Note to anyone wishing to censor, suppress, demonetize or otherwise interfere with the dissemination of this story: It makes no claim that any vulnerabilities of electronic voting systems were used to change the outcome of the 2020 election. (That’s a separate issue.) But a highly anticipated report by CISA --- the Cybersecurity and Infrastructure Security Agency – has provided official documentation of the major security flaws posed by Dominion Voting Machines.
As Kyle Becker reports, the CISA findings were issued based on the analysis of J. Alex Halderman of the University of Michigan and Drew Springall of Auburn University.
Their overview lists nine different security concerns. These vulnerabilities “justify the concerns of election observers who pointed out that admin rights could be used to override security features and that the system could potentially be hijacked due to “spoofing.”
The vulnerabilities of the versions of Dominion’s ImageCastX software they were able to test could allow someone to disguise malicious applications on a device, gain elevated privileges and/or install malicious code, and perform arbitrary administrative actions. It gets worse: An attacker could also gain access to sensitive information and perform privileged actions to potentially affect other election equipment (!). Also, the “authentication mechanism” is susceptible to forgery, allowing an attacker to print an arbitrary number of ballots without authorization.
I’ll put it in layman’s terms. This system is a hot mess. And these are the same potential problems that some cyber experts have been trying to discuss for a year and a half.
CISA has a long, loooong list of recommendations for increasing the level of security in future elections. This list is so exhaustive that it’s hard to imagine all of them ever being followed. So, hey --- I have a great idea! Let’s scrap electronic voting systems entirely and go back to physical paper ballots with no connection to the internet, in-person voting except for very specific reasons, photo ID and poll watchers everywhere. That’s the only way we’re ever going to have faith in our elections now.
Importantly --- though the report itself doesn’t get into how the 2020 presidential election might have been affected --- Becker notes that “a number of these mitigation measures were not followed” at that time. These include:
--- ensuring physical security of machines and equipment (there were lost flash drives)
--- broken chain-of-custody procedures (don’t get us started about the drop boxes)
--- machines proven to have been connected to the internet
--- missing or destroyed ballot images
--- using QR codes instead of printouts that can be read by an actual person
Early on, CISA told us, “We can assure you we have utmost confidence in the security and integrity of our elections, and you should, too.” But, as Becker observes, “...CISA’s infamous claim that the 2020 election was ‘most secure in American history’ is clearly disproven by its own report two years after the fact.”
Ever since the election, voters who expressed any concern at all about election security and integrity were condemned for “destroying faith in our democracy.” Why, we were just conspiracy theorists, upset that the election didn’t turn out the way we wanted. But now, after all this time, we find that we were right to be concerned. And the machines themselves were just one facet of that extremely flawed stone that was the 2020 election.
How I wish this "official" vindication made me feel better. But with it coming so late, and knowing how little acknowledgment it will receive, I still feel a little sick.
Take a look at how it's being reported: CBS News twisted the headline to read, "U.S. finds no evidence flaws in Dominion voting machines were ever EXPLOITED." (Emphasis mine.) According to Becker, we don't know how hard they were even looking for that. "CISA can claim that it has no evidence of voting machines being exploited," Becker writes, "but voters are left to wonder if that is because they didn't seriously look."