[CAVO] [VVSG-election] [VVSG-pre-election] [VVSG-interoperability] Separating Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could target voting machines

livingston, dale delivingston at harfordcountymd.gov
Fri Jul 29 19:06:23 UTC 2016 

Brent et al,

I was in no way making any allegations that anyone is alleging complicity on behalf of any election official.  My apologies if that is what came across from my comments.

My concern is the general mistrust the public has toward Elections overall.  And quite honestly, I seriously doubt that the majority of the public cares or thinks about vendor lock in, secret corporately owned software issues, or general vendor control.  The public sees the end result of all this – the polling place and the machines or paper or whatever they are given to vote on and how they can easily maneuver through the voting process.  They also want to know that their vote counted accurately.

Most of the fear the public has about a voting system is based on what they are hearing from the media, or seeing on the web, YouTube or Facebook.  And usually it is an uneducated opinion or an isolated incident that is blown out of all proportion, because fear sells.

All voting systems should be vetted in a very methodical way.  And the system should be transparent.  There are so many components of a voting system and it’s procurement to consider, but I will leave that to the subject matter experts.  And I’m sure that there are ‘cozy relationships’ and lots of politics involved in procuring voting systems.   Personally and professionally I think the politics should be taken out of this process.  There is no room for politics in Elections as Elections should be and only be about the voters and making sure their vote counts.  In my opinion it is a conflict of interest to allow politics in a conversation about a voting system.  But I digress.

The ‘back-stage’ work that is done, and the part that the public never sees, is what we are tasked to do to in order to secure the voting system and their vote.  That is why I believe that public education about elections is a very important component to securing the public trust.  Public Education is also an important component in making sure Elections and their systems and processes are transparent.  And when everything is transparent that is when the public trust will soar.

Dale

Dale E. Livingston
Deputy Director
Harford County Board of Elections
410-809-6002 (Direct Line)
443-417-0156 (Cell)
410-638-3565 (General Office)
410-638-4413 (fax)

From: Brent Turner [mailto:turnerbrentm at gmail.com]
Sent: Friday, July 29, 2016 11:27 AM
To: livingston, dale
Cc: Wayne Williams; Susan Eustis; Joseph Kiniry; vvsg-pre-election; Arthur Keller; vvsg-election; Stephen Berger; vvsg-post-election; vvsg-interoperability; CAVO; Alan Dechert; Brigette Hunley; Brian Fox
Subject: Re: [VVSG-election] [VVSG-pre-election] [VVSG-interoperability] Separating Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could target voting machines

Dale--    No one is alleging complicity on behalf of the election officials..  more an act of negligence in not pushing for publicly owned / more secure voting systems. The distrust of the current systems starts with the " secret " corporate owned software issue..  and the general vendor control of the event.  This is exacerbated by the vendor lock-in and the overly cozy relationship between the vendors and some clerks cemented by business leagues ( parties and junkets etc ) i.e  CACEO in California..

Once publicly owned  / open source ( GPL ) systems are in place  the public confidence will soar. The public still craves paper ballots as well   which the CAVO advocated precinct system prints perfectly.

The certification system .. per Roy Saltman and a host of others .. needs a complete overhaul from the Fed to the States .. and that is the plan for open source certifications.  Ryan Macias stated he did not believe there to be much difference in that process  .. but we are available for assisting that effort-

Brent

California Association of Voting Officials

On Fri, Jul 29, 2016 at 4:20 AM, livingston, dale <delivingston at harfordcountymd.gov<mailto:delivingston at harfordcountymd.gov>> wrote:
We had a similar system in Maryland, prior to going back to a paper system this past Primary Election.  We also had and have numerous checks and balances and care and custody in place to assure that when the polls opened in the morning our equipment was secure and working properly.  And as in Colorado, our system has to be State certified.

I also believe that one of the main reasons there is so much distrust by the general public is because they are not aware or educated about elections or the voting systems put in place for them.  We are trying to educate generations of people who don’t even know who their County Executive or in some cases even the Vice President of the United States.  Seriously, not even our politicians are interested in what we do, but rather spend 90% of their time campaigning for their next election.  If someone wants to HACK into a system, any system, they are going to try.  It is how we address such a situation, both prior to purchasing a system and if someone does make an attempt to HACK it, that the public is going to look at.  Their perception must be that we as election officials are doing everything in our power to give them fair, safe, and accurate elections.  And in my shop, we do just that.

Dale Livingston

Dale E. Livingston
Deputy Director
Harford County Board of Elections
410-809-6002<tel:410-809-6002> (Direct Line)
443-417-0156<tel:443-417-0156> (Cell)
410-638-3565<tel:410-638-3565> (General Office)
410-638-4413<tel:410-638-4413> (fax)

From: vvsg-pre-election-bounces at nist.gov<mailto:vvsg-pre-election-bounces at nist.gov> [mailto:vvsg-pre-election-bounces at nist.gov<mailto:vvsg-pre-election-bounces at nist.gov>] On Behalf Of Wayne Williams
Sent: Thursday, July 28, 2016 11:57 PM
To: Susan Eustis; Joseph Kiniry
Cc: vvsg-pre-election; Arthur Keller; vvsg-election; Deutsch, Herb; Stephen Berger; vvsg-post-election; vvsg-interoperability
Subject: Re: [VVSG-pre-election] [VVSG-interoperability] Separating Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could target voting machines


The voting machines used in Colorado are not connected to the Internet. Colorado has vigorous voting-systems standards that require all voting systems to operate on a closed network that cannot be accessed through the Internet.

In addition, counties must use a voting system that has been certified by the Colorado Secretary of State as meeting all security requirements.



Wayne Williams

________________________________
From: vvsg-pre-election-bounces at nist.gov<mailto:vvsg-pre-election-bounces at nist.gov> <vvsg-pre-election-bounces at nist.gov<mailto:vvsg-pre-election-bounces at nist.gov>> on behalf of Susan Eustis <susan at wintergreenresearch.com<mailto:susan at wintergreenresearch.com>>
Sent: Thursday, July 28, 2016 5:41 PM
To: Joseph Kiniry
Cc: vvsg-pre-election; Arthur Keller; vvsg-election; Deutsch, Herb; Stephen Berger; vvsg-post-election; vvsg-interoperability
Subject: Re: [VVSG-pre-election] [VVSG-interoperability] Separating Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could target voting machines

Joe, I do get to write about this, so I know it exists, but in the real world election of Novenber not have that, and we have a not so veiled threat to hack the systems so I believe that is the issue we need to address.  How do we leverage the audit trail the systems tout and do it in a manner that is timely and relevant to what can be a disastrous unraveling of our political core.  Do you have any suggestions about the audit trail use ?

On Thu, Jul 28, 2016 at 6:21 PM, Joseph Kiniry <kiniry at galois.com<mailto:kiniry at galois.com>> wrote:
Susan et al.,

> On Jul 28, 2016, at 07:12, Susan Eustis <susan at wintergreenresearch.com<mailto:susan at wintergreenresearch.com>> wrote:
>
> I believe the problems are 2:
> 1. How to make fraud detectable, the code base in any electronics is vulnerable where-ever it is, Code can be changed without detection and this needs to be addressed.

I keep hearing this statement made in many forums and continue to bring up the fact that there is some excellent R&D going on wrt this topic which has been seeing practical application in the DOD space for a few years.

It is now the case that you can prove that the application (and operating system &c) you have is exactly what you think it is an moreover that a running system is executing exactly that software.

This is hard.  Few people know how to do it.  No existing/traditional elections vendor does it or knows how to do it.  But it is a solved problem now.

I’m happy to go into deep technical detail with anyone who is interested and point to the relevant peer-reviewed work, but this is not the forum for such.

Joe



--
--

Susan Eustis
President
WinterGreen Research
6 Raymond Street
Lexington, Massachusetts
phone 781 863 5078<tel:781%20863%205078>
cell     617 852 7876<tel:617%20852%207876>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20160729/f7377ac7/attachment.html>

More information about the CAVO mailing list