Could Hackers “Rig” The Election? - Comments Page 2

I'm pretty sure that at least one election - the last presidential election - has already been rigged at the national level. Ohio had more votes than eligible voters, for example. It would not surprise me if machine manipulation were part of it, but the easiest way to rig elections is the old-fashioned way - sneaking in ineligible voters, getting people to vote two or more times, etc. There are no voter ID requirements, so who is to know?

Regarding Ken Mitchell's post: Please...He should stop using every topic on this website as an excuse to slip in partisan political polemics. Forum members have shown restraint by not flaming him on these outrageous claims and made-up facts, and he should respectfully do the same by sticking to the computer issues that Bob Rankin is addressing. Ken can still post those rants on the sites of the crackpot online newsletters where he reads those things in the first place.

Having said that, one claim really must be cleared up: Both government and independent investigations into voter fraud have consistently found it to be extremely rare and usually it involves absentee ballots or signature petitions, rather than “in-person” fraud of the type targeted by voter ID laws. In 2012, the Texas Attorney General verified 18 fraudulent votes cast in that "tiny" state over the preceding TEN years. Ohio found 4 in 2002 and 2004 (out of 9 million votes cast). George Bush's Justice Department charged 120 people for improper voting of one kind or another (convicting only 86) in the entire country during a five-year "crackdown". So any claims that officials (like the ones Ken named) would not have been elected were it not for voter fraud are very amusing. I have to admit I enjoyed reading that one.

Given how huge and pervasive government has become, the temptation to rig elections is enormous. Well over a billion dollars will be spent on the Presidential contest alone, but the prize is control over a multi-trillion dollar budget (not to mention the indirect value of the government's regulatory power). The payoff is three orders of magnitude greater than the expense.

So the very least we should do is make sure that elections are as honest as possible. This entails many aspects. DREs should be abolished. Optical scanners which provide auditable paper trails work reasonably well. All aggregation software should be open-sourced and analyzable by the public for potential flaws. A sufficient number of observers should be recruited (and paid if there aren't enough volunteers) from competing political parties to oversee every step of the voting operations, perhaps video recording everything. Ballots need to be securely tracked and stored.

But ballot security is only half of the problem. Voter security is the other half. We need reasonable voter ID requirements to make sure only eligible voters can vote, that they can do so only once, and only in the precinct where they live. Any qualified citizen should be able to register and provide identification without intentional obstacles. But minor inconveniences which are easily circumventable should not be an excuse for failing to obtain IDs or failing to vote. Frankly, I have no sympathy for citizens who are too lazy or uninterested to bother obtaining IDs or voting. If their vote isn't that important to them, then we're better off if they stay home. The franchise is too critical to be exercised in ignorance.

Voting must also be protected from bribery and intimidation. That's why we have secret ballots. Unfortunately, absentee voting and mail voting in general erodes the secrecy of the voting booth, since it offers the potential of allowing third parties to suborn or steal votes in various ways. Absentee voting should be limited to "good cause" excuses, the way it used to be, to minimize the risk of illegitimate outside influence. And voting should be concentrated on election day rather than spread out over a period of weeks.

Finally, elections should be decentralized as much as possible. The threats of vote fraud and procedural failures can never be entirely eliminated, but they can be localized and minimized. That's one of the reasons that I prefer the Electoral College system: A problem in one county or one state is limited to that locale, and rarely affects the outcome elsewhere. "Rarely" doesn't mean "never", as we saw in Florida in 2000 and in a few Senate races which can impact that body's overall makeup. But in most states, especially deep red or blue states such as Texas or California, nobody's going to bother stealing or forging Presidential ballots, where fraud would have to occur on a massive scale involving hundreds of thousands or millions of votes in order to change the outcome. It's just not worth the risk. On the other hand, if the outcome was determined purely by popular vote and the election was very close, then every city and every state would have an incentive to cheat since it could impact the final result. Instead of one "Florida" we could have 30 "Floridas" all over the country battling over the meaning of hanging chads, with the uncertainty lingering for months or years as different courts hashed out the challenges. To take another example, Chicago's large population of deceased voters doesn't matter to the Presidency, since Illinois will reliably vote Democratic anyway. But if the popular vote replaced the Electoral College, many more zombie voters would claw their way out of the ground to try to tip the national totals.

Two comments.

The file of registered voters is also automated, and is vulnerable.

This whole business could destroy confidence in the democratic process. For example, a defeated candidate can claim the election was rigged. In fact he could recruit hackers so he could point to "proof" for his claim. Has Trump not already said he suspects the election of being rigged?

Anything can be tampered with.

Over 50 years ago, Chicago first used machines instead of paper ballots. The type of machine when you push buttons to select your candidate and then pull a lever to lock in your vote. These were mechanical machines with counters inside to tally the votes. Random inspections of these machines showed many of them with hundreds of votes already counted before the polls opened.

Interesting reading.

http://freewilliamsburg.com/20-amazing-facts-about-voting-in-the-usa/

http://www.yuricareport.com/ElectionAftermath04/StevenFreemanUnexplainedExitPoll_v00m.pdf

If you want to read more copy and paste the title of the articles at this URL in Google search. https://archive.is/mIxup#selection-717.0-719.17

Kevin,
The best that can be said is that no voter fraud that they could detect took place. To say that no fraud took place is an unwarrented display of arrogance.

I have been wondering, this article solidifies my thinking. It seems very possible

Three comments - Vote by paper ballot, whether by mail or in person on election day. It takes longer to count, so maybe only vote-by-mail votes will be available that evening and only 80% the next morning, but all votes end up counting, and counted only once.

Voter fraud these days is vanishingly small; anyone who says differently quite simply has a factless argument. In Colorado, for instance, there were 22 cases of voter fraud charges being brought between 2000 & 2014, over which time well in excess of 10M ballots were submitted. The possibility of someone rigging an election, however, is a scary proposition.

The Electoral College system could probably be improved, perhaps by proportional voting per state rather than a winner-take-all system, but if you though the 2000 Florida recount was bad, think of the problems a country-wide recount would require, if the popular vote was very close.

I forwarded the article to our contacts at Kennesaw State University Center for Elections Systems. KSU has partnered with the Secretary of State’s office since 2002 when the current voting system was purchased and implemented throughout the state of Georgia. The response below is from the Center’s Director, Merle King.

Terry - Georgia's voting system has been used in Georgia since 2002. In that time, we have conducted over 8,000 elections, tabulating more than 45 million votes. Every federal, state and local official, from both political parties that is currently serving in Georgia, was elected by this system. Periodically we get requests from the public regarding the security of our system, and are glad to respond.

1. Cyber Security - the identification of threats to computerized systems and their corresponding mitigations, must deal with the probable, not just the possible. By definition, anything that is not impossible, is possible. Election officials at the state and local level must be responsible custodians of the taxpayers money and allocate security resources where there are in fact, probable threats. The State Elections Division and the Center for Election Systems monitor all reported threats to our system and evaluate both the threat's probability, its vector (how it would or could attack our system) and whether there is an existing or needed mitigation. This monitoring is done in conjunction with the Election Assistance Commission (EAC) and the system's vendor, ES&S. The EAC accesses the resources of NIST and Homeland Security to support their internal efforts.

2. The voting system uses a layered defense approach. This means that penetrating one layer of defense does not give you access to the system, it only presents a different layer. These layers are physical (things like locks, keys, seals, logs, etc.), procedural (chain of custody, dual sign offs on election activities, reconciliation at the polling place and elections office), and logical (encryption of data, SSL certificates, changed logins and PINS, etc.). These layers work in unison to protect the integrity of the system and its data.

Over the years there have been several internet videos that have professed the ease of accessing and hacking a voting system or tabulation server (the GEMS server). These videos are carefully scripted events that selectively ignore the overall security protocol of the voting system. Because voting technologies are so different from consumer or other commercial technologies, the public has difficulty in understanding the architecture of voting systems - they are unlike any other consumer or commercial technology.

One important aspect of the security controls that surround voting systems is their reliance on detective controls vs. preventative controls. Preventative controls literally prevent an anomaly from occurring. Preventative controls are expensive to design and implement. They require perfect knowledge of future events. Detective controls are designed to detect an anomaly and alert the election official. Security seals are good examples of detective controls. They don't keep anyone from getting into a system, but instead, alert the election official that the system has been accessed. Once a detective control has been penetrated, the election official implements a standard procedure of removal of the system, quarantine, forensic analysis, and after-event report.

3. One of the most important controls is the amount of testing that the voting system receives. Our system has been tested to the then-current federal FEC/NASED VSS standard. It has been tested and certified twice at the state level and is conformance with Georgia statute and rule. Both of these testing processes utilize source code review and extensive functional testing. In addition, every unit of the system is tested for conformance to the state standard. This acceptance testing occurs whenever a new unit arrives or when a unit is sent off for repair and returned. Counties perform Logic and Accuracy testing of every piece of equipment prior to each election. The Center for Election Systems performs forensic tests at the request of the Secretary of State, to support investigations. All of the GEMS server are tested each time a county moves the system or it is replaced. This test includes a hash value comparison - a logical comparison of the software on the machine to the known standard load for the server.

4. Georgia requires at least one member of the local elections office to be certified to conduct elections. This certification includes 24 hours of training on the use of the voting system, which includes maintenance and security.

At the Center, we take very seriously the current conversation about elections being rigged or that hacking an election is a trivial exercise. If you have any additional questions or concerns about our voting system, don't hesitate to ask.

Regards,

MSK

From: Don Hawbaker
Sent: Friday, August 12, 2016 9:22 AM
To: Terry Colling ; William Wilson Jr. ; Eric Mosley ; Helen Grayson ; djh0218@aol.com
Subject: Fwd: Could Hackers “Rig” The Election? - August 11, 2016

Don:

I'm forwarding your email to our elections supervisor (Terry Colling), the Chairperson of our Elections Board, and county management to let them know of your concerns about hackers affecting election results. If anyone has information that would address or provide assurances about these concerns, please reply to all.

Thanks, Don.

Don Hawbaker

404 668 3790

---------- Forwarded message ----------
From:
Date: Thu, Aug 11, 2016 at 10:32 AM
Subject: Could Hackers “Rig” The Election? - August 11, 2016
To: Don@hawbakerlaw.com

Don,

With all of the other problems you are dealing with, I thought you would appreciate this one.

My questions are, are our local officials aware of the problem and what are they doing to avoid the problem?

Don J Hay
113 Jasper Ct
Griffin, GA 30223
678-603-7889

--------------------------------------------------------------------------------

From: bob@rankin.org
To: djh0218@aol.com
Sent: 8/11/2016 10:08:11 A.M. Eastern Daylight Time
Subj: AskBob - Could Hackers “Rig” The Election? - August 11, 2016

Having trouble seeing this message? Open in your Web browser.

Hi Don,

Below you'll find a link to my latest article. Click, read and leave your comment! -- Bob Rankin

Could Hackers “Rig” The Election?

As an experienced Election Judge and long-time AskBob reader, I've fretted about election hacking for years. I've yet to figure out how it could be done on a large scale, without simultaneously altering all the THOUSANDS of paper records, though there's a definite risk of a data-collecting hack resulting in incorrect results being announced on Election Night, with much national angst & distrust arising from releasing amended, audited results.

I agree that leaving machines unguarded is risky, but my Election Commission is too undereducated in cybersecurity (or technology in general) to change this practice. Our hope lies in always having a paper record -- and in phasing out the touchscreens (actually needed only for vision-impaired voters), where the paper record could be hacked to differ from the voters' choice, though the voter -- if not vision-impaired -- has the ability to verify the paper record). But in my large county, it would take a LONG time, with many, MANY labor hours, & great taxpayer expense, to re-tabulate all the touchscreens' paper tapes & all the optical readers' paper ballots.

Certain roles of the election judge team should require a minimal level of government security clearance, to ensure hackers (or friends or family members of hackers) don't have unattended access to certain pieces of equipment. And WIFI should not be used by election sites (it's used in my county for voters whose paper signature capture is missing or blank -- not for live vote-casting, but it still puts voters' personal data at risk, if intercepted). However, Homeland Security is NOT accepting feedback from mere judges, as we don't oversee an actual .gov site (and in my large county, the Election Commission uses a .org site); I was dismissed by an annoyed US-CERT clerk when I phoned in my concerns.