Date: July 18, 2018 at 14:34:57 GMT+9
Subject: Re: [IP] re Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
Hi Dave,
Yesterday I streamed an event "Protecting New York' of which one panel was pretty much entirely devoted to election security.
https://livestream.com/InternetSociety3/protectingny/videos/177812488
https://livestream.com/InternetSociety3/protectingny/videos/177818676
Something I learnt from it,thanks to NY Senator Liz Krueger (30 mins in in the first clip) , is that NY held off upgrading to electronic machines til 2010, despite being mandated to do so by the Help America Vote Act of 2002 aka HAVA, precisely because they considered them hackable. The compromise -- and according to Sen Krueger NY is the only state that does this -- was to use machines that are not networked whatsoever, and include two distinct forms of vote storage. One that is removed and used to tally votes, and another that is solely used for auditing, along with paper.
At 37 mins, she talks about how NY regulators were very much influenced by anecdotes about how first year college CS students easily hacked Ohio's systems.
joly
--
---------------------------------------------------------------
Joly MacFie 218 565 9365 Skype:punkcast
---------------------------------------------------------------
This message was sent to the list address and trashed, but can be found online.

Date: July 18, 2018 at 10:36:48 PM GMT+9
Subject: Re: [IP] re Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
[for IP]
1. Because the software that *runs* the voting machine is not created or maintained in a secure environment, the absence of networking does not render a voting machine secure. Further: there have been multiple demonstrations of successful on-site compromises of non-connected machines.
2. Of even greater concern, there is considerable evidence that the vote TABULATING machines have been compromised in close jurisdictions. This means that paper ballots can’t be trusted in those jurisdictions without a thorough audit.
3. The very close votes in key jurisdictions mean that statistical sampling is not sufficient to audit the vote in those jurisdictions. Each ballot must be individually confirmed.
4. The overwhelming vulnerability of our election process, coupled with the time limits on certification and the obstruction (both by political means and technical means) of vote validation means that we cannot have well-founded confidence in the results of recent elections.
5. The Russian compromise of voter databases severely hampered Democratic efforts to get out the vote in 2016. I can say from personal experience that a staggering percentage of allegedly Democratic residents in door-to-door canvassing during the 2016 election turned out to be Republicans. While the database is never perfect, our experience suggests a 25%-30% error rate. That’s un-heard of.
Best regards,
Jonathan Shapiro

Date: July 18, 2018 at 11:52:12 PM GMT+9
Subject: Re: [IP] re Top Voting Machine Vendor Admits It Installed Remote-Access Software on Systems Sold to States
Dave,
[for IP]
Have to agree with Jonathan. My recent reporting took a closer look at
Want to hack a voting machine? Hack the voting machine vendor first
https://www.csoonline.com/article/3267625/security/want-to-hack-a-voting-machine-hack-the-voting-machine-vendor-first.html
best,
jmp
--
J.M. Porup
www.JMPorup.com