20 Computer Experts Issue Letter to Kemp on E-Voting Unreliability
(APN) ATLANTA — On March 14, 2017, some twenty computer experts from across the U.S. sent a letter to Georgia Secretary of State Brian Kemp, urging Kemp to immediately move to verifiable elections, after approximately sixteen years of faith based E-voting with no paper record in the State of Georgia.
These experts include computer science professors and software engineers from MIT, Harvard, Yale, Princeton, Georgia Tech, and many other prestigious universities; the Center for Democracy & Technology; and Google.
They express their concerns regarding Georgia’s unjustifiable “reliance on Direct Record Electronic (DRE) voting machines that do not provide an independent paper record of verified voter intent.”
“In order for citizens to have faith and confidence in their election, transparency is crucial, including about events such as the KSU breach, and its extent and severity,” the letter states, referring to a breach of a voting server database on March 01, 2017, at the Kennesaw State University Center for Election System that is under criminal investigation by the Federal Bureau of Investigations.
With national attention focused on the Run-off Special Election on June 20, 2017 in Georgia’s Sixth U.S. Congressional District between Jon Ossoff, a former aide and campaign manager to U.S. Rep. Hank Johnson (D-GA) and former Secretary of State Karen Handel, there is renewed attention regarding the question of whether our voting system is safe or reliable.
This year, Georgia has experienced several election problems beginning with the server breach in March.
Next on April 15, 2017, four Express Poll machines were reported as stolen from a Cobb County poll manager’s car.
Then late on the night of the recent Special Election, a “rare data error” was detected that held up the vote count in Fulton County.
“Fulton County had to conduct three redundant parallel elections for the Sixth District Congressional race, the Roswell Runoff, and a Johns Creek Special Election. The ‘rare error’ was caused when the software was unable to detect a Roswell Runoff voting card that was incorrectly loaded into the Sixth District Special Election county vote totals,” Garland Favorito, founder of VoterGA, told Atlanta Progressive News.
“Why did all levels of the software fail to detect the error and why did Fulton have to conduct three separate parallel elections on the same night using different voting machines, memory cards, databases, and procedures,” Favorito asked.
Computer experts and concerned citizens have been raising red flags for years that without an independent, voter-verifiable paper audit, our election system is neither safe nor reliable, and we cannot be sure our votes are counted accurately.
[After APN’s first reporting on E-voting issues back in 2006, this news service used to refer to elections as “so-called elections,” as we might also refer to elections in a third world country with inadequate safeguards. After a year, we stopped because it was confusing for readers unfamiliar with our E-voting coverage, but it remains true there is no reason to have confidence in Georgia’s election results.]
VoterGA previously challenged Georgia’s E-voting system in court, but the courts upheld the system, ruling that citizens should know the risks involved in voting electronically and that they can elect to use an absentee ballot, which is paper and by mail, if they choose to.
“Voters must assume the risk of necessarily different procedures,” the Supreme Court of Georgia opined.
Prof. Britain Williams, who oversaw the evaluations of the voting equipment in 2002, admitted in a sworn deposition that: “If a machine itself was reporting inaccurately on a given election, nobody would know it.”
Due to the fact that the machines do not store records of individual votes, but rather, aggregated totals, the idea of a recount is essentially meaningless, as it is merely a recounting of totals from each machine.
This cry for transparency and accuracy has been ignored in Georgia by most in a position of power since 2002. In past interviews with APN, candidates for Secretary of State in 2006 and 2010 have cited the cost of adding printers to the E-voting machines as prohibitive – apparently putting a price tag on our democracy.
Here are some of the questions the computer experts want answers to:
- Can you estimate when the attacker breached KSU’s system?
- How did the attacker breach KSU’s system?
- How was the breach discovered?
- Which files were accessed?
- Were any files accessed that related to software or “hashes” for the voting machines?
- Is there any evidence that files were modified? If so, which files?
- Had KSU begun ballot builds for the upcoming special election?
- To whom are these attacks being attributed? Could this be an insider attack? Has the FBI identified any suspects or persons of interest?
- Has the FBI examined removable media for the possibility of implanted malware?
- Has the FBI examined the hash or verification program for tampering?
- What mitigations are planned for the near- and long-term?
The SOS has not responded to the letter.
“Given that we know these machines, that you use, were made by Diebold and have software from about 2000 that is no longer maintained by Microsoft, and given that we know how to break into the machines and hack them, these machines should not be used, ” Dr. Barbara Simons, IBM Research (retired), former President Association of Computing Machinery (ACM) and one of the experts who signed the March 14 to Kemp, told APN.
“You have, in Georgia, some of the worst machines in the country… everybody who cares about fair elections should be demanding paper ballots for the Runoff,” Dr. Simons added.
The latest information released by KSU is that the server was accessed by an outside security researcher and no personal information was misused.
“We have already begun conversations with experts at Georgia Tech and with an outside firm to ensure that all of our systems are secured and meet best practices standards,” KSU President Sam Olens said in the news statement.
“I cannot find anyone at Georgia Tech who was been consulted by KSU. If there is such a person, they are not a member of the cyber security community,” Dr. Richard DeMillo, Executive Director, Center for 21st Century Universities (C21U), College of Computing at Georgia Institute of Technology, and a signer of the March 14 letter, told APN.
Recently, APN learned that SOS has a private vendor which they use for security and whose name can not be mentioned for security reasons.
We made an Open Records Request for a copy of the contract between Georgia and this private company. Kemp’s office responded with a letter requesting payment of 420 dollars for them to redact information that they claim is protected by exemptions under the Georgia Open Records Act.
“If the vendor is so insecure that just knowing the name would put everything in jeopardy then they should not have that vendor,” Dr. Simons said.