[CAVO] [VVSG-election] [VVSG-pre-election] [VVSG-interoperability] Separating Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could target voting machines

Brent Turner turnerbrentm at gmail.com
Fri Jul 29 20:17:51 UTC 2016


I agree.. except that the public - especially the youth - are smarter than
ever about technology and they think it is absurd  to use secret software
in elections.  I would be careful not to underestimate the intelligence of
the youth if you want to garner voter confidence.  In the past, the focus
may have been on the obvious " front end " disenfranchisement  issues
i.e.long lines /voter ID etc..  but now the public is aware of " back-end "
disenfranchisement issues such as software and tabulation issues.   This is
why the battle between Microsoft / intellectual property allies and the
open source community is even more relevant today.

The affectation of Jones- Day lawyers surrounding the highest level
 politicos while representing Microsoft as a client is a good example of
what we are up against. Now we have " look-alike/ sound alike "  groups
nuancing  co-opting the open source space to further convolute the solution
attempts.  We have managed to inoculate the White House playbook folks and
others to move toward GPL when faced with licensing decisions..  but the
work is time consuming.. as we are a pro bono effort...

BT

CAVO

On Fri, Jul 29, 2016 at 12:49 PM, Arthur Keller <ark at soe.ucsc.edu> wrote:

> Dale, I agree entirely.  The public is more aware of the issues of why the
> lines are so long in some precincts and much shorter in others, or the
> changes in voter ID requirements, than issues about the security of voting
> systems.  Similar, the typical computer user is more aware of usability
> issues in their computer systems than in security issues.  It’s up to us to
> lead the way to reliable, secure, trustworthy, but also usable, available,
> accessible, and cost-effective voting systems.
>
> Best regards,
> Arthur
>
> On Jul 29, 2016, at 12:06 PM, livingston, dale <
> delivingston at harfordcountymd.gov> wrote:
>
> Brent et al,
>
> I was in no way making any allegations that anyone is alleging complicity
> on behalf of any election official.  My apologies if that is what came
> across from my comments.
>
> My concern is the general mistrust the public has toward Elections
> overall.  And quite honestly, I seriously doubt that the majority of the
> public cares or thinks about vendor lock in, secret corporately owned
> software issues, or general vendor control.  The public sees the end result
> of all this – the polling place and the machines or paper or whatever they
> are given to vote on and how they can easily maneuver through the voting
> process.  They also want to know that their vote counted accurately.
>
> Most of the fear the public has about a voting system is based on what
> they are hearing from the media, or seeing on the web, YouTube or
> Facebook.  And usually it is an uneducated opinion or an isolated incident
> that is blown out of all proportion, because fear sells.
>
> All voting systems should be vetted in a very methodical way.  And the
> system should be transparent.  There are so many components of a voting
> system and it’s procurement to consider, but I will leave that to the
> subject matter experts.  And I’m sure that there are ‘cozy relationships’
> and lots of politics involved in procuring voting systems.   Personally and
> professionally I think the politics should be taken out of this process.
> There is no room for politics in Elections as Elections should be and only
> be about the voters and making sure their vote counts.  In my opinion it is
> a conflict of interest to allow politics in a conversation about a voting
> system.  But I digress.
>
> The ‘back-stage’ work that is done, and the part that the public never
> sees, is what we are tasked to do to in order to secure the voting system
> and their vote.  That is why I believe that public education about
> elections is a very important component to securing the public trust.
> Public Education is also an important component in making sure Elections
> and their systems and processes are transparent.  And when everything is
> transparent that is when the public trust will soar.
>
> Dale
>
> *Dale E. Livingston*
> *Deputy Director*
> *Harford County Board of Elections*
> *410-809-6002 <410-809-6002> (Direct Line)*
> *443-417-0156 <443-417-0156> (Cell)*
> *410-638-3565 <410-638-3565> (General Office)*
> *410-638-4413 <410-638-4413> (fax)*
>
> *From:* Brent Turner [mailto:turnerbrentm at gmail.com
> <turnerbrentm at gmail.com>]
> *Sent:* Friday, July 29, 2016 11:27 AM
> *To:* livingston, dale
> *Cc:* Wayne Williams; Susan Eustis; Joseph Kiniry; vvsg-pre-election;
> Arthur Keller; vvsg-election; Stephen Berger; vvsg-post-election;
> vvsg-interoperability; CAVO; Alan Dechert; Brigette Hunley; Brian Fox
> *Subject:* Re: [VVSG-election] [VVSG-pre-election]
> [VVSG-interoperability] Separating Issues and Avoiding Ghost Stories - RE:
> By November, Russian hackers could target voting machines
>
> Dale--    No one is alleging complicity on behalf of the election
> officials..  more an act of negligence in not pushing for publicly owned /
> more secure voting systems. The distrust of the current systems starts with
> the " secret " corporate owned software issue..  and the general vendor
> control of the event.  This is exacerbated by the vendor lock-in and the
> overly cozy relationship between the vendors and some clerks cemented by
> business leagues ( parties and junkets etc ) i.e  CACEO in California..
>
> Once publicly owned  / open source ( GPL ) systems are in place  the
> public confidence will soar. The public still craves paper ballots as well
>   which the CAVO advocated precinct system prints perfectly.
>
> The certification system .. per Roy Saltman and a host of others .. needs
> a complete overhaul from the Fed to the States .. and that is the plan for
> open source certifications.  Ryan Macias stated he did not believe there to
> be much difference in that process  .. but we are available for assisting
> that effort-
>
> Brent
>
> California Association of Voting Officials
>
> On Fri, Jul 29, 2016 at 4:20 AM, livingston, dale <
> delivingston at harfordcountymd.gov> wrote:
> We had a similar system in Maryland, prior to going back to a paper system
> this past Primary Election.  We also had and have numerous checks and
> balances and care and custody in place to assure that when the polls opened
> in the morning our equipment was secure and working properly.  And as in
> Colorado, our system has to be State certified.
>
> I also believe that one of the main reasons there is so much distrust by
> the general public is because they are not aware or educated about
> elections or the voting systems put in place for them.  We are trying to
> educate generations of people who don’t even know who their County
> Executive or in some cases even the Vice President of the United States.
> Seriously, not even our politicians are interested in what we do, but
> rather spend 90% of their time campaigning for their next election.  If
> someone wants to HACK into a system, any system, they are going to try.  It
> is how we address such a situation, both prior to purchasing a system and
> if someone does make an attempt to HACK it, that the public is going to
> look at.  Their perception must be that we as election officials are doing
> everything in our power to give them fair, safe, and accurate elections.
> And in my shop, we do just that.
>
> Dale Livingston
>
> *Dale E. Livingston*
> *Deputy Director*
> *Harford County Board of Elections*
> *410-809-6002 <410-809-6002> (Direct Line)*
> *443-417-0156 <443-417-0156> (Cell)*
> *410-638-3565 <410-638-3565> (General Office)*
> *410-638-4413 <410-638-4413> (fax)*
>
> *From:* vvsg-pre-election-bounces at nist.gov [mailto:
> vvsg-pre-election-bounces at nist.gov] *On Behalf Of *Wayne Williams
> *Sent:* Thursday, July 28, 2016 11:57 PM
> *To:* Susan Eustis; Joseph Kiniry
> *Cc:* vvsg-pre-election; Arthur Keller; vvsg-election; Deutsch, Herb;
> Stephen Berger; vvsg-post-election; vvsg-interoperability
> *Subject:* Re: [VVSG-pre-election] [VVSG-interoperability] Separating
> Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could
> target voting machines
>
>
> The voting machines used in Colorado are not connected to the Internet.
> Colorado has vigorous voting-systems standards that require all voting
> systems to operate on a closed network that cannot be accessed through the
> Internet.
>
> In addition, counties must use a voting system that has been certified by
> the Colorado Secretary of State as meeting all security requirements.
>
>
>
> Wayne Williams
> ------------------------------
> *From:* vvsg-pre-election-bounces at nist.gov <
> vvsg-pre-election-bounces at nist.gov> on behalf of Susan Eustis <
> susan at wintergreenresearch.com>
> *Sent:* Thursday, July 28, 2016 5:41 PM
> *To:* Joseph Kiniry
> *Cc:* vvsg-pre-election; Arthur Keller; vvsg-election; Deutsch, Herb;
> Stephen Berger; vvsg-post-election; vvsg-interoperability
> *Subject:* Re: [VVSG-pre-election] [VVSG-interoperability] Separating
> Issues and Avoiding Ghost Stories - RE: By November, Russian hackers could
> target voting machines
>
> Joe, I do get to write about this, so I know it exists, but in the real
> world election of Novenber not have that, and we have a not so veiled
> threat to hack the systems so I believe that is the issue we need to
> address.  How do we leverage the audit trail the systems tout and do it in
> a manner that is timely and relevant to what can be a disastrous unraveling
> of our political core.  Do you have any suggestions about the audit trail
> use ?
>
> On Thu, Jul 28, 2016 at 6:21 PM, Joseph Kiniry <kiniry at galois.com> wrote:
> Susan et al.,
>
> > On Jul 28, 2016, at 07:12, Susan Eustis <susan at wintergreenresearch.com>
> wrote:
> >
> > I believe the problems are 2:
> > 1. How to make fraud detectable, the code base in any electronics is
> vulnerable where-ever it is, Code can be changed without detection and this
> needs to be addressed.
>
> I keep hearing this statement made in many forums and continue to bring up
> the fact that there is some excellent R&D going on wrt this topic which has
> been seeing practical application in the DOD space for a few years.
>
> It is now the case that you can prove that the application (and operating
> system &c) you have is exactly what you think it is an moreover that a
> running system is executing exactly that software.
>
> This is hard.  Few people know how to do it.  No existing/traditional
> elections vendor does it or knows how to do it.  But it is a solved problem
> now.
>
> I’m happy to go into deep technical detail with anyone who is interested
> and point to the relevant peer-reviewed work, but this is not the forum for
> such.
>
> Joe
>
>
>
> --
> --
>
> Susan Eustis
> President
> WinterGreen Research
> 6 Raymond Street
> Lexington, Massachusetts
> phone 781 863 5078
> cell     617 852 7876
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensource.org/pipermail/cavo_lists.opensource.org/attachments/20160729/4ae53265/attachment.html>


More information about the CAVO mailing list