Author: Luther Weeks

Election Vulnerability: What we can learn from Ed Snowden and the NSA.

Now I have your attention, we can discuss the NSA and Ed Snowden in a bit. Let’s start with an Editorial:

Protecting Against Russian Cyber Risks is Insufficient. The attention on Cybersecurity, election hacking and Russian interference is good. There are cyber risks and Russia is capable. We should improve our cybersecurity across the board, including elections. Every vote should be backed up by a, so called, voter verified paper ballot. Yet that is far from sufficient.

Now I have your attention, we can discuss the NSA and Ed Snowden in a bit. Let’s start with an Editorial:

Protecting Against Russian Cyber Risks is Insufficient. The attention on Cybersecurity, election hacking and Russian interference is good. There are cyber risks and Russia is capable. We should improve our cybersecurity across the board, including elections. Every vote should be backed up by a, so called, voter verified paper ballot. Yet that is far from sufficient.

Cyber risks do not come from Russia alone; do not come from nation states alone; they come from hackers and political actors of all persuasions and motivations. There are also insider attacks, attacks from political actors, and their sympathizers. There is also the risk of error.

We focus too much on preventing attacks and errors, neglecting the equally important areas of detection and recovery. Ultimately prevention, at best, will always be an incomplete, never ending process. Detention and recovery means protecting paper ballots and actually using them. Using them means following up elections with sufficient post-election audits and recounts. Post-election audits with sufficient chance of detecting errors, expanding those audits when errors indicate that the apparent winners may be incorrect, expanding those audits ultimately, when necessary to full recounts. Audits should include process audits to assure that registration lists and voters checked in were accurate enough to guarantee the election was fair. When all else fails, being ready to rerun critically flawed elections.

Snowden and the NSA

This is not about what Ed Snowden did, but how he did it. Snowden was able, because as a single contractor, he had the keys to the kingdom! All the cyber expertise of the NSA came down to one individual who had the information and the capability to expose everything. The motive and opportunity. He could just have easily have gummed up the works of the entire NSA system. Most systems have such people – they know the technology and are key to keeping it working. We need them. The system needs them. How many are there? Likely a lot more than we think. In the NSA, every critical support person with access to the NSA system. Not just with password access to the official system: Also any one who supports the underlying software and hardware systems: application software, compilers, operating systems, mainframes, servers, routers, the network/phone system.

Every election office has those people and vulnerabilities. Every election official who has access to voting machines and memory cards over their lifetime. The contractors who program the memory cards. Postal employees, shippers, and contractors charged with the mail or package delivery of memory cards. The person in the mail room in town hall. How safe is the storage of the machines, memory cards, and paper ballots? How safe is town hall on weekends and overnight? Who is responsible for managing the town network and computers? Who are all the contractors in town hall? Or employed by the voting machine maintenance vendor? Are your election officials and town staff able to do what the NSA could not?

If you don’t believe this, trust me. I have been there in the bowels of a large company and working for small software companies supporting large companies and government agencies.  Consider Chelsea Manning a single specialist at a computer in a war zone. Manning needed no technical expertise. None is required to program memory cards or clandestinely provide access to or conspire with those with expertise.

 

Life on the Internet “Frontier”

Today we all live on the Internet Frontier. Many of us in Connecticut had a reminder yesterday from our major communication provider Frontier Communications Corp.  As reported in the Hartford Courant: Customers Blast Frontier After Internet Outage

Customers of Frontier Communications Corp. in Connecticut complained Tuesday about lost internet service that the telecommunications company said was due to a software update…

What might we learn?

  • We are very dependent on a very risky infrastructure.
  • This is costly.

Today we all live on the Internet Frontier. Many of us in Connecticut had a reminder yesterday from our major communication provider Frontier Communications Corp.  As reported in the Hartford Courant: Customers Blast Frontier After Internet Outage <read>

Customers of Frontier Communications Corp. in Connecticut complained Tuesday about lost internet service that the telecommunications company said was due to a software update…

Spokesman Andy Malinoski said in an email that Frontier apologizes for the service interruption caused by a software update installed overnight in Frontier’s network.

“We have corrected the issue with the update. Service is now restored. Customers should not have to reboot their modems,” he said…

Complaints from customers were similar to what Frontier endured when it bought AT&T’s wire line business for $2 billion in 2014. Customers then complained about lost connections, mostly related to the bundled service formerly known as U-Verse.

Consumers then filed hundreds of complaints with the state Department of Consumer Protection, state attorney general’s office and Public Utilities Regulatory Authority.

Frontier offered a $50 credit for Frontier U-Verse customers.

I was one of those customers. The outage was from about 2:00am until sometime between 9:00am and 11:00am. The outage is over, the outrage should continue.  After wasting about an hour, delaying our usual handling of emails and reading the Courant, my wife and I went to town and found our favorite coffee shop and the public green nearby, both without their usual Internet. I suggested trying Starbucks next door. My wife suggested the one at the north end of town, in case it was a local outage. The northern Starbucks Internet worked!  Was it coincidental with Frontier’s recovery or not? I do not know.

What might we learn?

We are very dependent on a very risky infrastructure. Just one bad software update, hardware failure, cyberattack, or insider attack from calamity. This time we mostly dodged a bullet. Nothing terrible happened, that we know of, the whole State was out for a few hours. Meanwhile portions of the state are still recovering from a power outage last week caused by tornadoes and microbursts, that our electric utility, the so called, Eversource claims knocked out more miles of power lines than hurricane Sandy. We are lucky that a company incompetent enough to knock out a state’s Internet from a software glitch took only a few hours to notice it and recover. It could have been a hardware problem or software problem that physically broke some infrastructure or required manual software updates to routers. It could have launched a chain reaction that cause power, telephone, or public safety outages at the same time. Frontier phone systems, delivered by that same wire miraculously did not go down as they often do together.

Imagine if this were a foreign enemy, a cyber terrorist, or a frustrated Frontier employee timing their interruption at the worst possible time or aimed at a particular customer of public facility.  Imagine if this was actually a test, not difficult if you try.

This is costly. $50 compensation for months of outages etc. two years ago.  That is a pittance. You could say the hour we lost was worth $50 to my wife and myself in aggravation and time list.  We are retired. The loss would be much worse if we were employed, a small, or a large business. It could mean lost customers. If the phone had gone down it could, and would likely have killed people unable to reach 911. They touted that customers would not have to reboot their routers. Big deal. Rebooting my router was one of the first things I tried.

Pity the business dependent on Frontier, assuming that such a large enterprise, has Internet expertise could be trusted to support websites for their customers:

Gary Choronzy, chief executive officer of Connecticut Websites, a Branford website design company, said service stopped at about 2 a.m. After a long wait on the telephone, he was only able to confirm that he paid his bill and that the service outage was due to a technical problem.

Choronzy said he could not get connected to a service representative…

“I run my business around the internet,” he said. “It’s unconscionable.”…

Choronzy and other Frontier customers tweeted their exasperation.

“The current Frontier Internet & TV outages across Connecticut, as well as the ridiculously high prices they and @comcast charge are exactly why cord-cutting has become so popular,” he said.

My websites and those I support are hosted by a company that has multiple redundant datacenters and severs across the country.  To my knowledge, in over a decade they have not had anything like a four hour outage.

Testimony to the Connecticut Cybersecurity Task Force – UPDATED

I testified in my capacity as Executive Director of the Connecticut Citizen Election Audit. I was the only member of the public providing testimony.

Why are post-election audits and paper ballots a critical component of protecting our elections?  “[D}data protection involves prevention, detection, and recovery”.  Cybersecurity and other measures protecting voting equipment and voting systems are primarily prevention measures and to a lesser degree detection measures. No matter how much effort we put into cybersecurity, software testing, and hardware maintenance there will always be a significant level of vulnerability.

Paper ballots, sufficient post-election audits, and recounts provide a primary means of detecting cyber, software, human, and hardware failures. They also provide a means of recovery. They provide for, so called, software independent verification of election results, resulting in justified public confidence.

Today was the 2nd and perhaps last meeting of the Connecticut Cybersecurity Task Force, aimed at recommending items for Connecticut’s share of the $5.1 million in new Federal Funding.

I testified in my capacity as Executive Director of the Connecticut Citizen Election Audit. I was the only member of the public providing testimony. In a couple of days I will pass on the video of the event, once it becomes available.  For now:
Here is the Agenda: <read> and my Testimony: <read>

I largely addressed the need for paper ballot security and post-election audits and how some of the new Federal money could be used to enhance them now and in the future.

I think I raised some awareness from my testimony and the questions members asked, yet it seems that the modest items I suggested might be deemed cost prohibitive. I spoke for six minutes and addressed questions for about 10 minutes (the emboldened portion of my written testimony), so the video will be interesting. The recommendations for spending the $5.1 million will apparently closely mimic the items listed near the end of the agenda.

Here is an excerpt of some highlights:

Enhancing post-election audits was explicitly included as an appropriate use of funds in the Federal legislation. Protection of paper ballots is a necessary component of trustworthy post-election audits.  I recommend initial steps that will cost, less than one-half a million dollars and outline a more comprehensive, yet efficient plan for the long run that might best protect Connecticut elections and ultimately our democracy.

Why are post-election audits and paper ballots a critical component of protecting our elections?  “[D}data protection involves prevention, detection, and recovery”.  Cybersecurity and other measures protecting voting equipment and voting systems are primarily prevention measures and to a lesser degree detection measures. No matter how much effort we put into cybersecurity, software testing, and hardware maintenance there will always be a significant level of vulnerability.

Paper ballots, sufficient post-election audits, and recounts provide a primary means of detecting cyber, software, human, and hardware failures. They also provide a means of recovery. They provide for, so called, software independent verification of election results, resulting in justified public confidence. I agree with Secretary Merrill that public confidence is important. I emphasize that the goal should be justified public confidence.

For post-election audits and recounts to be trusted requires strong paper ballot security and a credible chain-of-custody. Audits must also be transparent and publicly verifiable. The independent Citizen Audit reports show our ballot security is woefully inadequate.

Connecticut currently has an insufficient post-election audit. Insufficient because it only audits 5% of polling-place cast, machine counted ballots, exempting all centrally counted absentee ballots, Election Day Registration ballots, and originally hand-counted ballots from the audit. Insufficient because many of the local counting sessions are poorly conducted, with most differences in counts attributed to human counting error and left uninvestigated – a phenomenon that is, as far as I can tell, unique to Connecticut.

Fortunately, there is a straight-forward remedy close at hand. The UConn VoTeR Center in conjunction with the Secretary’s Office have developed an independent, electronic system to rescan and recount the ballots, called the Audit Station.  Unfortunately, the Audit Station has not been used in a way that meets requirements for software independence or that would satisfy most election integrity activists, leading scientists, and security experts.

The good news is that the Audit Station could easily be enhanced to satisfy most experts.My written testimony details Citizen Audit recommendations for ballot security and audits. Once again, I emphasize that audits and protected paper ballots are necessary for detection and recovery from every type of attack, breakdown, and error.

The Registrars of Voters Association asked for money for electronic pollbooks and for GEMS systems to accumulate results from memory cards, presumably somehow replacing or enhancing our new, completely air-gaped Election Night Reporting System.

Without explanation the Registrars linked those systems to improved cybersecurity.

They also asked the State to pay for new computers, newer than the XP systems many registrars use and sometimes share with other town employees.

Those suggestions were apparently ignored.

For the agenda from the 1st meeting and a list of task force members, see this press release: <read>

***********UPDATE:

Days sooner than last time, the video is available: <View>

My testimony starts at about 45 minutes in.

In reviewing the video, I note that Secretary Merrill did express interest in using some of the Federal money for some of our recommendations and considering improving some aspects of the audits.

It’s Impossible to Know (how) Your Internet Vote Counted

As West Virginia plans, once again, to allow Internet voting for military voters, it is a good time to remind everyone that Internet voting (web page, web application, email, fax voting etc.) are all unsafe for democracy. And that block-chains cannot solve those problems.

One of those problems is that there is no guarantee that your laptop or smart phone has not been hacked in a way that  alters your vote. Another challenge is the, so called, Secret Ballot.

As West Virginia plans, once again, to allow Internet voting for military voters, it is a good time to remind everyone that Internet voting (web page, web application, email, fax voting etc.) are all unsafe for democracy. And that block-chains cannot solve that.

West Virginia’s new scheme involves block-chains which entrepreneurs bent on profit claim will make Internet voting safe <read>, Several years ago Secretary of the State, Denise Merrill, held a Symposium on Internet Voting including three experts and the Secretary of State of West Virginia. The problem is that block-chains fail to solve the major unsolved problems remaining preventing trusted Internet voting.

One of those problems is that there is no guarantee that your laptop or smart phone has not been hacked in a way that  alters your vote, such that what you see is not what is presented and recorded by the actual voting system. A hack could fool you, the voting system, or both.

How easy is it to hack your laptop or smart phone? Check out this recent story by a computer expert, Micah Lee: It’s Impossible to Prove Your Laptop Hasn’t Been Hacked. I Spent Two Years Finding Out. <read> Do you understand the article?  Lee, an expert, could not guarantee his own laptop was not hacked.  Do you check your laptop  to the level that Lee did for an experiment?  Block-chains do not solve this.

Another challenge is the, so called, Secret Ballot – which requires that nobody can associate your vote with you. And that you cannot prove how you voted to anyone. There are Internet voting systems that let you check that your ballot was recorded properly, yet they cannot allow you to prove that to anyone else. Block-chains do not solve this.

Block-chains do provide assurance, that without a central authority, the vote sent to the voting system is not changed after it was recorded. Yet, that is unnecessary given that there is a central voting authority.

America is still unprepared for a Russian attack on our elections

Washington Post: America is still unprepared for a Russian attack on our elections

Though these machines are not routinely connected to the Internet, NYU’s Lawrence Norden warns that there are nonetheless ways to infiltrate them…

Having paper-friendly machines is hardly enough.

Washington Post: America is still unprepared for a Russian attack on our elections <read>

Though these machines are not routinely connected to the Internet, NYU’s Lawrence Norden warns that there are nonetheless ways to infiltrate them, including through computers used to program the machines. Since 2016, only one state, Virginia, has phased out all of its paperless machines. Georgia lawmakers failed last month to pass a bill that would have upgraded the state’s voting machines. And though Pennsylvania is pushing upgrades, the transition will not finish until after November’s vote.

Having paper-friendly machines is hardly enough. Paper trails enable state officials to run statistically sound post-election audits of vote tallies. Yet only a handful of states require rigorous audits, with only a handful more considering them.

Officials are too comfortable that no connectivity is sufficient to protect our machines. Its a good idea, yet insufficient, as demonstrated by STUXNET.  Many believe STUXNET was perpetrated by the U.S. and Israel, which they deny. In any case, it demonstrates that foreign interests of one faction/government or another can change our elections.

Recently Secretary of the State, Denise Merrill, convened a Connecticut Cyber Security Task Force. Many of the comments at the first meeting give assurance that our Voter Registration System will be protected, yet some seemed to ignore the risks to anything not connected to the Internet <View on CT-N>

Officials don’t get risks of election hacking

There is no panacea. As we have been saying all along, nothing can fully protect us from hacking, fraud, and errors.  Maximum election security means Prevention, Detection, and Recovery.  For vote totals that means that we need to protect our paper ballots and then exploit them with sufficient audits and recounts.

New Yorker: America Continues to Ignore the Risks of Election Hacking

New Yorker: America Continues to Ignore the Risks of Election Hacking <read>

One of the enduring myths about American elections, and one that persists even after the revelations of 2016, is that they are largely insulated from hacking because we have no centralized voting system—elections are overseen by roughly nine thousand counties, and voting takes place in over a hundred and fifty thousand polling places—and because most voting occurs offline. “Our diverse and locally-run election process presents serious obstacles to carrying out large-scale cyberattacks to disrupt elections, and that standalone, disconnected voting systems present a low risk,” the National Association of Secretaries of State wrote last year, in a briefing paper titled “Key Facts and Findings on Cybersecurity and Foreign Targeting of the 2016 US Elections.” Yet the intelligence community, computer scientists, and hackers themselves have found that while decentralization may be a deterrent, it is not a defense.

There is no panacea. As we have been saying all along, nothing can fully protect us from hacking, fraud, and errors.  Maximum election security means Prevention, Detection, and Recovery.  For vote totals that means that we need to protect our paper ballots and then exploit them with sufficient audits and recounts.

 

How Could CT Spend New Federal Election Security Money?

Connecticut will have available somewhere around $5 million to spend on election security in the new “omnibus” appropriations bill. Woefully inadequate for states that should be replacing touch-screen voting with all paper ballots.  etc., for a state that already has paper ballots, a lot can be accomplished.

Denise Merrill is already thinking about how to spend it: CTMirror: Omnibus has millions to strengthen CT voting system against cyber attacks.

Secretary Merrill asked me for suggestions in a brief conversation a couple of weeks ago. At the time, off the top of my head, I suggested and we briefly discussed three things. After consideration I would suggest some more things. Security is not just cyber security and training officials. It also requires physical protection of ballots, physical protection of voting machines, and understanding the situation before determining the training needed.

Connecticut will have available somewhere around $5 million to spend on election security in the new “omnibus” appropriations bill. Woefully inadequate for states that should be replacing touch-screen voting with all paper ballots. Yet, for a state that already has paper ballots, a lot can be accomplished.

Explanatory Statement on Consolidated Appropriations Act, 2018
House Appropriations Committee; Rep. Rodney Frelinghuysen, R-N.J., 3/21/2018

ELECTION REFORM PROGRAM

The bill provides $380,000,000 to the Election Assistance Commission to make payments to states for activities to improve the administration of elections for Federal office, including to enhance election technology and make election security improvements, as authorized under HAVA sections 101 [Payments to States for activities to improve administration of elections], 103 [Guaranteed minimum payment amount], and 104 [Authorization of appropriations] of the Help America Vote Act 2002 (P.L. 107-252). Consistent with the requirements of HAVA, states may use this funding to:

  • replace voting equipment that only records a voter’s intent electronically with equipment that utilizes a voter-verified paper record;
  • implement a post-election audit system that provides a high-level of confidence in the accuracy of the final vote tally;
  • >upgrade election-related computer systems to address cyber vulnerabilities identified through DHS or similar scans or assessments of existing election systems;
  • facilitate cybersecurity training for the state chief election official’s office and local election officials;
  • implement established cybersecurity best practices for election systems;
  • and fund other activities that will improve the security of elections for federal office.

Denise Merrill is already thinking about how to spend it: CTMIrror:Omnibus has millions to strengthen CT voting system against cyber attacks <read>

Connecticut Secretary of State Denise Merrill has asked the state to fund two IT positions at her agency to help strengthen protections of the state’s electoral system. Currently the state’s election system relies on an IT team that works for all state agencies.

Merrill says she wants an IT staff “with substantial knowledge of elections” to help fend off cyber threats.

The election chief’s request is pending.

The federal funds in the omnibus, which Merrill says will amount to between $3 million and $5 million for her agency, will be released within 45 days.

Merrill said she plans to use that money to buy equipment, and especially to train election personnel in the state’s 169 towns.

Secretary Merrill asked me for suggestions in a brief conversation a couple of weeks ago. At the time, off the top of my head, I suggested and we briefly discussed three things:

  • Strengthening Connecticut’s woefully inadequate ballot security.  At a minimum setting basic standards for ballot access and minimum sealing duration in law as I suggested in legislation: <S.B.540 2017> That was indeed a minimal proposal at an estimated cost of $30,000.
  • Improving the Electronic Audit to satisfy reasonable integrity requirements as we have proposed in that same bill and in more detailed form to the Secreary’s Office and the UConn Voter Center. Once again this is very few thousands in enhancing some of the prototype code UConn has developed to meet those specifications along with a few thousands in developing documentation while piloting the enhanced system as the current system has been piloted over the last two November elections.
  • Developing the training and support system necessary to use the UConn audit system for all post-election audits – with a trained staff to support the audits deployed across state in the nine regional governments, reducing the need for UConn computer scientist support. I.e. The state has already purchased nine complete systems, that is one for each region of the state. I have suggested training election day scanner experts for the job in a system similar to the way the State now pays part-time registrars additional part-time income providing Moderator Certification classes. I would deploy teams of two trained individuals with three complete audit systems (two to use, one a spare) to each visit three regions for three days each, allowing registrars from towns selected for audit to signup for times to present the ballots for audit.  At most $50,000 to setup the system and train the individuals (they could easily be trained, hands-on in one day, and perhaps assisted by a UConn expert the 1st day of actual auditing.) The cost to pay for each year, renting a van for each team, refresher training,  etc. Might be $30,000 – that’s about half what the hand-count audit costs today. Certainly for cutting costs in half, towns could be expected to pay for the service after a couple years of Omnibus funding!.

After consideration I would suggest some more things. Security is not just cyber security and training officials. It also requires physical protection of ballots, physical protection of voting machines, and understanding the situation before determining the training needed. I would suggest:

  • An independent security audit of every one of the 169 municipalities, performed by a reputable third-party. I would assess the security of paper ballots – how sure can we be that they have not been tampered with for audits and recounts?; the security of voting machines and memory cards; the security of registrars’ office records and municipal clerk election records; the security practices surrounding receipt and processing of absentee ballots; the security practices and security of the elections network associated with the voter registration system and the municipal network in general. At a minimum assess a random sample of very small, small, medium, and large municipalities.
  • Based on that assessment make recommendations for the training of officials and further enhancements of all areas assessed (I suspect needs will be identified that go well beyond the $5 million.

In the long run, beyond the $5 million, the optional solution for ballot storage may be some configuration regional storage with better monitoring and safeguards that can be accomplished by 169 individual municipalities.  Such rationalization would facilitate the audits and would also provide a basis for, so called. risk limiting audits.

 

NPV Compact – for the 7th or 8th time: It sounds good but has Unintended Consequences

On Monday we testified against the National Popular Vote Compact. We have been testifying against it since it was first proposed in Connecticut in 2007. There are two companion bills, you can link to them from our testimony. We have been saying pretty much the same things for the last several years. Each year we hone our testimony a bit and listen to new and predominant arguments from the proponents and make small adjustments.

As I have said many times, most of the democrats (and my friends) who support the Compact are wrong. And most of the Republicans opposed, are opposed for the wrong reason. Unlike the National “Experts” that fly in each year to testify, I provide complete testimony with facts that they have not successfully disputed since 2007.

On Monday we testified against the National Popular Vote Compact.  We have been testifying against it since it was first proposed in Connecticut in 2007. There are two companion bills, you can link to them from our testimony <here> We have been saying pretty much the same things for the last several years. Each year we hone our testimony a bit and listen to new and predominant arguments from the proponents and make small adjustments.  Here is the excerpt I spoke on Monday, with the changes for this year highlighted:

Chairs and members of the Committee, my name is Luther Weeks, Executive Director of CTVotersCount. I am a computer scientist and a certified election moderator.

I understand the theoretical advantages of the national popular vote, yet there are extreme risks in its mismatch with our existing state-by-state voting system.

Many concepts such as Nuclear Power, GMOs, DDT, and Fracking have benefits, but also have unintended, unrecognized, and unappreciated consequences. This Compact is another.

What often appears simple is not. The Compact would cobble the national popular vote onto a flawed system designed for the Electoral College. It does not change that system. It magnifies the risks.

Developments since the 2016 election make the real dangers more apparent than ever.  Most recently the risks of cyber vulnerability from foreign, domestic, and other actors. After the 2016 election, citizens and a candidate attempted to obtain recounts in three closely contested states, (Wisconsin, Minnesota, and Pennsylvania). Apparent, is a flawed system with errors and uncertainty, ultimately unable to prove accuracy and integrity, with strong official resistance to audits and recounts.

Six major concerns with the Compact include:

  1. The 12th Amendment and the Electoral Count Act govern declaring the President. They have been called a “Ticking Time Bomb” because of strict, yet, ambiguous rules, causing problems seen in 1876 and 2000. The Compact would exacerbate that risky system. (see page 6)
  2. There is no official national popular vote number compiled in time, such that it could be used to officially and accurately determine the winner in any close election. (see page 3)
  3. Even if there were such a number, it would aggravate the flaws in the system. The Electoral College limits the risks and damage to a few swing states. With the National Popular Vote Compact, errors, voter suppression, and fraud in all states would count against the national totals. (see page 5)
  4. There is no national audit or recount available for close elections, to establish an accurate popular vote number.  (see page 4)
  5. With the Compact there is every reason to believe that any close election would be decided by partisian action of the Congress or the Supreme Court, as in Gore v. Bush.  (see page 6)
  6. This Compact will not make every voter equal.

Recently proponents of the Compact have highlighted the fact that the “U.S. Presidential election is the only U.S. election not decided by popular vote.” 

Note that it is also the only U.S. election decided by a voting system that is not uniform in voting methods and franchise, and with votes not subject to uniform adjudication and totaling.” With the Compact, it would be the only such election in the World.

I urge you to consider the risks and chaos made possible if Connecticut were to endorse the National Popular Vote Compact, including reading the attached editorials and detailed arguments.

Thank You

As I have said many times, most of the democrats (and my friends) who support the Compact are wrong.  And most of the Republicans opposed, are opposed for the wrong reason:

I would support a national popular vote amendment to the U.S. Constitution, if and only if, it provided for a uniform franchise, required sufficient voting systems, sufficient audits and recounts nationwide.   And sufficient laws that were enforceable and enforced to provide a trustworthy and trusted national popular vote number. Those ifs are a large leap for our democracy, yet are reasonable, economical, realistic requirements to achieve trustworthy democracy,

Unlike the National “Experts” that fly in each year to testify, I provide complete testimony with facts that they have not successfully disputed since 2007. The experts got about 30min, 90min, and 105min of testimony and questions.  I got 3min. I would put my credentials up against any of them. Here is all the testimony <here>

Let me add that there were at least three fact free arguments and statements today:

  • Chair Sen McLachlan early on incorrectly stated that I was not present – I was signed up as con, as number 7 on the public list.  As Mark Twain would have said, “The report of my demise was premature”. Some of the media picked up on and reported his statement.
  • Rep Matt Lesser incorrectly stated that there was no election fraud.  This is a usual proponent tactic. There is negligible votER fraud, but plenty of votING fraud, including in Connecticut. <see this recent summary>
  • After I testified, Chris Pearson, one of those national “experts”, testified that my contention that “There is no official national popular vote number compiled in time, such that it could be used to officially and accurately determine the winner in any close election.”, was incorrect. He made claims that continue to be refuted by the law, precedent, and practices as articulate for several years on page 3 of my testimony. Consider that there is a reason that none of the leaders from NPV have ever dared join me at any of the three well-publicized debates on the issue.

Five pieces of testimony on six bills

On Thursday the GAE Committee held testimony on most election bills this year. (There was one last week and a couple more will be on Monday). For once, I was able to support more bills than I opposed!

Opposition and support by the Secretary of the State and Registrars was mixed. In addition to supporting and opposing various bills, I offered several suggestions for improvement. And one suggestion for radical improvement.

On Thursday the GAE Committee held testimony on most election bills this year. (There was one last week and a couple more will be on Monday). For once, I was able to support more bills than I opposed!

Opposition and support by the Secretary of the State and Registrars was mixed. In addition to supporting and opposing various bills, I offered several suggestions for improvement. And one suggestion for radical improvement.

It would be a very instructive exercise for you to read my testimony, that from individual registrars, ROVAC (Registrars Of Voters Association, Connecticut), the Secretary of the State, and others.

The bills were:
H.B.5422 Election Day Registration for Primaries
[Supported]

H.B.5459 Wording Change to Closing Polls
[Provided extensive comments and changes, pointing out that polling-
place ballots are insufficiently protected and how to change that.]

H.J.28 and S.J.31 Constitutional Amendment Authorizing Early Voting
[Supported. This is a much safer alternative than proposed and
rejected by the voters in 2014. I suggested modifications that
would save municipalities a lot, and provide even more
hours for voters.]

S.B.410 Post-Election Audit Drawing Date and SOTS Posting of Rulings
[Supported the bill with changes.]

S.B.411 Curing a Civil Rights Violation with EDR
[Supported. For several years I have been warning of the
potential violation]

You can see all the testimony <here>

Links to the bills are at the top of my testimony on each bill.

Do you have any examples of incorrectly decided elections, errors, and fraud etc.?

Last month as I prepared for the MLK Conversation, I wrote up a couple of Frequently Asked Questions, one asked about Conspiracy Theorists, which I addressed earlier, and then there was this one about actual evidence of incorrectly decided elections, error, and fraud.

Do you have any examples of incorrectly decided elections, errors, and fraud etc.?

In Connecticut there was a question incorrectly decided in New London. Because advocates closely reviewed election data it was obvious that officials counted 50 more voters than voters in one district’s absentee ballots(*).  They demanded a recount and the result was reversed.

The last I heard, the recently replaced municipal clerk in Stamford was under Federal investigation for Absentee Ballot errors. She was reported by the two Registrars…

Last month as I prepared for the MLK Conversation, I wrote up a couple of Frequently Asked Questions, one asked about Conspiracy Theorists, which I addressed earlier <here>, and then there was this one about actual evidence of incorrectly decided elections, error, and fraud.

Do you have any examples of incorrectly decided elections, errors, and fraud etc.?

In Connecticut there was a question incorrectly decided in New London. Because advocates closely reviewed election data it was obvious that officials counted 50 more voters than voters in one district’s absentee ballots(*).  They demanded a recount and the result was reversed.

The last I heard, the recently replaced municipal clerk in Stamford was under Federal investigation for Absentee Ballot errors. She was reported by the two Registrars.

Also a Party Chair in Bridgeport is under SEEC investigation for Absentee Ballot errors.

In fact, absentee skullduggery is pretty common. A couple of years ago an article said that of 17 allegations of Absentee ballot fraud in recent years in Bridgeport, 13 were investigated, validated, and resulted in fines.

In East Longmeadow, MA, a few years ago, in a primary 400 voters were registered in a party without their knowledge by insiders and voted without their knowledge. It swung the primary and the inside perpetrators were punished, with the election reversed.

In that same year a similar thing happened with 3000 votes in Miami/Dade. Officials withheld IP data vital to an investigation, nobody was caught of punished.

In 2002, Don Siegelman, a very popular person in Alabama, ran for re-election, one county obviously manipulated several thousand votes to cause his loss. The county refused to perform a recount or to show the ballots. As Siegleman prepared to run again in  2006 he was subject to a very questionable prosecution, convicted, and spent four years in Federal Prison. He is still under probation, limited in speaking and traveling. Many of the good guys were punished, while many of the bad guys were promoted.  See the recent documentary Atticus v. The Architect is available from the producer or Amazon videos.

*  This would never have been discovered in a post-election audit, as central count absentee scanners are exempt from audit by some flawed theory (held by legislators and election officials) along the lines of “if one machine works correctly someplace at some time, all machines work perfectly all the time.” That is apparently why we don’t continue to inspect cars for emissions, vaccines, or baby food.