A group of election security experts on Thursday called for a rigorous scrutiny of the upcoming recall of the California governor after copies of systems used to conduct elections across the country were released.
Your letter to the State Department asks the state to conduct some sort of post-election review that can help expose malicious attempts at meddling.
The nationwide recall of Democratic Governor Gavin Newsom, slated for September 14, is the first election since Dominion Voting Systems’ election management system was distributed last month at an event hosted by MyPillow CEO Mike Lindell, an ally of the former President Donald., Trump, who made unsubstantiated claims about last year’s election. Election offices in 30 states use the Dominion system, including 40 California counties.
Voting security experts have said violations from one county in Colorado and another in Michigan pose an increased risk for elections as the system is used for a range of administrative functions – from designing ballot papers to configuring voting machines to Counting the results. In the letter, the experts said they have no evidence that anyone is planning a hacking attack on the systems used in California and does not blame Dominion.
“It is important to acknowledge, however, that the release of Dominion software has increased the risk to the security of the California elections to such an extent that contingency measures are warranted,” the experts wrote in their letter, signed with The. Associated press was shared.
The eight experts who sign the letter include computer scientists, electoral technology experts, and cybersecurity researchers.
Jenna Dresner, a spokeswoman for Secretary of State Shirley Weber, said the 40 California counties using Dominion use a different version of the election management system that meets various state-specific requirements. She outlined numerous security measures to protect electoral systems across the state. This includes regular vulnerability testing, tight controls over who has access, physical security rules, and pre-election testing to make sure no part of the system has been modified.
“California has the strictest and most comprehensive testing, usage and requirements of electoral systems in the country, and it is designed to withstand potential threats,” Dresner said in a statement to the AP.
Security professionals want California counties that use Dominion’s election management system to conduct what is known as a “low-risk audit,” which essentially uses a statistical approach to ensure that reported results match actual votes. California also uses paper ballots, which makes it easier to review the results.
The letter states that the differences between the leaked Dominion software images and the versions used in California are relatively small. The experts said thousands of people now have access to the basics of Dominion’s election management system, including some who may have access to voting machines.
“This increases the risk of undetected, outcome-altering cyberattacks in California counties using Dominion devices, and the risk of allegations of fraud and election rigging that would be impossible to refute without rigorous post-election screening,” the letter said .
A majority of voters are expected to drop off postal ballot papers during the recall and return them through the U.S. Postal Service or through post boxes in their districts.
California law already requires counties to hand-count ballots from a random sample of 1% of counties after an election. Although the state has carried out a pilot program with risk-limiting audits, Dresner’s state law does not currently permit any recall voting. It’s not clear if that could change less than two weeks before the election.
Among those who signed the letter was Harri Hursti, a voting technology expert who attended the Lindell event in South Dakota. Hursti said he was given three copies of the Dominion election management system – one a picture of the system used in Antrim County, Michigan, and the other two from Mesa County, Colorado. In an affidavit filed in Georgia federal court, Hursti said the copies were later made available for online download.
He said the release gives hackers a “training environment” to look for vulnerabilities in the system and a roadmap to avoid countermeasures. Hackers only need physical access to the systems as they should not be connected to the Internet.
Philip B. Stark, a statistics professor at the University of California, Berkeley, who also signed the letter, compared it to the difference between a bank robber with a blueprint for a vault and an exact replica of the vault to practice attacks.
“That’s it,” he said. “They basically have an exact copy of the thing they’re trying to break into.”
Experts say attacks could create technical issues that could cause machines to malfunction, tamper with ballot design, or even target outcomes.
A Dominion representative said the company was aware of reports of the unauthorized release of the system images and reported them to authorities. The company said federal cybersecurity officials did not see the breach as a significant increase in electoral risk.
But Stark said the sheer number of people who now have access to the information makes this violation particularly serious. While it is possible that the information was already in the hands of the Russians or other opponents, it was associated with considerable costs and effort, he said. This is not the case now.
“What this has done, in a way, is democratized access to the information that would be needed to launch a cyberattack on Dominion systems,” said Stark.
The threat is compounded by the finding by electoral technology specialist J. Alex Halderman that even a voter has adequate physical access to implant malware, Stark said.
“So if you have someone who can do the technical work to develop a cyberattack, they could actually be used by a voter, an insider, a vendor, or whoever,” he said. “It really multiplied by a huge factor the number of people who can harm our elections.”
Halderman, director of the University of Michigan’s Center for Computer Security and Society, made these observations after examining the Dominion’s voting machines, which were used in Georgia as an expert witness in a longstanding lawsuit against the use of those machines.
The release of the system images follows an attempt by Republicans to investigate voting machines that began shortly after the November election when Trump questioned the results and attributed his loss to widespread fraud, although there was no evidence to back it up.
Cassidy and Brumback reported from Atlanta.