OSET Institute

View Original

An Open Letter to DHS Secretary Johnson About Election Night Security

With all due respect Mr. Secretary.  I've had the privilege and honor to provide confidential subject matter expertise to your Department on election technology security.  And nothing I write here will compromise that duty requested of me, including its confidentiality.  However, given your remarks on Tuesday while chatting with the Washington Post columnist David Ignatius in a conversation carried on CSPAN, you reiterated statements previously made by your Department regarding the security of the election.  I respectfully assert that these statements now need to be clarified.

Speaking to the Washington Post on Tuesday, you said (about 6:55 into the interview), “On election night, we had our guard up for this,” adding, “We did not see anything that amounted to altering ballot counts … nothing out of the ordinary.” (Washington Post Live)

Mr. Secretary, I support your agenda to (then in October) not want to alarm an already skittish voting public a month before the general election.  This was especially important after the campaign had become riddled with charges of rigging, tampering, and illegitimacy.  And therefore, I understand the need to be measured with carefully chosen words in the statement(s) issued.  That was then. This is now.

The election is behind us.  The Electoral College will make its certification decision next Monday.  The President has ordered a complete review of the security of elections in order to determine how we situate ourselves going forward.  I respect the President wants this review finished prior to this Administration's conclusion next month (but that may be difficult as I explain below).

It is technically accurate that on "election night" the DHS "crisis team" did not see anything that amounted to altering ballot counts.  But Mr. Ignatius pushed a bit further (at the 7:35 mark) by asking a slightly different question.  He asked if you could assure the Nation that based on what your Department observed that night, the Russian government was not responsible for any election hacking.  You responded that there was "no evidence that hacking by any actor altered the ballot count..."  This is where we believe a clarification is due.

  • First, we believe its time to observe that although nothing was detected on election day, that is not the end of the story.
  • Second, it is not possible to assert confidently that no evidence was found; in fact, no evidence has been found yet, because the kind of a robust investigation required could not have been completed yet.
  • Third, that's because there are old vulnerable PCs for some types of voting system configurations, and we know those machines have not yet been properly analyzed.

If the latter comes as a surprise, then all of us fell down on our job.  For my part, although I did make it clear in content provided to DHS officials that there was, indeed, at least one "Achilles heel" to the assertions being made, I apparently failed to do a convincing enough job to ensure the "Achilles heel" was taken seriously.  Please let me briefly explain.

The Achilles Heel

There is much to the processes of ballot casting and counting.  Although we'd like to keep that to digestible sound-bytes for the general public, its difficult to do so without unintentionally becoming a bit misleading. 

That's because those archaic PCs (with a role in the voting system) are incredibly vulnerable and not always as secured as possible. For instance, one PC used to manage e-voting machine configurations could be (accidentally) accessible to and from the Internet (even though voting machines themselves are not).  The challenge is today's voting systems do not include dedicated, single-purpose, access-controlled devices to serve specific singular vital roles in the overall process of election administration.  Machine vulnerability is a matter of fact by design with current systems.  This is the Achilles heel.

Therefore, while DHS and other national security experts did not detect anything on election night, damage could have begun, for instance, inside a back-office machine weeks or months earlier.  By the time DHS called for States to assess their operations and make sure nothing affiliated with election administration was exposed to vulnerabilities (and I called for such in a Hill Op-Ed in August), those who may have surprisingly discovered such PCs inadequately secured raced to lock them down.  But by then, the proverbial barn door was swaying in the wind.

An Example Vulnerability

There is one machine (based on vulnerable 90's PC technology) that houses an important App used to configure e-voting machines (that usually remain stored in bowed silence inside cold dark storerooms). The App, is called an "election management system" (EMS) and among other things, prepares data that is subsequently physically transferred/loaded into those separately stored voting machines.  The EMS App could have been discovered while probing by an intruding miscreant, and tampered without a trace.  Any malware or compromise within the transferred configuration data could've gone undetected... without a trace.  Absent a thorough audit, we just don't know

In the time since the conclusion of the election, based on activities (or lack thereof) to conduct investigations, we can't know because there is no way a thorough analysis of the machinery could have been finished by now.  Therefore, it would not be possible to say on the 13th of December that "nothing went wrong."  One could say, strictly speaking, "nothing was detected during that time," but of course that is a different assertion. The two are not equivalent by any interpretation. 

So, machinery has not been sequestered for examination, nor has a deep digital forensic analysis been conducted to ascertain whether there are any digital-DNA traces of compromising activity.  The technology and processes to make such determinations exist and are similar to the processes used to determine how and by whom 2-dozen voter registration systems were also poked, prodded, and in several cases penetrated.  However, we know that such an audit of voting machinery has not yet been conducted. 

At some point (now that we no longer need to fear scaring off voters) we need to admit with intellectual honesty, we don't actually know if anything was compromised.  Unfortunately, the recount attempts missed this point as well -- it was about an audit of these machines, not just a recount.  Yes, to audit those machines we need to examine the ballots.  But it was not (and should not be) about ballots and recounting let alone trying to over-turn a result.  The result is in, and the election is over.  However, understanding the totality of potential efforts and actual events to compromise our process of democracy is imperative for America to properly situate itself moving forward in the digital age.

Last September our CTO constructed and presented a demo for NBC News in NYC of the specific compromise that could occur to this particularly tasked PC running the EMS App.  Cynthia McFadden, a veteran (and whip smart) investigative reporter and her crew taped that demo.  Cynthia asked all the right questions, and the demonstration was compelling.  So concerned was NBC during the lead-up to the election, that they chose to not broadcast the resulting segment. They felt it was too provocative; too controversial; and too unnerving to not further upset the viewing public.  And now post election, they continue to hesitate to re-open the issue, although now it should be about how to move forward. 

However, we knew then that what we demonstrated was a strong example of such an "Achilles heel."  We also believe it's the only video demonstration outside of non-public demos previously done for elections experts and officials.  This demo makes the most important point: the underlying architecture of today's voting infrastructure is inherently vulnerable because of its dependency on obsolete 1990's PC technology.

So, Mr. Secretary I ask that you consider when it will be the right time for a candid discussion about what we do know as well as what we don't know, and most important, how we can go forward to ensure something like this (and all of it -- the propaganda war, fake news, social hacking, and yes, all aspects of potential compromises, physical and digital) never happens again.  We offer three suggestions:

  1. Find ways and means to ensure the discussion about voting infrastructure as a national security matter is durable and persists into the next Administration;
  2. Pursue a deep analysis, realizing that what you report to the President by the 19th of next month may be incomplete, but call out, with specificity, what forensic investigations remain to be completed with recommendations for how to do so; and finally,
  3. Foster a candid conversation about how to update and upgrade our election technology infrastructure given that there is no commercial incentive to do so because of a dysfunctional market, while 43 States need to replace their voting systems by 2020.

With respect to the 3rd item above, I want to call your attention to our nonprofit election technology research institute's work to provide publicly available election technology innovations to restore confidence in elections and their outcomes.

The TrustTheVote Project is doing precisely that.  This technology can eliminate these issues by producing evidenced-based voting systems that are more verifiable, accurate, secure, and transparent than anything before it.  We've been working on this technology called ElectOS for several years.  It needs to be finished, and soon.  Its a public digital works project that is truly a way forward from this.  And there are other similar projects to ours.

Our work was one of the reasons I was invited to provide subject matter expertise to your Department.  I am grateful and humbled for having had the opportunity to do so.  I hope, as a final contribution during this Administration's wind-down, that we can successfully facilitate a discussion about how to increase integrity of our election technology infrastructure, as one very important aspect of how we situate our democracy for the future in the digital age. 

I have made a best effort to start that with this open letter. 

Finally, as a citizen I want to thank you for your service to our great nation and for your tireless efforts that protected our homeland from any foreign-born physical attacks during your watch.  The 21st century presents a new age of digital warfare that can (and has) already threatened the operational continuity of our democracy.  The challenges ahead will be considerable.  Your thought leadership in your current capacity will be missed.  I hope in the closing weeks, as you wind down operations, you will still pursue the matters of this letter with vigor.

Respectfully,
Gregory Miller