Category Archives: voting technology

“Election equipment to be replaced in Coffee County after outsiders gain access”

AJC:

Georgia Secretary of State Brad Raffensperger said Friday that he will replace voting equipment in Coffee County after supporters of then-President Donald Trump and their computer analysts copied confidential data following the 2020 election.

The decision comes after tech experts hired by Trump attorney Sidney Powell visited restricted areas of the county’s elections office to copy information from an election server, voter check-in tablets, ballot scanners and other voting equipment on Jan. 7, 2021.

Replacing the equipment could cost taxpayers hundreds of thousands of dollars, but Raffensperger said it’s necessary to avoid “distraction and misinformation” before this year’s elections.

Election security experts who oppose Georgia’s voting system say the copying of election software increased the risk of hacks or malware that could attempt to manipulate election results, though there’s no evidence that has happened in an election so far.

Share this:

“Videos Show Trump Allies Handling Georgia Voting Equipment”

NYT:

Newly released videos show allies of former President Donald J. Trump and contractors who were working on his behalf handling sensitive voting equipment in a rural Georgia county weeks after the 2020 election.

The footage, which was made public as part of long-running litigation over Georgia’s voting system, raises new questions about efforts by Trump affiliates in a number of swing states to gain access to and copy sensitive election software, with the help of friendly local election administrators. One such incident took place on Jan. 7 of last year, the day after supporters of Mr. Trump stormed the Capitol, when a small team traveled to rural Coffee County, Ga.

The group included members of an Atlanta-based firm called SullivanStrickler, which had been hired by Sidney Powell, a lawyer advising Mr. Trump who is also a conspiracy theorist….

The new videos show members of the team inside an office handling the county’s poll pads, which contain sensitive voter data. (The cases holding the equipment in the footage are labeled with the words “POLL PAD.”) In a court hearing on Sept. 9, David D. Cross, a lawyer for a nonprofit group that is suing over perceived security vulnerabilities in Georgia’s voting system — and that released the new videos after obtaining them in its litigation — told a judge that his group suspected that the “personally identifiable information” of roughly seven million Georgia voters may have been copied.

Charles Tonnie Adams, the elections supervisor of Heard County, Ga., said in an email that “poll pads contain every registered voter on the state list.” It was not immediately clear what specific personal information about voters was on the poll pads, or what, if anything, was done with the data.

Mike Hassinger, a spokesman for Brad Raffensperger, Georgia’s secretary of state, said a poll pad “does have voter information but it’s not accessible because it’s scrambled behind security protocols.” He added that there were no driver’s license numbers or Social Security numbers on poll pads at the time.

Share this:

“How a rural Colorado county became an epicenter of Donald Trump’s Big Lie”

Steven Rosenfeld:

What happened next in Mesa County gets complex. It also reveals how a rare but recurring trend among a handful of local election officials—mistakes with setting up or using their system’s computers—can be exploited by partisans who claim that invisible forces are secretly stealing votes if their candidates lose.

In every cycle, there are some election officials who do not properly set up or use these computers—errors that usually are caught and corrected, but initially produce incorrect election results. This trend has been overlooked in the press coverage of the interstate plot by Trump’s IT gurus to steal election software and 2020 data.

The operational problems, however, are among the findings by the Independent Media Institute’s Voting Booth project, which has co-written a forthcoming guide about how election systems work. The co-author is Duncan Buell, a computer scientist who has studied voting systems, software, and data for more than a decade, and was an election official in Richland County, South Carolina, home to the state’s capital, Columbia. These errors recurred in each cycle that he studied.

In 2020’s general election, the programming, and operational mistakes were few and far between. Nonetheless, the errors that Trump’s IT squads seized upon—errors that were corroborated by post-election inquiries by other government bodies—helped fuel the lie that the presidential election was stolen.

Moreover, some of the election workers who made these mistakes—such as Mesa County’s Brown—and their elected superior—such as Peters—then fell under the spell of Trump’s conspiratorial IT squad—producing fodder for more false claims.

These trends—mistakes with programming or using election computers and rogue officials who abuse the public trust by making unfounded claims—offer warnings before 2022’s general election. Many 2020 election-deniers are candidates seeking state and federal office this fall. A few already have shown in their primaries that they will attack the process and technology if they fear they may lo

Share this:

“How vote count mistakes by two rural counties fed Trump’s big lie”

Steven Rosenfeld:

Since 2020’s presidential election, two rural counties in Michigan and Colorado that initially reported incorrect results have had outsized roles in spreading Donald Trump’s big lie that his second term was stolen by Democrats colluding with one of the country’s biggest computerized voting systems makers.

The mistaken 2020 election results occurred in two out of the more than 8,000 election jurisdictions across America. They were caused by county officials who did not properly set up the election system computers in Michigan and properly use them in Colorado. The errors, which notably were caught and corrected, received scant attention compared to the sensation they sparked in Trump circles where a cadre of self-proclaimed IT experts — and, later, some of the same officials who erred — asserted that the computers had been sabotaged.

What unfolded inside the election departments in Antrim County, Mich., and Mesa County, Colo., in pro-Trump circles that misunderstood but exploited the counties’ errors — and then fueled conspiratorial and likely illegal evidence-stealing gambits in other battleground states (such as Georgia) — is a cautionary tale before 2022’s state and federal elections.

The procedural lapses that led to initially wrong vote counts are among the findings in research by the Independent Media Institute’s Voting Booth project. It has co-authored a forthcoming guide about how vote-counting systems work. Duncan Buell, a lifelong computer scientist who has spent the past dozen years analyzing election systems, software, and data, and served as an election official, co-authored the guide. The lapses have recurred in every election cycle Buell has studied.

The revelation that complications surrounding using the newest voting system computers by local officials helped launch false but widely believed stolen-election narratives comes as scores of Trump-mimicking election deniers are running for state and federal office in 2022’s general election, and as Trump is still falsely claiming that he was re-elected in 2020.

Share this:

“Is Internet Voting Trustworthy? The Science and the Policy Battles”

Andrew Appel has posted this draft on SSRN (forthcoming, University of New Hampshire Law Review). Here is the abstract:

No known technology can make internet voting secure, according to the clear scientific consensus. In some applications—such as e-pollbooks (voter sign-in), voter registration, and absentee ballot request—it is appropriate to use the internet, as the inherent insecurity can be mitigated by other means. But the insecurity of paperless transmission of a voted ballot through the internet, cannot be mitigated.

The law recognizes this in several ways. Courts have enjoined the use of certain paperless or internet-connected voting systems. Federal law requires states to allow voters to use the internet to request absentee ballots, but carefully stops short of internet ballot return (i.e., voting).

But many U.S. states and a few countries go beyond what is safe: they have adopted internet voting, for citizens living abroad and (in some cases) for voters with disabilities.

Most internet voting systems have an essentially common architecture, and they are insecure at least at the same key point, after the voter has reviewed the ballot but before it is transmitted. I review six internet voting systems deployed 2006-2021 that were insecure in practice, just as predicted by theory—and some were also insecure in surprising new ways, “unforced errors”.

We can’t get along without the assistance of computers. U.S. ballots are too long to count entirely by hand unless the special circumstances of a recount require it. So computer-counted paper ballots play a critical role in the security and auditability of our elections. But audits cannot be used to secure internet voting systems, which have no paper ballots that form an auditable paper trail.

So there are policy controversies: trustworthiness versus convenience, security versus accessibility. In 2019-22 there were lawsuits in Virginia, New Jersey, New York, New Hampshire, and North Carolina; legislation enacted in Rhode Island and withdrawn in California. There is a common pattern to these disputes, which have mostly resolved in a way that provides remote accessible vote by mail (RAVBM) but stops short of permitting electronic ballot return (internet voting).

What would it take to thoroughly review a proposed internet voting system to be assured whether it delivers the security it promises? Switzerland provides a case study. In Switzerland, after a few years of internet voting pilot projects, the Federal Chancellery commissioned several extremely thorough expert studies of their deployed system. These reports teach us not only about their internet voting system itself but about how to study those systems before making policy decisions.

Accessibility of election systems to voters with disabilities is a genuine problem. Disability-rights groups have been among those lobbying for internet voting (which is not securable) and other forms of remote accessible vote by mail (which can be adequately securable). I review statistics showing that internet voting is probably not the most effective way to serve voters with disabilities.

Share this:

“‘Absolutely terrifying prospect’: How the midterms could weaken U.S. election security”

Eric Geller for Politico:

Republicans who support former President Donald Trump’s lies about the 2020 election would gain the power to open up access to their states’ voting machines if they win in November — a prospect that security experts call potentially catastrophic for American democracy.

Already, unvetted outsiders have examined voting equipment or inspected the devices’ sensitive computer code in counties in Arizona, Colorado, Georgia, Michigan and Pennsylvania, bypassing longstanding security protections — in many cases with the support of Trump allies overseeing local elections. Now Republicans who embrace the former president’s conspiracy theories are running for governor or secretary of state, offices that would give them even broader authority to allow like-minded activists and consulting firms to conduct so-called “audits” of the entire voting systems in key states.

These kinds of examinations would make it easier for hackers intent on sowing chaos or changing the outcomes of future elections to learn how to conduct their attacks, according to voting security professionals, who note that some sensitive information about voting machines has already been leaked since Trump supporters began their push for audits.

It’s “an absolutely terrifying prospect,” said J. Alex Halderman, a computer security expert and professor at the University of Michigan who has repeatedly exposed flaws in voting systems but has also debunked Trump’s claims about 2020 fraud.

Share this:

“Newly obtained surveillance video shows fake Trump elector escorted operatives into Georgia county’s elections office before voting machine breach”

CNN:

A Republican county official in Georgia escorted two operatives working with an attorney for former President Donald Trump into the county’s election offices on the same day a voting system there was breached, newly obtained video shows.

The breach is now under investigation by the Georgia Bureau of Investigation and is of interest to the Fulton County District Attorney, who is conducting a wider criminal probe of interference in the 2020 election.

The video sheds more light on how an effort spearheaded by lawyers and others around Trump to seek evidence of voter fraud was executed on the ground from Georgia to Michigan to Colorado, often with the assistance of sympathetic local officials.

In the surveillance video, which was obtained by CNN, Cathy Latham, a former GOP chairwoman of Coffee County who is under criminal investigation for posing as a fake elector in 2020, escorts a team of pro-Trump operatives to the county’s elections office on January 7, 2021, the same day a voting system there is known to have been breached.

The two men seen in the video with Latham, Scott Hall and Paul Maggio, have acknowledged that they successfully gained access to a voting machine in Coffee County at the behest of Trump lawyer Sidney Powell.

Text messages, emails and witness testimony filed as part of a long-running civil suit into the security of Georgia’s voting systems show Latham communicated directly with the then-Coffee County elections supervisor about getting access to the office, both before and after the breach. One text message, according to the court document, shows Latham coordinating the arrival and whereabouts of a team “led by Paul Maggio” that traveled to Coffee County at the direction of Powell.

Three days after the breach, Latham texted the Coffee County elections supervisor, “Did you all finish with the scanner?” According to court documents, Latham testified she did not know what Hall was doing in Coffee County. But when confronted with her texts about the scanner, she asserted her Fifth Amendment rights.

Share this:

“Handling of Georgia election breach investigation questioned”

AJC:

A recording first surfaced six months ago claiming that a team copied “every piece of equipment” in Coffee County’s elections office after the 2020 election, but it wasn’t Georgia investigators who confirmed that confidential voting data had been taken.

Instead, it took a lawsuit by private citizens to find documents showing that allies of then-President Donald Trump and their computer experts gained access to sensitive files in the rural South Georgia county.

Critics of Georgia election officials say the secretary of state’s office has been slow-walking the breach investigation as it fights a court case alleging that equipment manufactured by Dominion Voting Systems is vulnerable to insider attacks and hacks. The investigation has been pending for months, and few witnesses have been questioned.

State election officials disagree, saying they’re still gathering evidence and there’s little threat to Georgia’s voting system after several people working for Sidney Powell, an attorney for Trump, copied election files on Jan. 7, 2021. They then distributed the data to conspiracy theorists who deny the results of the presidential election, which Trump lost….

Marilyn Marks, a plaintiff in the election security lawsuit against Georgia, said Republican Secretary of State Brad Raffensperger’s office failed to adequately investigate “the most massive voting system heist that I’ve ever heard of.”

Documents disclosed through subpoenas indicate that SullivanStrickler copied a trove of data from an election server, ballot scanners and memory cards that store votes. An attorney for SullivanStrickler has said the firm was preserving election records under Powell’s direction.

“They absolutely fell down on the job and covered up an enormous security breach,” said Marks, executive director for the Coalition for Good Governance. “They didn’t want to find out because they have been saying for years that this is a reliable, trustworthy system. They knew if they were to tell people what really happened, people’s faith in the system would be crushed.”

Gabriel Sterling, interim deputy secretary of state, said Marks is trying to undermine public confidence in Georgia’s voting system to support her lawsuit’s goal of holding elections using paper ballots filled out by hand rather than printed by computers.

“This isn’t about the machines. This is about individuals who did the wrong thing. They will be investigated, and they will be punished,” Sterling said. “We are taking the necessary methodical investigative steps. Unlike Marilyn Marks, we have a responsibility to give a good case to the State Election Board and potentially a local district attorney to prosecute.”

Share this:

“Special grand jury seeks evidence of Coffee Co. election breach”

AJC:

The Fulton County special grand jury is growing increasingly interested in an alleged election data breach in rural Coffee County as part of its multi-faceted criminal investigation into Georgia’s 2020 election.

The 23-person grand jury earlier this week approved a subpoena for documents from the Atlanta IT services firm SullivanStrickler. The subpoena was obtained by The Atlanta Journal-Constitution on Friday.

The subpoena seeks all documents between the company and Sidney Powell or Lin Wood — two conservative attorneys aligned with the Trump campaign.

Share this:

“Some Republicans in Washington state cast a wary eye on an election security device”

Miles Parks for NPR:

In northeast Washington state, a remote region nestled against the Canadian border, the politics lean conservative and wariness of government runs high.

Earlier this year, a Republican-led county commission there made a decision that rippled across Washington — triggering alarm at the secretary of state’s office, and now among cybersecurity experts who have worked for the past six years to shore up the security of America’s voting systems.

It happened on Valentine’s Day during the regular weekly meeting of the three-member commission in Ferry County, where Donald Trump received more than 63% of the vote in the 2020 election.

After an agenda that included an update on the county fair and a discussion about a local water and sewer district, the commissioners took up a proposal to disconnect a recently installed cybersecurity device from the county’s computer network.

The device, known as an Albert sensor, was designed to alert local governments to potential hacking attempts against their networks. More than 900 Albert sensors have been deployed across the country, primarily to states and counties, and they have been a key component of the federal government’s cybersecurity response following Russian election interference around the 2016 election.

But the commissioners in Ferry County had come to the conclusion that the sensor, which had been provided by the state at no cost, was more of a liability than an asset.

“Let’s get rid of it,” Commissioner Nathan Davis said before making his motion to remove the device.

The vote in support of the motion was unanimous.

“Bye bye, Albert sensor,” one of the commissioners quipped.

Another county in Washington state also disconnected its sensor, and a third decided not to install one. It’s an isolated trend in Washington at this point, but one that represents a stark example of how Republican mistrust in elections and government systems more broadly threatens to dismantle bipartisan progress made over the past decade to improve election security.

Share this:

“Election Data Breach Attracts Georgia Investigators”

NYT:

The day after Donald J. Trump’s supporters stormed the Capitol, a small group working on his behalf traveled to rural Coffee County, Ga., about 200 miles southeast of Atlanta.

One member of the group was Paul Maggio, an executive at a firm based in Atlanta called SullivanStrickler, which helps organizations analyze and manage their data. His company had been hired by Sidney Powell, a conspiracy theorist and lawyer advising Mr. Trump, who was tasked with scouring voting systems in Georgia and other states. It was part of an effort by Trump allies in a number of swing states to access and copy sensitive election software, with the help of friendly election administrators.

“We are on our way to Coffee County, Georgia, to collect what we can from the election/voting machines and systems,” Mr. Maggio wrote to Ms. Powell on the morning of Jan. 7, 2021, according to an email exchange that recently emerged in civil litigation. Weeks later, Scott Hall, an Atlanta-area Trump supporter and bail bondsman who traveled to Coffee County on a chartered plane, described what he and the group did there.

“We scanned every freaking ballot,” he said in a recorded phone conversation in March 2021. Mr. Hall said that the team had the blessing of the local elections board and “scanned all the equipment, imaged all the hard drives and scanned every single ballot.”

This week, court filings revealed that the Coffee County data breach is now part of the sprawling investigation into election interference being conducted by Fani T. Willis, the district attorney of Fulton County, Ga., which encompasses most of Atlanta.

Though Coffee County is well outside of her jurisdiction, Ms. Willis is seeking to build a broad conspiracy and racketeering case that encompasses multifaceted efforts by Trump allies to disrupt and overturn the lawful election of Joseph R. Biden Jr. On Aug. 16, the Georgia Bureau of Investigation also confirmed that it was working with the Georgia secretary of state’s office on an investigation into the Coffee County data breach, court records show. Many of the details of the Coffee County visit were included in emails and texts that surfaced in civil litigation brought by voting rights activists against Georgia’s secretary of state; news of the breach was reported earlier by The Washington Post.

Share this:

“Files copied from voting systems were shared with Trump supporters, election deniers”

WaPo:

Sensitive election system files obtained by attorneys working to overturn President Donald Trump’s 2020 defeat were shared with election deniers, conspiracy theorists and right-wing commentators, according to records reviewed by The Washington Post.

A Georgia computer forensics firm hired by the attorneys placed the files on a server, where company records show they were downloaded dozens of times. Among the downloaders wereaccounts associated with a Texas meteorologist who has appeared on Sean Hannity’s radio show; a podcaster who suggested political enemies should be executed; a former pro-surfer who pushed disproved theories that the 2020 election was manipulated; and a self-described former “seduction and pickup coach” who claims to also have been a hacker.

Plaintiffs in a long-running federal lawsuit over the security of Georgia’s voting systems obtained the new records from the company, Atlanta-based SullivanStrickler, under a subpoena to one of its executives. The records include contracts between the firm and the Trump-allied attorneys, notably Sidney Powell. The data files are described as copies of components from election systems in Coffee County, Ga., and Antrim County, Mich.

A series of data leaks and alleged breaches of local elections offices since 2020 has prompted criminal investigations and fueled concerns among some security experts that public disclosure of information collected from voting systems could be exploited by hackers and others people seeking to manipulate future elections.

Access to U.S. voting system software and other components is tightly regulated, and the government classifies those systems as “critical infrastructure.” The new batch of records shows for the first time how the files copied from election systemswere distributed to people in multiple states.

Marilyn Marks, executive director of the nonprofit Coalition for Good Governance, which is one of the plaintiffs in the Georgialawsuit, said the records appeared to show the files were handled recklessly. “The implications go far beyond Coffee County or Georgia,” Marks said….

In the records turned over to the Georgia plaintiffs, some pages,and portions of others, were blacked out. However, the text beneath some ofthe blacked-out blocks became visible when a Post reporter copied and pasted it into a separate file, showing downloads of files labeled “Antrim.”

Share this:

“Trump-allied lawyers pursued voting machine data in multiple states, records reveal”

WaPo:

A team of computer experts directed by lawyers allied with President Donald Trump copied sensitive data from election systems in Georgia as part of a secretive, multistate effort to access voting equipment that was broader, more organized and more successful than previously reported, according to emails and other records obtained by The Washington Post.

As they worked to overturn Trump’s 2020 election defeat, the lawyers asked a forensic data firm to access county election systems in at least three battleground states, according to the documents and interviews. The firm charged an upfront retainer fee for each job, which in one case was $26,000.

Attorney Sidney Powell sent the team to Michigan to copy a rural county’s election data and later helped arrange for them to do the same in the Detroit area, according to the records. A Trump campaign attorney engaged the team to travel to Nevada. And the day after the Jan. 6 attack on the Capitol the team was in southern Georgia, copying data from a Dominion voting system in rural Coffee County.

The emails and other records were collected through a subpoena issued to the forensics firm, Atlanta-based SullivanStrickler, by plaintiffs in a long-running lawsuit in federal court over the security of Georgia’s voting systems. The documents provide the first confirmation that data from Georgia’s election system was copied. Indications of a breach there were first raised by plaintiffs in the case in February, and state officials have said they are investigating.

“The breach is way beyond what we thought,” said David D. Cross, a lawyer for the plaintiffs, who include voting-security activists and Georgia voters. “The scope of it is mind-blowing.”

A drumbeat of revelations about alleged security breaches in local elections offices has grown louder during the nearly two years since the 2020 election. There is growing concern among experts that officials sympathetic to Trump’s claims of vote-rigging could undermine election security in the name of protecting it.

Share this: