An understaffed tiny federal agency and 2 private testing labs responsible for certification of nation's voting systems

Posted by freedomforall 1 week ago to Government
0 comments | Share | Flag

"In July 2019, despite existing legal challenges, Georgia purchased a $106 million election system from Dominion Voting Systems. In a lawsuit, which originated in 2017, critics contended that the new system was subject to many of the same security vulnerabilities as the one it was replacing.

The issue most recently came to a head after credible accusations emerged of problems with voting machines.

Sworn affidavits, filed as part of an emergency motion on Nov. 17, detail allegations by poll observers of potential election fraud. Among other things, the poll workers recounted similar instances of pristine ballots that had similar characteristics: “They were all for Biden and had the same perfect black bubble.”

However, on that same day, Georgia Secretary of State Brad Raffensperger issued a statement announcing the completion of the state’s voting machine audit which claimed “Pro V&V found no evidence of the machines being tampered.”

The statement was widely cited by media organizations and others as evidence that claims of problems with voting machines in Georgia were meritless.

A closer examination of the statement, however, indicates that the only thing Pro V&V did was extract “the software or firmware from the components to check that the only software or firmware on the components was certified for use by the Secretary of State’s office.” The headline of the release appears to have been more important than the scope of the actual functions performed by Pro V&V.

Earlier this year, in an Aug. 24 sworn declaration, Harri Hursti, an acknowledged expert on electronic voting security, provided a first-hand description of problems he observed with Georgia’s new voting systems during the June 9 statewide primary election and the runoff elections on Aug. 11.

Hursti told the court of a series of problems, including the fact that “the scanner and tabulation software settings being employed to determine which votes to count on hand marked paper ballots are likely causing clearly intentioned votes not to be counted.”

Hursti also said that “the voting system is being operated in Fulton County in a manner that escalates the security risk to an extreme level.” And that “voters are not reviewing their BMD [Ballot Marking Devices] printed ballots, which causes BMD generated results to be un-auditable due to the untrustworthy audit trail.”

Separately, during pre-election testing of Dominion’s voting systems in Georgia in late September, election officials discovered a problem with the display for the U.S. Senate race, finding that under certain circumstances, not all of the candidates’ names fit on a single screen.

Lawyers for Dominion called the problem a “very minor issue” easily fixed with changes to the software. Lawyers for “voting integrity activists,” already involved in lawsuits over Georgia’s new Dominion System, voiced concerns over “the severity of the problem and the security of a last-minute fix.”

Dominion submitted the software fix to Pro V&V, for evaluation. Notably, Pro V&V had just recently provided certification testing for Dominion’s Democracy Suite 5.5-C on April 20, 2020 and June 16, 2020 leading to the July 9, 2020 EAC Certification but had not caught the software problem at the time.

On Oct. 1, a Zoom court hearing took place and a transcript of that hearing was made. During the call, Dr. Coomer from Dominion came into the Zoom meeting. Although no first name was provided, it appears to refer to Dr. Eric Coomer, director of Product Strategy and Security for Dominion Voting Systems.

Coomer told the Court it was his belief the software change “was de minimis,” but stated that Dominion did not make that determination but instead “submit that change to an accredited laboratory, in this case Pro V&V. They analyze the change. They look at the code. And they determine whether it is de minimis or not.”

Later during the hearing, Coomer was asked if he knew whom at Pro V&V was performing the software testing. Coomer said he did not and noted “I don’t know the makeup of Pro V&V’s employees.”

This statement from Coomer strikes as somewhat odd given that only three employees of Pro V&V have been located in reviewed documents; Jack Cobb, Michael Walker, and Wendy Owens. It was Owens and Walker who performed the Nov. 26, 2019 Testing for the Certification of Dominion Voting Systems Democracy Suite 5.5-A and it was these same two individuals who provided the April 13, 2020 and June 16, 2020 Testing of Dominion’s Democracy Suite 5.5-C. Additionally, Pro V&V and Dominion are both members of the same CISA council.

Indeed, on Oct. 2, 2020, a letter from Wendy Owens of Pro V&V was sent confirming “that this version of the ICX software corrected the issue with displaying of two column contests.” The letter concluded with a recommendation from Pro V&V that the software change to Dominion’s systems be “deemed as de minimis.”

On Oct. 3, a declaration from Dr. J. Alex Halderman was filed that refuted the procedures of Pro V&V’s testing, noting that the “report makes clear that Pro V&V performed only cursory testing of this new software. The company did not attempt to independently verify the cause of the ballot display problem, nor did it adequately verify that the changes are an effective solution. Pro V&V also appears to have made no effort to test whether the changes create new problems that impact the reliability, accuracy, or security of the BMD system.”

On Oct. 11, Judge Amy Totenberg in the case issued a ruling (pdf) noting that “Despite the profound issues raised by the Plaintiffs, the Court cannot jump off the legal edge and potentially trigger major disruption in the legally established state primary process.”

Although Judge Totenberg ruled to allow the Dominion System to be used in the Nov 3, 2020 election, she voiced real concerns, stating the “risks are neither hypothetical nor remote.”

She also noted that Jack Cobb, the director of Pro V&V, “plainly indicated that he actually claims no specialized knowledge or background in cybersecurity engineering and did not himself perform any security risk analysis of the BMD [Ballot Marking Device] system.” Instead, “State Defendants relied on Dr. Coomer’s testimony, to address—based on his professional experience—some of the significant cybersecurity issues raised by Plaintiffs.”"

Add Comment



  • Comment hidden. Undo