Electronic Vulnerability

Testimony to the Connecticut Cybersecurity Task Force – UPDATED

I testified in my capacity as Executive Director of the Connecticut Citizen Election Audit. I was the only member of the public providing testimony.

Why are post-election audits and paper ballots a critical component of protecting our elections?  “[D}data protection involves prevention, detection, and recovery”.  Cybersecurity and other measures protecting voting equipment and voting systems are primarily prevention measures and to a lesser degree detection measures. No matter how much effort we put into cybersecurity, software testing, and hardware maintenance there will always be a significant level of vulnerability.

Paper ballots, sufficient post-election audits, and recounts provide a primary means of detecting cyber, software, human, and hardware failures. They also provide a means of recovery. They provide for, so called, software independent verification of election results, resulting in justified public confidence.

America is still unprepared for a Russian attack on our elections

Washington Post: America is still unprepared for a Russian attack on our elections

Though these machines are not routinely connected to the Internet, NYU’s Lawrence Norden warns that there are nonetheless ways to infiltrate them…

Having paper-friendly machines is hardly enough.

Officials don’t get risks of election hacking

There is no panacea. As we have been saying all along, nothing can fully protect us from hacking, fraud, and errors.  Maximum election security means Prevention, Detection, and Recovery.  For vote totals that means that we need to protect our paper ballots and then exploit them with sufficient audits and recounts.

New Yorker: America Continues to Ignore the Risks of Election Hacking

How Could CT Spend New Federal Election Security Money?

Connecticut will have available somewhere around $5 million to spend on election security in the new “omnibus” appropriations bill. Woefully inadequate for states that should be replacing touch-screen voting with all paper ballots.  etc., for a state that already has paper ballots, a lot can be accomplished.

Denise Merrill is already thinking about how to spend it: CTMirror: Omnibus has millions to strengthen CT voting system against cyber attacks.

Secretary Merrill asked me for suggestions in a brief conversation a couple of weeks ago. At the time, off the top of my head, I suggested and we briefly discussed three things. After consideration I would suggest some more things. Security is not just cyber security and training officials. It also requires physical protection of ballots, physical protection of voting machines, and understanding the situation before determining the training needed.

Do you need a blockchain? (Probably not!)

Blockchains are the latest technology to enter the mainstream.  A blockchain powers and makes BitCoin possible. Many are treating blockchains as the next big breakthrough in technology. There is even a Blockchain Caucus in Congress.

Do not get your hopes up or bet your retirement savings on blockchains, they are definitely not the next Internet or Hula Hoop.  Most importantly they will not transform elections or solve the challenges of online voting.

From IEEE Do You Need a Blockchain?

“I find myself debunking a blockchain voting effort about every few weeks,” says Josh Benaloh, the senior cryptographer at Microsoft Research. “It feels like a very good fit for voting, until you dig a couple millimeters below the surface.”

“Does your vote count?” Glastonbury MLK Conversation

Last Wednesday evening, I was one of five speakers and a moderator at a Community Conversation held by the Glastonbury Martin Luther King Community Initiative. There were about 60 to 75 in attendance. We addressed “Does your vote count? An examination of the Issues” I addressed issues in two areas: How could you know if your vote was counted? And what I would recommend to expand democracy in Connecticut, without risking election integrity. Here are my prepared remarks:

We cannot trust computers, communications, or officials with elections

Recently two serious structural flaws in computer chips have been disclosed (they were discovered several months ago). So far, the understanding is that one will be difficult to fix and the other impossible, without a new computer architecture.  See:  The World Grapples with Critical Computer Flaws <read>

We cannot say it enough, “Ultimately, computers cannot be protected from fraud and error.” We also cannot trust officials to operate flawlessly. Fortunately, there are solutions.

What’s the matter with Wisconsin (and almost every state?)

Recent Headlines:

Wisconsin: Walker makes it harder for candidates to get a recount in close races

Former Trump Advisor: Scott Walker Has ‘Rigged’ 5 Elections 

Editorial: What is wrong with this picture? 

Samantha Bee: The Matrix has your vote

Election hacking, especially the risks in Georgia explained to Samantha Bee.

Just a step in the right direction: Merrill meets with Homeland Security

“Yesterday, along with representatives from the state’s information technology and public safety departments, I met with regional officials from the United States Department of Homeland Security to discuss how we can work together to ensure that Connecticut elections are safe from outside interference or manipulation. We had a productive meeting and I look forward to working together in the months and years to come to protect our elections, the bedrock of our democracy.” – Denise Merrill, Connecticut Secretary of the State

We applaud this step in the right direction.  Last year as leader of the National Association of Secretaries of State, Merrill opposed the designation of elections as critical infrastructure, leading in expressing the concern for a Federal take-over of elections. We were critical of that stand then and remain so.

In our opinion this is just a step. There are several aspects to election security/integrity that should be addressed,. This  step may assist in those that are under direct control of the of the the State, yet less so those under local control.

Page 1 of 2412345...1020...Last »