Just LAST MONTH, the Center for American Progress (CAP) released a new study on election security in all 50 states. Unfortunately, California… the “Tech Capital of the World” earned a mediocre grade of “C.”
The job of the Secretary of State is to make sure our elections are functioning properly and the CAP study shows that something is VERY wrong. The study evaluated election security including cybersecurity, after-election recounts/audits, voting machine certification, and more.
The study noted that states receiving a grade of C “have SIGNIFICANT VULNERABILITIES that leave them susceptible to HACKING and infiltration by sophisticated nation-states.” Of course, vulnerabilities are a concern no matter who may be attempting to access our voting systems.
The assessments of ballot accounting and reconciliation and paper absentee ballots as “Unsatisfactory” are particularly concerning. Even areas where California received a grade of “Fair,” big corporate election software makes regular audits nearly impossible to verify.
I’m running for California Secretary of State because I believe that we can do better, and that in fact, we MUST do better if we want to protect our democracy from all attacks, whether foreign or domestic. By ensuring that we have paper ballots, full precinct-level audits, and PUBLICLY-OWNED/OPEN SOURCE SOFTWARE, we can improve the security and transparency of our elections and restore the trust of the public.
Ruben Major Secretary of State Candidate “Running with Ruben for Major Change”
For the past several months, we’ve been campaigning to end California’s discriminatory practice of disenfranchising minority voters who see their mail-in ballots thrown away nearly TWICE as much as non-minorities.
Additionally, California has seen tens of thousands of mail-in ballots thrown out on the basis of signature mismatches and has not provided proper notification to voters when their votes are not going to be counted. This has been a known issue for several years, but has gone forward without any solution.
Now the ACLU has sued the current Secretary of State and won.
It shouldn’t take a lawsuit to resolve this problem. At best, this issue shows negligence when it comes to protecting YOUR vote. Even worse, the Secretary of State’s office has defended disenfranchisement practices by calling injury to voters deprived of the right to vote “slight” in an official court filing. (see page 5 below).
It’s time for a Major Change. It’s time to elect a Secretary of State who stands up for the voting rights of Californians and isn’t afraid to go against those who might otherwise seek to restrict the right to vote. Help us bring integrity back to the office. Help us win by making a contribution of any amount below
Ruben Major Secretary of State Candidate “Running with Ruben for Major Change”[/vc_column_text][/vc_column][/vc_row]
Sacramento, California – I’m very excited to congratulate Doug Jones on his victory last night in Alabama.
Victories like this don’t happen in a vacuum. They are the combination of hard work, brilliant strategy, smart fundraising, and a winning advertising campaign. They are the culmination of the work of hundreds of people who spent time knocking on doors, making phone calls, and gathering signatures. They are the end result of hard work done by great teams.
I would be remiss if I didn’t mention, as Doug Jones did in his victory speech, the contributions of legendary strategist Joe Trippi. His advice and hard work helped bring this race home for Democrats and we are honored to have Joe’s advice helping guide our team as well. With the help of Joe Trippi and supporters like you we know we can win and bring positive change to the state of California in 2018.
As Mr. Trippi has noted, “It is critical to democracy that we immediately move toward the best election system security.” We couldn’t agree more!
Can you help us to continue this winning streak by giving $18 toward a victory in 2018?
The campaign to elect Ruben Major is reaching out to all eligible voters because we want to express our concern for the security of California’s election systems. Currently, we are voting on machines which contain scientifically proven vulnerabilities that are endangering our democracy. These are the same systems in use across the country that called into question the legitimacy of the 2016 election.
Unfortunately, vendors selling election infrastructure also incorporate secret corporate code which prevent computer scientists from helping to secure our voting systems
Team Major strongly urges people look at these vulnerabilities for themselves and form their own opinions based upon the analysis. Be sure to ask questions and demand to know why the current Secretary of State continues to certify election systems known to be vulnerable to hacking.
Despite these problems, we know there is a path which will increase security and voter confidence at the same time. We can rid our voting systems of the insecure, corporate secret software and utilize publicly owned systems with open source software, and printed paper ballots. If Ruben Major is elected, he will deploy a public system that pulls back the secret curtain — a system which can be taken to the rest of the country.
Imagine if the Secretary of State of California said NO to the privatization of our elections. Imagine what affect this could have on the entire country. We can do better and we deserve better! The current Secretary of State has failed in his promise to move the state and country forward. It’s time for a Major Change!
The importance of the National Security Agency (“NSA”) leaked documents cannot be overstated. I have been writing about voter registration and elections system hacking in the 2016 Primary and General Election for several months now and have surveyed following states related to these issues: Arizona, Alabama, Alaska, California, Colorado, Connecticut, Florida’s primary election, Florida’s general election, Georgia, Hawaii, Idaho, Illinois, & Indiana. In many of these states, we have found evidence which matches up with this prior analysis and helps to answer some unanswered questions. The above states help point to the likely route of transmission from the source of hacking to the voting machines themselves. There is only one final piece which needs to be conducted, and this is a forensic analysis of the machines. Brent Turner, Secretary of the National Association of Voting Officials (“NAVO”) has already asked for a forensic analysis from all 50 states, however, no state has yet permitted NAVO to conduct such an analysis.
Route of Virus Transmission
The importance of the NSA document is that it provides proof of actual malicious virus infiltration into the voting systems, beginning at the vendor level. The document explains that the Russian General Staff Main Intelligence Directorate (Russian military unit) attempted to and successfully infiltrated an elections systems company using phishing emails. VR Systems, an elections system vendor, is mentioned, but not identified as the hacked company in the NSA document. VR Systems is an election systems vendor, based out of Tallahassee, Florida which operates in California, Florida, Illinois, Indiana, New York, North Carolina, Virginia, and West Virginia.
There is no specific documentation other than Clerk Berry’s statement which explains where these election officials were located or if the leaked document describes an event limited to a particular geographic location. There is also no mention how many election officials were actually affected by the virus. It is import to note, however, that if any election official were infected, it could result in Total Access to their computer. Considering the scope of the operation and historical analysis of Russian hacking, it is likely that the attack was not limited to one election systems vendor but rather an extensive use of bot networks, which could send out numerous requests. The NSA document explains that the Word Document sends out a beacon when a computer is infected, most likely so a real human user can access the computer itself.
DDOS attacks are those which overwhelm a computer with repeated requests over and over until the server/computer shuts down. Bot networks can infiltrate massive numbers of servers/computers over many networks. The hacking tools discussed above had the ability to both bypass firewalls and inject malicious viruses everywhere. These tools could have been used to hit many different servers/computers across the country where election workers were unwittingly harboring a virus.
From Election Official Computers to Voting Machines
What makes this highly concerning is that if a hacker were to have complete access to the election system as an administrator, they could easily implant a virus on the computer that might reprogram the voting machines either prior to the election through removable media (such as a USB stick) infected with the virus that could change vote counts at some point.
“To hack a voting machine remotely, you might think it has to be plugged in to the Internet. Most voting machines are never plugged directly into the Internet. But all voting machines must accept electronic input files from other computers: these “ballot definition files” tell the vote-counting program which candidates are on the ballot.
These files are transferred to the voting machine, before each election, by inserting a cartridge or memory card into the voting machine. These cartridges are prepared on an Election Management System (EMS) computer. If that computer is hacked, then it can prepare fraudulent ballot-definition cartridges. Are those EMS computers ever connected to the Internet? Most of them probably are…”
This could all happen without an election officials knowledge. It is important to ask the question:
“why would the Russians stop at the election officials computer and not make a change to the actual vote count?”
There would be no benefit to going at the extreme length of setting everything up, but stopping short of finishing the job. If anything, it is absolutely necessary for the forensic analysis of the voting machines to take place in order to maintain Integrity of our election system. For far too long the systems have been vulnerable to hacking.
If the virus could give TOTAL Access to the election system vendors and/or officials, why would #RussianHacking stop short of the machines?
In January of 2016 Dan Sinclare, Leon County, Florida Elections Supervisor Candidate and Dave Levin with Vanguard Cyber Security presented a short demonstration of how Levin was able to hack into the county election systems in Florida and found numerous problems with the security of the system.
It was incredibly easy for the Levin to get in and accomplish anything that the administrator was able to accomplish. He explained that “you be from Siberia and perform” the attack on the system. While Levin’s actions are considered by many to be White Hat Techniques, that did not deter his criminal prosecution for the act. He was later sentenced to 20 days in jail.
What’s important about this particular video has that it shows in real-time format how Hacker’s likely would have used state election officials credentials in order to do whatever the administrator could have done in the systems. It is important to note, that administrators had the responsibility of uploading and downloading candidate information as well as results to and from the administrators computer and the voting machines themselves. This is important because it demonstrates again, the route of transmission of the virus to the vote count systems. If an election official’s computer used for these actions was compromised with this virus, results could not be trusted.
Voter registration systems were extensively targeted throughout the country as I have detailed in numerous reports. It is important to note that an attack on the voter registration systems is an attack on the vote count. In analyzing the NSA document reported above, it is important to note several issues in Arizona starting before the primary where voters were kicked off the rolls. Arizona Secretary of State, Michelle Reagan gave testimony accepting that there had been alterations of both Republican and Democrat party affiliations on the voter rolls — where they were changed to “No Party Preference.” Her testimony appeared genuinely concerned, shocked, and heartfelt. The results were truly disturbing.
The fact that election officials and lawmakers’ systems were breached, tends to lend credence to the fact that the most important systems were affected. This Arizona attack was previously identified as part of a phishing email infiltration. Because of the way that botnets work it is important to point out that sending out queries to lawmakers and election officials computers, as well as the voting systems themselves probably occurred widely throughout the country. Again, a transparent forensic analysis of the voting machines would help to answer this question ultimately.
The next state to consider is Illinois. I have previously reported and Illinois and from what I have found the Illinois State Board of Elections (“SBE”) had come out with a report which detailed an analysis of the infiltration which occurred into it systems prior to the general election. This infiltration involved involved obtaining usernames and passwords of election officials as demonstrated in the SBE report below:
It is important that there is credential harvesting in this case. Illinois officials would have likely been hacked in a manner which would result in Total Access to the election systems by the hackers. This could have been a way to change the vote tallies as described above. Again this is highly concerning.
It is important to point out that the information provided above provides a route of transmission of Russian hacking in the election from the source to the vote count systemswhich tends to discredit the results. These issues need to be shored up as soon as possible in order to prevent any future incidents there have already been calls for the information to be declassified so that states can begin the necessary work to fix their election systems.
There is a solution to this problem which Mr. Turner, Brian Fox, and Dr. Juan Gilbert from the National Association of Voting Officials have demonstrated – See www.navo-us.org. This system advocates for complete and total transparency in the process. We need to make sure that the election systems are appropriately transparent so that the public has confidence in the system. General Public License Version 3 (GPLv3) open source ballot printing and tabulation systems have been tendered to the US government for public ownership and use, but have been kept on the sidelines by corporate led lobbyists.
This can no longer be tolerated as it is in direct conflict with the national security interest. The process is relatively simple. This process (1) begins with the voter choosing the candidate which he or she would like to vote for. Then (2) a ballot is printed out and the voter verifies that the ballot matches the desired selection from the screen. The ballot is then (3) inserted into a privacy sleeve and (4) dropped into the ballot box where it is (5) counted at the end of voting. It is important to note that the count will occur at the end of the day and at the precinct where the vote was originally cast so that people from both parties, as well as voter, the media, and election officials can watch as the count begins to take place. The following video demonstrates how the system works:
Once the counting begins, all of the ballots are announced then (6) scanned into a scanner and the scanning process is projected on a big screen in the public count center. The hand count (8) audit will take place immediately and the hand count will be (9) matched up to the electronic accounting system. If there is found to be a problem with the machine scanner, then the scanner will be thrown out. The hand count will be paramount. Transparency is key here. It is important to use open-source GPLv3 software, because it is not proprietary and does not contain any secret coding which would prevent the forensic analysis of the voting machines. Many reputable entities requiring the best security platform possible utilize open source software, in particular the Department of Defense and NASA which use the code for numerous platforms within their operational makeup.
We deserve nothing less than to have transparency in the elections process as well as to have accountability. Voting officials, unfortunately can be reluctant to provide information related to deficiencies which may have occurred, but there is nothing more precious than a right to vote. If our right to vote is infringed upon, we will have no recourse and our democracy will no longer exist. There is no issue more important for our preservation as a shining example of freedom, than protecting our right to vote — we must continue this fight for our democracy.
“we know that between November 1 and December 16 we were scanned with about 14,800 scans, nearly 15,000 different times.”
Accordingly, Indiana had been scanned approximately 222 Million times within one and a half months. The state’s IT team traced the intruder to a DHS computer’s IP address. The same DHS unit attempted 10 times in 2016 to hack into the Georgia electoral system. I discussed this countrywide issue at length in my analysis of Idaho and Georgia.
DHS had asked Indiana if their state wanted assistance with securing their election systems, along with many other states after the Illinois and Arizona election systems were compromised. Secretary Lawson’s IT Director, Thomas Vesselyexplained that Indiana, “kindly declined [DHS] assistance because we were very comfortable in the work we were doing in monitoring our election system.”
I think it is important to repeat the same critical questions:
Was scanning the result of an active investigation?
If the IP addresses were from DHS, what would the agency have to gain from scanning a system after the election?
Why would DHS scan a state’s election system thousands of times?
It also calls into question Georgia’s case where there were only 10 scans conducted, versus other states reporting thousands. Further information is required and should be disclosed from the states and federal government so we can make a proper analysis. Transparency related to our elections process is key.
“one slight penetration on an (election) website that was actually old and out of date, so it didn’t go anywhere.”
This is highly critical because it represents an admission from a state governmental body that part of the election system, although implied to be insignificant, was penetrated.
Questions arise here, such as what was the extent of the hacking? When did the hacking occur? Is there logging information of the hacking? Also, was the IP address the same as those which came from Georgia or were they different?
Again, many more questions to be answered here.
Currently, there is an ongoing effort by the Indiana Secretary of State to purge voter information from the voter rolls. Secretary Lawson contends that this effort is meant to clean up information that is outdated and is compliant with federal law. In light of suspicious activities surrounding the voter rolls in the last election, such activities need to be scrutinized by the public and must be as transparent as possible and include reporting by the government so that there is accountability to ensure people are not unjustly purged from the rolls.
We have numerous concerns related to the practices in Indiana which potentially point to minority voters discrimination. Additionally, with a confirmation of election system penetration, as well as over 200 million scans detected and reported upon, we need further information regarding the breech as well as scanning from Secretary Lawson’s office. There needs to be more transparency with voter registration system with regard to removing voters from the rolls. There also needs to be transparency in investigation process in order for voters to trust that the election system is working properly. Systems with multiple layers of protection best serve the public. Those responsible for maintaining the election systems have an obligation to ensure that we have confidence in administration. Failure to inform the voters does not instill confidence.
We need a full accounting of the voter registration problems in Indiana, answers to the above questions asked as well as a forensic analysis of the election results in order to ensure the vote counts. Same day voter registration, combined with other transparency safeguards to help improve the system. Paper ballots with open source, general public license voting with a 100% count at each precinct, and an anonymous receipt is the best way to rebuild confidence.
Controversy related to the firing of FBI Director James Comey as well as the reckless release of sensitive information to Russia during an active investigation should give us pause to consider those circumstances giving rise to such possibilities as well as what we must do moving forward to protect our democracy. Our voting system is in peril and we must do something to fix it immediately, otherwise we stand the risk of losing our democracy permanently.
This article discusses voter registration and voting machine related issues which indicate hacking of the election systems. While there may be other explanations for the problems described below, the fact remains that we must do something to fix our election and voting systems as soon as possible in order to avoid future compromise. I have already detailed circumstances indicating hacking in the following states: Arizona, Alabama, Alaska, California, Colorado, Connecticut, Florida’s primary election, Florida’s general election, Georgia, Hawaii, & Idaho. The information below goes through Illinois in the 2016 election, primary and general.
On April 5, 2016, the Chicago Board of Elections met to discuss an automatic recount of 5% which is required to ensure election integrity. Some of the observers, noted deeply disturbing issues, explaining that the machine totals did not match the paper totals and accused election officials of changing paper votes to reflect machine totals. Below is the hearing where these issues were discussed at length:
The comments regarding the Board’s meeting were critical, however, the results stood.
The important part here are the machine vote totals which were not said to match the paper ballot totals. This issue requires further in-depth study and analysis in order for us to have a better idea about what exactly happened with machines and why they did not reconcile.
On June 23, 2016, the Illinois State Board of Elections (SBE) is hit with a malicious SQL injection. The act went unnoticed for nearly 3 weeks. At the time, hackers gained valuable and critical information in a highly concerning manner.
The above message was sent by Kyle Thomas, Illinois SBE Director of Voting and Registration Systems and it explained that he believed the attack, while reaching voter information, did not add, delete or change records, nor did they seem to call up voting records. It is interesting to note that there is an actual copy of a certain voter’s record in Illinois. It this information was able to be accessed undetected, it could be highly problematic.
The report indicated that the SBE website was hit a massive number of 5 times per second 24 hours per day. The Board also concluded that “various IVRS passwords were compromised.” Those with compromised passwords included election authorities, staffers, SBE users, vendors and web services.
In order to maintain compliance with the Illinois Personal Information Protection Act (PIPA). The SBE was responsible for notifying the State Assembly in the event of any such breach. The report explains that it is not final, however, no further report has been published from the SBE, despite calls from the Senate. This information should be updated so that people have a good, working understanding of thee election systems in Illinois.
On September 1, 2016 WHNT News ran a story explaining that Alabama took action on the FBI Flash letter sent regarding suspected election hacking of Arizona and Illinois voting systems, later traced to known Russian hacking incidents.
In Illinois, in truly disturbing form, hackers used malicious SQL/database scanning software to inject code and obtain 200,000 voter files.
On November 8, 2016, there were various reports of broken machines. Additionally, there were reports of machines not working and election judges not responding to the site to ensure proper voting and protocols were taking place.
Tried #voting in the #southloop and not only are voting machines not working but election judges didn’t show up… Talk about disgraceful!
The bill echoed The SBE initial findings and called upon the SBE to conclude their investigation, additionally, the resolution states:
“We urge that the Illinois SBE produce a final comprehensive report outlining the nature of breach, an audit of their IT Systems and that they enact preventative measures to ensure that such cyber interference never occurs again.”
There is yet to be any reporting on these particular issues published. This is highly concerningbecause the people need more accountability and transparency and the SBE promised a comprehensive report previously.
The case of Illinois is a combination of issues which ultimately boil down to a lack of reporting information to the general public. Because the SBE has yet to release a final report on hacking, there is a lot of information missing from the story. It is important to note that it has been almost a year since the attacks took place and SBE became notified of the issue. We need a follow up from the SBE. Even the Senate called for an analysis of the systems.
With the recent release of the Wanna Cry ransomware and zero day vulnerability, among other well-documented issues related to the voting systems, we need to begin with an analysis of ALL voting machines to check for traces of malicious viruses. Once we are able to assess the damage, we will be able to make a better solution.
Voting itself needs to be as open and transparent as possible so the American people can have buy-in that the system is being fixed properly. NAVO advocates the following system which includes a 100% count at the precinct level, paper ballots and Open Source, General Public License software. The multiple redundancies help to ensure that the system is working properly. They are considered checks and balances in the event of compromise.
Open source software/paper ballot election systems are now deployed in New Hampshire and funds have been allocated for projects in San Francisco, Los Angeles and Texas per the National Association of Voting Officials.
Also important to note is that we can secure voter registration system though verification, such as two-factor authentication for any changes in information, various scripting solutions, and/or mail/email confirmation, among countless other solutions which I will detail once the 50 state survey is complete. Voter registration and vote count hacking should be at the very top of the list for any all Americans. If the issues are not rectified quickly lawmakers and candidates may find themselves in perilous circumstances where our very democracy will be at stake.
“All of our issues with our voting equipment is fine and people seemed to be voting with no problem.”
However, multiple issues reported across the area indicate large scale problems. Perhaps the Clerk was unaware of all issues occurring?
Hawaii experienced numerous and significant issues with its voting systems. This is highly concerning because of the potential for vote hacking. Again, such characteristics become an issue with so many problems with the machines spread out all over the state. Additionally, there needs to be a uniform and transparent system of reporting machine malfunctions and investigation results which are reported to the public who deserves nothing less.
“Scanning activity – Georgia presents a wide range of issues which need to be addressed. It is likely that the “scanning” activity attributed to DHS was, in fact, occurring by the FLETC contractor in a routine performance of his/her duties in order to more rapidly obtain data. As there has been no further public pursuit by Secretary Kemp nor another official report provided to the media, it is likely the DHS analysis of the result is accurate.
However, it also seems plausible that scanning activities could have taken place in an attempt to assess Georgia’s systems for weaknesses. Secretary Kemp seems to imply nefarious intentions, but again, there has been no further evidence related to back up the claim presented to the public.”
Both Idaho and Georgia refused help from DHS to protect their elections further. Secretary Kemp explained later that one of the reasons for his state’s denial was that DHS had been offering the states “out of the box corporate solutions that some states needed. [Georgia] did not because we were already using our own.”
“When DHS conducts a cybersecurity scan of a network or system, we do so only with the cooperation and consent of the system owner.”
Secretary Kemp’s (Georgia) relaying of IP address information to Idaho and other states is important to note here.
Idaho’s experience demonstrates concern regarding the DHS IP addresses provided by Secretary Kemp and distributed to the other Secretaries of States. While the Georgia incident had been explained as it related to the issue described above, with the contractor accessing the state website to obtain employee information, we should question why the same IP addresses accessed Georgia’s election system around November 8, 2016.
If the IP addresses were from DHS, what would the agency have to gain from scanning a system after the election?
Why would DHS scan a states election thousands of times?
It also calls into question the conclusions in Georgia’s case. Further information is required and should be disclosed from the states and federal government so we can make a proper analysis. Transparency related to our elections process is key.
General Public License version 3 is the best possible solution at this time. It is inexpensive, non-secret software and more secure than what we are currently using.
Deploying a system, such as that advocated by the National Association of Voting Officials, which contains both paper ballots and true open source coding (not secret) can help to prevent another national security crisis. We deserve better than to permit our systems to be insecure. It is critical that we act as soon as possible — as these problems will only continue to grow if not addressed immediately.
Insurance companies have had their chance to make healthcare work for the people and they have failed — their failure is not just the increasing costs but rather the capital paid in human lives as a result of a lack of appropriate healthcare coverage. Last night we had a very informative session put on by Kyle Thayer, a Paramedic and community leader, who lives in North County San Diego. Mr. Thayer has been tirelessly advocating for the passage of Senate Bill 562 which is a healthcare bill asking for the removal of insurance companies from the process of most healthcare — termed “Single Payer.”
Under the bill, health insurance companies would still be permitted to involve themselves in non-essential care such as cosmetic surgery, but they would be taken from the administration of care which has largely contributed to the rising costs as well as record profits of healthcare in recent years. Currently the bill is in referral status and has been assigned to the Committee on Health for further discussion.
The content delivered last night is one of a series of presentations related to the Single Payer program across the state being organized by Healthy California. Mr. Thayer explained the importance of this bill in the context of saving lives.
As a Paramedic, myself, I can relate to the stories that he related about how so many people who go without healthcare will see their conditions worsen or even die. Mr. Thayer explained that he sees no good reason why we can’t come together to solve this problem and that nobody deserves to die because they do not have health insurance. His tireless advocacy aims to put an end to these terrible results. If passed, Senate Bill 562, by it’s removal of insurance companies as the primary administrators, is likely to substantially decrease the cost of overall care for Californians.
Insurance companies have had their run at administering healthcare for many years. Now it’s time to give that power back to the people.