State of The Union 2017- Security memo from the computer science community
BRENT TURNER· SATURDAY, JANUARY 7, 2017
It should be stated clearly that of this date the President of The United States, the President-elect, nor members of the intelligence community have adequately addressed the issue of vote count tampering within the United States and have failed to specifically address the issues surrounding the 2016 Presidential election.
With recent statements coming from the United States government ( as well as pundits ) it is incumbent upon the scientific community to issue statement. This recent statement serves as foundation on point. In summary, due to the “ privatized / corporate “ technology utilized by the current voting systems and the surrounding intellectual property protections, it is currently unknown whether or not, or to what degree, the 2016 Presidential election accurately reflected the will of the American people.
ELECTION SYSTEM SECURITY ISSUES-
For many years the “intellectual property “ software purveyors contended “ security by obscurity “ was the optimal security practice. In other words, the corporate owned “ secret “ code was appropriate for elections.. as the hacker would not be able to penetrate the “ Diebold type” fortress. This is now recognized as a hoax.
The 2000 Bush v Gore “ Hanging Chad “ incident .. . This failure to achieve a precise vote count set off a series of policy and environmental disasters that has kept the modern world reeling to the current moment . Still now, in 2017, the current state of election systems, though shifted to electronic versions, used for casting votes and counting votes has been concluded by government study ( California Secretary of State “ Top to Bottom Review “ to be deficient and INSECURE. This is not a “ conspiracy theory “ but rather science. The systems run on buggy Microsoft platforms and vendor created “ secret “ software with intellectual property protections. This environment creates a system that is not properly coined “ rigged “ but rather “ riggable “ In other words, it is stipulated that with the current voting systems, a bad actor could manipulate the results without detection. The foremost threat would not necessarily be from a foreign “ hacker “ , but more obviously from an “ insider ‘ with access to the system and / or it’s software code. Obviously either scenario strikes to the heart of our democracy and statement or effort to deny this science is detrimental to the American people. http://www.sos.ca.gov/elections/vot…
HOW DID WE GET HERE ? – The current systems were cobbled together in a hurry to capture funding from the 2002 Help America Vote Act ( HAVA ) . A handful of companies, some with nefarious backgrounds and convicted criminal participants, received 4.5 BILLION dollars to provide voting systems to the U.S. jurisdictions. These systems were flawed in their design and security The Government Accountability Office ( GAO ) attempted to provide remedy to this crisis by advising the National Science Foundation ( NSF ) on a project ( ACCURATE – http://accurate-voting.org/ ) but open source technology / best design direction was rejected and that 7.5 million dollars yielded no corrective results. The battle between the “open source “ scientists and those working to retain the status quo of vendor controlled proprietary systems had begun.
MICROSOFT’S ROLE- The agenda of Microsoft and the Intellectual Property lobbyist community is well documented. The protection of routine sales to the public and private sectors being paramount, Microsoft and it’s aligned proprietary voting system vendors donate to both political parties and are well skilled in “ black -ops “. They have inserted themselves into the political arena as well as the “social justice“ space via contributions and leverage. Their lobbyists have been very heavy handed applying pressure to thwart best security solutions, with their main target to delay the implementation of publicly owned “open source“ voting systems . The proprietary community does not wish for open source progress to infringe upon their “ gravy train “ Also it should be noted that the same groups that absorb the grant monies and have relationships with the political parties also control the activist conversation – http://cavo-us.org/matrix.pdf
WHAT IS “ PUBLICLY OWNED “ ? Open source software is defined as “denoting software for which the original source code is made freely available and may be redistributed and modified. “ ( further definition at http://www.opensource.org ) In a nutshell, open source allows a community of proof-reading “ eyes on the code “ .. and creates an environment where the process is no longer “ faith based “. Some Microsoft allies like to inject a response to a conjured up statement that has never been made .. i.e. “ Open Source is NO panacea “.. Open source is merely a necessary component to a proper voting system.. as the alternative is secrecy and corporate control. http://www.nbcbayarea.com/investigations/Voting-Vulnerability-Could-Open-Source-Computer-Code-Thwart-Threat-from-Hackers-395867861.html
A publicly owned voting system is a security upgrade as the transparency of “ knowing “ is preferable to “ trusting “. and it is stipulated an open source system must be surrounded by best security practices and procedures ( as open source is not a “ panacea “ ) to gain CAVO certification – http://www.cavo-us.org .
SOLUTION CURRENTLY DEPLOYED -Here is an example of an appropriately designed system that runs on appropriately secure software- https://vimeo.com/99856962. This was slated for use in Wisconsin but unfortunately was shelved after the politicians were lobbied by intellectual property interests. Currently New Hampshire is the only state using this secure system, albeit only partially. New Hampshire still needs to complete the tabulation portion of the former “ Prime lll” system,now called the “ All For One “ system.
SOLUTIONS COMING AVAILABLE. San Francisco County in California recently began funding of an open source election system. The hoped for design is a paper ballot printing system that tenders a perfectly marked printed ballot. The software should be General Public License ( GPL v3) open source ( to be differentiated from “open wash “ newer licenses currently emerging ) . The hardware should be commercial off the shelf tablets and printers. http://ww2.kqed.org/news/2016/02/09… There are now other projects, including Los Angeles and Texas, purporting to be open source, but there is concern about those projects and Microsoft’s involvement. Election rights activists are “ watch-dogging “ those projects currently. Once California has a suitable system certified , it will be likely be utilized by all states as a less expensive / more secure model. . Currently the proprietary vendors are rushing to sell US jurisdictions another round of the insecure systems previous to the certification of an open source system.
The general population is now well aware of the defective systems.. so purporting the systems to be secure triggers more and more suspicion. The best method now is to move quickly forward with the available open source technology to create and deploy publicly owned systems – The U.S. government– from the White House ( Office of Science and Technology Policy as well as Cyber-security ) to the Congress- Secretaries of States- State and County Election Officials as well as DOD / DNI/ DHS etc.. have all been briefed. Now it is merely an issue of ” political will” . With the recent classification of election systems as “ critical infrastructure “ by the Department of Homeland Security there is renewed hope that political will can be garnered and funding of secure-publicly owned – open source- voting systems obtained.