Trump allies seek to co-opt coming election-security case to bolster 2020 lie

“... the plaintiffs argue that the secret copying of voting software in rural Coffee County in 2021 by Trump allies — an episode that the plaintiffs unearthed and that has since become part of the criminal indictment against Trump and others in Fulton County — exacerbated the risk to future elections by giving unauthorized individuals a virtual road map to hack into machines and manipulate results

….Halderman has repeatedly said he found no evidence of wrongdoing in the election. But he did outline how people with only brief access to a machine could install malware, and how sophisticated attackers could spread malware to multiple machines over a wide area. Such attacks could change votes and even election outcomes, he wrote.

... visualize the paper record generated by a ballot-marking device. That paper ballot displays the voter’s choices in two ways: in text, which can be read by a human, and in a QR code, which can be read only by a computer. The QR code is what is actually scanned and counted….Halderman found that a hacker could change votes by altering the QR codes, or by changing both the codes and the text. While voters can confirm that the text portions match their selection, there is no way for them to know whether that text matches whatever is encoded in the QR code. [NOTE: ES&S Expressvote XL which was recently approved in New York processes ballots the same way]

….Efforts by Trump and his allies to muddy the waters have made it politically difficult, even untenable, for Democrats — who years ago raised alarms about election security — to publicly support the Curling plaintiffs

….Trump and his allies have co-opted election security as the battle cry for 2020 election denialism, poisoning the issue for Democrats like Jasmine Clark, a  state House member 

….“How do I voice my concerns without being aligned with Trumpers, Big Lie conspiracy theorists and election deniers? That’s the big question and that’s what has been really difficult,” Clark said. She said the breach of Coffee County’s elections office has only intensified her concerns, because it’s unclear who has gained access to the state’s voting software and whether they might try to use it to manipulate future elections….“I don’t want to undermine people’s confidence in our elections, but I also want to be confident in our elections,” Clark said. “It’s such a thin line to walk.”

Comment:   Common Cause is currently in court to keep the ES&S Expressvote XL out of New York since a  voter can’t verify their vote before casting it.  Unfortunately,  Democrats in New York have also gone largely silent on improving security of the vote count  in New York due to unfounded fears of people losing confidence in elections. Legislation we have been advocating for in Albany would provide more confidence in elections.  To date it has been blocked in the Assembly by Democrats heavily lobbied by former high level Democrats now employed by lobbying firms. It’s a new session in Albany, let’s hope our elected officials step up at last to protect our vote count before the big 2024 elections.  ALLEGRA DENGLER

https://www.washingtonpost.com/investigations/2024/01/07/georgia-voting-machines-lawsuit-curling-dominion/?pwapi_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZWFzb24iOiJnaWZ0IiwibmJmIjoxNzA0NjkwMDAwLCJpc3MiOiJzdWJzY3JpcHRpb25zIiwiZXhwIjoxNzA2MDcyMzk5LCJpYXQiOjE3MDQ2OTAwMDAsImp0aSI6IjFkM2VkNzEyLWRmN2EtNGIwZi1hOGIwLTJjZDcyOWI3NWEyNiIsInVybCI6Imh0dHBzOi8vd3d3Lndhc2hpbmd0b25wb3N0LmNvbS9pbnZlc3RpZ2F0aW9ucy8yMDI0LzAxLzA3L2dlb3JnaWEtdm90aW5nLW1hY2hpbmVzLWxhd3N1aXQtY3VybGluZy1kb21pbmlvbi8ifQ.uurQ-vCUMd5gYIO6fTGMz2Muyk9t5rX5fLwQg57NGTE

Trump allies seek to co-opt coming election-security case to bolster 2020 lie
The largely left-leaning plaintiffs in the federal civil case going to trial this week in Georgia allege that the state’s voting machines are vulnerable to hacking — not that they have been hacked
By Emma Brown and Amy Gardner
January 7, 2024 at 8:03 a.m. EST

Mike Lindell, the flamboyant pillow magnate, has spent millions promoting the falsehood that the 2020 election was stolen from Donald Trump — a claim that has been roundly rejected by cybersecurity experts, government officials and numerous courts. But late last year, Lindell crowed that a federal judge had vindicated him at last.“I get to take off my tinfoil hat!” he said on a podcast hosted by former Trump White House adviser Stephen K. Bannon, removing a baseball cap covered in aluminum foil that he had worn as a prop. “You know, that’s what that judge said, we’re not a conspiracy theory guy anymore! Praise the Lord.”


The judge had said no such thing. She had not mentioned Lindell at all — or the outlandish election-fraud claims he and other Trump allies have advanced.The people U.S. District Court Judge Amy Totenberg declared to be not “conspiracy theorists of any variety” are the largely left-leaning plaintiffs in a lawsuit that was filed in Georgia long before the 2020 election and that is slated to go to trial this week. They argue that voting machines there present security risks that state officials are constitutionally obligated to address — and they have the backing, Totenberg wrote, of “some of the nation’s leading cybersecurity experts and computer scientists.”


A favorable outcome for the plaintiffs would have extraordinary implications: Georgia, one of the swing states that decided the last presidential election, could head into the 2024 cycle with machines that a federal judge has deemed dangerously vulnerable to security breaches, at least as currently operated. Though it would be aimed at ensuring a more secure voting system, such a ruling could have unpredictable implications for the public understanding of election integrity, particularly if it is mischaracterized by those seeking to sow doubt about past and future elections.


Lindell and other MAGA-world personalities — including Trump — have long sought to harness the case to bolster the false claim that voting machines were rigged to help Joe Biden win. Now, with the trial set to begin in Atlanta, Trump allies are positioning themselves to leverage political advantage from any finding that the machines are not secure.“It saddens me to say it, but it’s likely that any legal ruling that affirms vulnerabilities in voting technology — even in support of prudent goals, like mitigating risk — will be cynically exploited to undermine voter confidence in elections, for purely political ends,” said Edward Perez, former director for civic integrity at Twitter and a board member for the OSET Institute, a nonpartisan nonprofit that advocates for transparent open-source election technology. (Two of the plaintiffs’ experts serve on the nonprofit’s board of advisers.)

The plaintiffs in the case, known as Curling v. Raffensperger, argue that the touch-screen computers on which Georgians cast their votes are vulnerable to malicious attack and human error. They do not argue that the alleged vulnerabilities have actually been exploited — in fact, they say there is no evidence that has occurred.


Further, the plaintiffs argue that the secret copying of voting software in rural Coffee County in 2021 by Trump allies — an episode that the plaintiffs unearthed and that has since become part of the criminal indictment against Trump and others in Fulton County — exacerbated the risk to future elections by giving unauthorized individuals a virtual road map to hack into machines and manipulate results.


Marilyn Marks, executive director of the nonprofit Coalition for Good Governance, one of the plaintiffs, said Georgia must acknowledge and deal with the alleged problems with its voting system, regardless of the efforts by some to mischaracterize the case. “We cannot back down from what must be done based on what Trump or any other politician says about it,” she said in an interview.A key defendant in the case is Georgia Secretary of State Brad Raffensperger, a Republican perhaps best known for defending the state’s 2020 election results against Trump’s attacks — and for resisting Trump’s pressure, in a January 2021 telephone call, to “find” enough votes to help him win.


AdvertisementRaffensperger argues that real-world security protocols ensure the safety and reliability of Georgia’s voting system, which the state purchased in 2019 for more than $100 million. Because the plaintiffs have found no evidence of malware or hacking, their claims amount to unfounded conjecture, lawyers for his office argue.


Every voting system carries some degree of risk, the lawyers argue, and weighing that risk should be a political decision — not a judicial one.


Mike Hassinger, a spokesperson for Raffensperger, said that Georgia’s voting system is “widely trusted” by voters and produces accurate results. “The plaintiffs in this case concede as much by the fact that they don’t challenge the accuracy of the results of the 2020 or 2022 elections conducted on this system,” he said.Dominion Voting Systems, the manufacturer of Georgia’s machines and subject of multiple conspiracy theories about the 2020 election, has vigorously defended its products in public statements and last year secured a $787.5 million settlement after suing Fox News for defamation. Dominion is not a party to the Curling lawsuit, but a report commissioned by the company concluded that any effort to exploit vulnerabilities in the machines would be “operationally infeasible.”

A spokesman for the Trump campaign did not respond to a message seeking comment for this story. Steve Sadow, Trump’s criminal defense attorney in the Fulton County case, declined to comment on the upcoming Curling trial.


The bench trial is expected to begin Tuesday and to last several weeks. The plaintiffs are asking Totenberg, an Obama appointee, to block Georgia from using its current machines. Totenberg has made clear that she cannot order the state to adopt paper ballots that would be marked by hand and then scanned and tallied by machines — the kind of system favored by the plaintiffs and used by the majority of voters across America. She has said that if she finds deficiencies in the current system she could order “pragmatic, sound remedial policies” such as new security measures.The case represents a rare challenge to currently in-use voting machines that has managed to clear legal and evidentiary hurdles to get to trial. The plaintiffs, who in addition to the nonpartisan nonprofit organization include several Democrats and a conservative activist, were granted an unusual degree of access to examine voting machines for this case. They have developed what Totenberg has described as “a huge volume of significant evidence regarding the security risks and deficits in the system.”


The plaintiffs first sued then-secretary of state Brian Kemp (R) in 2017. They challenged the paperless touch-screen voting machines that Georgia used at the time. Because the digital-only systems left no paper trail, there was no way to verify whether they accurately recorded and tallied votes, they argued.


That argument was buttressed by a growing scientific consensus that paperless touch-screen voting systems were vulnerable to hacking and error. During one early hearing in the case, University of Michigan computer science professor J. Alex Halderman — an expert for the plaintiffs — demonstrated in court how a malware-infected memory card, inserted into a touch-screen machine, could change votes without detection.


Totenberg admonished Kemp’s office in 2018, writing that state officials had “buried their heads in the sand” as evidence of security problems mounted. In 2019, she ordered the state to stop using the paperless touch-screen machines, finding that continuing to operate them was a “genuine threat” to voters’ constitutionally protected rights.

State officials were already moving toward a new voting system using “ballot-marking devices” or BMDs. The touch-screen voting machines would print out voters’ choices on a piece of paper, which could then be scanned and counted — and kept as an enduring record to verify the election outcome.


In spring 2019, state lawmakers passed a bill to adopt ballot-marking devices mostly along party lines. Georgia became the only state in the nation to mandate Dominion’s BMDs for all in-person voting statewide.


As officials prepared to deploy the machines during the tempestuous 2020 cycle, the Curling plaintiffs argued in court that the new system was no more secure or reliable than the old. They argued that the machines were hackable and insecure and could not be relied upon to accurately record voters’ choices onto paper ballots.


AdvertisementOn Oct. 11, 2020, Totenberg decided she would not block the state from using the new machines, reasoning that a last-minute change risked causing chaos in the upcoming election.


But the new machines presented “true risks,” she wrote of the potential for hacking or system breakdown. The plaintiffs’ cybersecurity experts, she continued, “convincingly present evidence that this is not a question of ‘might this actually ever happen?’ — but ‘when it will happen,’ especially if further protective measures are not taken.”


Three weeks later, Trump lost. His allies immediately latched on to the case as part of their quest to keep him in power.After the 2020 election, pro-Trump lawyer Sidney Powell cited work by expert witnesses in Curling in her lawsuits seeking to overturn Trump’s loss in Georgia and three other states. Each of her complaints discussed an expert declaration submitted in Curling and an academic paper written by three other experts retained by the plaintiffs, outlining some of the alleged problems with ballot-marking devices. The suits combined that evidence with a potpourri of baseless claims, including that rogue actors from Iran and China, as well as Venezuelan communists, played a hidden role in rigging machines.


In mid-December of that year, Totenberg’s concerns about the machines’ “true risks” were quoted in a proposed executive order drafted by a coterie of Trump supporters. The draft order called for seizing voting machines, an idea that Powell and former national security adviser Michael Flynn presented to Trump in the Oval Office two weeks before the Jan. 6 attack on the Capitol.


Trump and his allies also picked up on a report that Halderman, the plaintiffs’ expert witness, generated for the case. Totenberg had ordered that Halderman be given access to a Dominion ballot-marking device and related equipment. The report he produced, filed in court under seal in summer 2021, outlined “critical vulnerabilities” that he said could be used to subvert the machines’ security mechanisms.


Lindell tried to force the release of the report, arguing that it would aid his defense against Dominion, which had sued him for defamation. Fox News, Newsmax and One America News, all facing their own defamation lawsuits, also tried to unseal the report. Totenberg initially refused to release it, finding that the alleged misrepresentations about Dominion at the heart of those defamation suits “bear little to no relationship to the cyber-security and engineering issues discussed by Dr. Halderman.”


The report was finally unsealed last year, after it became an important part of the dispute over whether the case deserved to go to trial. Trump posted a link to a story about the report on Truth Social. “THE ELECTION WAS RIGGED!” he wrote, muddying the difference between evidence of vulnerabilities in the system and evidence that those vulnerabilities have actually been exploited.


Lindell said at the time that the report vindicated anyone who had claimed the 2020 election was stolen.


Halderman has repeatedly said he found no evidence of wrongdoing in the election. But he did outline how people with only brief access to a machine could install malware, and how sophisticated attackers could spread malware to multiple machines over a wide area. Such attacks could change votes and even election outcomes, he wrote.


To understand how that could happen, it helps to visualize the paper record generated by a ballot-marking device. That paper ballot displays the voter’s choices in two ways: in text, which can be read by a human, and in a QR code, which can be read only by a computer. The QR code is what is actually scanned and counted.


Halderman found that a hacker could change votes by altering the QR codes, or by changing both the codes and the text. While voters can confirm that the text portions match their selection, there is no way for them to know whether that text matches whatever is encoded in the QR code.


In a recount, officials could rescan the QR codes by machine or hand count the text. In 2020, Georgia did both, and both recounts affirmed Biden’s victory. Those recounts confirmed the accuracy and reliability of the Dominion machines, state officials have said.


The plaintiffs in Curling point to research showing that most voters never check to make sure that the printed ballot accurately reflects their choices. A recount of unreliable ballots is an unreliable recount, the plaintiffs argue.
In 2022, the judge ruled that Halderman’s report could be shared with the federal Cybersecurity and Infrastructure Security Agency. CISA confirmed many of the vulnerabilities Halderman had identified in the Dominion ballot-marking devices, which are used in some jurisdictions across more than a dozen states other than Georgia.


Exploiting the vulnerabilities probably would require “physical access” to the machines themselves, CISA said. And according to Raffensperger’s office, real-world election-security procedures would make it very difficult or even impossible for a bad actor to get that access.


But in January 2021, an elections official in Coffee County allowed a forensics team paid by Powell, the pro-Trump lawyer, to spend hours in her office copying virtually every piece of the Dominion system, The Washington Post previously reported. The copies were then shared online and downloaded by at least 10 people, records show.According to Halderman, anyone who got access to the data and software copied in Coffee County would have an advantage in finding vulnerabilities in the machines and creating malware to exploit them. Halderman wrote to the court that the episode “materially increased” the risk of an attack on Georgia’s elections. In November, when Totenberg ordered that the case proceed to trial, she described the revelations about Coffee County as “perhaps the most significant development” in the case since 2020.


It was that ruling — in which Totenberg cited evidence of “substantial risks” posed by Georgia’s voting machines — that prompted Lindell’s tinfoil hat routine on Bannon’s podcast.


In an interview with The Post, Lindell said he did not intend to imply in the Bannon podcast that the judge’s ruling specifically addressed his own claims about the 2020 election. “When I say I’m vindicated, I’m vindicated being able to say that these machines need to be looked into,” he said. “I should have the right to question these machines and these computers.”


Others who claim that the 2020 election was stolen have also embraced the judge’s ruling.


“The election was stolen, and the machines were a big part of it,” Jack Posobiec — a right-wing media figure known for promoting the Pizzagate conspiracy theory in 2016 — said on his show as he introduced Lindell. “Mike, how does it feel to get a ruling like this, after everything they’ve put you through?”


Lindell again took off the tinfoil hat. “It’s very encouraging,” he told Posobiec. “It was like a double ruling: Yes the machines are vulnerable, and yes if you talk about them you’re not a conspiracy theorist.”


Trump amplified comments Lindell made about the case, writing on Truth Social: “This is a Big and Wonderful deal!”


Rep. Marjorie Taylor Greene (R), the election-denying congresswoman from Georgia, also weighed in. “Wow!” she wrote on Truth Social. “Judge Amy Totenberg declared the electronic voting machines used by the State of Georgia have substantial flaws.”


So did Flynn, the former national security adviser who tried to persuade Trump to use the military to overturn the election. “The funny thing about the truth is that it always (always) surfaces to the top. Might take longer than some like, but the truth always comes out,” he wrote on X, linking to a copy of Totenberg’s order.


Efforts by Trump and his allies to muddy the waters have made it politically difficult, even untenable, for Democrats — who years ago raised alarms about election security — to publicly support the Curling plaintiffs.


In 2019, when the Georgia legislature debated adopting the type of machines currently in use across the state, Democrats voted almost unanimously to oppose them. Echoing the Curling plaintiffs, many Democrats pushed instead for hand-marked paper ballots.


But those same Democrats have gone dark since the 2020 election out of fear of being “smeared” as election deniers, according to David Cross, a lawyer representing some of the plaintiffs.


Jasmine Clark, a freshman state House member in 2019, was critical of the machines at the time. She recently told The Post that she is still troubled by them and thinks the state should shift to hand-marked paper ballots, but Trump and his allies have co-opted election security as the battle cry for 2020 election denialism, poisoning the issue for Democrats like her.


“How do I voice my concerns without being aligned with Trumpers, Big Lie conspiracy theorists and election deniers? That’s the big question and that’s what has been really difficult,” Clark said. She said the breach of Coffee County’s elections office has only intensified her concerns, because it’s unclear who has gained access to the state’s voting software and whether they might try to use it to manipulate future elections.


“I don’t want to undermine people’s confidence in our elections, but I also want to be confident in our elections,” Clark said. “It’s such a thin line to walk.”