""Given what we know, that all of this horrible software has gone into the wild, the prudent election director will take absolutely every possible method to verify that the results are, in fact, correct." But, Buell explains, unless ballots are examined by hand, "we don't know that the results we are seeing are actually the results.”” Doug Buell
Guest: Duncan Buell Ph.D. of Univ. of SC; Also: Me and Alex Jones...
By BRAD FRIEDMAN on 11/14/2024, 6:38pm PT
Computer scientists, cybersecurity experts and voting systems experts are concerned following last week's election. One of them joins us to explain on today's BradCast. Also, some personal recollections today, for reasons you will learn if you haven't already, of rightwing conspiracy-monger Alex Jones. [Audio link to full show follows this summary.]
As our friends at the nonpartisan government watchdog Free Speech for People announced on Wednesday, "A group of computer security experts have written to Vice President Kamala Harris to alert her to the fact that voting systems were breached by Trump allies in 2021 and 2022 and to urge her to seek recounts in key states to ensure election verification." The well-respected experts are hoping she will use her standing as candidate for President to seek hand recounts of paper ballots, or at least smaller so-called Risk Limiting Audits, to assure the results reported from the November 5, 2024 election are accurate as per voter intent. The vast majority of results reported at this time, and prior to certification, are tabulated only by computers --- either correctly or incorrectly. It's impossible to know without a hand examination.
The scientists and security expert concerns, as they explain in their 5-page missive [PDF] to the Veep, spring from the fact that Donald Trump supporters, following the 2020 election, unlawfully breached proprietary voting systems in a number of states, then copied and distributed the software to an unknown number of people.
We have reported here in great detail on a number of those breaches over the past several years, including most intensively in Coffee County, Georgia. There, a number of Trump supporters unlawfully accessed the statewide voting systems beginning on January 7, 2021 --- the day after the attempted U.S. Capitol insurrection --- and, as one of the participants noted on a recorded phone call, "scanned all the equipment, imaged all the hard drives and scanned every single ballot." Several members of that effort, including Trump attorney Sidney Powell, were eventually charged with felony crimes as part of Fulton County's sweeping racketeering case filed against Trump and 18 co-conspirators.
As the security experts explain in their letter to Harris, "Possessing copies of the voting system software enables bad actors to install it on electronic devices and to create their own working replicas of the voting systems, probe them, and develop exploits. Skilled adversaries can decompile the software to get a version of the source code, study it for vulnerabilities, and could even develop malware designed to be installed with minimal physical access to the voting equipment by unskilled accomplices to manipulate the vote counts. Attacks could also be launched by compromising the vendors responsible for programming systems before elections, enabling large-scale distribution of malware."
Following the discovery of the Coffee County breach in Georgia, the state's voting system vendor, Dominion, issued security patches, which the U.S. Cybersecurity and Infrastructure Security Agency (CISA) strongly urged jurisdictions around the nation which use those same systems to apply immediately. GA's Sec. of State Brad Raffensperger, however, refused to do so before the 2024 election.
"In the light of the breaches we ask that you formally request hand recounts in at least the states of Michigan, Nevada, Wisconsin, and Pennsylvania," the security experts request in their letter, while clarifying for those who may try to confuse them with Trump's "Stop the Stealers" who falsely claimed fraud in the 2020 election: "We have no evidence that the outcomes of the elections in those states were actually compromised as a result of the security breaches, and we are not suggesting that they were. But binding risk-limiting audits (RLAs) or hand recounts should be routine for all elections, especially when the stakes are high and the results are close. We believe that, under the current circumstances when massive software breaches are known and documented, recounts are necessary and appropriate to remove all potential doubt and to set an example for security best practices in all elections."
They urge Harris to move quickly because, while post-election audits of varying quality are carried out in a number of key states, many will be conducted only after certification and after the window to seek recounts that could affect election results has closed.
We're joined today by one of the seven letter writers, Professor DUNCAN BUELL Ph.D., NCR Chair Emeritus in Computer Science and Engineering at the University of South Carolina. Buell has been studying and serving as an expert on computerized electronic voting and tabulation systems for decades now.
"It's crap software," Buell tells me bluntly about systems made by ES&S, the nation's largest vendor, whose software he has studied most closely. "We know that most of the ES&S system has been exported to the web and is available to any and all bad actors. We know for sure that the Dominion system has been exported and is available. And we know from studies of both systems that they fail to provide the kinds of security issues that would prevent bad things from happening," he says.
"Given what we know, that all of this horrible software has gone into the wild, the prudent election director will take absolutely every possible method to verify that the results are, in fact, correct." But, Buell explains, unless ballots are examined by hand, "we don't know that the results we are seeing are actually the results."
He describes the software in question --- as Georgia's Attorney General did prior to the revelation of the Coffee County breach --- as "the keys to the kingdom" and argues that it is "absolutely bananas" that the tabulation of ballots and programming of the software is not verified.
We cover much more in our conversation, including a number of large, if still-unexplained tabulation errors (that were luckily discovered during canvassing) in states like Pennsylvania and Michigan; questions about a reportedly, unusually large number of so-called "bullet ballots" featuring just one single vote in last week's election, but only in battleground states; and several ways to improve the systems in the future to allow more oversight of election results to the public.
BradCast_BradFriedman_DuncanBuell-RecountLetterToHarris_AlexJonesTheOnion_111424