“Legally, logistically, and just risk-management wise, this was the safest, wisest course,” said Chief Operating Officer in the Office of the Georgia Secretary of State Gabriel Sterling.
QUICK FACTS:
- The state of Georgia is postponing software updates for its Dominion voting machines until after the 2024 presidential election.
- The decision follows the release of a 2-year-old report detailing the machine’s vulnerabilities as well as a consequent report disregarding the original findings.
- The original report was recorded in July 2021 by University of Michigan Professor of Computer Science and Engineering J. Alex Halderman with Auburn University Professor Drew Springall on behalf of plaintiffs in a court case regarding Dominion Systems’ vote flipping.
- Halderman’s and Springall’s report explained the vulnerabilities present on Dominion’s ImageCast X Ballot Marking Devices after analyzing the machines for three months, some of which include altering QR codes and manipulating smart cards and files.
- “My technical findings leave Georgia voters with greatly diminished grounds to be confident that the votes they cast on [the current Dominion ballot-marking devices] are secured, that their votes will be counted correctly, or that any future elections using Georgia’s [ballot-marking devices] will be reasonably secure from attack and produce correct results,” Halderman wrote in the report.
- Dominion then enlisted the nonprofit MITRE Corp.’s National Election Security Lab to react to Halderman’s report.
- The MITRE report concluded that Halderman’s findings were “operationally infeasible,” although a footnote says the report “assumes strict and effective controlled access to Dominion election hardware and software” rather than drawing upon real-world situations.
RESPONSE TO MITRE REPORT:
- Dominion Voting Systems said on its website that MITRE found “none of the alleged vulnerabilities listed in Plaintiff’s Expert Report would allow a bad actor to change the outcome of an election, particularly given scale considerations.”
- Georgia Secretary of State Brad Raffensperger noted that MITRE’s report “confirms that Georgia’s election infrastructure is secured by the toughest safeguards.”
- Halderman condemned MITRE’s report, claiming it “fails to account for how elections are operated in the real world. It is entirely predicated on a false assumption: MITRE says it ‘assumes strict and effective controlled access to Dominion election hardware and software.'”
- Cybersecurity experts then wrote to MITRE, telling them to remove the report.
- “MITRE’s logic is that if procedural defenses are perfectly implemented, then the system is immune from attack,” the experts’ letter states. “This is a completely inappropriate methodology for assessing real-world risk, since actual risk hinges on how well defenses are implemented and operate in practice.”
- “MITRE’s entire analysis is predicated on an assumption known to be wrong, the letter continues. “As noted on the first page of the document, ‘MITRE’s assessment of the researcher’s proposed attacks assumes strict and effective controlled access to Dominion election hardware and software.'”
- “MITRE’s analysis isn’t simply wrong – it is dangerous, since it will surely lead states like Georgia to postpone installing Dominion’s software updates and implementing other important mitigations.”
BACKGROUND:
- Dominion Voting Systems’ employees knew there were serious problems with the company’s technology, with one Dominion director admitting there was a “critical bug leading to incorrect results.”
- The acknowledgment came in a 2018 email, although the same Director of Product Strategy and Security, Eric Coomer, again admitted in 2019 that “we don’t address our weaknesses effectively.”
- Just prior to the 2020 presidential election, Commer noted that Dominion “is just riddled with bugs.”
