Category: Electronic Vulnerability

Life on the Internet “Frontier”

Today we all live on the Internet Frontier. Many of us in Connecticut had a reminder yesterday from our major communication provider Frontier Communications Corp.  As reported in the Hartford Courant: Customers Blast Frontier After Internet Outage

Customers of Frontier Communications Corp. in Connecticut complained Tuesday about lost internet service that the telecommunications company said was due to a software update…

What might we learn?

  • We are very dependent on a very risky infrastructure.
  • This is costly.

Today we all live on the Internet Frontier. Many of us in Connecticut had a reminder yesterday from our major communication provider Frontier Communications Corp.  As reported in the Hartford Courant: Customers Blast Frontier After Internet Outage <read>

Customers of Frontier Communications Corp. in Connecticut complained Tuesday about lost internet service that the telecommunications company said was due to a software update…

Spokesman Andy Malinoski said in an email that Frontier apologizes for the service interruption caused by a software update installed overnight in Frontier’s network.

“We have corrected the issue with the update. Service is now restored. Customers should not have to reboot their modems,” he said…

Complaints from customers were similar to what Frontier endured when it bought AT&T’s wire line business for $2 billion in 2014. Customers then complained about lost connections, mostly related to the bundled service formerly known as U-Verse.

Consumers then filed hundreds of complaints with the state Department of Consumer Protection, state attorney general’s office and Public Utilities Regulatory Authority.

Frontier offered a $50 credit for Frontier U-Verse customers.

I was one of those customers. The outage was from about 2:00am until sometime between 9:00am and 11:00am. The outage is over, the outrage should continue.  After wasting about an hour, delaying our usual handling of emails and reading the Courant, my wife and I went to town and found our favorite coffee shop and the public green nearby, both without their usual Internet. I suggested trying Starbucks next door. My wife suggested the one at the north end of town, in case it was a local outage. The northern Starbucks Internet worked!  Was it coincidental with Frontier’s recovery or not? I do not know.

What might we learn?

We are very dependent on a very risky infrastructure. Just one bad software update, hardware failure, cyberattack, or insider attack from calamity. This time we mostly dodged a bullet. Nothing terrible happened, that we know of, the whole State was out for a few hours. Meanwhile portions of the state are still recovering from a power outage last week caused by tornadoes and microbursts, that our electric utility, the so called, Eversource claims knocked out more miles of power lines than hurricane Sandy. We are lucky that a company incompetent enough to knock out a state’s Internet from a software glitch took only a few hours to notice it and recover. It could have been a hardware problem or software problem that physically broke some infrastructure or required manual software updates to routers. It could have launched a chain reaction that cause power, telephone, or public safety outages at the same time. Frontier phone systems, delivered by that same wire miraculously did not go down as they often do together.

Imagine if this were a foreign enemy, a cyber terrorist, or a frustrated Frontier employee timing their interruption at the worst possible time or aimed at a particular customer of public facility.  Imagine if this was actually a test, not difficult if you try.

This is costly. $50 compensation for months of outages etc. two years ago.  That is a pittance. You could say the hour we lost was worth $50 to my wife and myself in aggravation and time list.  We are retired. The loss would be much worse if we were employed, a small, or a large business. It could mean lost customers. If the phone had gone down it could, and would likely have killed people unable to reach 911. They touted that customers would not have to reboot their routers. Big deal. Rebooting my router was one of the first things I tried.

Pity the business dependent on Frontier, assuming that such a large enterprise, has Internet expertise could be trusted to support websites for their customers:

Gary Choronzy, chief executive officer of Connecticut Websites, a Branford website design company, said service stopped at about 2 a.m. After a long wait on the telephone, he was only able to confirm that he paid his bill and that the service outage was due to a technical problem.

Choronzy said he could not get connected to a service representative…

“I run my business around the internet,” he said. “It’s unconscionable.”…

Choronzy and other Frontier customers tweeted their exasperation.

“The current Frontier Internet & TV outages across Connecticut, as well as the ridiculously high prices they and @comcast charge are exactly why cord-cutting has become so popular,” he said.

My websites and those I support are hosted by a company that has multiple redundant datacenters and severs across the country.  To my knowledge, in over a decade they have not had anything like a four hour outage.

Testimony to the Connecticut Cybersecurity Task Force – UPDATED

I testified in my capacity as Executive Director of the Connecticut Citizen Election Audit. I was the only member of the public providing testimony.

Why are post-election audits and paper ballots a critical component of protecting our elections?  “[D}data protection involves prevention, detection, and recovery”.  Cybersecurity and other measures protecting voting equipment and voting systems are primarily prevention measures and to a lesser degree detection measures. No matter how much effort we put into cybersecurity, software testing, and hardware maintenance there will always be a significant level of vulnerability.

Paper ballots, sufficient post-election audits, and recounts provide a primary means of detecting cyber, software, human, and hardware failures. They also provide a means of recovery. They provide for, so called, software independent verification of election results, resulting in justified public confidence.

Today was the 2nd and perhaps last meeting of the Connecticut Cybersecurity Task Force, aimed at recommending items for Connecticut’s share of the $5.1 million in new Federal Funding.

I testified in my capacity as Executive Director of the Connecticut Citizen Election Audit. I was the only member of the public providing testimony. In a couple of days I will pass on the video of the event, once it becomes available.  For now:
Here is the Agenda: <read> and my Testimony: <read>

I largely addressed the need for paper ballot security and post-election audits and how some of the new Federal money could be used to enhance them now and in the future.

I think I raised some awareness from my testimony and the questions members asked, yet it seems that the modest items I suggested might be deemed cost prohibitive. I spoke for six minutes and addressed questions for about 10 minutes (the emboldened portion of my written testimony), so the video will be interesting. The recommendations for spending the $5.1 million will apparently closely mimic the items listed near the end of the agenda.

Here is an excerpt of some highlights:

Enhancing post-election audits was explicitly included as an appropriate use of funds in the Federal legislation. Protection of paper ballots is a necessary component of trustworthy post-election audits.  I recommend initial steps that will cost, less than one-half a million dollars and outline a more comprehensive, yet efficient plan for the long run that might best protect Connecticut elections and ultimately our democracy.

Why are post-election audits and paper ballots a critical component of protecting our elections?  “[D}data protection involves prevention, detection, and recovery”.  Cybersecurity and other measures protecting voting equipment and voting systems are primarily prevention measures and to a lesser degree detection measures. No matter how much effort we put into cybersecurity, software testing, and hardware maintenance there will always be a significant level of vulnerability.

Paper ballots, sufficient post-election audits, and recounts provide a primary means of detecting cyber, software, human, and hardware failures. They also provide a means of recovery. They provide for, so called, software independent verification of election results, resulting in justified public confidence. I agree with Secretary Merrill that public confidence is important. I emphasize that the goal should be justified public confidence.

For post-election audits and recounts to be trusted requires strong paper ballot security and a credible chain-of-custody. Audits must also be transparent and publicly verifiable. The independent Citizen Audit reports show our ballot security is woefully inadequate.

Connecticut currently has an insufficient post-election audit. Insufficient because it only audits 5% of polling-place cast, machine counted ballots, exempting all centrally counted absentee ballots, Election Day Registration ballots, and originally hand-counted ballots from the audit. Insufficient because many of the local counting sessions are poorly conducted, with most differences in counts attributed to human counting error and left uninvestigated – a phenomenon that is, as far as I can tell, unique to Connecticut.

Fortunately, there is a straight-forward remedy close at hand. The UConn VoTeR Center in conjunction with the Secretary’s Office have developed an independent, electronic system to rescan and recount the ballots, called the Audit Station.  Unfortunately, the Audit Station has not been used in a way that meets requirements for software independence or that would satisfy most election integrity activists, leading scientists, and security experts.

The good news is that the Audit Station could easily be enhanced to satisfy most experts.My written testimony details Citizen Audit recommendations for ballot security and audits. Once again, I emphasize that audits and protected paper ballots are necessary for detection and recovery from every type of attack, breakdown, and error.

The Registrars of Voters Association asked for money for electronic pollbooks and for GEMS systems to accumulate results from memory cards, presumably somehow replacing or enhancing our new, completely air-gaped Election Night Reporting System.

Without explanation the Registrars linked those systems to improved cybersecurity.

They also asked the State to pay for new computers, newer than the XP systems many registrars use and sometimes share with other town employees.

Those suggestions were apparently ignored.

For the agenda from the 1st meeting and a list of task force members, see this press release: <read>

***********UPDATE:

Days sooner than last time, the video is available: <View>

My testimony starts at about 45 minutes in.

In reviewing the video, I note that Secretary Merrill did express interest in using some of the Federal money for some of our recommendations and considering improving some aspects of the audits.

America is still unprepared for a Russian attack on our elections

Washington Post: America is still unprepared for a Russian attack on our elections

Though these machines are not routinely connected to the Internet, NYU’s Lawrence Norden warns that there are nonetheless ways to infiltrate them…

Having paper-friendly machines is hardly enough.

Washington Post: America is still unprepared for a Russian attack on our elections <read>

Though these machines are not routinely connected to the Internet, NYU’s Lawrence Norden warns that there are nonetheless ways to infiltrate them, including through computers used to program the machines. Since 2016, only one state, Virginia, has phased out all of its paperless machines. Georgia lawmakers failed last month to pass a bill that would have upgraded the state’s voting machines. And though Pennsylvania is pushing upgrades, the transition will not finish until after November’s vote.

Having paper-friendly machines is hardly enough. Paper trails enable state officials to run statistically sound post-election audits of vote tallies. Yet only a handful of states require rigorous audits, with only a handful more considering them.

Officials are too comfortable that no connectivity is sufficient to protect our machines. Its a good idea, yet insufficient, as demonstrated by STUXNET.  Many believe STUXNET was perpetrated by the U.S. and Israel, which they deny. In any case, it demonstrates that foreign interests of one faction/government or another can change our elections.

Recently Secretary of the State, Denise Merrill, convened a Connecticut Cyber Security Task Force. Many of the comments at the first meeting give assurance that our Voter Registration System will be protected, yet some seemed to ignore the risks to anything not connected to the Internet <View on CT-N>

Officials don’t get risks of election hacking

There is no panacea. As we have been saying all along, nothing can fully protect us from hacking, fraud, and errors.  Maximum election security means Prevention, Detection, and Recovery.  For vote totals that means that we need to protect our paper ballots and then exploit them with sufficient audits and recounts.

New Yorker: America Continues to Ignore the Risks of Election Hacking

New Yorker: America Continues to Ignore the Risks of Election Hacking <read>

One of the enduring myths about American elections, and one that persists even after the revelations of 2016, is that they are largely insulated from hacking because we have no centralized voting system—elections are overseen by roughly nine thousand counties, and voting takes place in over a hundred and fifty thousand polling places—and because most voting occurs offline. “Our diverse and locally-run election process presents serious obstacles to carrying out large-scale cyberattacks to disrupt elections, and that standalone, disconnected voting systems present a low risk,” the National Association of Secretaries of State wrote last year, in a briefing paper titled “Key Facts and Findings on Cybersecurity and Foreign Targeting of the 2016 US Elections.” Yet the intelligence community, computer scientists, and hackers themselves have found that while decentralization may be a deterrent, it is not a defense.

There is no panacea. As we have been saying all along, nothing can fully protect us from hacking, fraud, and errors.  Maximum election security means Prevention, Detection, and Recovery.  For vote totals that means that we need to protect our paper ballots and then exploit them with sufficient audits and recounts.

 

How Could CT Spend New Federal Election Security Money?

Connecticut will have available somewhere around $5 million to spend on election security in the new “omnibus” appropriations bill. Woefully inadequate for states that should be replacing touch-screen voting with all paper ballots.  etc., for a state that already has paper ballots, a lot can be accomplished.

Denise Merrill is already thinking about how to spend it: CTMirror: Omnibus has millions to strengthen CT voting system against cyber attacks.

Secretary Merrill asked me for suggestions in a brief conversation a couple of weeks ago. At the time, off the top of my head, I suggested and we briefly discussed three things. After consideration I would suggest some more things. Security is not just cyber security and training officials. It also requires physical protection of ballots, physical protection of voting machines, and understanding the situation before determining the training needed.

Connecticut will have available somewhere around $5 million to spend on election security in the new “omnibus” appropriations bill. Woefully inadequate for states that should be replacing touch-screen voting with all paper ballots. Yet, for a state that already has paper ballots, a lot can be accomplished.

Explanatory Statement on Consolidated Appropriations Act, 2018
House Appropriations Committee; Rep. Rodney Frelinghuysen, R-N.J., 3/21/2018

ELECTION REFORM PROGRAM

The bill provides $380,000,000 to the Election Assistance Commission to make payments to states for activities to improve the administration of elections for Federal office, including to enhance election technology and make election security improvements, as authorized under HAVA sections 101 [Payments to States for activities to improve administration of elections], 103 [Guaranteed minimum payment amount], and 104 [Authorization of appropriations] of the Help America Vote Act 2002 (P.L. 107-252). Consistent with the requirements of HAVA, states may use this funding to:

  • replace voting equipment that only records a voter’s intent electronically with equipment that utilizes a voter-verified paper record;
  • implement a post-election audit system that provides a high-level of confidence in the accuracy of the final vote tally;
  • >upgrade election-related computer systems to address cyber vulnerabilities identified through DHS or similar scans or assessments of existing election systems;
  • facilitate cybersecurity training for the state chief election official’s office and local election officials;
  • implement established cybersecurity best practices for election systems;
  • and fund other activities that will improve the security of elections for federal office.

Denise Merrill is already thinking about how to spend it: CTMIrror:Omnibus has millions to strengthen CT voting system against cyber attacks <read>

Connecticut Secretary of State Denise Merrill has asked the state to fund two IT positions at her agency to help strengthen protections of the state’s electoral system. Currently the state’s election system relies on an IT team that works for all state agencies.

Merrill says she wants an IT staff “with substantial knowledge of elections” to help fend off cyber threats.

The election chief’s request is pending.

The federal funds in the omnibus, which Merrill says will amount to between $3 million and $5 million for her agency, will be released within 45 days.

Merrill said she plans to use that money to buy equipment, and especially to train election personnel in the state’s 169 towns.

Secretary Merrill asked me for suggestions in a brief conversation a couple of weeks ago. At the time, off the top of my head, I suggested and we briefly discussed three things:

  • Strengthening Connecticut’s woefully inadequate ballot security.  At a minimum setting basic standards for ballot access and minimum sealing duration in law as I suggested in legislation: <S.B.540 2017> That was indeed a minimal proposal at an estimated cost of $30,000.
  • Improving the Electronic Audit to satisfy reasonable integrity requirements as we have proposed in that same bill and in more detailed form to the Secreary’s Office and the UConn Voter Center. Once again this is very few thousands in enhancing some of the prototype code UConn has developed to meet those specifications along with a few thousands in developing documentation while piloting the enhanced system as the current system has been piloted over the last two November elections.
  • Developing the training and support system necessary to use the UConn audit system for all post-election audits – with a trained staff to support the audits deployed across state in the nine regional governments, reducing the need for UConn computer scientist support. I.e. The state has already purchased nine complete systems, that is one for each region of the state. I have suggested training election day scanner experts for the job in a system similar to the way the State now pays part-time registrars additional part-time income providing Moderator Certification classes. I would deploy teams of two trained individuals with three complete audit systems (two to use, one a spare) to each visit three regions for three days each, allowing registrars from towns selected for audit to signup for times to present the ballots for audit.  At most $50,000 to setup the system and train the individuals (they could easily be trained, hands-on in one day, and perhaps assisted by a UConn expert the 1st day of actual auditing.) The cost to pay for each year, renting a van for each team, refresher training,  etc. Might be $30,000 – that’s about half what the hand-count audit costs today. Certainly for cutting costs in half, towns could be expected to pay for the service after a couple years of Omnibus funding!.

After consideration I would suggest some more things. Security is not just cyber security and training officials. It also requires physical protection of ballots, physical protection of voting machines, and understanding the situation before determining the training needed. I would suggest:

  • An independent security audit of every one of the 169 municipalities, performed by a reputable third-party. I would assess the security of paper ballots – how sure can we be that they have not been tampered with for audits and recounts?; the security of voting machines and memory cards; the security of registrars’ office records and municipal clerk election records; the security practices surrounding receipt and processing of absentee ballots; the security practices and security of the elections network associated with the voter registration system and the municipal network in general. At a minimum assess a random sample of very small, small, medium, and large municipalities.
  • Based on that assessment make recommendations for the training of officials and further enhancements of all areas assessed (I suspect needs will be identified that go well beyond the $5 million.

In the long run, beyond the $5 million, the optional solution for ballot storage may be some configuration regional storage with better monitoring and safeguards that can be accomplished by 169 individual municipalities.  Such rationalization would facilitate the audits and would also provide a basis for, so called. risk limiting audits.

 

Do you need a blockchain? (Probably not!)

Blockchains are the latest technology to enter the mainstream.  A blockchain powers and makes BitCoin possible. Many are treating blockchains as the next big breakthrough in technology. There is even a Blockchain Caucus in Congress.

Do not get your hopes up or bet your retirement savings on blockchains, they are definitely not the next Internet or Hula Hoop.  Most importantly they will not transform elections or solve the challenges of online voting.

From IEEE Do You Need a Blockchain?

“I find myself debunking a blockchain voting effort about every few weeks,” says Josh Benaloh, the senior cryptographer at Microsoft Research. “It feels like a very good fit for voting, until you dig a couple millimeters below the surface.”

Blockchains are the latest technology to enter the mainstream.  A blockchain powers and makes BitCoin possible. Many are treating blockchains as the next big breakthrough in technology. There is even a Blockchain Caucus in Congress.

Do not get your hopes up or bet your retirement savings on blockchains, they are definitely not the next Internet or Hula Hoop.  Most importantly they will not transform elections or solve the challenges of online voting.

From IEEE Do You Need a Blockchain? <read>

Blockchain technology is, in essence, a novel way to manage data. As such, it competes with the data-management systems we already have. Relational databases…suffer from one major constraint: They put the task of storing and updating entries in the hands of one or a few entities, whom you have to trust won’t mess with the data or get hacked.

Blockchains, as an alternative, improve upon this architecture in one specific way—by removing the need for a trusted authority. With public blockchains…, a group of anonymous strangers (and their computers) can work together to store, curate, and secure a perpetually growing set of data without anyone having to trust anyone else. Because blockchains are replicated across a peer-to-peer network, the information they contain is very difficult to corrupt or extinguish.

This feature alone is enough to justify using a blockchain if the intended service is the kind that attracts censors…

However, removing the need for trust comes with limitations. Public blockchains are slower and less private than traditional databases, precisely because they have to coordinate the resources of multiple unaffiliated participants. To import data onto them, users often pay transaction fees in amounts that are constantly changing and therefore difficult to predict. And the long-term status of the software is unpredictable as well. Just as no one person or company manages the data on a public blockchain, no one entity updates the software. Rather, a whole community of developers contributes to the open-source code in a process that, in Bitcoin at least, lacks formal governance…

“If you don’t mind putting someone in charge of a database…then there’s no point using a blockchain, because [the blockchain] is just a more inefficient version of what you would otherwise do,” says Gideon Greenspan, the CEO of Coin Sciences, a company that builds technologies on top of both public and permissioned blockchains.

With this one rule, you can mow down quite a few blockchain fantasies. Online voting, for example, has inspired many well-intentioned blockchain developers, but it probably does not stand to gain much from the technology.

“I find myself debunking a blockchain voting effort about every few weeks,” says Josh Benaloh, the senior cryptographer at Microsoft Research. “It feels like a very good fit for voting, until you dig a couple millimeters below the surface.”

Benaloh points out that tallying votes on a blockchain doesn’t obviate the need for a central authority. Election officials will still take the role of creating ballots and authenticating voters. And if you trust them to do that, there’s no reason why they shouldn’t also record votes.

In my early days of advocacy, my congressman at a forum claimed that there would be no problems with electronic voting because of a magic new technology, “encryption”. It has not worked out that way.  Like encryption, blockchains cannot protect against corruption of the computer itself – a laptop or smartphone used for online voting, an optical scanner or touch-screen voting machine, or the central server collecting and reporting results.

“Does your vote count?” Glastonbury MLK Conversation

Last Wednesday evening, I was one of five speakers and a moderator at a Community Conversation held by the Glastonbury Martin Luther King Community Initiative. There were about 60 to 75 in attendance. We addressed “Does your vote count? An examination of the Issues” I addressed issues in two areas: How could you know if your vote was counted? And what I would recommend to expand democracy in Connecticut, without risking election integrity. Here are my prepared remarks:

Last Wednesday evening, I was one of five speakers and a moderator at a Community Conversation held by the Glastonbury Martin Luther King Community Initiative.  There were about 60 to 75 in attendance.  We addressed “Does your vote count? An examination of the issues.”  I addressed issues in two areas:  How could you know if your vote was counted? And what I would recommend to expand democracy in Connecticut, without risking election integrity.  Here are my prepared remarks <read>

Some excerpts:

I tend not to agree with anyone 100% of the time.  I view voting through a lens of balancing three priorities

  • Voting Integrity, that is Justified Confidence
  • Engaging more people in Democracy
  • The costs of Elections

To me, Justified Confidence is the highest priority, followed by a balance between increasing voter engagement and cost.

Let’s talk voting integrity.  Said another way “Does your vote count?”  The problem is that you and I cannot answer that question.  The systems we have, by intention or not, prevent us from answering that question…

For Democracy to function, citizens must have JUSTIFIED CONFIDENCE in elections — elections providing strong evidence that the correct winner was declared.

The 2016 elections surfaced two election integrity questions in the minds of many citizens:

  • First, Did the Russians hack our election systems? That is distinct from did they influence our elections?
  • Second, Were the winners of the Primaries and Election accurately determined?

There is a lack of confidence in the system. There are legitimate, yet often exaggerated questions of integrity.

It is especially important that losers believe they lost fair and square.

There is excessive emphasis on Russian hacking,  ignoring other risks. And a myriad of other cyber-attacks are just a part of the risks…

There is too much emphasis on cyber-attack by outsiders.  The greater risk is INSIDER ATTACK.  Insider attack is easier and likely more frequent – air-gaps cannot prevent insider attack – there is motive, opportunity, and the ability to cover-up…

Fortunately. there are remedies to these risks and lack of credibility.  They come down to TRANSPARENT, PUBLICLY VERIFIABLE ELECTIONS.  That is elections where every critical aspect CAN be verified by citizens, candidates, and parties.

“Extraordinary Claims Require Extraordinary Evidence.”…

We need to open-up the system to candidates.

  • I would enhance our Citizen’s Election Program.
  • We should reduce prohibitive signature and finance requirements for third-party and petitioning candidates.
  • We have a crazy law that prevents the posting of the list of Write-In Candidates in polling places. Posting the list should be mandatory…

The evidence is not that Millennials avoid voting because it’s inconvenient. They avoid it because they don’t have enough information about voting and candidates.

  • We need to change our archaic lever-look ballot layout. I am tired of consoling voters who missed the question on the ballot.
  • We need better voting web sites in Connecticut’s towns, many lack critical information, some have incorrect information.
  • We have Election Day Registration, yet it is the most difficult, and restrictive in the Nation. That would remedy many of the errors that cause voters to be unintentionally not registered or removed from the roles…

I am an election official, a Certified Moderator. I ran our Glastonbury Academy polling place in the 2016 presidential primary. That day changed me.

Let’s at least allow unaffiliated voters to vote in the primary. I saw many voters who did not understand the system and could not vote. They were not party regulars, they were first time voters or those that had not voted in years. I was moved that very few were upset that they could not vote. That bothers me. We may never see them attempting to participate in democracy again.

Finally, Two things you can do to help – two days for each election.

  • First, volunteer one weekday observing a post-election audit with the Citizen Audit.
  • Second, Invest a day as an election official at your local polling place.

I guarantee you will learn a lot.  Let us work together, to create a flourishing democracy we can trust.

************Update 2/29/2018

Courant coverage: Does Your Vote Count <read>

Note one small misquote:

“First, did the Russians hack our election systems? Second, were the winners of the primary elections actually determined?” [Weeks] said.
That ‘actually’ should be ‘accurately’ !

 

 

We cannot trust computers, communications, or officials with elections

Recently two serious structural flaws in computer chips have been disclosed (they were discovered several months ago). So far, the understanding is that one will be difficult to fix and the other impossible, without a new computer architecture.  See:  The World Grapples with Critical Computer Flaws <read>

We cannot say it enough, “Ultimately, computers cannot be protected from fraud and error.” We also cannot trust officials to operate flawlessly. Fortunately, there are solutions.

Recently two serious structural flaws in computer chips have been disclosed (they were discovered several months ago). So far, the understanding is that one will be difficult to fix and the other impossible, without a new computer architecture.  See:  The World Grapples with Critical Computer Flaws <read>

We cannot say it enough, “Ultimately, computers cannot be protected from fraud and error.”

It is useful to take steps to test and protect computers and communication systems from fraud, hacking, and error. Yet, ultimately they cannot be fully protected – that was proven many years ago by Alan Turing, a consequence of his “Halting Problem”.

We also cannot trust officials to operate flawlessly.  We cannot trust them even to understand the science involved.  Many believe that air-gapped computers are safe from hacking, ignoring the science and the experience of STUXNET.

Fortunately, there are solutions.

Editorial:

The solution is software independence – that a voting system results not be dependent on software – that the system, electronic and manual will detect any error in hardware or software, providing the correct election result. That means paper ballots followed by sufficient ballots security, post-election audits, and where necessary full recounts. AND;

Official independence – that a voting system does not depend on trusting officials. That there is sufficient transparency and public verifiablity that citizens can independently verity all aspects of the voting process, including independently verifying that all votes were counted and totaled accurately.

What’s the matter with Wisconsin (and almost every state?)

Recent Headlines:

Wisconsin: Walker makes it harder for candidates to get a recount in close races

Former Trump Advisor: Scott Walker Has ‘Rigged’ 5 Elections 

Editorial: What is wrong with this picture? 

Wisconsin: Walker makes it harder for candidates to get a recount in close races <read>

Gov. Scott Walker has made it harder to ask for an election recount in Wisconsin. Walker last week signed into law a bill introduced in reaction to Green Party presidential candidate Jill Stein’s 2016 recount request in Wisconsin after she finished a distant fourth. Under the new law, only candidates who trail the winner by 1 percentage point or less in statewide elections could seek a recount. If that had been in effect last year, Democrat Hillary Clinton could have requested a recount since she finished within that margin, losing the state by only 22,000 votes. But Stein would have been barred. Democrats argued against the change, saying if candidates want to pay for a recount they should be allowed to pursue it. Stein paid for the Wisconsin recount.

Former Trump Advisor: Scott Walker Has ‘Rigged’ 5 Elections <read>

“As someone with great sentimental attachment to the Republican Party, as I joined as the party of Goldwater, both parties have engaged in voting machine manipulation,” Stone wrote. “Nowhere in the country has this been more true than Wisconsin, where there are strong indications that Scott Walker and the Reince Priebus machine rigged as many as five elections including the defeat of a Walker recall election.”

Editorial: What is wrong with this picture? We don’t for a second believe Roger Stone. Yet, we have no reason to believe Scott Walker or Wisconsin election integrity.  What is needed is transparent and publicly verifiable elections so that we do not need to trust anyone.