[CAVO] [VVSG-election] [VVSG-pre-election] [VVSG-interoperability] Separating Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could target voting machines

Brent Turner turnerbrentm at gmail.com
Fri Jul 29 15:27:20 UTC 2016


Dale--    No one is alleging complicity on behalf of the election
officials..  more an act of negligence in not pushing for publicly owned /
more secure voting systems. The distrust of the current systems starts with
the " secret " corporate owned software issue..  and the general vendor
control of the event.  This is exacerbated by the vendor lock-in and the
overly cozy relationship between the vendors and some clerks cemented by
business leagues ( parties and junkets etc ) i.e  CACEO in California..

Once publicly owned  / open source ( GPL ) systems are in place  the public
confidence will soar. The public still craves paper ballots as well   which
the CAVO advocated precinct system prints perfectly.

The certification system .. per Roy Saltman and a host of others .. needs a
complete overhaul from the Fed to the States .. and that is the plan for
open source certifications.  Ryan Macias stated he did not believe there to
be much difference in that process  .. but we are available for assisting
that effort-

Brent

California Association of Voting Officials

On Fri, Jul 29, 2016 at 4:20 AM, livingston, dale <
delivingston at harfordcountymd.gov> wrote:

> We had a similar system in Maryland, prior to going back to a paper system
> this past Primary Election.  We also had and have numerous checks and
> balances and care and custody in place to assure that when the polls opened
> in the morning our equipment was secure and working properly.  And as in
> Colorado, our system has to be State certified.
>
>
>
> I also believe that one of the main reasons there is so much distrust by
> the general public is because they are not aware or educated about
> elections or the voting systems put in place for them.  We are trying to
> educate generations of people who don’t even know who their County
> Executive or in some cases even the Vice President of the United States.
> Seriously, not even our politicians are interested in what we do, but
> rather spend 90% of their time campaigning for their next election.  If
> someone wants to HACK into a system, any system, they are going to try.  It
> is how we address such a situation, both prior to purchasing a system and
> if someone does make an attempt to HACK it, that the public is going to
> look at.  Their perception must be that we as election officials are doing
> everything in our power to give them fair, safe, and accurate elections.
> And in my shop, we do just that.
>
>
>
> Dale Livingston
>
>
>
> *Dale E. Livingston*
>
> *Deputy Director*
>
> *Harford County Board of Elections*
>
> *410-809-6002 <410-809-6002> (Direct Line)*
>
> *443-417-0156 <443-417-0156> (Cell)*
>
> *410-638-3565 <410-638-3565> (General Office)*
>
> *410-638-4413 <410-638-4413> (fax)*
>
>
>
> *From:* vvsg-pre-election-bounces at nist.gov [mailto:
> vvsg-pre-election-bounces at nist.gov] *On Behalf Of *Wayne Williams
> *Sent:* Thursday, July 28, 2016 11:57 PM
> *To:* Susan Eustis; Joseph Kiniry
> *Cc:* vvsg-pre-election; Arthur Keller; vvsg-election; Deutsch, Herb;
> Stephen Berger; vvsg-post-election; vvsg-interoperability
> *Subject:* Re: [VVSG-pre-election] [VVSG-interoperability] Separating
> Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could
> target voting machines
>
>
>
> The voting machines used in Colorado are not connected to the Internet.
> Colorado has vigorous voting-systems standards that require all voting
> systems to operate on a closed network that cannot be accessed through the
> Internet.
>
> In addition, counties must use a voting system that has been certified by
> the Colorado Secretary of State as meeting all security requirements.
>
>
>
> Wayne Williams
> ------------------------------
>
> *From:* vvsg-pre-election-bounces at nist.gov <
> vvsg-pre-election-bounces at nist.gov> on behalf of Susan Eustis <
> susan at wintergreenresearch.com>
> *Sent:* Thursday, July 28, 2016 5:41 PM
> *To:* Joseph Kiniry
> *Cc:* vvsg-pre-election; Arthur Keller; vvsg-election; Deutsch, Herb;
> Stephen Berger; vvsg-post-election; vvsg-interoperability
> *Subject:* Re: [VVSG-pre-election] [VVSG-interoperability] Separating
> Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could
> target voting machines
>
>
>
> Joe, I do get to write about this, so I know it exists, but in the real
> world election of Novenber not have that, and we have a not so veiled
> threat to hack the systems so I believe that is the issue we need to
> address.  How do we leverage the audit trail the systems tout and do it in
> a manner that is timely and relevant to what can be a disastrous unraveling
> of our political core.  Do you have any suggestions about the audit trail
> use ?
>
>
>
> On Thu, Jul 28, 2016 at 6:21 PM, Joseph Kiniry <kiniry at galois.com> wrote:
>
> Susan et al.,
>
> > On Jul 28, 2016, at 07:12, Susan Eustis <susan at wintergreenresearch.com>
> wrote:
> >
> > I believe the problems are 2:
> > 1. How to make fraud detectable, the code base in any electronics is
> vulnerable where-ever it is, Code can be changed without detection and this
> needs to be addressed.
>
> I keep hearing this statement made in many forums and continue to bring up
> the fact that there is some excellent R&D going on wrt this topic which has
> been seeing practical application in the DOD space for a few years.
>
> It is now the case that you can prove that the application (and operating
> system &c) you have is exactly what you think it is an moreover that a
> running system is executing exactly that software.
>
> This is hard.  Few people know how to do it.  No existing/traditional
> elections vendor does it or knows how to do it.  But it is a solved problem
> now.
>
> I’m happy to go into deep technical detail with anyone who is interested
> and point to the relevant peer-reviewed work, but this is not the forum for
> such.
>
> Joe
>
>
>
>
>
> --
>
> --
>
> Susan Eustis
> President
> WinterGreen Research
> 6 Raymond Street
> Lexington, Massachusetts
> phone 781 863 5078
> cell     617 852 7876
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20160729/3470ab39/attachment.html>


More information about the CAVO mailing list