2020 Was a Secure Election

Over at Lawfare: “2020 Is An Election Security Success Story (So Far).”

What’s more, the voting itself was remarkably smooth. It was only a few months ago that professionals and analysts who monitor election administration were alarmed at how badly unprepared the country was for voting during a pandemic. Some of the primaries were disasters. There were not clear rules in many states for voting by mail or sufficient opportunities for voting early. There was an acute shortage of poll workers. Yet the United States saw unprecedented turnout over the last few weeks. Many states handled voting by mail and early voting impressively and huge numbers of volunteers turned up to work the polls. Large amounts of litigation before the election clarified the rules in every state. And for all the president’s griping about the counting of votes, it has been orderly and apparently without significant incident. The result was that, in the midst of a pandemic that has killed 230,000 Americans, record numbers of Americans voted­ — and voted by mail — ­and those votes are almost all counted at this stage.

On the cybersecurity front, there is even more good news. Most significantly, there was no serious effort to target voting infrastructure. After voting concluded, the director of the Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, released a statement, saying that “after millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies.” Krebs pledged to “remain vigilant for any attempts by foreign actors to target or disrupt the ongoing vote counting and final certification of results,” and no reports have emerged of threats to tabulation and certification processes.

A good summary.

Posted on November 10, 2020 at 6:40 AM151 Comments

Comments

Winter November 10, 2020 7:06 AM

“The result was that, in the midst of a pandemic that has killed 230,000 Americans, record numbers of Americans voted­ — and voted by mail — ­and those votes are almost all counted at this stage.”

I was impressed by it too. I would have expected a lot of turmoil and blatant, even violent, attempts to disturb the voting and counting process. However, we can see that institutions and procedures in the US can handle a lot of stress.

My congratulations to the American people for this feat.

And for the distractors: There are people who insist the earth is flat. No reasonable argument can win them over.

Petre Peter November 10, 2020 8:31 AM

What about the super computer called Hammer and the software called Scorecard? Will we ever know if they were used to alter vote count? I hope that this site remains on the fence instead of taking political sides.

null_hypothesis November 10, 2020 8:43 AM

I agree with the summary and on the whole it’s probably correct, but breaches of security never need to be widespread and the idea that security was good “on the whole” is never evidence to suggest lack of fraud.

I found this thread on a statistical analysis of voter fraud in Milwaulkee very interesing:

https://threadreaderapp.com/thread/1325120312455749634.html

Like the thread mentions, I don’t understand why everyone thinks that ‘safe and secure’ is the null hypothesis. Did no one go to public school? I’d be interested in what others with statistical training thinks of the results found in that thread. To me, they are alarming.

Winter November 10, 2020 9:31 AM

@Petre
“Will we ever know if they were used to alter vote count?”

That can be asked also for gnomes and unicorns altering votes for Biden. We do not know the answer to that, and probably never will.

@Null
“I don’t understand why everyone thinks that ‘safe and secure’ is the null hypothesis.”

Because Republican and Democrat observers were bowed over every step of the process with their noses practically in the ballots during counting.

If any of theses observers had observed irregularities, they would have cried foul.

1&1~=Umm November 10, 2020 9:34 AM

@null_hypothesis:

“I’d be interested in what others with statistical training thinks of the results found in that thread.”

Correlation is not causation.

Also probability alows for all that is possible by all combinations within the constraints of the system no matter how unlikely.

So sometimes what you see is realy what you’ve got without trying to come up with a cause and effect you think more probable.

If you think you have a viable hypothesis you need to test it… But then you can not with “one shots” that ball that comes out of the urn is “what you’ve got” nothing mor notging less no do-overs.

Leonardo Herrera November 10, 2020 9:34 AM

Regarding that thread, I too found it alarming, but haven’t checked the data. Would love to learn more.

In my country all votes need to be cast in person, so the first time I heard that vote-by-mail was a thing in the US (many years ago) I thought it was bonkers.

Vincent Archer November 10, 2020 9:51 AM

France removed mail-in ballots as a valid election method in 1975 (keeping them exclusively for French permanent residents in foreign countries – and only for those without a local consulate or embassy in their city).

Mail-in ballots completely cut the chain of custody between the voter and the tally. There is zero guarantee that the voter actually voted, that it did use the ballot that is counted, and more. Very basically, any election in France that did rely on mail-in ballots to be decided would be instantly tossed out and redone.

The presumption of safety is not a valid argument for elections. Elections rely on confidence – the voters’ confidence that the election is fair. If the electorate does not believe the election was fair, it does NOT matter whether or not it actually was. Perception is all that matters.

The instant states started to say they would push for mail-in ballots, and accept them AFTER the election was the instant this election became a shitshow, before even a single ballot was cast.

PS: There’s also a few analysis of the ballot totals based on first-digit frequencies (Newcomb-Benford’s law). Apparently, every candidate, including senate elections, conform to the expected curves – except for Joe Biden’s ballots in wards of swing states.

PPS: Oh, and apparently there seem to be a large number of people who voted for Joe Biden in the general election, and nobody for the local elections. But again, only in the swing states.

allangregg@gmail.com November 10, 2020 9:52 AM

@Schneier: “2020 Was a Secure Election. What’s more, the voting itself was remarkably smooth.”

I’ll save your post…

Winter November 10, 2020 10:04 AM

@Vincent
“Mail-in ballots completely cut the chain of custody between the voter and the tally.”

That was never ever a problem for accepting mail in votes from the military who used it since the Civil war. But it seems only acceptible for Republican votes, not for Democratic votes.

Mail in voting is pointless in France, or in most of Europe, as they have more than enough polling stations near to their voters to accept all voters without a wait.

I never wait more than 5 minutes at the polling station in the Netherlands. And if I want, I can vote at the train station during a commute or at a polling station of my choice.

But for COVID, other ways of voting will be allowed to prevent the spread of the virus. Not a problem.

Winter November 10, 2020 10:08 AM

@Vincent
“Elections rely on confidence – the voters’ confidence that the election is fair.

Do you actually know how mail voting works in the USA? It is pretty difficult to interfere with it. So difficult that you will be hard pressed to come up with much evidence of fraud in the century and a half it has been in use in the USA.

No evidence, no case.

What unites all these Fraud callers is that they actually have no idea how the voting system in their own country works.

null_hypothesis November 10, 2020 11:12 AM

Re: arguments that “correlation is not causation” and “probability allows for…”

I’m well aware of the boundaries of probability, statistics, and stochastic processes but these kind of results are so highly unlikely that using these types arguments to dismiss it is a careless and un-rigorous approach. With the levels of probability shown, it (likely, extremely likely) means it’s not just some stochastic process and includes some sort of will to force it so far out of range of likely, even improbable probabilities.

Re: null hypothesis is security because people looking over shoulders, etc…

I go back to the idea that fraud doesn’t need to be widespread to matter, only in the narrow sense where it counts most does it need to matter. Human behavior should be the null hypothesis, whatever that is, and my experience is that there are always a portion of humans in any contest that matters that are willing to cheat. Is this not a blog on security? What would that mean in the the IT/networking world if the null hypothesis is that systems are secure? This means it’s almost guaranteed that exploitation exists and that it is harder to find.

For what it’s worth, I have seen many videos of first-hand accounts of people coming forward in key places to say they were not allowed to watch the counting. Maybe they are all lying or in error, but they came forward nonetheless.

wiredog November 10, 2020 11:27 AM

Widescale voting fraud is extremely difficult to impossible to pull off in the US because there are 50 States and some other State level jurisdictions (DC, for example) and within those States there are any number of Counties. Each State will have its own ballot initiatives (0 to n of them) Each County may have multiple different ballots (as Congressional Districts often cross County lines), plus various ballot initiatives and bond issues. Some States also have elections for the Legislature at the same time. To pull off a large scale fraud without immediately getting caught is close to impossible. Maybe a fraud could move the margins a bit, but not enough to change the outcome.

Much easier to to openly keep your opponents voters from voting.

Alexander Neff November 10, 2020 11:48 AM

It is sad when anything Trump disagrees with instantly becomes some us vs. them politics. Masks could have saved 30-50x the 9/11 attacks in lives, all he had to do was say “let’s be cautious America”. Here’s another stream in the firehose of bullshit that continuously pumps out disinformation.

If there was widespread fraud, where’s the proof? Not, “here’s what my uncle bob posted on Facebook about some guy from the Epoch Times saying China hacked the election”. Where’s the actual hard proof?

There isn’t any. Trump, the president of the USA, who has access to some of the (if not the most) advanced espionage and intelligence services is posting Breitbart, Fox News opinion, Republican operatives/politicians or “entertainment” anchors, and Twitter comments as his proof in the public sphere. His team is suing over a couple of hundred ballots here and there on technicalities.

The simple truth is that there is no proof. If there was Trump would post it to twitter, have press conferences where his team explains that proof, and file lawsuits accordingly. He hasn’t done any of those things.

metaschima November 10, 2020 12:07 PM

Personally I am happy with the way the election went and how the votes were counted. And I’m also very happy that after January, the biggest troll in the history of the world will no longer have his soap box and megaphone, and hopefully will never be heard from again.

Ignazio November 10, 2020 12:09 PM

“But Benford’s law, Biden’s numbers…”

Benford’s law doesn’t apply well to election data. Says so even on Wikipedia.
Need better evidence than that, Vincent.

Winter November 10, 2020 12:21 PM

From Wiktionary:
“If you have the facts on your side, pound the facts. If you have the law on your side, pound the law. If you have neither on your side, pound the table.”

The losing side is pounding the table as they have neither the facts nor the law on their side.

As written above, if there was evidence, it would have been plastered over the internet. If there was a legal case, it would have been made a week ago.

Sergey Babkin November 10, 2020 12:24 PM

Can the elections be really considered secure, where a day before the election a patch gets installed on the voting machines and alters the Republican votes to become Democratic? This looks pretty clearly like either a hacker attack, or a fraud perpetrated through the machine manufacturers, or both.

What about the suddenly appearing sloppily filled-out ballots for Biden, just when he was poised to lose? Is this still “secure elections”? Massive amounts of voting by the dead? What about the observers being removed form the ballot counting?

I wouldn’t say that these elections were secure. I would say that this outdoes Putin’s manipulations by a wide margin, both in audacity and in crudity.

Winter November 10, 2020 12:26 PM

@null
“With the levels of probability shown, it (likely, extremely likely) means it’s not just some stochastic process and includes some sort of will to force it so far out of range of likely, even improbable probabilities.”

Anyone who did an introduction to statistics course would have known that a biased sample can prove anything.

Anyone who did an introduction to propaganda course knows the same.

Just picking some numbers from a Facebook post is not a useful sample to base any conclusion on.

Winter November 10, 2020 12:30 PM

@Sergey
“Can the elections be really considered secure, where a day before the election a patch gets installed on the voting machines and alters the Republican votes to become Democratic?”

You are trolling the wrong elections. That is soo 2016.

Mail-in votes are counted by hand, didn’t you see. It was mail-in votes that gave Biden the upper hand.

QnJ1Y2U November 10, 2020 12:37 PM

@null_hypothesis

For what it’s worth, I have seen many videos of first-hand accounts of people coming forward in key places to say they were not allowed to watch the counting.

That’s not worth much.

  • I’ve seen a few similar posts; in a couple of them, the person complaining was not a registered watcher, but someone who just showed up and expected to be let in. In another case, a poll watcher was kicked out because they refused to follow laws against videotaping.
  • We really don’t need to litigate the validity of random videos on the internet here. The Trump campaign has a legal team, and is pursuing court cases – it’s not like they don’t have a way to present anything. In one case they’ve already lost in Pennsylvania, their lawyer admitted that they had people watching the count.

If one of the supposedly blocked watchers testifies under oath, then we can call it evidence. Right now, it’s a pointless anecdote.

Anon E. Moose November 10, 2020 1:13 PM

How do you disprove a negative? How do you know if you are infected?

You examine the symptoms. If someone says there are symptoms it is in everybody’s best interest to thoroughly examine them. Regardless of the outcome of the election, if any fraud is found and prosecuted it makes our country stronger in the long run. The rule of law can only benefit all if it punishes all those that break the law.

Every one of you that is security minded should be glad when proof is found and successfully prosecutes the criminals. Because it is in your best interest to remove them from the equation in the future.

vas pup November 10, 2020 1:14 PM

“we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies.”

Yeah, I guess Russia, China, Iran and N Korea just see from outside and decided that internal forces do the job they need to do. By the way, I doubt that after current administration screw up North Stream 2 in Europe, Russia had any intention to ‘help’.
Same for China. Just my own educated guess.

By the way, S Korea conducted election at the peak of pandemic (in May or near that month as best of my memory) when most of the votes were in person. I posted on this blog link from BBC on subject matter, but they do not have patch work rules on election kind of 50 different election systems. I would agree that is acceptable when applied to State elected officials, but I will stand as Giordano Bruno against all other emotional attacks and trolling for the following statement:

“Federal election rules should be the SAME through the whole country, in particular for POTUS and VPOTUS. And Federal Officials should oversight ALL counts in Federal elections.”

That is nothing to do with Federalism. But as see, reason is not the king recently, but rather emotions. Who could speak or rather cry louder, those are ‘correct’. Typical fallacy.

1&1~=Umm November 10, 2020 1:16 PM

@null_hypothesis

“Is this not a blog on security?”

It certainly started that way, but the meaning of security these days is very much wider than then.

“What would that mean in the the IT/networking world if the null hypothesis is that systems are secure?”

The “null hypothesis” if you want to call it that has always been in IT/networking ‘only secure to some measure’ knowing full well the measure was insufficient at all times. This being due to the nature of the problem domain, that is, it is ‘unconstrained and ever growing’ by a process akin to evolution.

Which brings us back to my earlier point about ‘testing’, because of the number of networks and the number of attackers, although each instance of an attack is effectively unique, the tools and attackers repeate in occurance over and over.

This alows for hypotheses to be made and tested, but more importantly many network instances can be ‘instrumented’ in some way such that there are sufficient records to be analysed and potential evidence to be issolated and not just correlated but then tested on issolated network instances for causation.

Thus the question you should be asking is ‘Where is the evidence of causation?’ and if there is none just correlation, you should ask ‘Were the tests sufficient?’ for which there can be only two answers if yes and there is no evidence arising then improbable though it might seem it’s probably correlation not causation. If however the tests were insufficient then tough, you can not run the experiment again because you can not return to the same starting conditions.

If however there is sufficient testing to give evidence beyond reasonable doubt then your question is answered in the positive. But as I pointed out earlier the lack of evidence does not alow you to say there was not causation, just there is no evidence of it.

So far, as far as I have seen, the ‘evidence’ appears to be imaginary rather than factually based on evidence.

So you have to accept that saying you smell smoke, is at best subjective and certainly not evidence of a gun, nor is it evidence a gun has been used for ‘murder most foul’ when there is not a body or evidence there was one. The same logic applies to elections irrespective of subjective view points.

So it’s upto people to produce the evidence, otherwise their claims are subjective hypotheses and nothing more. It’s why some judges have taken less time to throw out some claims than it did to type up the claim in the first place.

I don’t rule out that it is possible to tamper with elections, in the same way I do not rule out the possibility of a meteorite having some effect in my life. There is evidence to show both can and have happened. So I instead ask as the judges do for claiments to establish a sufficient burden of proof via credible primary and testable evidence.

And you should do likewise.

Elvin November 10, 2020 1:19 PM

Ignazio@: Benford’s law doesn’t apply well to election data. Says so even on Wikipedia.

Care to explain the numerous changes that have been made on Wikipedia from 5th to 10th November 2020?

Why all of a sudden?

one_search_on_google November 10, 2020 1:40 PM

According to Schneier himself… We cannot rule out vulnerablities on voting machines. These are the results of searching “Schneier Diebold machines” on google.

May 2006:
Major Vulnerability Found in Diebold Election Machines

Aug 2008:
Diebold Finally Admits its Voting Machines Drop Votes

Oct 2011:
Insider Attack Against Diebold Voting Machines

Has something changed on 2020?
I am fairly sure pre-2020 there will be more “voting is unsafe” articles on this very same blog.

xcv November 10, 2020 1:48 PM

no evidence any foreign adversary was capable of preventing Americans from voting

Bah Humbug. The grinch that stole Christmas and all that.

The same old Russian Mafia (?) associates forced me off the road on the way to my official polling place. It was a gang of drivers who had attempted to murder me by forcing my vehicle into a large boulder they had laid on the road. I believe it was about the time of the Congressional election 2 years ago.

Vincent Archer November 10, 2020 1:49 PM

But for COVID, other ways of voting will be allowed to prevent the spread of the virus. Not a problem.

France did their second turn of a major election in the middle of COVID crisis, in June. With ZERO mail-in voting allowed, only in-person voting.

The case and death curves were carefully monitored for weeks afterward, and showed no visible impact from the voting. In other words: voting in-person, with mandatory masks and hand cleaning is perfectly safe and has no statistically significant effect on the spread of the virus (unlike uncontrolled, unmonitored large gatherings). This has been known for months. Anyone who says different is fear-mongering, period.

Once again: Mail-in ballots are the most, simplest, easiest form of fraud for an election. An election that relies on mail-in is an election that will never have the legitimacy of an in-person election.

yza November 10, 2020 1:56 PM

Wikipedia changes entry on Benford’s law on November 5!

They changed it from:

“Benford’s law has been invoked as evidence of fraud in the 2009 Iranian elections,[34] and also used to analyze other election results.”

to

Benford’s law has been invoked as evidence of fraud in the 2009 Iranian elections,[34] and also used to analyze other election results. However, other experts consider Benford’s law problematical or misleading as a statistical indicator of election fraud.[35]

https://www.tigerdroppings.com/rant/election-2020/wikipedia-changes-entry-on-benfords-law-on-november-5/93017578/

1&1~=Umm November 10, 2020 2:05 PM

@Elvin:

“Why all of a sudden?”

For the same reason people suddenly tidy their house up when they know their are going to be important visitors.

That is why do the dusting during the winter when you know you are going to ‘Spring Clean’, it’s more comfortable to sit in a warm room than throw open the windows. But then you get told somebody important is visiting, for Winter Solstice so you do throw open the windows and dust dust dust.

It’s called ‘human nature’. We all behave in this way in some respect, and there realy is no point in denying it.

Hansruedi November 10, 2020 2:12 PM

Mail Voting: Switzerland Reporting In

More federal oversight for Moutier vote re-run: Authorities have announced a joint plan to ensure that re-run elections in the contested town of Moutier in northwest Switzerland next spring are fair, including a bigger role for the federal authorities. November 6, 2020

In the latest chapter of one of the most divisive issues in recent Swiss politics, on March 28, 2021 the town of Moutier will decide for the second time whether to leave German-speaking canton Bern to join French-speaking Jura.

This comes three years after the first vote, on June 18, 2017, which was narrowly won by the “separatists” wanting to join canton Jura. However, the vote aroused suspicions that some “electoral tourists” had registered themselves as eligible voters in Moutier without actually living there. Bern authorities overturned the result and this decision was later confirmed by the Bern administrative court. Besides irregularities, the court pointed to “inadmissible” propaganda by officials such as the mayor, who should have been neutral on the issue.

The plan announced on Friday by Moutier municipality, canton Bern and the federal authorities aims to guarantee that the vote is fair and that people trust the results.

Bern Chancellor Christoph Auer said the March 28 vote must be “irreproachable so that the result is accepted by all parties”.

https://www.swissinfo.ch/eng/more-federal-oversight-for-moutier-vote-re-run–/46145624

“Ueberall ist Biden”

none November 10, 2020 4:56 PM

In some districts

  • 80% of Republicans voted in person.
  • 80% of Democrats voted by mail.

How can anyone even remotely guarantee that such an election is fair?

A key principle of fairness is that you neither know what is inside a mail-in vote, nor for whom a person will vote, so that everyone gets treated equally.

In this election, it was pretty clear what was inside of a mail-in vote, and how a person would vote.

  • If you don’t like Republicans, all you have to do is make them wait by working slowly, check their ID extra carefully, and reject any dubious cases. Don’t have many or convenient polling stations.
  • If you don’t like Democrats, you just follow the rules for mail in votes (e.g. address verification, signatures etc.) to the fullest extent.

Both types of problems have been widely documented

https://www.nytimes.com/2012/10/07/us/politics/as-more-vote-by-mail-faulty-ballots-could-impact-elections.html?auth=login-email&login=email

https://www.nytimes.com/2020/10/29/opinion/voter-suppression-election.html

Now we can argue about the exact definition of “security”, but I election that can be influenced by applying rules differently, without any possibility of a proof, or even a mathematical definition of fairness, is not at all secure.

V November 10, 2020 5:22 PM

Sergey Babkin says:

Can the elections be really considered secure, where a day before the election a patch gets installed on the voting machines and alters the Republican votes to become Democratic? This looks pretty clearly like either a hacker attack, or a fraud perpetrated through the machine manufacturers, or both.

In that case it’s a good thing thing there are paper ballots. You are welcome to re-count them – all of them – by hand. (You’ll need to pay overtime for a county employee and an on-duty cop or two who’ll watch to make sure you’re not trying to add or delete ballots.)

Come back when you have actual numbers.

Dave November 10, 2020 5:59 PM

Ah, but the absence of any evidence of fraud just demonstrates how clever the criminal Biden gang has been in stealing the election.

(NB: This is satire, unless you’re a Trump supporter).

Steveo November 10, 2020 6:09 PM

Foreign agencies didn’t successfully tamper with the election, you can tell because Trump didn’t win.

Clive Robinson November 10, 2020 6:42 PM

@ hellman,

Projected by whom?

Hmm,

My only real projection was that at a fundamental level the two candidates were for US citizens interchangeable and you should take a careful look at the running mates… and it got moderated.

But I can make one just for you and we can argue the finer points as time goes on.

Like others who don’t live in the US I find your four year beauty pagent paid for by those you have little idea who they are is not a “question of taste but policy” specifically foreign policy. So appart from the usuall froth the two contenders fundemental policies to the rest of the world were effectively the same and that’s quite a ways right of center by European and other First World standards. I guess the question is will the new US Ambassador to the EU be as uncouth as Trumps, who on his first visit anounced to one and all that his mission was to destroy Europe…

The point is Trump saw the EU as a US National Security threat much as he did China but in less obvious ways, as others have noted here the US policy on the German-Russian pipline and any European Army are unlikely to change. With many in the EU not at all convinced that Biden is going to change that view point very much if not actually make things worse a lot worse…

Biden associates with Ireland as do around 10% of the US population. He does not associate with the EU or UK as such which means that he’s very anti-Brexit and blaims both sides fairly strongly. He also has indicated he is thinking about strengthaning NATO, something a number of EU nations are very much against.

So with Biden having a great deal to deal with domestically, and potentially a hostile bunch of US politicos hell bent on destroying any US domestic policy Biden might want to come up with, various EU politicians are thinking that Trump exceptionalism is going to become Biden Isolationism, quite quickly and any “US Special Relationship” gone with Brexit.

Others are thinking along similar lines,

https://www.aljazeera.com/news/2020/11/8/how-will-biden-impact-nato-and-brexit

Winter November 11, 2020 12:45 AM

@jdgalt
“There are also lots of videos showing cheating at veritasvisuals.com.”

Here is video evidence Elvis is still alive:
hxxps://www.dailymotion.com/video/xjb72d?syndication=273844
hxxps://popculture.com/music/news/newly-surfaced-elvis-presley-video-conspiracy-theorists-convinced-alive/
https://www.thesun.co.uk/news/8314941/elvis-presley-alive-preaching-arkansas-pastor-conspiracy-theory/

On top of that, there are a thousands of photographs proving the Elvis is still alive.

Summary: Neither a picture, not a video are proof or even evidence. Only a witness that can verify that what is shown in the videos and pictures and can be questioned about the where and when of the events is evidence.

Winter November 11, 2020 12:48 AM

@RJ
“You are displaying your political preferences here. Your guy won, so it was a good election.”

Four years ago, your guy won. Your opponents then did not claim this was the result of fraud.

Now your guy did not win, so you claim it was fraud.

Conclusion: You are very sour losers.

QnJ1Y2U November 11, 2020 12:57 AM

The comments on this article are demonstrating that the real vulnerability in US elections isn’t voting machines and vote counting. That’s spread among too many states and counties and cities for any kind of national attack to succeed.

The real vulnerability is people’s trust in the system, because that is easy to attack. Just wave around unsupported anecdotes, and harp on the mistakes that are bound to happen in a system this large and complex. Ignore the numbers, since there’s no way for a few hundred alleged incidents to affect an election decided by hundreds of thousands of votes.

Here in the US, the attackers can count on right-wing media to echo and amplify their claims, with no vetting. And they can count on an army of supporters to spread their message for free. And most disturbingly, the Trump administration can count on many elected GOP officials to stand by silently, waiting to see if the power grab will work.

The only check that’s working right now is the courts; the stories and the videos and the anecdotes and the made-up statistics vanish when people have to tell the truth under penalty of perjury. This is from earlier:

Today in a Pennsylvania court:
Judge: “Are you claiming there there is any fraud..?”
Trump lawyer: “To my knowledge, at present, no.”
Judge: “Are you claiming that there is any undue or improper influence upon the elector…?”
Trump lawyer: “To my knowledge, at present, no.”

Winter November 11, 2020 12:59 AM

@uh
“Has anyone noticed there’s a coup in progess?”

I think the rest of the world is seeing that quite clearly. But then, the rest of the world also watches other third world countries where local strong men refuse to accept election outcomes. They recognize the pattern.

Winter November 11, 2020 1:30 AM

@jdgalt
“Those who dismiss these facts by comparing them to flat-earthers are malicious liars.”

Then why are Trump and his lawyers not giving us the evidence?

As long as Trump and his lawyers are not in front of us, or better a court, and telling us what has happened, where, when and by whom, there is nothing. There were Republican observers in each and every polling and counting station. The USPS is lead by a Trump appointee. If there had been mass fraud, they should step forward to tell us what happened.

But in front of a judge, all the accusations fall apart:
“A Trump campaign lawyer admitted before a federal judge on Thursday that observers for the campaign were allowed to watch ballot canvassing in Philadelphia,”
http://www.myjoyonline.com/news/international/federal-judge-confirms-trump-election-observers-in-philadelphia-are-being-treated-fairly/

Btw, flat-earthers too are claiming those who show proof the earth is round are all liars. So I see no difference between you and random flat-earthers.

Researcher Zero November 11, 2020 1:42 AM

This is what can be said publicly. –

Two sets of federal indictments – one in February and another in July – allege in detail how a private company linked to Putin and the Russian military itself worked to polarize American political discourse and sway the 2016 U.S. presidential election.

h ttps://theconversation.com/how-the-russian-government-used-disinformation-and-cyber-warfare-in-2016-election-an-ethical-hacker-explains-99989

some background of the kinds of people involved –

One top mule recruiter in the US fled west, staying a step ahead of investigators in Las Vegas and Los Angeles before finally escaping the country inside a shipping container.

(a long read but contains some background)
h ttps://www.wired.com/2017/03/russian-hacker-spy-botnet/

capabilities –

h ttps://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

individuals involved –

there are members in the field in several Western countries and people have been compromised
h ttps://www.nytimes.com/2019/10/08/world/europe/unit-29155-russia-gru.html

Researcher Zero November 11, 2020 3:05 AM

more background –

h ttps://www.independent.co.uk/news/world/europe/europol-fbi-joint-investigation-operation-pacifier-uncovers-global-paedophilia-ring-870-arrests-a7722821.html

h ttps://www.vice.com/en/article/mg79nb/australian-authorities-hacked-computers-in-the-us

Clive Robinson November 11, 2020 3:47 AM

@ Researcher Zero,

Two sets of federal indictments – one in February and another in July – allege in detail how a private company linked to Putin and the Russian military

And you lost the argument at that point…

These indictments are pointless political posturing and the people that drew them up know that.

I’ve explained the reasons before when they occurred.

You then provide a bunch of links to other historic items, but you in no way link them together at all let alone coherently.

Such behaviour is often associated with those that try to concoct conspiracy theories…

Winter November 11, 2020 3:56 AM

@Zero
“Two sets of federal indictments ”

As Clive already wrote, anyone can be indicted, that is not more than “someone might be accused of something”.

What counts is whether this is followed up by a court case and a guilty verdict. As you only point links to the indictment, I can safely conclude there was never a court case with a guilty verdict, or even a court case proper.

Which leads me to the same conclusion as Clive: behaviour associated with those that try to concoct conspiracy theories…

MarkH November 11, 2020 5:29 AM

Starting last Friday, the president and his associates began asserting that evidence of serious election fraud would be presented on Monday.

Until now, all I have seen offered as evidence are statements from two persons (with no claim of supporting documents or other objective evidence), one of whom is reported to have already signed an affidavit to the effect that his prior election fraud allegations were false.

By yesterday, the New York Times spoke to state election officials in all 50 of the United States. None of them reported awareness of evidence for systematic election fraud in their respective states.

I suggest a framework for consideration of claims of election fraud.

================

The claimed offenses would violate criminal statutes, subjecting any perpetrators to risks including: imprisonment, destruction of careers, and legal expenses on the order of $100,000 per defendant (or possibly some multiple of that).

================

As I’ve written before, every federal election has liability to error which cannot be reduced to zero. I’m sure that every tally includes illegally cast ballots, mostly by honest error. For example, people moving between districts or states may fail to learn the rules governing where they should vote. Sometimes, legal aliens who’ve long lived in the U.S. mistakenly believe they are eligible to vote. With mail balloting, I imagine that a few elderly widows or widowers might have sent ballots based on how they thought their recently departed spouse would have voted.

So if somebody says, “there were illegal votes” … well, probably so. But the public allegations (without convincing evidence) are of numbers of improper or erroneous votes, sufficiently large to affect outcomes.

================

Much has been made of the risks of voting by mail. Surely, the attack surface is different from in-person voting. But is it larger? In most cases, the conduct of U.S. elections provides a high degree of auditability. I suspect that mail ballots can be audited far more effectively than traditional in-person votes.

It’s easy to imagine a variety of ways to attempt mass mail ballot fraud. So far, I haven’t thought of one that is likely to escape detection by audit.

================

The “insider attacks” implied by those claiming mass fraud would, in most cases, require a conspiracy: a person working alone would have little chance. But real world conspiracies have a tendency to break down, especially when conspirators are confronted with the risk of prosecution (see above).

================

Although detection of errors and misconduct is a worthwhile exercise, so far the “investigations” seem to be showing that the system worked pretty well. By way of example, a Trump campaign lawsuit in Arizona claims that certain ballots were handled improperly — according to state officials, about 180 ballots fall into the specified category. The final margin is expected to be on the order of 10,000 votes.

================

To my knowledge, that last U.S. presidential election whose outcome might plausibly have been determined by fraud was 60 years ago.

U.S. election processes have been on a generally improving trajectory ever since — unevenly and with missteps, but trending in the direction of greater integrity.

As Carl Sagan was famous for saying, extraordinary claims require extraordinary evidence.

os November 11, 2020 7:36 AM

One of the most important concepts of an election is the ability to vote in secrecy.

No one should be able to see your choice, be able to influence your choice, or even know whether you voted at all. The last of course only applies to the general public, voting officials need a list to check people off.

If these principles are violated, the election is not a fair or secure election.

In East Germany, they provided voting booths that you could use if you wanted to.

Would you want to go to a booth to fill out your vote in private, if all of your colleagues vote in the open?

Going to the booth would have immediately made you a target of the secret state police. Goodbye to promotions, as people were encouraged to vote together with their colleagues. The company might even provide a bus to take their employees to the polling station.

During the last election, the Socialist Unity Party received 99.x% of the votes.
A few month later, during the first fair election, they only got 16%

We called voting ‘going folding’, because people would pick up their ballot, fold it (thus accepting the default candidates), and stuff it into the ballot box unmodified.

Any deviation would have made you suspicious. But, of course, you had the theoretical right to vote secretly.

We called it “Zettel falten – Schnauze halten” (Fold the ballot, keep your mouth shut).

If anyone thinks this practice has died with the Eastern Bloc, here is a fascinating book about Japan, where voting by mail is used by big corporations to force their employees to vote for the company candidate:

Notes from Toyota-land: An American Engineer in Japan

https://books.google.de/books?id=YaJhDwAAQBAJ&lpg=PP1&dq=notes%20from%20toyota%20land&pg=PA178#v=snippet&q=absentee&f=false

The employees are pressured to apply for absentee ballots, the company then hires vans to drive them to the polling station to hand over their ballots under the watchful eyes of the company.

I have asked a Japanese colleague about this practice, and he said that ‘it does happen’.

For this reason, vote by mail is completely unacceptable in a fair election. Absentee ballots should only be the ultima ratio for people who cannot vote in person and should require justification. They should never be more than a small fraction of the total votes.

As @Vincent Archer mentioned above, France and many other countries can run un-contested (and un-contestable) elections in persons without any problems.

Fred Carson November 11, 2020 9:31 AM

It is baffling that many commentators seem to conflate election systems security and voter fraud. Systems security is a valid concern with the inherent vulnerabilities going back to the 1980’s. And with the rush to introduce technology into the election process, there’s no question that these systems require review and assurances on a continual basis.

Voter fraud is as old as prostitution, but that doesn’t correlate to its widespread existence. My recollection of election fraud is the 1930’s and big political organizations that are historical footnotes in our democratic history. Fraud safeguards are in place at the state level and voter fraud has remained at an insignificant. If you have factual proof, show us the beef.

Isn’t it striking to all the smart commentators that cries of statistically significant voter fraud suddenly appeared with the presidential election of an American of African descent? Apparently that could never have happened without “massive” voter fraud, so therefore massive fraud must have occurred because we lost.

I guess if you feel like you are entitled to have your candidate elected and iyou don’t get what you want legitimately, you adopt the age-old sandlot option of screaming falsehoods and tantrums. I don’t get the connect with the discussion of election system security.

no.name November 11, 2020 11:25 AM

Just in:

GEORGIA SOS ANNOUNCES HAND RECOUNT

Georgia Hand Recount is Official

this will be a hand recount, an audit, and a re-canvassing all at once.

B but Bruce wrote there was no fraud. So why a recount?

WmG November 11, 2020 11:53 AM

@no.name @ All
Why the Georgia Recount? A response to FUD and other widespread dishonesty.

Quoted Material:
Georgia Secretary of State Brad Raffensperger announced Wednesday his state will conduct a manual hand recount of all ballots cast in the presidential race in the state, as he faces growing pressure from fellow Georgia Republicans over unsubstantiated accusations of voting irregularities and mismanagement of the state’s elections.

“This will help build confidence. It will be an audit, a recount and a recanvass all at once,” Raffensperger said at a press conference. “It will be a heavy lift.”

He said the presidential contest will undergo a risk-limiting audit, which requires a full by-hand recount in each of Georgia’s 159 counties.
Link:
https://www.cbsnews.com/news/georgia-election-hand-recount-audit-presidential-race/

While opinions can differ, and as much as the right wing has tried to assemble an alternative reality, that does not work. No one is entitled to their own facts.

So, some related factual[1] background:

From the NY Times:
November, 10, 2020
Quoted material:
Officials in Every State: No Evidence of Voter Fraud
Election officials in dozens of states representing both political parties said that there was no evidence that fraud or other irregularities played a role in the outcome of the presidential race, amounting to a forceful rebuke of President Trump’s portrait of a fraudulent election.

Over the last several days, the president, members of his administration, congressional Republicans and right wing allies have put forth the false claim that the election was stolen from Mr. Trump and have refused to accept results that showed Joseph R. Biden Jr. as the winner.

But top election officials across the country said in interviews and statements that the process had been a remarkable success despite record turnout and the complications of a dangerous pandemic.

“There’s a great human capacity for inventing things that aren’t true about elections,” said Frank LaRose, a Republican who serves as Ohio’s secretary of state. “The conspiracy theories and rumors and all those things run rampant. For some reason, elections breed that type of mythology.”
Link:
https://www.nytimes.com/2020/11/10/us/politics/voting-fraud.html

Washington Post
November 10, 2020
Why GOP superlawyer Ben Ginsberg is bucking his party and blasting Trump’s baseless election claims
Quoted material:
Asked to explain his transformation, Ginsberg said he became increasingly troubled this year that Trump was not just making baseless claims about fraud, but also undermining a tenet of American democracy.
“My evolution started when the president doubled down in the lead-up to the 2020 election on his charges that our elections are rigged and fraudulent in a way that he hadn’t previously,” Ginsberg said. “It became a systemic attack made completely without evidence, aimed at undermining a basic pillar of our democracy. I know there’s no evidence for systemic fraud because I had spent the better part of every election for four decades working in Republican poll-watcher programs and elections day operations.”

link:
https://www.washingtonpost.com/politics/why-gop-superlawyer-ben-ginsberg-is-bucking-his-party-and-blasting-trumps-baseless-election-claims/2020/11/10/f2aa7056-236d-11eb-8599-406466ad1b8e_story.html?

[1] You may be aware that newspapers employ people called reporters whose job it is to conduct interviews and other research to discover facts. This differs from opinion, as can be seen by actual quotes from Republican officials in the pieces cited here. Actual news organizations really hate to get facts wrong because it makes them look stupid, or even worse, dishonest. Propaganda outlets do not care about such niceties.

os November 11, 2020 12:11 PM

To me a big part of election security is also that every hillbilly can understand the process and can be somehow convinced that the election was done correctly. When I vote in my country, the process is very simple, no electronics are involved, and anyone can watch the ballots being counted by hand.

The bizarre and arcane voting system in the US sadly fails at being transparent and understandable.

Of course, the current election is an emotional topic for many, but even looking back at the Bush-Gore election https://en.wikipedia.org/wiki/Bush_v._Gore all I see is a mess.

When Bush was elected, everyone was accusing the Republicans of fraud by voting machine. I am sure voting machines were discussed widely on the CRYPTO_GRAM newsletter then. Now the same community tell us that the elections are secure.

Honestly, I am disappointed by this reaction. As security professionals, we should never dismiss exploits as ‘rare’ and take the absence of evidence
for fraud as evidence for the absence of fraud.

I would love to read credible accusations how voter fraud could work (at least in principle), but I don’t know the system as I am thankfully not American. Sadly, all accusations seem to come from the Trump camp without much substance, and anyone who brings up any issues is dismissed summarily.

The little about elections that I read about elections in the US just leaves me shocked.
I don’t know if voter fraud is a big issue or not, but I remember reading that sometimes ineligible people, such as felons or aliens, get convicted for voting after the fact. How can this even happen? Clearly authorization by default with a list of denied users that get checked after the election is not an acceptable security practice.

Leaving such a loophole open does immense damage to the trustworthiness of the electoral process. Probably it doesn’t get used other than by accident (I can’t imagine illegal aliens would risk deportation or felons would risk going back to prison), but it allows the losers to contest the election and to split society even more.

I wish election security would be treated like hardware security.
Create a list of attack vectors and then mitigation schemes.
Publicly discuss possible security issues and then work on fixing them. Have bug bounties and give recognition to people who talk about security issues instead of ostracizing them as Trumpists.

Sadly, there is very little discussion about election security from a technical and non-partisan viewpoint. I have seen a pamphlet from the UN about organizing secure elections, but all first world nations pretend that there systems are perfect.

At the moment, any criticism of the electoral system, such as pointing out possible avenues of voter fraud, would be a career threatening move for any aspiring security researcher – A very bad situation indeed.

Someone like @Bruce Schneier would be the perfect person to spearhead a movement to improve the system.

Clive Robinson November 11, 2020 1:27 PM

@ Fred Carson,

It is baffling that many commentators seem to conflate election systems security and voter fraud.

Possibly because they are using “secure” in a different way to you.

That is they are asking,

“Is the election process secure in it’s outcome?”[1]

The answer to which very definately includes detecting anomalous patterns and reasonably investigating for potential fraud as well as failures and errors.

[1] Which is what the title to this thread is all about.

eagle November 11, 2020 2:44 PM

‘Online and vulnerable’: Experts find nearly three dozen U.S. voting systems connected to internet
A team of election security experts used a “Google for servers” to challenge claims that voting machines do not connect to the internet and found some did.

It was an assurance designed to bolster public confidence in the way America votes: Voting machines “are not connected to the internet.”

Then Acting Undersecretary for Cybersecurity and Communications at the Department of Homeland Security Jeanette Manfra said those words in 2017, testifying before Congress while she was responsible for the security of the nation’s voting system.

So many government officials like Manfra have said the same thing over the last few years that it is commonly accepted as gospel by most Americans. Behind it is the notion that if voting systems are not online, hackers will have a harder time compromising them.

But that is an overstatement, according to a team of 10 independent cybersecurity experts who specialize in voting systems and elections. While the voting machines themselves are not designed to be online, the larger voting systems in many states end up there, putting the voting process at risk.

That team of election security experts say that last summer, they discovered some systems are, in fact, online.

 “We found over 35 [voting systems] had been left online and we’re still continuing to find more,” Kevin Skoglund, a senior technical advisor at the election security advocacy group National Election Defense Coalition, told NBC News.
 
The three largest voting manufacturing companies — Election Systems &Software, Dominion Voting Systems and Hart InterCivic — have acknowledged they all put modems in some of their tabulators and scanners.

https://archive.is/zXhxM

WmG November 11, 2020 2:47 PM

@os
Elections are understandable, until one party turns itself into a conspiracy factory. Then all sorts of dubious claims begin to take flight.

You wrote, “ When Bush was elected, everyone was accusing the Republicans of fraud by voting machine.”

Not true. A review of the facts shows that the Republicans saw that the race was tipping toward Gore. They were able to stop the counting with Bush still ahead.

It went to the courts, where the Republican-majority Supreme Court decided in favor of not allowing the ballots to be counted. This threw the decision to Bush.

The fair term for that was not fraud, but theft. Theft by ugly court precedent. Which the Republican justices wrote could not be cited as precedent (unless they wanted to at some later date, one supposes).

Widespread voter fraud has been shown again and again to not exist. A half dozen votes. It’s actually pretty hard to vote. Identification is required. That is how the integrity of elections is maintained.

Ballots are printed by local election authorities and are fundamentally impossible to fake. You can see poll workers handling the ballots. Carefully examining them as they are fed into tabulators. The workers are watched by locals of both parties, and there are no opportunities for fraud there.

Now, the computers that do the tabulation could be hacked. That’s a much more difficult question. That problem can be solved by hand recount and audit.

Recounts happen and pretty much never change an outcome because they don’t change enough votes. Because the margin of error is small. But watch for jurisdictions where requests for recounts are denied. Looking into that is left as an exercise for the reader.

It is not really a “ bizarre and arcane voting system in the US.” But it is made complicated by the size of the country. There are 3,141 counties, divided, in the 2016 election, into 178,217 voting districts called precincts.

So, yeah, many polling places, a lot of tabulating.

In 2020, Republicans, fearing defeat put in place methods of slowing down the counting of ballots in the hope (how this would have worked, aside from a Florida 2000 scenario it is completely unclear) that Trump would somehow claim Victory.

Trump himself made the demand that Amy Coney Barrett be seated on the Supreme Court giving Leader Trump a definite majority, which would come in handy when the big election case went to them. But that will not happen.

Because the margins in most places are not a few votes, or a few hundred. More like 10,000.

Ismar November 11, 2020 2:49 PM

Firstly, there have been no credible evidence given so far that this particular election had any major irregularities so far.
What I find more interesting, though, is the following:
1. Trump administration claiming in advance that the election (or the postal votes at least) would be rigged even before the start of the election itself (there should be some law against this as it can be seen as meddling into the election process)
2. People from the opposite side of political spectrum coming up with convoluted arguments to support their preconceived ideas about the fairness of this election based on the outcome of the same rather than on any sound scientific (objective) approach. It reminds me of the saying that
“ Many people think they are thinking when they are merely rearranging their prejudices”
Lastly, what happens if Trump simply refuses to go – who has got the authority (force) to remove him from the White House?

Security Sam November 11, 2020 2:57 PM

The counting clown tripped on his gown
Fell two levels down and cracked his crown
His smirk morphed into a facial frown
The jesters called for a manual recount.

WmG November 11, 2020 4:32 PM

@Ismar
For myself, I had not been looking forward to the Trump win I had expected. What objective elements came into play?

Trump kept underperforming his already low expectable behavior, In every way, except for his hardcore base, which he did nothing to enlarge, he alienated himself. A fundamental flaw in Trump’s character is that he does make friends, he only fires people. He has no empathy.

His performance during the Covid-19 pandemic is emblematic. He cannot learn and his lack of empathy leaves his cruelty exposed.

All along, Biden kept rising in the polls.

Trump and the GOP blocked any economic assistance necessary to dealing with the pandemic, choosing instead to focus on jamming an unpopular Supreme Court nominee through.

Trump also made the mistake of telling Republicans not to vote by mail. He’s on the record discouraging the casting of legitimate ballots that would have been for him.

Biden went along wearing a mask and talking good sense. Trump ridiculed him and began to fall in the polls.

Well, polls are polls and votes are votes, very different things.

And when it came time to vote, a greater percentage of eligible voters cast ballots than had in many decades (66.4% compared to 59.2% in 2016).

Stealing and election through changing vote counts has to be done with subtlety so it remains hard to detect. It is much harder to steal an election when more votes are cast and the anticipated result is lopsided. We still see that voting results were much closer than the opinion polls showed.

Now, in the US of 2020, almost anything is possible, so I’m not celebrating yet.

os November 11, 2020 5:48 PM

@WmG I think we are talking past each other. You mean the supreme court decision about Bush vs. Gore (which I didn’t follow in detail, but I fully agree with what you are writing).

I was referring about the problems with Diebold voting machines, that were widely discussed here: https://duckduckgo.com/?kh=1&q=diebold&sites=www.schneier.com&ia=web
and in the news https://columbusfreepress.com/article/diebold-indicted-its-spectre-still-haunts-ohio-elections

Widespread voter fraud has been shown again and again to not exist. A half dozen >
votes. It’s actually pretty hard to vote. Identification is required. That is how t

from a security point of view, whether voter fraud is rare does not matter to me. The system has to be designed such that fraud cannot happen. If people who are not allowed to vote can still vote and are rounded up after the election, then we are dealing with a bad design.

Is identification required everywhere in the US? My understanding is that this is a very contentious issue in the US, the Democratic argument being that requiring ID would lead to voter suppression, and the Republicans claiming no ID would lead to voter fraud. I think in many states all you need to do is sign an affidavit or maybe provide a letter with your address.
The obvious solution would be to make it possible for everyone to get ID, but neither party seems to want that for their own reasons.

Ballots are printed by local election authorities and are fundamentally impossible to fake. You can see poll
It would be better if the security of the election did not depend on unforgeable ballots. Are they really? Who checks that the factory doesn’t print a couple more? Ruling parties tend to give jobs to their cronies anyway, if their buddies to the printing, why not order more?

What if a forger or enemy nation state actor decides to print more ballots? You can buy drivers licenses online that supposedly pass every test, so what if the same people decide to destabilize our country by injecting counterfeits?

Can you imagine what would happen if counterfeit ballots were found now? That might cause a civil war in the country.

An in-person vote does not have that problem. One of the most interesting articles ever published here was about the security of the papal elections: https://www.schneier.com/blog/archives/2005/04/hacking_the_pap_1.html
One key feature was folding the ballots such that stuffed ballots would have the same folds and could be identified. If you can’t trust a cardinal, you can trust no-one.

Also, even if fraud could be completely excluded, mail-in votes still have the problem of voter coercion and vote buying. If this happens in Japan, it could happen here as well. What if someone creates a social media movement of people posting pictures of their ballots? What if people who don’t get denounced as unpatriotic? Such a thing could explode on social media in no time, far to fast to do anything about it. Now that all the conservatives are moving to the Parler (?) social network, you can’t even censor it anymore.

There is also too much leeway in interpreting and handling the ballots that could be abused by either party.

For example, the Trump camp claimed that 300000 ballots went missing from the postal service. This is not true, what happened is that postal workers removed ballots from the system by hand and brought them to the polling stations without an exit scan to speed up the process and deliver the ballots on time. I applaud the post office for their dedication, but it raises an important question:

Do we want a voting system where getting the vote counted depends on postal workers bending the rules and putting in an extra effort?

What if they put in the effort only for one party? That would be easy, as there are huge regional differences. Is it fair that rural districts probably have less frequent pickup of the mail? That more mailboxes are broken into in poor areas? What about signature verification? If you are a lawyer, you probably have a really nice signature that always looks the same. What about people who have problems writing? I would bet that they would have a higher fractions of their signatures getting rejected.

A couple of years ago, the New York Times ran an article about the dangers of mail-in voting. I don’t remember the details, but the number of ballots rejected was 2x that for in person voting, roughly 5%. That is a lot of ballots that could be rejected in a discriminating way, without any way to prove misconduct.

There is so much leeway in verifying signatures that this step alone could easily be used for voter suppression.

While I don’t know of any evidence that votes were suppressed for either party, it is just as impossible to prove that the post office worked as hard for Republican votes as for Democratic ones. It is not possible to disprove any such conspiracy theory.
This is why I strongly believe that an election should not have any subjective elements that could fuel conspiracy theories. The simpler, the better. An election should not have

  • any subjective verification process (e.g. a signature check)
  • differently processed streams for different votes (e.g. mail-in, military, in-person etc.). Each one will be checked differently, and by being extra strict or lenient, you can now filter out votes without any proof of wrongdoing.

I find it very worrisome to read praise for the voting by mail and calls to always vote by mail in the future. This is a system that has too many downsides that we as security professionals should do something about.

Is there any formal security analysis of the US voting system (or of the one of any advanced nation?), or do they practice security by obscurity?

os November 11, 2020 6:07 PM

@Ismar My personal take to your point 1. is this (as an interested outsider):

I don’t want to fuel the partisan discussion here, so let’s just say that Trump was well aware that mail in votes would not be to his benefit.
So it was essential to agitate against the mail-in votes, fraud or not. This interference most likely cost him the election, as he called his voters to not vote by mail, but in person.

Doubts about the election will never go away, as I mentioned above it is impossible to prove fairness.

The lessons from a security point of view are that we need to

  • make sure that we don’t have differently processed ballot streams
  • no subjective verification steps
  • make conspiracy theories part of the design document and mitigate against them from the beginning

MarkH November 11, 2020 9:12 PM

Responses to various comments:

Still Waiting for Evidence of Fraud

A summary (NPR) of Trump litigation so far.

Is Georgia Recount Evidence of Fraud?

No.

Georgia election rules call for an audit in the case of such a close election outcome. The decision to make a 100% hand recount is based on a somewhat strained interpretation of the rules; an offered justification is that the sample size would be so large anyway, that counting all of the ballots is cheaper.

Story from the Atlanta Journal Constitution. [The URL has an apparent nonce, which might perhaps impede sharing; if the link doesn’t work, search the headline “Hand recount moves ahead under interpretation of Georgia election rules”]

Mail Balloting is Easy to Corrupt … Right?

At least a couple of commenters seem to have taken it as an axiom (indisputable self-evident truth) that it’s easier to commit election fraud when mail balloting is permitted.

That premise deserves critical examination.

A simple safeguard is to assign a serial number to each ballot, and track which numbers were sent to whom. This complicates the work of a counterfeiter quite a bit! You can print up as many ballots as you like, but I don’t see any practical way to do so in significant numbers without setting off alarm bells.

Another simple safeguard is that ballots are supposed to be signed by the voter. If I want to insert even a modest number (12, for example) of counterfeit ballots, I must somehow create reasonable facsimiles of the signatures of an equal number of actual persons … and make sure that none of them vote.

Is stealing an election by mail really so easy? Are you sure about that?

In the coming weeks, substantial failures (if any) in the balloting process will be revealed. Whatever mistakes or vulnerabilities may be revealed, can be used to compile a set of Best Practices for future elections.

Covid-19 is likely to be a significant public health danger for many months, or even years, to come. Other pandemics of similar (or sadly, much greater) severity are not only possible, but inevitable.

For those who value rule by the people, the thing to do with postal balloting is to improve it, not to discard it.

name.withheld.for.obvious.reasons November 12, 2020 4:12 AM

11 NOV 2020 — PROPAGANDA SOLD AS FACT UNDERMINES THE ELECTORAL PROCESS
One aspect of voting is candidate messaging and the use of campaign media platforms to persuade (or dissuade) voters to mark the ballot next to their name. It seemed untenable to consider that Fox News would be the mechanism to propel so many voters to the pools. In looking at the broadcast, cable, and satellite networks carry a plethora of religious programming. The religious networks also carry news programs with overweighted coverage of politics, the unconvincing attempt at non-partisanship is laughable (couching a candidate in terms such as hates Jesus, pro abortion, and a socialist). Coverage includes promotional materials for specific candidates, graphics and materials putting a particular light to a candidate.

The IRS states the religious organizations retain their tax exempt status except for example, in cases of political advocacy or support or directing a parishioners vote. The less than opaque treatment by cleverly wording the messaging is designed to steer their flock to specific actions. It appears that ministries on television and radio have been quite successful in selling one candidate and pushing them to the polls. It is a group of tax exempt political organizers in a cleric’s robe moving millions to the ballot box under religious instruction.

Having ingested some of this propaganda, it tastes awful, it is clear where the majority of support for one candidate is coming from. The messaging is terrible, it is a collection of fear instilling, derisive, harsh, and damaging rhetoric that undermines the electorate and allows for the manipulation of voters. A practice that is surely unethical but not considered illegal.

Gogitow November 12, 2020 12:15 PM

Wow, I find most of the people on here delusional. I would probably not trust you with security. The Director of the CISA saying that everything is just spiffy is a lot like the answer an employee would give their boss:

Boss: Did you deliver the pizza ok.

Employee: Yep, no problems.

Meanwhile the pizza was delivered upside down and stuck to the box lid. The boss will eventually get a complaint call or will never receive business from that customer again. Incidentally, elections officials all stating there was no evidence of fraud suffers from the same analogy. You can’t count on people to report themselves if something went wrong, so election officials saying everything was spiffy doesn’t mean, everything was spiffy.

No evidence of influence from foreign actors changing tallies. What about domestic influence changing tallies. Are we confident that one side couldn’t pay off a voting system manufacture to flip one in every x votes for a candidate? How was this tested? A patch was apparently released the night before the election, did anyone test the patch outside of Dominion to verify that it reliably counted votes? Did anyone run 500-1000 bucket A votes through the system to verify that they received the correct tally after the patch? Same with bucket B and all the other buckets. Who verified this stuff in advance of the election to proactively secure confidence and security??? There have been at least 2 or 3 reported cases of involving Dominion voting machines where votes were flipped. That alone should warrant a hand count comparison in at least a few Dominion run districts to verify that these were isolated incidents.

I guess I’m delusional too. I suffer from the delusion that nothing is 100% secure and invulnerable from attack. I suffer from the delusion that patches can fix some problems but create other problems and should be vetted. Any and all allegations raised should be vetted out if nobody took measures in advance to validate the that everything was working as expected.

. November 12, 2020 1:51 PM

@Gogitow: Thank you for your sane comment. (Absence of evidence) = (proof of security) is a new argument here. Normally people are more critical in this community, but I guess the regulars already left in disgust.

MarkH November 12, 2020 3:26 PM

@Gogitow:

“I would probably not trust you with security.”

Well, you certainly shouldn’t trust me. You have no idea who I am!

After the catastrophic election failure of 2000, there was a great deal of analysis and discussion of election integrity, including contributions by security researchers who have made important contributions to the state of the art.

I recall that Bruce made several posts on the topic.

The distillation of what I heard from the experts was, “paper, paper, always paper!”

Some of our commentariat seem to think that

security = infotech security

That’s wrong, and foolish.

Not only can very low-tech measures ensure security; such simple precautions are by far the most robust.

====================

Every aspect of election conduct is subject to surveillance and/or audit by people who have a very strong incentive to detect and report errors, whether caused by accident or intention.

When many observers — motivated by mutually conflicting concepts of self-interest! — are monitoring the process, then absence of evidence is evidence (not proof, but evidence) of absence.

What has been offered as evidence of misconduct so far, includes statements like “I didn’t like his shirt!” and “I didn’t like the way he looked at me!” … sometimes coming from GOP observers who were so poorly trained that they didn’t understand the process they were supposed to be watching.

There have been procedural complaints, some of which are no doubt valid. But actual improper ballots? As of now, the count stands (to the best of my knowledge) at zero.

There are plausible (but absolutely not confirmed) claims that various groups of ballots are suspect. The total of these is orders of magnitude too small to affect the outcome.

====================

Could somebody spend their money to subtly subvert the process? Of course! This malevolent actor would need to consider:

• the resulting bias must be either very small, or else very likely to be disclosed by audit

• discovery and disclosure of this subversion would unfold an avalanche of consequences, generally to the harm of the candidate the bias was designed to favor

• the actor accepting the bribe would be effectively destroyed by disclosure

• people could wind up in prison

If you try to think about it like a security engineer, a more logical way to use the tool of subversion would be to introduce a relatively large bias in favor of the other side’s candidates. It’s a much better tool for damaging your enemies, than for helping your allies.

For those interested in the false “Dominion voting machine” scandal, here is a dose of fact.

I could give many interesting quotes from the article, but one will suffice:

In all of the cases, software did not affect the vote counts.

The 100% hand recount in Georgia will provide a nice check. There will probably be small discrepancies, because the machine counts are more accurate than hand counts …

====================

Have you ever talked an official responsible for the lawful conduct of elections? If you’re in the U.S., because our elections are so insanely decentralized, there is a vast number of such people, and it’s extremely probable that there’s at least one near enough for you to visit. I’m a little dismayed that so much commentary about elections comes from people who don’t seem to have taken an hour to find out how they work.

Not everybody places child-like trust in technology. The experiment you propose, of running piles of ballots through as a test, is exactly the sort of thing that some election officials will do because they want to be sure that the numbers are right.

udon1nano November 12, 2020 3:42 PM

@Gogitow I generally agree with your comment, except for one apparent assumption. Are you under the impression that (with a tiny handful of possible exceptions) anyone actually tests software and software changes anymore before deployment? I did development (both design and coding) for nearly two decades before I made the transition to IT Security, and my “bible” was the Deloitte and Touche guide “The Systems Development Process”, which recommends much testing rigor. The crap I’ve see foisted on the public, businesses, and public sector alike for the past 10 – 15 years shows no evidence whatever that anything has been tested beyond possibly a single run through to see if it “works”. The paradigm has obviously long since changed to reflect that testing is done by the user community at large. Why pay additional salary for testing personnel? Want an example? Just spend about 20 minutes on Facebook with a critical eye 🙂

parabarbarian November 12, 2020 4:47 PM

@elvin

Care to explain the numerous changes that have been made on Wikipedia from 5th to 10th November 2020?

I noticed that too.

Benford’s law is not conclusive proof of fraud and it is not claimed to be by anyone who understands it. It is, however, evidence of fraud. It is used by the IRS to detect possible fraud in tax returns. It is used by the UN to detect possible fraud in elections. Law Enforcement uses it to detect possible embezzling. I have seen a few challenges to it but they were based on randomly generated data sets not real world data.

name.withheld.for.obvios.reasons November 12, 2020 5:50 PM

@ Hey Nony Mouse
You’re on the scent, this is the power play that is happening in DC. It is not about Wall Street, Bill Gates, or George Soros. It is about the use of the state as a religious instrument to express power and domination. Given that there are number of “End of Times” types associated with these fascists, there is a real risk to world stability and safety. I’m not going to say it directly, but will quote Einstein; “World war four will be fought with sticks and stones.”

This should scare the diapers off of everyone…

xcv November 12, 2020 6:43 PM

Lawfare is prolefeed. Both New York Times and CBS News insist that nothing can go wrong with Dominion Voting Systems

DOMINION PRODUCTS ARE POWERED BY
DEMOCRACY SUITE® ELECTION MANAGEMENT SYSTEM
Powered by the Democracy Suite® Election Management System (EMS), Dominion solutions cater to the unique needs of every election.

Founded in 2003, Dominion Voting Systems is a leading industry supplier of election technology across the U.S., Canada and globally.

It’s the “Dominion of Canada” controlling elections in the U.S.

https://www.cbc.ca/news/politics/elections-canada-analysis-non-citizen-voting-2019-federal-election-1.5756434

And that’s how Justin Trudeau stays in office.

MarkH November 12, 2020 6:47 PM

@xcv:

Who insisted that “nothing can go wrong?” I didn’t see that.

What I read, is that no error in the official vote counts has been traced to their software.

Show me how they can bias their results, without being detectable by audit.

D-503 November 12, 2020 7:12 PM

Note: the Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Division’s leader Bryan Ware was fired by the POTUS today. Rumors swirl that CISA director Chris Krebs will be fired too, soon[1].

Senator Ron Wyden, on CNN this evening: This week, every high-ranking official in the national security apparatus and the military who might be inclined to say “No” to illegal orders is systematically being replaced with someone who’s eager to follow illegal orders.

Wyden said this is a national security emergency. He hinted that no one in their right mind would accept any of these appointments if they think they’re going to be there for only 69 days.

[1] hxxps://www.politico.com/news/2020/11/12/cyber-official-chris-krebs-likely-out-436342

xcv November 12, 2020 7:17 PM

@MarkH

Show me how they can bias their results, without being detectable by audit.

That’s an unconsitutional and insupportable burden.

The proper burden is on the election officials to certify the vote counts in the presence of competent, unbiased observation.

Foreign proprietary software doesn’t make the grade here.

If the vote counts cannot be certified under oath, then the constitution is suspenced and martial law invoked, as it has happened Venezuela, Myanmar or other countries where force majeure has prevented free and fair elections from taking place.

If Biden is inaugurated into office, the effect will be similar, a socialist dictatorship of the proletariat taking over, with BLM, Antifa, and the defunding of police. But the Electoral College has not convened to cast the official ballots, in pursuance of the process outlined in the 12th Amendment and there is no indication of when or if it will convene.

MarkH November 12, 2020 7:56 PM

@xcv:

This is a security blog.

If you don’t believe me, look at the top of the web page.

You and others have suggested that vote counting systems are or might be subverted.

How might they be subverted, in a manner not detectable by audit? That’s a legitimate security question, and one trolls won’t answer.

========================

For those in the reality-based world, each state has its own election statute(s). In the next few weeks, it will be the responsibility of officials in each state to ascertain whether the election was carried out, and its results tabulated, in accordance with state law. If the conclusion is affirmative, the results must be certified.

Neither xcv, nor I, nor anyone else has the authority to impose any additional requirement on that process.

xcv November 12, 2020 8:11 PM

@MarkH

For those in the reality-based world, each state has its own election statute(s). In the next few weeks, it will be the responsibility of officials in each state to ascertain whether the election was carried out, and its results tabulated, in accordance with state law. If the conclusion is affirmative, the results must be certified.

The existence of individual state jurisdictions independent of federal law is specious and tenuous at best in any case, under the Supremacy Clause of the U.S. Constitution. And for national elections, there is already a federal jurisdiction and a getaway plan with a safe house out of state for each and every elector.

The Electors shall meet in their respective states and vote by ballot for President and Vice-President, one of whom, at least, shall not be an inhabitant of the same state with themselves; …

SpaceLifeForm November 12, 2020 11:03 PM

@ Markh, Clive, Anders, ALL

I recommend everyone parse very carefully.

“after millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies.”

Notice what is not mentioned?

There is a huge smell in the air now. Do not follow it.

hXXps://federalnewsnetwork.com/people/2020/11/cisas-ware-resigns-is-director-krebs-next-out-the-door/

Bryan Ware, the assistant director of the cybersecurity division at CISA, unexpectedly resigned today. And now Reuters is reporting that Chris Krebs, the director of CISA, expects to be fired by the White House today as part of a purge of political appointees who are considered not loyal to President Donald Trump.

SpaceLifeForm November 12, 2020 11:25 PM

@ Markh, Clive, Anders, ALL

The huge smell is a Red Herring called Voter Fraud.

It is misdirection from Election Fraud.

Trump losing is acceptable to those that are fixing at state level. To maintain control of the US Senate.

You may find it helpful to check this map, and research Electronic Voting machines, in particular, ES&S. Also, the SAFEAct.

hXXps://verifiedvoting.org/verifier/#mode/navigate/map/ppEquip/mapType/normal/year/2020

Even the green counties can not be trusted to report valid results.

But, they at least have a paper trail.

SpaceLifeForm November 13, 2020 12:31 AM

@ Markh, Clive, Anders, ALL

If your think human barcode scanning is difficult, try QR.

hXXps://dot.la/la-county-vote-2648436288/particle-2

The debate over barcodes has figured heavily in battleground states like Georgia, South Carolina, North Carolina and Pennsylvania where they are used by some jurisdictions, but it’s received much less scrutiny in California. In September 2019, Colorado became the first state to ban the use of barcodes or QR codes on ballots due to security concerns after using a system similar to California’s.

Colorado’s Secretary of State Jena Griswold said in a news release at the time that “although voters can see their vote choices, they cannot verify that the QR code is correct” and the QR codes “could be among the next target of an attack and are potentially subject to manipulation.”

Clive Robinson November 13, 2020 1:07 AM

@ SpaceLifeForm,

Notice what is not mentioned?

Yes, as I mentioned a little while ago, it’s the second group mentioned in the oaths of office where it talks about defending the Constitution…

What might be called “Insidious Insiders, as an example those who see “their religion” has primacy in all matters…

MarkH November 13, 2020 1:16 AM

I commend everyone’s attention to the CISA statement from Wednesday, in which I didn’t find the word “foreign.” It says:

There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.

It’s actually bolded in the original.

The reason for Krebs’ dismissal is clear.

=========================

As to automatic scan codes — increasingly inaccurately called barcodes — I don’t see the problem.

The content can be (and typically is) printed in adjacent human-readable symbols; if there were more than a tiny proportion of mismatches, this could easily be detected by audit.

There’s a new technology called “smart phones” (with a name like that, they’ve got to be sinister) which have the capacity to decode automatic scan symbols, so the great majority of voters could verify the symbols themselves, if they’re so minded.

Clive Robinson November 13, 2020 1:18 AM

@ name.withheld…, ALL,

will quote Einstein; “World war four will be fought with sticks and stones.”…

What always ammused me about that quote, is Einstein did not say it would be humans waving the sticks and throwing the stones…

A case of “Cockroaches of the world unite…” or is it termites?

Researcher Zero November 13, 2020 1:35 AM

Intelligence & Signals were keeping a very close eye on the election, along with CISA.
One member of CISA has tendered his resignation, and the other is reported to have stated he feared being fired. Be careful believing the rumor mill. The media don’t often have the full picture, they get fed rumors and often go to press too early trying to get the jump on the story.

The US has a very robust voting system with good auditing. Any kind of espionage or subversion is not done on a grand level. Disinformation campaigns yes, but they rely on the willingness of people to not cross check what rumors they are fed or think about why they are being fed them. Disinformation is spread simply to sow distrust, and division. It is an outside attack which seeks to use the victim as the weapon, and we are all capable of sub-coming to it.

Grand conspiracies involving one particular party or another does not happen. What instead takes place is not confined to one organization, instead it involves a few individuals, either extorted or compromised (over many years or decades), from across political lines (in political cases). Often the targeted individuals do not know they are being extorted by foreign proxies, they don’t want to believe it, and they are not told due to a complex number of security reasons.

The security skills of senior departmental bureaucrats and politicians are often no better than anyone else’s, poor (excluding those working in security, mostly, and die hard hobbyists). Therefor one could argue this is where the root of the problem lies in an ever increasingly complex world. There are also the usual vices, greed, vanity/pride, a secret life of rampant or dangerous perversion, and any of the other character flaws that foreign spy can get their claws into.

Again, the compromised individual often does know the true identity or motive of their exploiter, and may fear past indiscretions or crimes being exposed and destroying their career (or perhaps a very long prison term). Not only are you going to have the foreign actor squeezing one testicle, but another hand may come and squeeze the other, hard. The good news is your intelligence service wants you alive.

Hey Nony Mouse November 13, 2020 6:12 AM

@name.withheld.for.obvios.reasons:

“You’re on the scent, this is the power play that is happening in DC.”

Looking down the above, it appears others have seen the light through the window. But how to resolve the problem as was once intended is going to be a hard, the ticks have worked their way well into the body politic for two score years and more.

Haha November 13, 2020 10:57 AM

Haha! I read all comments and I should confess that I love these simpleminded people who called themselves specialist

Howard November 13, 2020 1:31 PM

Remember the election machine company from the early 2000s, Diebold? The one with horrific security, and whose every move seemed to prove they were trying to create a system that was easy for insiders to circumvent? I remember hundreds of threads on Slashdot … not to mention a fair number of posts by our own host.

Diebold is now Dominion.

Let that sink in for a bit.

Gem November 13, 2020 1:32 PM

I don’t know if there was enough fraud to flip the eleciton or not.
There should be investigation.

MarkH November 13, 2020 2:31 PM

@Howard:

The danger of those voting machines (there were other companies as bad as or worse than Diebold) was that they were paperless.

Any election equipment or process can malfunction or be subverted … but if it’s paperless, the fault might never be discovered. Vulnerability of paperless systems to cyberattack is very dangerous.

Although it took a long time, election officials around the U.S. got the message, and by 2020 only a small percentage of U.S. counties still use paperless machines (only because they lack budget to replace them).

In paper-based systems, tampering is either readily detectable by audit, or too tiny to change outcomes.

Georgia will soon complete a 100% recount. Some of its districts use Dominion systems. If the tech was misbehaving, the whole world will know.

@Gem:

There have been, and continue to be, numerous investigations. So far, they’ve found official vote tallies to be accurate.

If somebody told you there’s no investigation, you’ve been lied to.

SpaceLifeForm November 14, 2020 12:43 AM

@ xcv

hXXps://www.scytl.com/en/fact-checking-regarding-us-elections-debunking-fake-news/

  • The technologies implemented by Scytl in the US are both hosted and managed within the US, by a local subsidiary, SOE Software, based in Tampa, Florida.
  • We do not tabulate, tally or count votes in the US
  • We do not provide voting machines in the US
  • We did not provide online voting to US jurisdictions for the US elections.
  • We do not have servers or offices in Frankfurt
  • The US army has not seized anything from Scytl in Barcelona, Frankfurt or anywhere else
  • We are not owned by George Soros and have never been connected to him
  • We are not tied to Smartmatic, SGO, Dominion or Indra
  • We have no ties with Russia either

name.withheld.for.obvious.reasons November 14, 2020 1:24 AM

@ Hey Nony Mouse
To quickly respond, it appears that the framework for making a discover public is under extreme scrutiny. In this thread I see not a way your cheese to find–Yoda. It was here earlier but now dev/null has it.

Have a set of answers and will offer it in the near future. Caution in regards to topical pressures is possible or probable.

Clive Robinson November 14, 2020 5:21 AM

@ xcv,

With regatds the fake news of,

U.S. military forces have reportedly raided a data center and seized servers in Germany

A little hint about spoting fake news.

First ask if what they are reporting makes sense, and passes basic “sniff tests”. Forinstance that bit about US troops raiding a German data center… Well Germany is a sovereign nation with it’s own laws police and millitary forces, don’t you think there would be jurisdictional issues?

Such behaviour would be a primary act of war, if the German Government had not sanctioned such an invasion. Oh and the way the US has been behaving towards Germany for a large part of the Trump administration I very much doubt the German Government would have sanctioned US troops acting on German soil in that way.

But second do a basic search using simple terms that are going to turn up in all reporting such as,

“Scytl Spain Germany”

And see what comes back?

Are there any MSM outlets? NO.

Are the articles just copied from site to site? YES.

What types of site are they? That is what other stories do they cover, and do any others of them look like fake news, propaganda, or rebel rousing? YES, YES, and YES.

Now start to look through the article for second and third source verifiable information. Is there any? Is it Verifiable? Is it authoritative? NOT REALY, NO, so NO.

Then it’s time to look for contra-indicators, the simplest being sites that provide primary etc sources of information that are Verifiable, authorative etc. Which @SpaceLifeForm has given one of above. In it are plain unadorned statments that are fairly easily verifiable as factual…

Thus you now have to chose between factless innuendo reble rousing “America is mighty” propaganda nonsense identical on any number of heavily biased and factless sites and plain simple statments from a primary source that are factual and verifiable.

But the most important thing is do not alow your emotions, hopes and dreams to sway your thinking and logical evaluation. Because if you do, you will end up getting your emotions battered in the end as you realise just how easily you have been manipulated by them, and that can be more stressfull than dealing with Bereavement, Divorce or similar.

MarkH November 14, 2020 10:56 AM

@Clive:

Your comment above is typical of the generosity with time and energy — and the patience with people who are struggling to figure things out — which you have demonstrated so many times on this blog.

It’s a nice primer on applied critical thinking.

Much respect to you, for shining a light in the spirit of kindness.

jaguardown November 14, 2020 1:48 PM

It’s ironic that a security author can make a foolish blanket statement like “2020 was a secure election” before it’s even over with.

And this after 4 years of people claiming Trump stole the election with help from Russian meddling. You mean to tell me in 4 years we went from Russia hacking our election, throw in a pandemic, with changed election laws and all new mail in voting to one that is 100% secure?

BULLSHIT.

xcv November 14, 2020 3:26 PM

@Clive Robinson, MarkH

Such behaviour would be a primary act of war, …

I would not disagree with that. We (the U.S.) have had two of them with Germany already. I can’t think a third world war is unlikely or improbable.

Are there any MSM outlets? NO.

From German state media? The Reuters/AP Establishment? Probably not at any rate.

https://www.youtube.com/embed/mtvRRBB3eCU
https://twitter.com/laralogan/status/1327374139028594689
https://heavy.com/news/scytl-server-germany-raid/
https://ussanews.com/News1/2020/11/13/the-us-military-has-raided-and-seized-servers-in-germany-tied-to-the-dominion-election-system/
https://mbat5047.medium.com/u-s-army-seized-servers-in-germany-tied-to-dominion-voting-system-5d27d1ca7ac6

Scytl has gone on the record with MSM to deny any such raid. I don’t suppose they do “warrant canaries” in that district, do they?

SpaceLifeForm November 14, 2020 4:43 PM

@ ALL

I call on the POTUS, to issue an Executive Order, to all of the Secretaries of States, that due to National Security reasons, that they must all do full hand recounts of all votes cast, which must include all down ballot votes.

MarkH November 14, 2020 4:59 PM

@SpaceLifeForm:

Why?

Whether or not there’s sufficient reason, the President has no authority to do so.

The scope of authority for such orders is limited to the executive branch of the federal government.

xcv November 14, 2020 6:10 PM

People don’t want to talk about “mental health” — there’s usually someone in the family who has been committed or “put away” in a mental hospital, psychiatric ward, or criminal insane asylum, without anything approaching a due process of law.

What It Would’ve Taken to Actually Steal the Election
What you’d have to believe.

Eric Haseltine Ph.D. Long Fuse, Big Bang

I was an Associate Director at NSA, Associate Director of the US Intelligence Community (ODNI), contract cyber analyst at CIA, and have spoken and written extensively on election security.

But then we live in a country where, according to Pew Research, 25 percent of the population believes that election fraud is a serious problem, and where many believe QAnon assertions that a cabal of pedophile satan-worshipping Democrat elites is out to get Trump.

It’s a Doctor, a “neuroscientist” by trade. He has all the grammatical tenses right for the assumed outcome of the election, as “called” by the Mainstream Media. And the more I see or hear of “Pew Research” the more I think of some overeducated statistician listening to a heavy law sermon from the pulpit on Sunday and researching the length of the hair of the man sitting in front of him, if it’s not rather a barstool haircut on Saturday night, and there isn’t a hooker on the scene somewhere.

rrd November 14, 2020 8:31 PM

@ MarkH

You said:

Whether or not there’s sufficient reason, the President has no authority to do so.

The scope of authority for such orders is limited to the executive branch of the federal government.

The President of the United States is the Commander-in-Chief of the Executive Branch of our government.

Regardless, I don’t see any kind of valid, sensible or logical point in your post.

@ SpaceLifeForm

You — under an anonymous handle on Bruce Schneier’s Security blog — are calling for the POTUS (who is an utter POS) to do something?

You’re either both completely serious and seriously dealing with some personal issues, or it’s all a put-on for some reason or another.

One of those videos had Louis Gohmert, for crying out loud. That man is not just a first-class idiot, but a corrupt one at that.

No one should take anyone seriously that quotes that man, unless the quote is being used to demonstrate how utterly stupid and corrupt that man is.

@ xcv

You said:

People don’t want to talk about “mental health”

Yeah, and you’re not going to get any traction around here on that topic either.

You’d be better off going to a Trump rally and getting their opinions on their dear leader’s failings.

@ Bruce

Serious question: Have you considered lately whether or not this blog is still in the “Public Interest”?

I, personally, find Tor to be unethical because who knows what horrible crap is passing through one’s node, no matter what amount of good it may facilitate.

In the “Public Interest” — as opposed to the tact taken by Zuckerberg and Dorsey — one must ensure that the social media tech one creates does not allow for the insane and/or bullies and/or disingenuous and/or moronic to have carte blanche to spew their bile without accountability.

I know that it would be very hard work, indeed, but perhaps you can learn something from Defector.com’s (the former Deadspin writers) user commenting policy: $99 or $69 per year to be able to comment. With payment one automatically becomes accountable because, even if one’s handle gives the user public anonymity, one’s payment info is known by the site, making warnings and bans have real ramifications (and they state very clearly up front that they will ban users without hesitation or refund).

Yes, it would require design and staff and, therefore, both significant time and monetary commitment, but anonymity sure does seem to draw the sketchy like flies to dung.

Accountability is what is lacking on 2020’s internet. For those who have no sense of responsibility or sense or decorum, someone else is required to hold them accountable or they will just run rampant, wreaking havoc and leaving chaos in their wake.

Letting us freely post on your dime is a nice, idealistic idea, but it is becoming more and more obvious (to me, anyway) that it may not still be in the public interest as of 2020.

BTW, the Defector comment sections have very little negativity, except when directed to the external entities that deserve it, as opposed toward the other commenters or writers. I have to conclude that their possibility of being banned (and therefore forfeiting both their money and sense of community) is the reason for the good-naturedness with which their commentariat treats each other since its launch a few months ago.

Note that you could still allow anonymous commenters (as there still are many brutal dictatorships across the globe that can benefit from commenting here, I suppose), but they could not only be clearly marked but could be moderated by votes of known members.

If I dare, it appears to me (in composing this) that perhaps the single most important characteristic to focus on as a “Public Interest Technologist” is the absolute necessity for accountability, not only for any given tech’s footprint upon humanity and our environment, but for how our human use of such tools can be made accountable as well.

xcv November 14, 2020 9:18 PM

@rrd

@ xcv

You said:

People don’t want to talk about “mental health”

Yeah, and you’re not going to get any traction around here on that topic either.

And what a slick way around the due process of law for “family” to have someone committed and revoke his or her gun rights and civil rights for life wihout any defense or recourse whatsoever. Family. Such as namely Trump’s niece Mary, with a PhD in clinical psychology.

Not to mention the broad claims of “Trump Derangement Syndrome” on the left, or the petitioned claim of hundreds of psychiatrists that Trump’s mental health was deteriorating in office.

rrd November 14, 2020 9:57 PM

@ xcv

Do you not understand that Donald J. Trump is an apex malignant narcissist?

He has chosen to descend beyond pure mammalianism into the lizard brain where he only sees other people as sources of pleasure (sexual or monetary or security or egotistical) or enemies. He has no allegiance to anything or anyone beyond his own greed for power and material pleasure.

I’m no psychologist or psychiatrist, but all this is obvious to me, and his adherents are, indeed, deranged. I’ve seen it in my own parents. I saw it in Herman Cain, Kanye West, his hordes of followers refusing to wear masks, as well as all the other detrimental attitudes he demonstrates that they gleefully copy.

All that said, very bad people have been abusing psych institutions to persecute “undesirables” for a very long time.

But that doesn’t have a dang thing to do with Trump, who is a deeply evil man, trained from birth by an evil father with the help of their deeply evil family attorney. He is no less than the ultimate manifestation of the negative potential of our callous American culture of litigious greed. He is a racist and a misogynist and only an ignorant fool dares argue otherwise.

MarkH November 15, 2020 12:55 AM

@rrd:

Succinctly, SpaceLifeForm proposed (ironically, perhaps) that the President order all of the states to take certain courses of action.

A POTUS can sign any piece of paper s/he chooses and call it an Executive Order.

If the paper commands states to do something, the governments of certain states might choose, at their discretion, to do as the paper directs.

However, such an order has no legal force with respect to states. Any state government refusing to comply would stand on constitutional bedrock.

Neither can Executive Orders bind Congress, nor any court (except insofar as a court might take account of such orders when deciding a matter concerning organs of the executive branch). The legal authority of such orders is limited to the federal executive branch.

I hope that makes sense.

Clive Robinson November 15, 2020 3:48 AM

@ MarkH,

I hope that makes sense.

Yes… I guess that’s why EO’s especially those we don’t hear about, or the loosely written ones, can make good “Get out of Jail Free” cards for certain agencies.

Hey Nony Mouse November 15, 2020 4:37 PM

@name.withheld.for.obvious.reasons:

It would appear that it’s not only the “other group” that is keen to make it’s intrusive presence felt in a society as you’ve probably noticed… So time for silent running for a while whilst they spin ISBN 978-0070296893

SpaceLifeForm November 15, 2020 9:47 PM

@ MarkH, Clive, rrd

While I do not believe POTUS would issue an EO like this, he is the type that may.

I would also expect that he would strongly discouraged by GOP.

What would be interesting is which Secretaries of States would immediately start throwing a hissy fit.

There are some weird numbers out there from some states.

MarkH November 16, 2020 1:53 AM

@rrd:

My apologies, for being the one to trot out rules and regulations …

By the only reasonable interpretation of controlling law (U.S. Const. art. II, § 1) no person may become VPOTUS who is younger than age 35.

Setting aside any of Ms Ocasio Cortez’s merits or demerits for such office, it’ll be 2024 before she can be legally eligible.

name.withheld.for.obvious.reasons November 16, 2020 4:34 PM

Today, 16 NOV 2020, Marsha Blackburn, a U.S. Senator from Tennessee, admonished the social media giants for censoring the New York Post article about Hunter Biden. I suggest that the tech giants say that they have taken their queues from the religious broadcast programs that act as news sites (editorial board missing) and an IRS tax exemption that no other broadcasters enjoy. The implication is about the recent election, quite a stretch coming from an administration that overwhelmingly provided political faux dissent by know disinformation sources such as white supremacy groups This has the potential to change the landscape or solidify a stranglehold on communications and discourse.

Snoopy Snoop November 17, 2020 2:26 PM

I am surprised to come here and find that Bruce’s comment on the most consequential election of a century is so en passant in nature and derivative in substance.

This election’s security and veracity has been brought into real doubt, doubt not the least of which takes the form of sworn affidavits by literally thousands of people with first hand knowledge of events.

Regarding Benford’s Law, this is a tried and true method of detecting exactly election fraud which is used by the State Department and good governance organizations worldwide. It’s veracity was not previously qualified or inpugned. The post-election change in the Wikipedia entry is telling.

Among other things, this election can be understood as a bake-off. Controlling public reaction to it is a mission critical, an all-hands on deck event where absolutely everyone is required to show up and Do Their Part. This has the side effect of outing previously hidden agendas, allegiances and alliances.

Clive Robinson November 17, 2020 3:52 PM

@ Snoopy Snoop,

Regarding Benford’s Law, this is a tried and true method of detecting exactly election fraud…

Actually it’s realy not.

First people were saying elections that did not match the simplistic mulitiplicative probability curve were fraudulant.

Then when a Russian election matched the curve the same people claimed the election was fraudulant.

Where I come from trying claims like that leads to a big fat “zero” which is how much credability the people who made claims about the curve now have.

The simple fact is it’s very easy to make your data fit the probabiloty curve of Benford’s observation because that is all it realy is, just an observation of a probability curve. Thus it’s fairly trivial to match as has been explained on this blog and if you look in Knuth he tells you how to take an RNG with flat probability curve and make it match the curve that Benford observed.

This election’s security and veracity has been brought into real doubt

Realy, I see a lot of hot air and unverified claims and court cases failing.

Kind of hard to take claims that are not court evidence acceptable seriously[1]. Especially when lawyers thst were engaged to take on these cases appear to be dropping out for reasons they’ve yet to disclose (and may never do so due to attorney-client privilege). I’m sure some people are busy making hay with that and implying certain things.

not the least of which takes the form of sworn affidavits by literally thousands of people with first hand knowledge of events.

Care to provide reliable and verifiable evidence of not just the “thoudands of people” but that there are any credible “sworn affidavits” you claim?

And no claims on faux media sites, they are not acceptable. If you look further up I gave an indication of how to spot “fake news” especially not letting your emotions get involved because if you do they are likely to get hurt.

[1] There are also stories doing the rounds that the monies being crowdsourced for court cases is being majorly siphoned off into certain peoples pockets… Again no court acceptable evidence has appeared.

MarkH November 17, 2020 4:32 PM

Re Benford’s Law:

The hypothesis that supposed deviations from this “law” are evidence of election tampering, is so foolish that I refrained from responding until now.

But since somebody’s brought it up again …

Benford’s pattern of digit occurrences applies to very large datasets if and only if the data are randomly scattered in accordance with a specific statistical distribution.

To give a simple example of how you can go wrong applying this to elections, imagine a competitive election district with a typical turnout of about 15,000 voters. Because the vote is roughly split, the vote tallies for each of the two leading parties will almost always start with 6, 7 or 8 … digits which are supposed to occur much less frequently (according to Benford) than 1 or 2.

To interpret such digit distributions as evidence of improperly conducted elections is 100% wrong.

========================

An even more basic misunderstanding, is that such statistical tests are primarily applicable to the case where vote counts are completely fabricated: nobody counted votes (and perhaps, nobody really voted), so some people are sitting at a table making up numbers which they hope will look plausible.

The tally fabricators probably try to make their numbers look “natural” (like an authentic election), but people have no natural talent for this. Unless careful consultation was made with mathematical specialists, the invented numbers are likely to have statistical properties different from those of typical elections.

========================

However, the claims (with no valid evidence) in the recent U.S. election aren’t generally that tallies were invented from whole cloth, but rather that votes were illegally added to or subtracted from what the true tallies would otherwise have been.

This sort of “differential interference” would be very much more difficult to infer by statistical sampling … and perhaps impossible, with the sample size of the U.S. election.

MarkH November 17, 2020 4:56 PM

.
Results so Far…

Georgia election officials discovered a significant error, in which about 2,600 ballots were not included in the reported totals.

In keeping with the region in which this error occurred, those ballots favored Trump by a net majority of about 800 votes, which will have the effect of reducing Biden’s state margin of victory by roughly 6 percent (his edge remains at least 13,000 votes).

Although a statewide election audit is nearing completion in Georgia, this error would have been discovered without the audit. Local election officials had noted an unusual discrepancy between the number of voters who participated and the presidential vote totals, and were investigating this anomaly.

Reportedly, this error was associated with the failure (“jam”) of a tabulating machine, after which the group of ballots was transferred to another machine.

It appears that an honest mistake in following procedures caused the votes to go uncounted, and that this mishap is not symptomatic of any broader pattern in the state.

========================

In an election district of Nevada’s most populous county, officials decided not to certify a local (down-ballot) election result, because the margin of victory was only 10 votes, and more than 100 ballots have some anomaly or deficiency which merits their examination.

Six voters there have been identified as having voted twice in the election.

Both in Clark County, and Nevada as a whole, very nearly 0.1% of ballots have such problems.

========================

As the Georgia audit proceeds (it is supposed to finish this week) — with the exception of the major error described above — the hand recount tallies are closely matching those from the electronic tabulation systems.

It would seem that the wicked conspiracy to subvert the Dominion voting machines was a failure …

xcv November 17, 2020 10:01 PM

120 comments so far. It’s a long discussion, but here goes.

Trump fires top U.S. election cybersecurity official who defended security of vote

SAN FRANCISCO/WASHINGTON (Reuters) – President Donald Trump on Tuesday fired top U.S. cybersecurity official Chris Krebs in a tweet, accusing him without evidence of making a “highly inaccurate” statement affirming the Nov. 3 election was secure and rejecting claims of widespread fraud.

Chris Krebs? Is there any relation by any chance to Brian Krebs of Krebs on Security?

SpaceLifeForm November 17, 2020 11:13 PM

@ ALL

Just saving this here for future reference.

Statement from CISA Director Krebs Following Final Day of Voting
Original release date: November 04, 2020

WASHINGTON – Following the final day of voting, Director of the Cybersecurity and Infrastructure Security Agency, Christopher Krebs, issued the following statement:

“Over the last four years, the Cybersecurity and Infrastructure Security Agency (CISA) has been a part of a whole-of-nation effort to ensure American voters decide American elections. Importantly, after millions of Americans voted, we have no evidence any foreign adversary was capable of preventing Americans from voting or changing vote tallies.

“We are only here because of the hard work of state and local election officials and private sector partners who have focused efforts on enhancing the security and resilience of elections. The United States government supported these partners throughout the election, bringing the full range of capabilities to bear in securing systems and pushing back against malicious actors seeking to disrupt our process and interfere in our election. CISA will continue to support our state and local partners as they move toward their certification deadlines and the official outcome of the 2020 election.

“We will remain vigilant for any attempts by foreign actors to target or disrupt the ongoing vote counting and final certification of results. The American people are the last line of defense against foreign influence efforts and we encourage continued patience in the coming days and weeks. Keep calm, continue to look to your state and local election officials for trusted information on election results and visit CISA.gov/rumorcontrol for facts on election security.”

#Protect2020

Tm November 18, 2020 6:09 AM

I’m late to this thread but I want to clarify the post by Hansruedi above titled “Mail Voting: Switzerland Reporting In”. He refers to a disputed referendum in a single town, Moutier, which concerned the possible secession of the town from its state. The election was invalidated and will be repeated.

For those who are interested in these questions:
– The trouble had nothing to do with mail voting. At issue was that some voters who didn’t actually live in the city improperly registered to vote, and that the city administration (which favors secession) had engaged in improper propaganda.
– Mail voting is routine in Switzerland. Large parts of the population vote by mail and nobody has ever disputed the reliability of mail voting.
– The Moutier case is a huuuge outlier. I haven’t heard of any other case of an election having been invalidated for alleged irregularities. Perhaps there are any but it would be exceedingly rare.
– The Swiss vote about four times each year on a large number of referendums, and they elect a large number of federal, state and municipality officials. Votes are cast in person on Saturdays and Sundays or by mail. The results are usually known on Sunday afternoon, within a few hours of the polls closing, and disputes about election results are almost unheard of.

Tm November 18, 2020 6:09 AM

Question to Vincent: if France has banned mail voting, how do people cast their votes who are sick or have difficulty walking or traveling or have to work?
To my knowledge, there is no other developed country that doesn’t allow mail voting. France appears to be a huge outlier, which is fine if that’s how they prefer to do things but to suggest that everybody else is doing it wrong, that seems a bit far-fetched…

os • November 11, 2020 7:36 AM: This author writes about vote rigging in the GDR and then goes on to claim that mail voting is unacceptable. There is no connection whatseoever between those two statements. In the GDR, most people did in fact vote for the system but not the 99% that the ruling party claimed. The ruling party simply made up these numbers, a stupid strategy that backfired when in 1989 activists could prove that in fact many more No votes had been cast than were officially counted, and the obvious fraud sparked mass protests (https://de.wikipedia.org/wiki/Kommunalwahlen_in_der_DDR_1989#F%C3%A4lschung).

The situation after the 2020 election in Belarus is similar.

Tm November 18, 2020 6:34 AM

In the US context, one of the most obvious ways of rigging elections is manipulating the voter rolls. And, contrary to all those lies about election fraud put forward by the disposed Dear Leader, that has actually and demonstrably happened:
https://www.gregpalast.com/election-day-mayhem-began-two-years-ago/

P.S. Perhaps the original sin of US election law is to give so much discretion about election organization, including the result certification, to party politicians. What could possibly go wrong?

Remember the now governor of Georgia, who as secretary of state was responsible for running his own election in 2018 and refused to recuse himself? I suspect even Putin or Erdogan would consider such behavior going a tad too far. This is really, truly only possible in the USA, and perhaps North Korea. There is guaranteed no authentically democratic country that would that allow to happen.

MarkH November 18, 2020 11:00 AM

.
More Data from Georgia

The U.S. state of Georgia is of special interest in assessing how the 2020 general election was conducted for two reasons:

• The presidential vote margin was so narrow (roughly a quarter of one percent of all ballots cast)

• An audit including a full manual recount (to be completed this day) provides a detailed check

It’s also worth noting that some Georgia counties use the Dominion voting machines which were the focus of so much conspiracy theorizing.

========================

Yet another Georgia county has found that they missed a quantity of votes (2,755 this time!), and the same thing may have happened to 224 votes in a third county.

It appears that in each case:

• election officials failed to transfer a “memory card” from a counting machine to the system that totals the vote tallies

• no evidence has been found that these mistakes are due to malfeasance

• the discrepancy would have been discovered by normal post-election reconciliation procedures, even had the statewide audit not been ordered

Altogether, roughly 5,600 votes have been discovered to have been omitted from the initially reported totals, or about one per thousand ballots.

Biden’s margin of victory was close to 14,000 before these missed votes were discovered; it likely to still be greater than 12,500 when the audit is completed.

========================

Of the Georgia counties in which recounts have been completed (all are supposed to be done by midnight)

• 57 counties had no deviations from their original ballot count

• 21 counties had a discrepancy of one vote

• 32 counties are off by amounts greater than one vote, but in no case as many as 10 votes

(Data via Atlanta’s WSBTV)

In the counties with discrepancies greater than one vote, the audit process mandates additional investigation.

========================

Conclusions supported by results so far:

• the failures to transfer memory card data suggest a need for better training and election-night quality controls, but apparently would not have affected the final tally (because these errors would be caught by normal cross-checking before the certification deadline)

• there’s no sign that voting equipment introduced bias, whether by mistake or intention

• none of the problems found so far were of sufficient magnitude to change Georgia’s assignment of electors for the presidency

• the accuracy of final counts is very good: the magnitude of counting error (excluding those dropped votes which apparently would have been caught anyway) appears to be not more than 0.005 percent

• Georgia will be able to certify its election results with a very high degree of assurance that they are correct

Clive Robinson November 18, 2020 2:46 PM

@ Mark H,

the magnitude of counting error (excluding those dropped votes which apparently would have been caught anyway) appears to be not more than 0.005 percent

In any mechanical process and nearly all electronic processes be they software controled or not, unintentional errors and omissions (E&O’s) are to be expected[1]. With paper ballots mechanical errors would be presumed to predominate. However it appears the design involving a removable and transferable part made the ommissions dominate in some cases.

Suggesting that the system needs a little design refinement to reduce that now identified ommission (though other procedures in the overall system appear to have caught it).

An overall error rate of less than 1:500000 for what has a large manual handeling component by staff who only occasionaly do such work and under considerable preasure is quite remarkable when you consider it.

Which is why a few days after the election I said on this blog they are deserving of our congratulations for carrying out their often thankless job impartially and professionally.

[1] Even logic circuits in CPU chips have E&Os as the result of stray radiation particles and something called metastability where a soft lockup or other error can be expected in about 1:109 operations or about once per second in each latch in an IAx86 chip. The solution is to have multiple complex gates in series giving E&Os of around 1:1026 or about one latch up in 220 years/latch group (depending on who’s figures you believe).

SpaceLifeForm November 18, 2020 4:22 PM

@ MarkH, Clive

Note that this Georgia “recount” is being treated as an “audit”, but it only for one contest.

There is no recount of down ballot votes.

MarkH November 18, 2020 4:24 PM

[election workers] are deserving of our congratulations for carrying out their often thankless job impartially and professionally

Well said, Mr Robinson!

I’ve learned a little about what those workers have been facing, and I’m sure there’s a great deal more I don’t know.

Some of the challenges have included:

• the implementation new election rules only months or even weeks before time

• the aggravation of that difficulty, by legal challenges to such rules only days before election day

• having to adapt/invent procedures both for changed election rules, and pandemic safety guidance, all of which they were obligated to obey

• the need to accommodate staffing and work flows to ratios of postal ballots far greater — often orders of magnitude greater — than previous practice

• officials of certain states forbidding the counting of postal ballots before election day, putting enormous pressure on workers to labor around the clock to complete counts as timely as possible

• partisan election observers appearing in greater numbers than were permitted, failing to obey pandemic safety guidelines, interfering in the work of counting in ways prohibited by the rules for observers, and sometimes behaving abusively

• harassment by swarms of protesters which in some locations was severe enough that workers feared for their personal safety

• the incessant vomiting of lies about election integrity which implicitly accused election workers of conspiracy to criminal corruption

So, “well done!” to those whose labors accomplished this feat.

Clive Robinson November 18, 2020 6:33 PM

@ MarkH,

I’m sure that most of us knew that the claim of a U.S. military raid in Germany (to prove that Trump really won!) was pure fertilizer,

Yup it did not pass “the sniff test”, which sounds horrible now you mention “fertilizer”.

The sad thing is that a certain percentage of people will be convinced from now to possibly the day they die that it was true. And no amount of fact checking will ever convince them otherwise, in fact it will just make them more convinced they are right and some grand conspiracy is in play…

The how and why of such cognative bias has been discussed on this blog before, but we never realy talk about the harms it causes both emotionaly and socialy, and that it is easily capable of tearing families apart.

I feel sorry that people effectively get trapped into this by those manipulating the media, it’s almost like being brain washed into a cult.

Sadly those that do it care not a jot for the carnage of peoples lives they leave behind, they see the victims they have created as being a “Power Base” or just “grist to the mill” depending on their objectives. Either way they are “money in the bank”.

It’s considerably worse when you figure in the fact they also politicised COVID-19 and masks. I do not know how many they have caused to be sick, seriously ill, or dead but it is just very disturbing to consider.

Their thinking process is something I find totally alien, and I have difficulty comprehending just how amoral they actually are.

I just hope that every one can quickly put this behind them, but that appears unlikely currently with things still being stired up and coals getting raked over.

If nothing else the 2020 US election will enter the history books for all the wrong reasons.

xcv November 19, 2020 3:13 PM

Sidney Powell drops astonishing allegations against voting machine tech, vows to prove it in bombshell presser

Attorney Sidney Powell declared that President Trump won the 2020 election “by a landslide” as she delivered remarks alleging widespread fraud and a process rigged by “communist money.” …

Powell began by explaining how the voting machines and software used in several states with disputed election results were “created in Venezuela at the direction of Hugo Chavez to make sure he never lost an election after one constitutional referendum came out the way he did not want it to come out. ”

Jim November 19, 2020 3:47 PM

Is the software code used in these voting machines open and viewable to the public? To software auditors? If not, do you think that it should be?

Clive Robinson November 19, 2020 4:07 PM

@ xcv,

Sidney Powell drops astonishing allegations against voting machine tech, vows to prove it…

This story looks like it’s another “Fluster Bomb” from the Trump side.

It appears that when you strip off all the froth, “Sidney Powell” is claiming “statistical evidence” from a man in Venezuela who might or might not have signed an affidavit that might or more probably not be legal in the US…

Appart from “the usual trumpian suspects” hyping it up the MSM is not realy biting, even the Rupert “the bear faced liar” Murdoch outlets appear to be using a long spoon with it.

I suspect that they will do some investigation before reporting very much at all.

There appears to be a clear policy of releasing “Fluster bombs” in order to make confidence in the vote system poor, thus try to make leverage against the electoral colleges and others as a FUD/Delaying tactic.

What the TRUMP/GOP end game is I’ve no idea (or if they are even the same). But at the moment there appears to be lots of noise but no actual evidence that is likely to turn out to be credible.

The one “snark” that has been picked up on is “software backdoors”. As readers here will know most software has so many faults in it, many of those can be turned into vulnerabilities, whihh become malware attack points. Nearly all software of even small to moderate size is fairly well littered in them. So if people go looking they are going to find somethin that might… Then comes the arguing “Poor development practice let throug -v-Unimaginably cleaver programers artfull deception”.

Like arguing over statistics neither is fundamentally “credible evidence” and you can drag the arguments out shrieking and shrilling untill not just the cows come home, but we’ve past the extinction horizon and our bodies are rotting away or vapourized in some manner.

Personally I don’t think the story is credible on what we currently know that is it looks like hype for FUD. Further the way things are running on these “Fluster bombs” I suspect that fairly quickly the MSM will drop it or declare it “Fake-News” or some such. Likewise if it ever gets to court, I suspect it will get chucked out in fairly record time, and another bunch of supporters will find their pockets will have been emptied into those of the legal teams and administrators who are going to get realy fat on these “Fluster Bombs”.

Even though I know more than I wish to about US legislation, I don’t know enough, but I suspect several people will be looking at the equivalent of “Malicious Litigant” or “Defimation” or even “malfeasance” legislation to see if they can use it to stop the “Fluster Bombing”. But I suspect the gravy train will keep running…

Meanwhile it’s time to put the pan on the stove put some oil and some popping corn in it. Then when done sit back in a comfy chair with my foot up and watch the entertainment from the “shrieking shrilling faux outraged bluster-right”.

SpaceLifeForm November 19, 2020 9:04 PM

@ GSAEmily

It’s time. Sign the paperwork, and then resign.

It’s that simple.

The Public will have your back.

The cult will throw you under the bus.

Yes, Emily, you can quit the cult.

Do it!

Tm November 20, 2020 3:51 AM

One could laugh about the idiocy of xcv’s propaganda, if it weren’t part of a dead serious attempt at conducting a fascist coup in the United States.

If the voting machines are hacked by foreign powers, who would be the most likely beneficiary? That’s right, Trump, the deposed Dear Leader. In 2016, he lost the popular vote by 3 million and miraculously secured razor-sharp wins in three states. In 2020, he lost the popular vote by 6 million and counting. If anybody has tried to interfere with election integrity, it would be him and his fascist minions.

Clive Robinson: brother, no point treating fascist propagandists as if you could rationally argue with them. It is hard to accept if you are a decent person but, these are not decent people and you cannot argue with them.

xcv November 20, 2020 1:13 PM

@Tm (link to a collection of German-language presentations)

One could laugh about the idiocy of xcv’s propaganda, if it weren’t part of a dead serious attempt at conducting a fascist coup in the United States.

Biden will be arrested and charged with treason if and when he attempts to take the office of President of the United States of America.

Spain, Germany, Venezuela, and Ecuador do not have a say in the matter.

1&1~=Umm November 20, 2020 6:57 PM

@SpaceLifeForm:

“Ignore the trolls.”

If only it were that simple.

But it’s not, the spoken word like the scent of life was once ephemeral. The written word, and similar impressions are not, they can and do live on beyond the natural measure and down the generations for thousands if not tens of thousands of years. Which of the many survive is by to us unknown chance.

For there to be evolution there has to be a struggle or battle thus there must be opposition.

In times to come how do we wish to be remembered? As a spiecies of drum beating, saber rattling, xenophobs scared of our own shadows and gulled by idiots into authoritarian following, as though turkeys to the slaughter. Or as a spiecies that had differences but ultimately evolved and moved forward improving with each forward step?

If there is only backwards words recorded how do we expect those that come after us to realise they were written by an ill fated minority that eventually suffered the fate that evoloution has reserved for all things that are not fit to face a forever changing future?

rrd November 20, 2020 8:43 PM

@ 1&1~=Umm

You said:

For there to be evolution there has to be a struggle or battle thus there must be opposition.

The opposition within each of us, from birth, is between selfishness at the cost of others and selflessness for the benefit of those around us, to an ever greater extent.

At the human level, without the internal struggle to perfect one’s own morality, every person’s outer struggles will always carry the stink of our body’s mammalian heritage and the destructive group conflicts they engender. Some — like Herr Trump — can choose to descend even deeper beyond the mammalian to where even the mammalian bonds dissolve; therein reside the reptilian attitudes and behaviors of the malignant narcissists.

Most people do not engage in their own internal fight to evolve for the simple reason that most cultures do not inculcate positive/virtuous {cooperative, selfless, universally compassionate, etc.} attitudes and behaviors, instead choosing to only inculcate their negative/vicious {competitive, selfish, callous to out-groups, etc.} opposites.

Once again, see the spoken word intro of Louis Armstrong’s “What a Wonderful World” for the entire purpose behind God’s dictates vis a vis our struggles to self-evolve as individuals and societies.

“On Earth as it is in Heaven” — but for which criteria of Heaven?

1&1~=Umm November 21, 2020 4:14 AM

@SpaceLifeForm:

“Ignore the trolls.”

Oh that they would reciprocate.

Some obviously do not think 8 or 10 people telling them to stop with their comments and @Moderator deleting their comments shortly there after is enough of a hint.

Politics of the “party political” variety is effectively baned by @Bruce, for good reason. Perhaps other contentious subjects that people get strong emotions about that are not Science Technology Engineering or Mathematics(STEM) should go on the “subjects to avoid” list.

Blouis79 November 25, 2020 3:20 PM

I’d love to see full disclosure of the source code of the voting system.

In particular the reported weighted race feature and non-integer vote counting.

Clive Robinson November 25, 2020 4:52 PM

@ Anonymous,

Why is voting system security a voluntary dog’s breakfast???????

Because those that benifit from voting do not want transparancy or oversight.

Have a look at the history of Gerrymandering and other techniques that stop “the wrong sort of people” having the vote.

Blouis79 November 26, 2020 1:26 PM

According to sidney powells filing, ballot counts in michigan show 3 decimal places.

Full disclosure of the count manipulating algorithm is required.

MarkH November 26, 2020 3:26 PM

.
Something to Contemplate

A couple of comments have already cited attorney Sidney Powell, and several others have repeated her claims without naming her.

Here are some of Powell’s own words, referring to an alleged scheme of election fraud involving tabulation systems, with my italics added:

” … the software itself was created with so many variables and so many back doors that can be hooked up to the internet or a thumbdrive stuck in it or whatever, but one of its most characteristic features is its ability to flip votes. It can set and run an algorithm that probably ran all over the country to take a certain percentage of votes from President Trump and flip them to President Biden, which we might never have uncovered had the votes for President Trump not been so overwhelming in so many of these states that it broke the algorithm that had been plugged into the system …”

Doesn’t the italicized language sounds kind of technically savvy?

=========================

I invite the patient readers of this thread to consider the evidence that in at least a few minds …

Sidney Powell is a security expert, and

Bruce Schneier is a political hack.

I think it worthwhile to take a couple of deep breaths and ponder the depth of the acid-trip hallucinations unfolding here in text.

=========================

What does it mean, to engage such thinking in dialogue?

Nietzsche left us a salient warning:

Who fights monsters should keep watch, that he does not himself become a monster. And when you look long into the abyss, the abyss looks also into you.

rrd November 26, 2020 4:20 PM

@ MarkH

Quotes are yours:

Nietzsche left us a salient warning:

Nietzsche is as salient as Ayn Rand, but both have certainly attracted more than their fair share of followers of less than dubious intelligence, with highly negative morality, especially regarding their callous attitude towards others not in their group.

Who fights monsters should keep watch, that he does not himself become a monster.

We ALL must keep watch that we do not become monsters, for we all have that capacity. Furthermore, we must ALL fight our own internal battle against our own selfish negativity before we can reach a level of positive morality that allows us to know for whom physical confrontation is needed for the benefit of the greater world.

As to fighting monsters increasing our ability to be “monsterized”, that is only possible for people who are not fighting the ideals, attitudes and behaviors of monsters, but are merely fighting such people because they are members of the other “team”.

More than a handful of American soldiers in WWII were hung/shot for crimes against humanity. That is because they were monsters. Their fighting monsters had nothing to do with anything.

Some men become soldiers just because they want to know what it is like to kill; it matters not whom they fight, they were monsters to begin with.

And when you look long into the abyss, the abyss looks also into you.

That sentence is literally meaningless — metaphorically or otherwise — but it sounds good to those without discernment, as does much of philosophy and the heartless works of ignorant fools such as Ayn Rand.

Only those who fail to strive towards learning and manifesting perfectly selfless morality can become monsters, as monsters only ever strive toward greater selfishness at the expense of anyone they are able to prey upon.

Clive Robinson November 26, 2020 7:32 PM

@ MarkH,

Doesn’t the italicized language sounds kind of technically savvy?

To whom?

Where do I start… Well, I guess not even “kind of” to anyone who has sat in the compulsory elementary level teaching of computers they give in schools these days.

The statments as given are “kind of” what you might expect of a desperate outsider trying to appear as though they know something about the subject, and failing miserably.

The result a near hysterical boiling pot of terms thrown together to form a mish mash that I assume the utterer hopes will bamboozle people such as MSM journalists who realy should know better (but you get the impression that MSM political journalists on the “Whitehouse list” are not exactly chosen for their ability to do much of anything these days other than regurgitate ad nauseam…)

I trust attorney Sidney Powell does not repeate that sort of nonsense in court, because she would be bringing her –alledged– profession into disrepute. I know some may find that difficult to believe, but the limited number of US attorneys I’ve met, I’ve found to have a sense of ethics if not significant morals, as well as being fairly intelligent. Things I do not think anyone is going to claim Sidney Powell is overly encumbered with currently, quite the opposite I suspect.

Blouis79 November 27, 2020 2:44 PM

The affidavit by former intelligence analyst is interesting. https://www.courtlistener.com/recap/gov.uscourts.mied.350905/gov.uscourts.mied.350905.1.15.pdf

I find media reports that Dominion voting system claims its machines are closed and secure and dont allow access to usb drives are more interesting.

How is it that votes can be recorded on a removable memory card and “lost”? Boggles my mind that this is possible without a complete secure audit trail including machine, user, observer, votes, sequence and code that ensures that every single ballot is accounted forever and totals cannot be produced without machine certified integrity.

Still need full disclosure on the counting algorothims that generate totals with three decimals.

Blouis79 November 28, 2020 3:02 PM

Dominion Voting Systems secuirty analysis 2017.

https://votingsystems.cdn.sos.ca.gov/vendors/dominion/ds52-sc.pdf

Plenty of vulnerabilities.

Dominion says it is the gold standard.
https://www.dominionvoting.com/dominion-statement-on-sidney-powell-charges

Latest vetsion appears to be 5.5-C running on Windows 10. Report 06-16-2020.
https://www.eac.gov/sites/default/files/voting_system/files/Dominion%20Voting%20Systems%20%20D-Suite%205.5-C%20Test%20Report-Rev.%2001.pdf

“The accuracy test ensures that each component of the voting system can each process 1,549,703 consecutive ballot positions correctly within the allowable target error rate. “

Where did that number come from and what happens after???

Blouis79 November 28, 2020 3:50 PM

As far as i can see, the EAC voting system assessments are inadequate.

https://www.eac.gov/voting-equipment/certified-voting-systems

Source code review is limited to “automated source code review” – probably meaning running code through compilet. Manual source code review is limited to reading the comments.

Specific security vulnerabilities mention in the california review are not documented by the EAC.

Blouis79 November 28, 2020 4:59 PM

If a mark sense ballot paper has 1200 mark positions, then errors can happen after 1200 votes and be within certified EAC specs.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.