabilities that the House Administration Committee held a Hearing on 2020 Election Security on January 9, 2020. According to CSPAN coverage of the hearing:
Voting system vendors, local election officials and computer science professors testified on 2020 election security before the House Administration Committee. Among the witnesses were Election Systems and Software CEO Tom Burt and U.S. Election Assistance Commissioner Donald Palmer. Election vendor CEOs told lawmakers they had not seen any evidence of election system tampering. Other topics discussed included election infrastructure and supply chain security, voting equipment testing and election system modernization efforts.
In the rush to replace insecure, unreliable electronic voting machines after Russia’s interference in the 2016 U.S. presidential race, state and local officials have scrambled to acquire more trustworthy equipment for this year’s election, when U.S. intelligence agencies fear even worse problems.Some of the most popular ballot-marking machines, made by industry leaders Election Systems & Software and Dominion Voting Systems, register votes in bar codes that the human eye cannot decipher. That’s a problem, researchers say: Voters could end up with printouts that accurately spell out the names of the candidates they picked, but, because of a hack, the bar codes do not reflect those choices. Because the bar codes are what’s tabulated, voters would never know that their ballots benefited another candidate.Even on machines that do not use bar codes, voters may not notice if a hack or programming error mangled their choices. A University of Michigan study determined that only 7 percent of participants in a mock election notified poll workers when the names on their printed receipts did not match the candidates they voted for.Nearly 1 in 5 U.S. voters will be using ballot-marking machines this year, compared with less than 2% in 2018, according to Verified Voting, which tracks voting technology.Pivotal counties in the crucial states of Pennsylvania, Ohio and North Carolina have bought ballot-marking machines. So have counties in much of Texas, as well as California’s Los Angeles County and all of Georgia, Delaware and South Carolina. The machines’ certification has often been streamlined in the rush to get machines in place for presidential primaries.Ballot-marking devices were not conceived as primary vote-casting tools but as accessible options for people with disabilities.
There are three primary vendors for voting machines: Election Systems & Software (ES&S), Dominion Voting Systems, and Hart InterCivic, and very little is known about the security of these companies’ own IT systems. Some voting machines are optical scanners, some have touch screen voting, some use QR codes or bar codes, and others send votes in clear text back to vendors to be tallied. They can all be hacked or compromised. If almost all of the voting precincts in our clunky system use equipment from these vendors, an attacker only needs to hack the equipment to reach all of the voters.When Stauffer [former cyber analyst for the Air Force] tested ES&S’s DS200 machine, they found multiple vulnerabilities that would enable an attacker to gain full access to the system, change configurations, and install a modified operating system without election officials knowing. Stauffer states that the vulnerabilities would enable a hacker to gain the highest level of privilege and gain remote access into the system and do whatever they wanted to do, “whether its change an election or shut the system down.” He found similar vulnerabilities in Dominion’s Democracy Suite voting equipment that would enable remote code execution, denial of service attacks, and off-line ballot tampering. “How can a vendor sell a voting system with this many vulnerabilities?” he asks.
Husti says, “Every single system we have, there is a place where it touches the Internet…it might be indirect, it might be infrequent, but it is always there.” When Hursti powers up a machine he purchased off eBay, the first thing it wanted to do was connect to the Internet. Additionally, election officials are less alert between elections, so hackers can infect a machine and the malware can remain dormant in machines between cycles. Jeff Moss, founder of the BlackHat and DEFCON conferences, points out that it would not be difficult to hack these simple machines and erase any traces.
As noted by the news outlet, Registrar of Voters Joe Gloria delivered a full report to county commissioners on Monday and included the following findings:936 discrepancies in ballots710 with mail-in precincts121 in early voting precincts105 on election day6 voters voted twice
“The Clark County Registrar of Voters Joe Gloria stated that they had found issues related to tracking, moving from signature to manual signature verifications as well as in the ballot curing process,” the report said. “Some of the discrepancies found in the early voting and election day results according to Gloria included: ‘Inadvertent canceled votes,’ ‘Voter check-ins,’ ‘Reactivated voter cards,’ ‘Duplicate activations,’ and ‘Check-in errors.'”