A group of election security experts warned California’s secretary of state in a Thursday letter that her state’s Dominion Voting Systems machines are vulnerable to attack and a “rigorous” audit should be conducted following the gubernatorial recall election later this month.
The eight experts, mostly hailing from various universities around the country, cited in their letter the “illegal public release about three weeks ago of binary images of the Dominion election management system (EMS) software and its installation environment,” last month as the main reason for their concern.
Further, they pointed to a report authored by University of Michigan computer science professor Alex Halderman, who they identified as “one of the nation’s foremost experts in voting system cybersecurity.”
Halderman served as an expert witness in a lawsuit brought in federal court in Georgia regarding November’s general election results.
The professor “found very serious security vulnerabilities in the Dominion Ballot Marking Device (BMD) system, some of which would allow an ordinary voter to insert malware into a BMD during a voting session, with little likelihood of detection. That malware could spread undetected to other voting machines and potentially to the central election management system (EMS) in the county.”
The Associated Press reported that copies of the binary images of Dominion’s election management system were distributed during an election security conference hosted by MyPillow CEO Mike Lindell in August.
“Two of the images came from Mesa County, Colorado, and one came from Antrim County, Michigan. Those images, which include the EMS and its installation environment, have been widely downloaded,” the cyber experts wrote in their letter to California Secretary of State Shirley Weber.
“While it is prudent to assume that other nation states have had that software for a long time, thousands of other people with unknown affiliations, motives, and physical access to voting systems now have it also.”
With the EMS so widely available, they argued there is an increased “risk of undetected outcome-changing cyber-attacks on California counties that use Dominion equipment and the risk of accusations of fraud and election manipulation which, without rigorous post-election auditing, would be impossible to disprove.”
Jenna Dresner, a spokeswoman for Weber, told the AP that 40 of the state’s 58 counties use Dominion Voting Systems machines.
She added that the systems undergo regular tests for vulnerabilities.
“California has the strictest and most comprehensive voting system testing, use, and requirements in the country, and it was designed to withstand potential threats,” Dresner said in a statement to AP.
In their letter, the cyber experts acknowledged, “While the versions of the Dominion software that were released are not identical to the versions used in California, they are closely related, so this security breach imperils California elections.”
“Every complex software system has bugs and security flaws. Cybersecurity research has shown that election software has more than its share. Since that software is usually kept proprietary and secret, however, relatively few people have had the opportunity to examine, instrument, and test it closely enough to find exploitable flaws.
“This is now no longer the case, at least with Dominion software. As of August 2021, thousands of unknown people can study the code and find weaknesses to plan attacks on elections.”
“In raising our concerns about the Dominion software release we are not accusing Dominion of wrongdoing,” they added. “Nor do we have evidence that anyone currently plans to hack the recall election. However, it is critical to recognize that the release of the Dominion software into the wild has increased the risk to the security of California elections to the point that emergency action is warranted.”
The experts called for a statewide “risk-limiting audit” (RLA) by hand counting random samples of paper ballots to ensure with statistical confidence the Dominion-calculated results match the actual results.
“If an actual cyberattack silently changes the outcome of the election, or any other procedural or software error does, a properly conducted RLA based on trustworthy paper ballots will detect it and correct it (with high probability). If the election outcome is correct in the first place the RLA will provide strong, public evidence that it is, creating a ‘firewall’ against litigation and disinformation seeking to discredit the outcome.”
Among the signatories to the letter to the California secretary of state are Harri Hursti, co-founder of Nordic Innovation Labs, and Philip B. Stark, a statistics professor at the University of California, Berkeley.
Both are featured in the HBO documentary “Kill Chain: The Cyber War on America’s Elections” released in March 2020, as is Halderman, who did not sign on to the letter.
The politicians appearing in “Kill Chain” were primarily Democrats, including Sens. Amy Klobuchar of Minnesota and Ron Wyden of Oregon. Republican Sen. James Lankford of Oklahoma is also in the movie.
All spoke of the need for better cybersecurity in light of the vulnerabilities of electronic voting machines.
“The problem is once you understand how everything works, you understand how fragile everything is,” Hursti says in the film.
“I keep hearing that the system is unhackable. Everything is hackable, always,” the cyber expert added.
In an April 2020 interview with The Western Journal, Hursti explained that all voting machines are programmed to organize and communicate the data to the central database.
“The memory cards actually have a programming side,” he said. “Programming can have a lot of logic. So the program can dynamically look [at] what is happening and decide on the spot what is needed to be done in this precinct on this machine” as part of changing the overall result.
“Once you can send that instruction to the election management system, the election management system is sending the same programming into every voting machine,” Hursti continued.
“So the only thing you need to do is to modify that program, and there are so many different ways.”
The recall election for California Gov. Gavin Newsom takes place on Sept. 14.