Category: CT

Dr. Harri Hursti addresses the potential for Russian election attacks

Dr. Harri Hursti is a respected international expert on electronic security, especially electronic voting.  In a recent interview he addressed  the risks and chances of correctly attributing the source of attacks, specifically focusing on Russia.

What do you think of the news that a member of Congress says there is “no doubt” that Russia is behind recent attacks on state election systems

The article makes several dangerous assumptions about the security of elections and election systems. Representative Adam Schiff said he doubted (Russians) could falsify a vote tally in a way that effects the election outcome. He also said outdated election systems makes this unlikely, but really, it just makes it easier. The voting machines were designed at a time when security wasn’t considered, included, or part of the specifications at all.

Dr. Harri Hursti is a respected international expert on electronic security, especially electronic voting.  CTVotersCount readers may recall his role in the film Hacking Democracy demonstrating the “Hursti Hack” of Connecticut’s voting machines, the AccuVote-OS scanners.

In a recent interview he addressed  the risks and chances of correctly attributing the source of attacks, specifically focusing on Russia <read>

What do you think of the news that a member of Congress says there is “no doubt” that Russia is behind recent attacks on state election systems

The article makes several dangerous assumptions about the security of elections and election systems. Representative Adam Schiff said he doubted (Russians) could falsify a vote tally in a way that effects the election outcome. He also said outdated election systems makes this unlikely, but really, it just makes it easier. The voting machines were designed at a time when security wasn’t considered, included, or part of the specifications at all.

These outdated computers are extremely slow. They don’t have the extra horsepower to do decent security on top of the job they were designed for…

So there’s no proof of voter registration tampering?

As in voting machines, the registration machine don’t have the capability of logging an alteration, and they are trivially altered themselves. It’s meaningless to claim there’s no evidence, since the systems don’t have the capability to report when they’re altered…

How can the US be so sure it’s Russia?

It can’t. It is very hard to find from where a network attack is coming from. It is equally easy to make certain that investigators will find “the trail” which is pointing to the wrong direction. Therefore under the assumption that you’re dealing with a skillful attacker, any trail found is a red flag for the fact there are so many ways to make it virtually impossible to find the trail. Any conclusive looking trail “found” should be considered suspect. Unless it’s a false trail, you can only say we suspect them, and until you get to the real people to the level of the actual perpetrators true identities, you can’t make a conclusion as to “where” they come from…

Given your Cold War background, does this feel familiar?

The Cold War was all about ideology, and therefore a large concept was something that we today call hybrid warfare. In that game the actual technological attacks are equally important as the psychological influencing of the general population with misinformation and misdirection. So this is all very familiar.

Also, something we in the Western world don’t understand is how deeply patriotic Russians are. Individual Russians, and self-organized groups, are willing to go to great lengths on their own, with their own initiative, if they believe that what they do will benefit Mother Russia, and/or in hope and believe that their actions once known will be rewarded.

Given your Cold War background, does this feel familiar?

The Cold War was all about ideology, and therefore a large concept was something that we today call hybrid warfare. In that game the actual technological attacks are equally important as the psychological influencing of the general population with misinformation and misdirection. So this is all very familiar.

Also, something we in the Western world don’t understand is how deeply patriotic Russians are. Individual Russians, and self-organized groups, are willing to go to great lengths on their own, with their own initiative, if they believe that what they do will benefit Mother Russia, and/or in hope and believe that their actions once known will be rewarded…

I would suggest reading the complete article.  Dr. Hursti provide ans international prospective we do not fully comprehend.

April Presidential Primary Audit – Does Not Make the Grade

Checks on State Voting Machines Do Not Make the Grade
Do Not Provide Confidence in Election System, Says Citizen Audit

From the Press Release:

Audits of the recent presidential primaries are so faulty that exact final vote tallies cannot be verified, says the non-partisan Connecticut Citizen Election Audit. Unless state and local election officials make changes, the same will be true for the November elections.

“State law requires audits to verify the accuracy of optical scanner voting machines as a check for errors and a deterrent to fraud. Local registrars gather officials to manually count paper ballots and compare their totals to the totals found by the scanners, explains Luther Weeks, Executive Director of Connecticut Citizen Election Audit.

Issues reported by the group were:

  • Incomplete or missing official reports of vote counts from town registrars;
  • The lack of action on the part of the Secretary of the State’s Office to check that all required reports are submitted and all submitted reports are completed fully;
  • Of 169 municipalities required to submit lists of polling places before the election, the Secretary of the State’s Office recorded only 68, with 101 missing;
  • Poor security procedures to prohibit ballot tampering;
  • Not following procedures intended to ensure “double checking” and “blind counting” rather than having scanner counts as targets while counting manually;

“The public, candidates, and the Secretary of the State should expect local election officials to organize proper audits and produce accurate, complete audit reports. The public and candidates should expect the Secretary of the State’s Office to take the lead in ensuring the audits are complete. Yet, due to a lack of attention to detail and follow-through the audits do not prove or disprove the accuracy of the reported primary results,” Weeks said.

<Press Release .pdf> <Full Report pdf> <Detail data/municipal reports>

Checks on State Voting Machines Do Not Make the Grade
Do Not Provide Confidence in Election System, Says Citizen Audit

From the Press Release:

Audits of the recent presidential primaries are so faulty that exact final vote tallies cannot be verified, says the non-partisan Connecticut Citizen Election Audit. Unless state and local election officials make changes, the same will be true for the November elections.

“State law requires audits to verify the accuracy of optical scanner voting machines as a check for errors and a deterrent to fraud. Local registrars gather officials to manually count paper ballots and compare their totals to the totals found by the scanners, explains Luther Weeks, Executive Director of Connecticut Citizen Election Audit.

Issues reported by the group were:

  • Incomplete or missing official reports of vote counts from town registrars;
  • The lack of action on the part of the Secretary of the State’s Office to check that all required reports are submitted and all submitted reports are completed fully;
  • Of 169 municipalities required to submit lists of polling places before the election, the Secretary of the State’s Office recorded only 68, with 101 missing;
  • Poor security procedures to prohibit ballot tampering;
  • Not following procedures intended to ensure “double checking” and “blind counting” rather than having scanner counts as targets while counting manually;

“The public, candidates, and the Secretary of the State should expect local election officials to organize proper audits and produce accurate, complete audit reports. The public and candidates should expect the Secretary of the State’s Office to take the lead in ensuring the audits are complete. Yet, due to a lack of attention to detail and follow-through the audits do not prove or disprove the accuracy of the reported primary results,” Weeks said.

<Press Release .pdf> <Full Report pdf> <Detail data/municipal reports>

Security Against Election Hacking

From Freedom to Tinker, Andrew Appel: Security against Election Hacking – Part 1: Software Independence <read>

We have heard a lot lately about the vulnerabilities of our elections to hacking.  Both cyberhacking and unsophisticated insider attacks. Andrew Appel describes some common sense approaches to detect and deter error and fraud in our elections, covering three major vulnerabilities:

  • Incorrect or unavailable poolbooks.
  • Voting machines
  • Accumulation of results across polling places and jurisdictions

From Freedom to Tinker, Andrew Appel: Security against Election Hacking – Part 1: Software Independence <read>

We have heard a lot lately about the vulnerabilities of our elections to hacking.  Both cyberhacking and unsophisticated insider attacks. Andrew Appel describes some common sense approaches to detect and deter error and fraud in our elections, covering three major vulnerabilities:

  • Incorrect or unavailable poolbooks.
  • Voting machines
  • Accumulation of results across polling places and jurisdictions

Any of these computers could be hacked.  What defenses do we have?  Could we seal off the internet so the Russians can’t hack us?  Clearly not; and anyway, maybe the hacker isn’t the Russians—what if it’s someone in your opponent’s political party?  What if it’s a rogue election administrator?

The best defenses are ways to audit the election and count the votes outside of, independent of the hackable computers…

So the good news is: our election system has many checks and balances so we don’t have to trust the hackable computers to tell us who won.  The biggest weaknesses are DRE paperless touchscreen voting machines used in a few states, which are completely unacceptable; and possible problems with electronic pollbooks.

In this article I’ve discussed paper trails: pollbooks, paper ballots, and per-precinct result printouts.  Election officials must work hard to assure the security of the paper trail: chain of custody of ballot boxes once the polls close, for example.  And they must use the paper trails to audit the election, to protect against hacked computers (and other kinds of fraud, bugs, and accidental mistakes).  Many states have laws requiring (for example) random audits of paper ballots; more states need such laws, and in all states the spirit of the laws must be followed as well as the letter.

Read the full, brief article to understand the details of Appel’s recommendations.

In addition to paying attention to all these recommendations, Connecticut needs to attend to improving our existing post-election audit transparency, the security of ballots, and consider adding formal measures along these lines for check off lists and results reporting.

 

 

Letter: Focus on Russia Takes Heat Off Multitude of Election Vulnerabilities

My letter, published in the Courant today:

Many Election Security Risks

The Sept. 6 article “U.S. Fears Russia Hack” [Page 1] provides an inflammatory view of the risks to U.S. elections. Focusing on one potential risk from our current enemy of choice takes the attention off the multitude of risks…
We can do much better in the long run, if the actual risks are not forgotten after November.

A few days ago a Washington Post article, repeated in the Hartford Courant, focused on election risks from our current enemy of choice, Russia <read>.  Here is my letter, published in the Courant today:

Many Election Security Risks

The Sept. 6 article “U.S. Fears Russia Hack” [Page 1] provides an inflammatory view of the risks to U.S. elections. Focusing on one potential risk from our current enemy of choice takes the attention off the multitude of risks.

The truth is that there is no more or less risk to elections this year than in the recent past. The bad news is that the risks of election skullduggery are significant and do not come only from one adversary. A report from the Institute for Critical Infrastructure technology says it all: “Hacking Elections is Easy!” The report discusses how our election infrastructure, from voting machines to registration and reporting systems, are all at risk.

In Connecticut, like most states, a disruption in our centralized voter registration system on Election Day or its compromise before voter lists are printed, would disrupt an election. In many municipalities, voted ballots are easily accessible to multiple single individuals, “protected” only by all but useless tamper-evident seals. Partisans run our elections from top to bottom. Most are of high integrity, yet there is high motivation for manipulation.

We can do much better in the long run, if the actual risks are not forgotten after November.

Highly Recommended: Hacking Elections Is Easy!

From the Institute for Critical Infrastructure Technology: Hacking Elections Is Easy <read>. It is the most layperson accessible comprehensive overview of the problems we face protecting our elections that I have seen in a long time.  It is 23 pages yet very readable.  The main points are:

  • We face multiple risks our elections:  Registration systems, voting systems, reporting systems, and ballot security.
  • We face risks from multiple actors: Nations with interests in manipulating our elections, corporations, U.S. Government agencies, sophisticated hackers, and insiders at all levels.
  • For the unsophisticated, Hacking Is Easy.  There are simple insider attacks, simple cyber attacks, and kits on the Internet to compromise results or simply disrupt elections.
  • Most election officials are of high integrity.  Yet, blind trust in all officials, machines, and that hacking is difficult is perhaps our greatest risk.

Just a couple excerpts from the Introduction:

To hack an election, the adversary does not need to exploit a national network of election technology. By focusing on the machines in swing regions of swing states, an election can be hacked without drawing considerable notice. Voter machines, technically, are so riddled with vulnerabilities that even an upstart script kiddie could wreak havoc on a regional election, a hacktivist group could easily exploit a state election, an APT could effortlessly exploit a national election and any corrupt element with nothing more than the ability to describe the desired outcome could order layers of exploits on any of the multitude of deep web forums and marketplaces. Yes, hacking elections is easy…

From the Institute for Critical Infrastructure Technology: Hacking Elections Is Easy <read>. It is the most layperson accessible comprehensive overview of the problems we face protecting our elections that I have seen in a long time.  It is 23 pages yet very readable.  The main points are:

  • We face multiple risks our elections:  Registration systems, voting systems, reporting systems, and ballot security.
  • We face risks from multiple actors: Nations with interests in manipulating our elections, corporations, U.S. Government agencies, sophisticated hackers, and insiders at all levels.
  • For the unsophisticated, Hacking Is Easy.  There are simple insider attacks, simple cyber attacks, and kits on the Internet to compromise results or simply disrupt elections.
  • Most election officials are of high integrity.  Yet, blind trust in all officials, machines, and that hacking is difficult is perhaps our greatest risk.

Just a couple excerpts from the Introduction:

To hack an election, the adversary does not need to exploit a national network of election technology. By focusing on the machines in swing regions of swing states, an election can be hacked without drawing considerable notice. Voter machines, technically, are so riddled with vulnerabilities that even an upstart script kiddie could wreak havoc on a regional election, a hacktivist group could easily exploit a state election, an APT could effortlessly exploit a national election and any corrupt element with nothing more than the ability to describe the desired outcome could order layers of exploits on any of the multitude of deep web forums and marketplaces. Yes, hacking elections is easy…

Manufacturers and voting officials have constructed an illusion of security based on the semblance of complexity when, in reality, voting machines are neither secure or complex. In general, these stripped down computers utilizing outdated operating systems possess virtually every conceivable vulnerability that a device can have…

Attackers’ ability to exploit vulnerabilities in the systems that support the American democratic process is not exclusive to election machines. Catastrophically disrupting the campaign of just about any political candidate can be done with little more than a DDoS attack on fundraising links and web properties, spam widgets on social media platforms, an insider threat who delivers a malicious payload on a USB drive or unsuspectingly by clicking a link in a spear phishing email, and a ransom ware variant to encrypt important donor lists to further cripple fundraising. A pseudo tech savvy adversary could create a network of spoofed sites to confuse voters and this is just the beginning. By combining attack vectors and layering attacks, an adversary can manipulate the democratic process by inciting chaos, imbuing suspicion, or altering results.

an eighteen year-old high school student could compromise a crucial county election in a pivotal swing state with equipment purchased for less than $100, potentially altering the distribution of the state’s electoral votes and thereby influencing the results of the Presidential election…

An unskilled threat actor may begin a campaign by sending phishing emails or using free script
kiddie tools to remotely attack undefended local networks to compromise email and exfiltrate
internal documents that reveal the types of systems used in an election as well as their storage
conditions.

Hack Pointless? Or State of Denial?

Earlier this week Secretary of the State Denise Merrill, ROVAC President Melissa Russell  and the Manchester CT Registrars of voters talked to NBC Connecticut.  We add some annotation to the transcript,  in [Brackets].

Even the machines used to digitally tabulate election results aren’t connected to the internet in cities and towns. Melissa Russell, a Bethlehem Registrar of Voters, with the Registrars of Voters Association of Connecticut reiterated the point that physical record keeping in Connecticut places the state at an advantage. [Not having voting systems connected to the Internet is definitely an advantage. Yet, not so much against local insider attacks, especially when local officials and their leaders are so confident (overconfident?)]

Local registrars, like Jim Stevenson and Tim Becker in Manchester, wonder what a hacker could really get from a hack of even a local election computer. [The answer, known for years is: Even skilled amateurs could change the result printed by the scanner.  One method is the widely know Hursti Hack. UConn has articulated others.  We are left to wonder why NBC did not interview anyone with expertise to answer the registrars questions. ]

Earlier this week Secretary of the State Denise Merrill, ROVAC President Melissa Russell  and the Manchester CT Registrars of voters talked to NBC Connecticut.  We add some annotation to the transcript,  in [Brackets].

NBC Connecticut
CT Election Officials Say a Hack Nearly Pointless
By Max Reiss
CT Election Officials Say a Hack Nearly Pointless
(Published Monday, Aug. 29, 2016)

After the FBI notified election officials nationwide of a hack on election databases in Arizona and Illinois, many went on alert, on the lookout for specific IP addresses.  [A word to the wise: There are many IP addresses out there.  It is suspicious activity that needs to be guarded against, not particular IP addresses.]

In Connecticut, state election officials said the IP addresses in question haven’t yet shown up on state servers, but added that the information obtained in Illinois, a list of more than 200,000 and their voting data like addresses and phone numbers, are already publicly available in Connecticut. [Yes, but they are available at a price.  We might question if Russians or other groups outside of Connecticut asked for a copy.  Also all the risks that concern Illinois are still there, if the data are available in a legitimate way, its just a bit easier in Connecticut to obtain.]
“I think someone said it was like hacking the phone book,” quipped Secretary of the State Denise Merrill.
She explained that Connecticut has perhaps the most decentralized voting and registration system in the country with 169 cities and towns that act as their own districts. Built into that system is an entirely paper based trove of voter cards, ballots, and backups. [There are advantages to decentralization, and some downsides.  Its much harder to mount a general attack systems across the state. Yet, it is easier to compromise local systems.  Local officials are much less capable of protecting systems.  Local insider attacks are easier to accomplish.  Let us remember that partisan officials have at least as much motivation as the Russians to change results – and local officials have more opportunity.  Most election officials are of high integrity, yet they are not immune to the same forces that have landed Connecticut Governors, Mayors, Legislators, and Police in jail.]

“When you go into vote and you go to register on the list, it’s all still on paper so there is no simple database that’s containing all of the information,” Merrill said. [Actually its called the Centralized Voter Registration Database (CVRS).  It is vital on election day to accomplish Election Day Registration and check voters who might have been incorrectly registered.  That paper list in the polling place is only as good as the CVRS was a few days before the election, when the list was printed.  An attack on the CVRS could involve changing many registrations so voters are not registered on election day, or sent absentee ballots to false addresses to be voted illegally.  Addresses could have been changed without hacking the CVRS by Online Registration.  To do online registration requires a voter’s CT Driver ID.  That Driver ID could be obtained by hacking the DMV database, if it is not in the CVRS. (Has anyone checked the security of the DMV database?]

Voter lists themselves are already public records and campaigns purchase lists from the Secretary of the State every year.

Local registrars, like Jim Stevenson and Tim Becker in Manchester, wonder what a hacker could really get from a hack of even a local election computer. [The answer, known for years is: Even amateurs could change the result printed by the scanner.  One method is the widely know Hursti Hack. UConn has articulated others.  We are left to wonder why NBC did not interview anyone with expertise to answer the registrars questions, to satisfy that wonder. ]
“They would get, you know, name, address, phone number, DMV information such as license number, which is already made available if someone wanted to come in through Freedom of Information,” said Stevenson, the Democratic Registrar of Voters. [I doubt Driver ID is FOIable. If it is, we have problems for voter registration and other reasons.  Once again, NBC could/should have asked experts.]

Even the machines used to digitally tabulate election results aren’t connected to the internet in cities and towns.
Melissa Russell, a Bethlehem Registrar of Voters, with the Registrars of Voters Association of Connecticut reiterated the point that physical record keeping in Connecticut places the state at an advantage. [Not having voting systems connected to the Internet is definitely an advantage. Yet, not so much against local insider attacks, especially when local officials and their leaders are so confident (overconfident?)]
We also have the advantage of a paper ballot system, where we can look at every vote cast in the case of any discrepancy to make sure our elections equipment has performed accurately. [They CAN.  Candidates and the public cannot. The record of officials in looking carefully during post-election audits is quite questionable <See the Citizen Audit Reports> ]
Becker, the GOP registrar in Manchester, explained how state law mandates that each town keep individual paper records for voters, meaning altering results or hacking, would be a tall task.
“They would have to destroy the fire proof cabinets in 169 cities and towns to actually mess with our voter list.” [As we said before, they could alter the CVRS records and the paper records used at the polls would be wrong.  The registrar’s office usually uses the online system first, so they would have to be concerned in a particular case to check the paper voter registration record. If there was a mass attack it would disrupt the whole election day to have each polling place call the registrars office to check the paper for each  voter.  Once again, an insider attack on those paper records would be relatively simple.]
Published at 10:26 PM EDT on Aug 29, 2016
Source: CT Election Officials Say a Hack Nearly Pointless | NBC Connecticut
http://www.nbcconnecticut.com/news/local/CT-Election-Officials-Say-a-Hack-Nearly-Pointless391684361.html#ixzz4Ipw9JbFD
Follow us: @nbcconnecticut on Twitter | NBCConnecticut on Facebook

Report: Secret Ballot At Risk

A new report from the Electronic Privacy Information Center, articulates some of the risks of losing the the Secret Ballot: Secret Ballot At Risk: Recommendations for Protecting Democracy <Exec Summary> <Report>

We recommend reading the Executive Summary and at least the section of the report covering the history of and the need for the secret ballot, pages 4-9 and the section for your state, e.g. Connecticut pages 54-55.

Our only criticism is that the report does not cover the risks to the secret ballot and democracy posed by photos, most often seen in selfies of voters with the voted ballot taken in the voting booth.  Nor does it cover the risks  to the secret ballot posed by absentee voting.

A new report from the Electronic Privacy Information Center, articulates some of the risks of losing the the Secret Ballot: Secret Ballot At Risk: Recommendations for Protecting Democracy <Exec Summary> <Report>

We recommend reading the Executive Summary and at least the section of the report covering the history of and the need for the secret ballot, pages 4-9 and the section for your state, e.g. Connecticut pages 54-55.

Our only criticism is that the report does not cover the risks to the secret ballot and democracy posed by photos, most often seen in selfies of voters with the voted ballot taken in the voting booth.  Nor does it cover the risks  to the secret ballot posed by absentee voting.

From the Executive Summary:

The right to cast a secret ballot in a public election is a core value in the United States’ system of self-governance. Secrecy and privacy in elections guard against coercion and are essential to integrity in the electoral process. Secrecy of the ballot is guaranteed in state constitutions and statutes nationwide. However, as states permit the marking and transmitting of marked ballots over the Internet, the right to a secret ballot is eroded and the integrity of our elections is put at risk…

Our findings show that the vast majority of states (44) have constitutional provisions guaranteeing secrecy in voting, while the remaining states have statutory provisions referencing secrecy in voting. Despite that, 32 states allow some voters to transmit their ballots via the Internet which, given the limitations of current technology, eliminates the secrecy of the ballot. Twenty-eight of these states require the voter to sign a waiver of his or her right to a secret ballot. The remainder fail to acknowledge the issue.

From the Report:

The secret ballot reduces the threat of coercion, vote buying and selling, and tampering. For individual voters, it provides the ability to exercise their right to vote without intimidation or retaliation. The secret ballot is a cornerstone of modern democracies. Prior to the adoption of the secret ballot in the United States in the late 19th century, coercion was common place. It was particularly strong in the military…

The establishment of the secret ballot helped prevent that type of coercion in the military. It also changed coercive practices in the workplace. But has our society evolved so much that we no longer need the secret ballot?

The answer is, simply, no. The secret ballot also protects individuals from harassment as a result of their vote. In February 2009, The New York Times reported that “some donors to groups supporting [California’s “Proposition 8” re: same-sex marriage] have received death threats and envelopes containing a powdery white substance, and their businesses have been boycotted.” The Times reported that a website called “eightmaps.com” collected names and ZIP codes of people who donated to the ballot measure and overlaid the data on a map, contributing to the harassment and threats of violence.

Further, employer-employee political coercion is alive and well in the United States. A recent article in The American Prospectdocumented a number of instances of political coercion in the workplace, including:

  • An Ohio coal mining company required its workers to attend
    a Presidential candidate’s rally – and did not pay them for their time.
  • Executives at Georgia-Pacific, a subsidiary of Koch Industries which employs approximately 35,000 people, distributed a flyer and a letter indicating which candidates the firm endorsed. “The letters warned that workers might ‘suffer the consequences’ if the company’s favored candidates were not elected.”

Thanks to the secret ballot, employers cannot lawfully go so far as to “check” on how an employee actually voted. But if ballots were no longer secret, many employees would risk losing their jobs if they voted against the recommendations of management. Our democracy would no longer be free and fair. Our need for privacy protections is just as strong today as it was when the secret ballot was adopted

Connecticut Constitution and statutes:

Constitutional provision re: right to secret ballot Conn. Const. Art. 6 § 5
In all elections of officers of the state, or members of the general assembly, the votes of the  electors shall be by ballot, either written or printed, except that voting machines or other mechanical devices for voting may be used in all elections in the state, under such regulations  as may be prescribed by law. No voting machine or device used at any state or local election  shall be equipped with a straight ticket device. The right of secret voting shall be preserved

”’

Conn. Gen. Stat. Ann. § 9-366
Any person who […]does any act which invades or interferes with the secrecy of the voting
or causes the same to be invaded or interfered with, shall be guilty of a class D felony.

NPV Note: Trump and Hillary visit Connecticut

Donald Trump is visiting Connecticut tonight at Sacred Heart University in Fairfield, while Hillary is visiting Greenwich on Monday for a fundraiser <read>

This provides a great opportunity to discuss a couple of points often touted in favor of the National Popular Vote.

  • That presidential candidates will never campaign in Connecticut until we have a national popular vote.
  • That candidates only come to Connecticut to take money out of the state.
  • And apparently we would benefit from the money they would spend here.

Donald Trump is visiting Connecticut tonight at Sacred Heart University in Fairfield, while Hillary is visiting Greenwich on Monday for a fundraiser <read>

This provides a great opportunity to discuss a couple of points often touted in favor of the National Popular Vote.

  • That presidential candidates will never campaign in Connecticut until we have a national popular vote.
  • That candidates only come to Connecticut to take money out of the state.
  • And apparently we would benefit from the money they would spend here.

We have long opposed, not because we are against the idea in theory, but because imposing a popular vote on our current unequal and risky state-by-state system would make presidential elections much more risky.  <See our posts here>

Overall we do not think campaigning in a state or the money issue is that relevant in choosing for or against the National Popular vote. Yet, since the proponents tout it so strongly, we point out:

  • Obviously a candidate is campaigning here in spite of their claims.  (We also had several candidates here during the presidential primary season)
  • Many of those same legislators and advocates for the National Popular Vote are arguing Trump should not come.
  • Rather than bringing money to the state it may cost the Town of Fairfield $37,000 in security <read>
  • Ask yourself if this visit or the visits during the primary campaign changed the minds of many who could have watched similar rallies on TV or the Internet?
  • We note it is a myth that campaigns bring huge amounts of money to states where they campaign.  The big money goes to media conglomerates, national headquarters staff, and consultants.
  • Presumably Hillary will take some huge donations from Greenwich, where apparently financial barons live to enjoy New England and avoid NYC taxes, while threatening to leave Connecticut for some sunbelt tax haven.
  • Yet the amounts are peanuts compared to the money those people spend in Connecticut. Which in-turn, is peanuts compared to their investments around the country and in offshore tax havens. In any case they would still donate that money no matter where they lived and where the candidates campaigned.
  • There is a problem with money in campaigns that demands reform directly, a National Popular Vote would not change that, if anything it would make it worse creating the demand for more of those television and web political ads that we all would rather avoid.

Remember this is not a reason to be for or against the National Popular Vote. It is an example of supporters grabbing at straws to make their case.

Update 8/19/2016**********

This week Hillary Clinton campaigned in NY, a very safe state for her campaign.

What Could Elections Officials Learn From the Delta Airlines Outage

  • System failures are generally explained away as accidents, usually unique and isolated ones.
  • Human systems are vulnerable to failure, especially those dependent on computer systems, especially when there is no manual backup.
  • If businesses like airlines, banks, and Federal Government agencies cannot protect their systems, how can state, county,  and local systems be expected to be reliable?

Connecticut is not the pick of the litter here, as we said last April:

We sadly await the Election Day when the Connecticut voter registration system is down, especially with no contingency plan for Election Day Registration. Don’t say “Who Could Have Imagined”, we did.

 

This week Delta Airlines was partially down, so far, for at least three days.  Because of “computer” or “power” problems according to reports, e.g. How A Computer Outage Can Take Down An Entire Airline <read>.

Just after five in the morning on Monday, Delta sent out an alert every traveler dreads. “Delta has experienced a computer outage that has affected flights scheduled for this morning.”

Two hours later, Delta added discouraging details: The outage in Atlanta had crippled its mission control center—the NASA-inspired room that keeps Delta’s global fleet running. Soon, static check-in lanes clogged airports and gate agents started writing boarding passes by hand. Passengers slept on airport floors or sat in parked planes, even as departure boards and smartphone apps wrongly told them everything was running great. The airline canceled more than 650 flights and delayed many more in the US, Japan, Italy, and the UK…

Georgia Power, which supplies electricity to Delta, says it’s working with the airline today to fix a failed switchgear—a heavy duty version of the circuit breaker panel you’ve got in your basement. That would suggest that if an update or test is the problem, it was of hardware (perhaps, ironically, something like a new power supply), rather than of software. Georgia Power says the outage affected nobody else.

This is not the first time:

No one seems to know what went wrong, exactly—Delta’s investigating—but this is hardly the first time a computer glitch has shackled an airline’s global operations to the tarmac. So how does this keep happening?…

If you’re starting to think this kind of thing happens a lot, you’re right. In July, the failure of a single data center router forced Southwest to cancel 2,300 flights across four days, costing the airline well over $10 million. CEO Gary Kelly told The Dallas Morning News the router only partially failed, so it didn’t trigger the backup systems. In May, JetBlue had to check in customers by hand when its computer system went down. American Airlines blamed connectivity issues when it had to suspend flights last September. A year ago, United blamed a glitch for 800 flight delays.

And then there are the cases that defy contingency planning. In 1991 a farmer reportedly took 20 air traffic control centers offline when he inadvertently cut through an underground fiber optic cable while burying a cow. In 2014, an FAA contractor set fire to an air traffic control center in Chicago, disrupting travel for more than two weeks.

There are three lessons we might absorb and election officials might learn from this.  (We have to admit that we are skeptical that these lessons will be learned by the public or officials.)

  • System failures are generally explained away as accidents, usually unique and isolated ones.
  • Human systems are vulnerable to failure, especially those dependent on computer systems, especially when there is no manual backup.
  • If businesses like airlines, banks, and Federal Government agencies cannot protect their systems, how can state, county,  and local systems be expected to be reliable?

System Failures Are Generally Explained Away as Accidents

How can we be sure that a system failure is an accident, not a sabotage?   How do we know that an individual, foreign power, or business competitor did not bring down the system?  This could have been a test of a surgical strike which could be used to take down multiple airlines or other critical systems.

You maybe thinking “Conspiracy Theorist” here.  That is a good way to deflect concern, without delving deeper, without considering actually learning.  Yet, such an attack has happened.  Maybe more than one or several. The U.S. Government and Israel attacked Iranian nuclear facilities, by attacking the control system responsible for nuclear centrifuges.  The attack known as Stuxnet was designed to go undetected, and it did so for several years.

The point here is not that the Delta outage was necessarily such an attack. It is that it could have been and even with diligence that may not ever be determined.  It could also have been sabotage by a single individual.  In any case, computer attack, human attack, or accident, our infrastructure is vulnerable.

Human systems are vulnerable to failure, especially those dependent on computer systems, especially when there is no manual backup.

Without their computer system, Delta, was dead in the water (actually dead in the air, stuck on the ground), completely dependent on computer systems power, and apparently a single point of failure.

But wait.  What if Delta could have had a simple manual backup?  Would it be possible to save millions, perhapss billions of dollars, and continue most flights, with most passengers, saving them many problems?

I am not an airline expert, yet my guess is that Delta’s system is largely separate from the Air Traffic Control, TSA, and Immigration Systems.  Here is an outline of a simple backup system:

  • Every couple of hours, spreadsheets of the following are sent to a personal computer at each Delta airport:  Passengers booked for each flight for the next 24 hours.  Equipment, crew, and schedule for each flight in that period.
  • In a similar emergency all those items are printed on paper and used by personnel to create boarding passes and checkin passengers.
  • Flight crews, baggage handlers, and maintenance use that information to continue operations.

Obviously it would not work perfectly, yet it would provide for most service to continue at a considerably slower pace.

If businesses like airlines, banks, and Federal Government agencies cannot protect their systems, how can state, county and local systems be expected to be reliable?

Which brings us to our election system.  To the extent we make it an electronic election system, we are similarly dependent on systems, to the extent we have no manual backup or workable pre-planned contingencies.

How about Connecticut

One area where we are very good, is that we have paper ballots.  Even if our scanners fail due to an extended power outage we can still vote on paper ballots and count them later!

But there are other potential problems.

The current voting system is partially dependent on the availability of the online Central Voter Registration System (CVRS) and the phone system. CVRS and the phone system are also generally dependent on the availability of the Internet and the power grid.  Availability required statewide and in each town in the state.

  • The CVRS must be available in the few days before an election so that paper checkin lists can be printed, so that voters can checkin at the polls.
  • On election day, Registrars are constantly checking the system to resolve voter registration issues at polling places, perhaps 5% of voters would not be able to vote if that system were unavailable.
  • Also on election day, election day registration is currently 100% dependent on the availability of the CVRS, with no model contingency plan specified by the Secretary of the State’s Office.
  • Also the whole system is highly dependent on the phone system which is used by polling place officials to call the Registrars’ Office, and for the Registrars’ Office call other towns for Election Day Registration.

When we convert to electronic checkin, we must be careful to require paper copies of  checkin lists so that polling place voting can mostly continue in the event of power, phone, and computer outages.

Finally, a reminder that it is tough for individual industries to protect themselves, harder for state and local governments, and that Connecticut is not the pick of the litter here:

As was reported in April: Connecticut Makes National Short List – Embarrassing <read>

U.S. federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.

The analysis, from venture-backed security risk benchmarking startup SecurityScorecard, measured the relative security health of government and industries across 10 categories, including vulnerability to malware infections, exposure rates of passwords and susceptibility to social engineering, such as an employee using corporate account information on a public social network.

Educations, telecommunications and pharmaceutical industries also ranked low, the report found. Information services, construction, food and technology were among the top performers…

Other low-performing government organizations included the U.S. Department of State and the information technology systems used by Connecticut, Pennsylvania, Washington and Maricopa County, Arizona.

As we said then:

We sadly await the Election Day when the Connecticut voter registration system is down, especially with no contingency plan for Election Day Registration. Don’t say “Who Could Have Imagined”, we did.

 

 

 

 

 

Warning: 15 states without paper records, half without audits

A Computer World article reminds us how much more there is to go to achieve verifiable, evidence based elections:  A hackable election? 5 things to know about e-voting <read>

Voting results are “ripe for manipulation,” [Security Researcher Joe] Kiniry added.

Hacking an election would be more of a social and political challenge than a technical one, he said. “You’d have a medium-sized conspiracy in order to achieve such a goal.”

While most states have auditable voting systems, only about half the states conduct post-election audits, added Pamela Smith, president of Verified Voting.

Let us not forget that even states, like Connecticut, with post-election audits have a long way to go in making the audits sufficient to assure that election results are correct or confidence that incorrect results would be reversed.

A Computer World article reminds us how much more there is to go to achieve verifiable, evidence based elections:  A hackable election? 5 things to know about e-voting <read>

Voting results are “ripe for manipulation,” [Security Researcher Joe] Kiniry added.

Hacking an election would be more of a social and political challenge than a technical one, he said. “You’d have a medium-sized conspiracy in order to achieve such a goal.”

While most states have auditable voting systems, only about half the states conduct post-election audits, added Pamela Smith, president of Verified Voting.

“That leaves a lot of gaps for confirming that election outcomes were correct,” she said. “In such a contentious election year, well, let’s just say it’s never a good thing to be unable to demonstrate to the public’s satisfaction that votes were counted correctly, whether in a small contest or large.”…

Twenty-three states used DREs without paper trails in the 2008 U.S. election, and 17 used them in 2012, compared to 15 states this year, according to information from the U.S. Election Assistance Commission and Verified Voting.

Let us not forget that even states, like Connecticut, with post-election audits have a long way to go in making the audits sufficient to assure that election results are correct or confidence that incorrect results would be reversed.