“I have, from time to time, been interested in the question of trust in voting machines and processes. That goes all the way back to the early 2000s and the sloppy Diebold machines in use then. At that time it was notable that Diebold, who also made (make?) ATMs, seemed to have invested a lot more time and effort into making their ATMs secure than making their voting machines secure.
Well anyway there’s only so many hours in a day and only so much outrage I can summon up for sloppy work so I moved on to other things like glowball worming. Anyway given the US 2020 elections and now the 2022 elections have been rife with allegations of vote rigging and other shenanigans I’ve started to renew my interest in the current state of the art.
The bad news up front
Dominion’s 2020 era voting systems and infrastructure are, if anything, easier to hack than Diebold’s 2000 era ones. To that end, despite Dominion settling with Fox for $megabuck$, it seems likely that Dominion is in fact guilty of making systems that have design choices that seem to be deliberately chosen to make fraud easy and then not testing to see if there were possible problems let alone making any attempt to fix them. Then, to add insult to injury, they have created machines that implement these poor design choices that are easy to hijack. Finally, needless to say, they have relied on “security via obscurity” and what a British politician called “being economical with the acualité” to disguise these design choices.
That’s what I get from the analysis by Professor Alex Halderman into the Dominion systems used in Georgia.
Let me start with the most basic. In Georgia always, in other states under certain circumstances, voters use a machine to make select their voting choices and these choices are then printed onto a paper ballot that is then sent to another machine for counting. That ballot has a QR code (the box of dots like the one above) which contains the choices the voter made and some checksum for integrity. That QR code cannot be read easily by the voter (you don’t just need a smartphone with a QR code reader, you need some special software to read it and then you need to be able to map the docoded output to your choices) so the machine also prints a human readable version. However there is no checking anywhere that the QR code corresponds to the human readable version and the QR code is what the voting tabulators use to count.
Halderman’s report notes both that it would be easy to have the QR code be different to the human readable part because there are no audits done that check that they correspond and that it would also be easy to change the output of both the QR code and the human readable print out on the assumption that most people will not check the print out.
The first case requires special audit equipment to detect and you would need to be very sure that you could actually trust that equipment so getting it from Dominion would be contra-indicated. The latter case would make it impossible to detect vote rigging via audit if the voter failed to raise the alarm at the polling station.
If you look at the sample above the human readable printout does not seem like a model of clarity (all the extra “vote for”s which add verbiage without adding clarity for example) making it easier to hide a fraudulent entry. Of course voters are likely to check the top of the ballot (i.e. their presidential vote) so changing that might be risky, but changing the votes lower down in the more obscure county level races is much more likely to escape notice. You have to wonder why they made it hard to read.
But that’s not all. Similar QR codes seem to be generated by other voting methods too such as the vote by mail web app which voters then have to print out themselves and mail to the county. What this means is that the 2000 mules sort of vote by mail fraud is made extremely easy.
And it gets worse.
Despite claims that the QR code data is encrypted, it isn’t. Once you know the proprietary format you can decode the data and see what choices the voter made. But wait there’s more. There is a checksum created using a shared key to detect accidental tampering/misprints etc. but that shared key turns out to be very easy to obtain and each vote from a particular county (or possibly multiple counties or part of a county depending on implementation) is indistinguishable from any other vote from that county/region no matter which voting machine (or vote by mail method) was used.”
My understanding is that Halderman’s work caused quite a stir in court last week. Maybe, finally, some progress.
The FBI, the CIA, FDA, NIH, CDC, Crooked Joe, the Mockingbird media…all these are so obviously corrupt as hell, but the 2020 election was squeaky clean?
That a Dominion machine was demonstrated in a Georgia court to be easily hacked lends credence to the possibility that Fox’s out-of-court settlement with Dominion is one where the CIA will render Fox whole &/or reward them. Think how hard it is to sue journalists; you have to show intent to dishonestly defame.
Yes, it was clear Fox did not want to defend that suit, Healey.
From Sarah Hoyt:
“I have, from time to time, been interested in the question of trust in voting machines and processes. That goes all the way back to the early 2000s and the sloppy Diebold machines in use then. At that time it was notable that Diebold, who also made (make?) ATMs, seemed to have invested a lot more time and effort into making their ATMs secure than making their voting machines secure.
Well anyway there’s only so many hours in a day and only so much outrage I can summon up for sloppy work so I moved on to other things like glowball worming. Anyway given the US 2020 elections and now the 2022 elections have been rife with allegations of vote rigging and other shenanigans I’ve started to renew my interest in the current state of the art.
The bad news up front
Dominion’s 2020 era voting systems and infrastructure are, if anything, easier to hack than Diebold’s 2000 era ones. To that end, despite Dominion settling with Fox for $megabuck$, it seems likely that Dominion is in fact guilty of making systems that have design choices that seem to be deliberately chosen to make fraud easy and then not testing to see if there were possible problems let alone making any attempt to fix them. Then, to add insult to injury, they have created machines that implement these poor design choices that are easy to hijack. Finally, needless to say, they have relied on “security via obscurity” and what a British politician called “being economical with the acualité” to disguise these design choices.
That’s what I get from the analysis by Professor Alex Halderman into the Dominion systems used in Georgia.
Let me start with the most basic. In Georgia always, in other states under certain circumstances, voters use a machine to make select their voting choices and these choices are then printed onto a paper ballot that is then sent to another machine for counting. That ballot has a QR code (the box of dots like the one above) which contains the choices the voter made and some checksum for integrity. That QR code cannot be read easily by the voter (you don’t just need a smartphone with a QR code reader, you need some special software to read it and then you need to be able to map the docoded output to your choices) so the machine also prints a human readable version. However there is no checking anywhere that the QR code corresponds to the human readable version and the QR code is what the voting tabulators use to count.
Halderman’s report notes both that it would be easy to have the QR code be different to the human readable part because there are no audits done that check that they correspond and that it would also be easy to change the output of both the QR code and the human readable print out on the assumption that most people will not check the print out.
The first case requires special audit equipment to detect and you would need to be very sure that you could actually trust that equipment so getting it from Dominion would be contra-indicated. The latter case would make it impossible to detect vote rigging via audit if the voter failed to raise the alarm at the polling station.
If you look at the sample above the human readable printout does not seem like a model of clarity (all the extra “vote for”s which add verbiage without adding clarity for example) making it easier to hide a fraudulent entry. Of course voters are likely to check the top of the ballot (i.e. their presidential vote) so changing that might be risky, but changing the votes lower down in the more obscure county level races is much more likely to escape notice. You have to wonder why they made it hard to read.
But that’s not all. Similar QR codes seem to be generated by other voting methods too such as the vote by mail web app which voters then have to print out themselves and mail to the county. What this means is that the 2000 mules sort of vote by mail fraud is made extremely easy.
And it gets worse.
Despite claims that the QR code data is encrypted, it isn’t. Once you know the proprietary format you can decode the data and see what choices the voter made. But wait there’s more. There is a checksum created using a shared key to detect accidental tampering/misprints etc. but that shared key turns out to be very easy to obtain and each vote from a particular county (or possibly multiple counties or part of a county depending on implementation) is indistinguishable from any other vote from that county/region no matter which voting machine (or vote by mail method) was used.”
Read the rest for your self:
https://accordingtohoyt.com/2023/06/23/dominion-voting-machines-insecure-by-design-by-francis-turner/
My understanding is that Halderman’s work caused quite a stir in court last week. Maybe, finally, some progress.
The FBI, the CIA, FDA, NIH, CDC, Crooked Joe, the Mockingbird media…all these are so obviously corrupt as hell, but the 2020 election was squeaky clean?
That a Dominion machine was demonstrated in a Georgia court to be easily hacked lends credence to the possibility that Fox’s out-of-court settlement with Dominion is one where the CIA will render Fox whole &/or reward them. Think how hard it is to sue journalists; you have to show intent to dishonestly defame.
Yes, it was clear Fox did not want to defend that suit, Healey.
I hope it is much better this year.