Jim March Simpson
Judge Gass has ruled against us. He meant to say that John Brakey, AUDIT-AZ and the Arizona voters they represent had no case at all and the action had no merit. But due to his own limited understanding of basic computer security he put quite a bit into his final record that shows serious reason for concern as to how Maricopa County in particular runs elections.
In the briefest possible terms, the Maricopa County Elections Department (MCED) has reserved the right to cheat. Just like they have in elections John Brakey and I have monitored going back to 2006.
The relevant portion of Judge Gass’ order:
Plaintiff did not establish that the violation of any best practices amounted to fraud or misconduct
Plaintiff offered testimony from Douglas W. Jones. The Court conditionally admitted his testimony regarding voter registration database vulnerabilities and election tabulation vulnerabilities. Plaintiff maintained that the evidence might establish that failure to follow best practices could rise to the level of fraud or misconduct.
The Court will allow the testimony to be admitted based on some concerns presented regarding the ePollbooks.
Mr. Valenzuela from MCED [Maricopa County Elections Department] testified in response to those allegations. Mr. Valenzuela’s testimony established that MCED followed many of the best practices that Mr. Jones identified, including the following:
1. MCED considers and takes into account best practices, looking at a variety of resources.
2. MCED maintains a trail of all voter registration changes for each voter.
3. MCED’s voter database is not connected to Wi-Fi. The only connection to the Internet is indirect and is through a secure VPN (Virtual Private Network).
4. For paper ballots, vote tabulations are printed, signed, and secured at the end of the election day and are maintained along with the memory pack. The paper ballots also were secured and preserved.
5. For the touchscreen voting (the Edge), the memory pack and the paper tally are preserved.
6. MCED’s tabulation machines (Insight and Edge) are not Wi-Fi enabled and are not connected to the Internet.
7. All MCED databases are encrypted to protect the data.
8. MCED and all counties use hand counts to verify electronic tabulation results using 2% for ballots cast at the polls and 1% for other ballots. Third parties, people appointed by the political parties, are responsible for actually conducting the hand counts. As for the PPE, the hand count of MCED’s ballots showed a 0% variation between the hand count and the electronic tabulation by the voter equipment.
9. Provisional ballots provide a failsafe to ensure voters are able to vote. The procedures appear at page 57 of the Board Worker Training Manual. See Exhibit 34. Any concern about the ePollbooks is addressed by the failsafe put in place by the provisional ballots.
Given the above, MCED uses many of the best practices highlighted by Mr. Jones. The above cuts against plaintiff’s argument that MCED’s practices support a finding of fraud or misconduct. They do not.
This discussion happened in conjunction with testimony from a credible pollworker showing that the precinct-level electronic pollbooks were tied together with a WiFi “cellular hotspot” known as a “MiFi”. This technique tied all the pollbooks together with no wires plus connected them to the general Internet. The county claims that they use “the best possible encryption” including VPN and, we can assume, a decent WiFi password and security standard such as WPA2.
Let’s say we have a situation where a rogue election tech decides to tamper with the electronic pollbooks on election day.
Under the “old method” where the precinct pollbooks are wired together, our hypothetical(?) election tech turned vote hacker has to enter the polling place, approach the pollworkers and explain that he’s there to do some kind of alteration. Even if we assume he’s a good “social engineer” he has to risk a pollworker calling up county election HQ for confirmation. There’s also a risk that a political party observer will get curious and ask questions or even an abnormally alert voter. In short, what happens at a polling place is supposed to be protected by the ordinary citizens volunteering that day plus party observers plus everybody else as it is fundamentally a public process.
Or at least, it’s supposed to be.
Now let’s look at the new system. Same corrupt election tech drives up, parks across the street, doesn’t even get out of his car. He jumps on the WiFi net as an unobserved “extra” in the process and does whatever attack he wants to. Remember: none of those fancy swoopy encryption protocols will do squat to stop somebody who has the passwords. Therefore he can do whatever tweak he wants without observation.
This fundamental principle applies to ALL of the “security provisions” the various county election officials come up with.
We’ve seen many, many other examples of Maricopa in particular subvert their own security where it comes to internal controls. John Brakey has a more detailed list and I’m not going to repeat it here. What I want to emphasize isn’t a single problem but rather a failure in attitude, in basic culture of the majority of the county election offices in the country, let alone Arizona. When challenged on security issues they always paint the outside attacker, the stereotypical “criminal hacker” as the threat while making sure at every level that they can tamper with the vote to whatever degree they want while becoming irate and even violent towards anybody who tries to do significant oversight.
Just in this one election, we know that the paper ballots are prepared with systems that make it impossible to limit counterfeit ballots (via “ballot on demand”) to allow easy ballot substitution. We know they’ve always used insecure ballot boxes/containers – we’ve seen two variants on their “secure ballot storage” concepts that allow full access without leaving a visibly broken seal. They import data into the Sequoia central tabulator with something called the “Bridge tool” that was never certified, certainly should have been but can’t be because it relies on the notoriously insecure Microsoft Access product…and many, many more examples. I’ll let John Brakey fill in those details.
This lack of accountability wouldn’t fly at a bank. People who enter or massage financial data at a bank know that their actions are tracked by systems that they themselves cannot tamper with. This basic concept is completely lacking in the entire elections business.
As a result, the Arizona basic constitutional commandment that elections be “free and fair” is treated as a joke. This is what Judge Gass missed – right there in his courtroom, in highly technical language of course to obscure their real meaning, Maricopa elections staff actually told him they were reserving the right to alter the election and he missed it.
This basic mismatch in the culture of how we process elections has to change – we must answer the age-old question of “who will guard the guardians?” where elections are concerned.