The SoS has outsourced election security to Dominion - no public oversight, tech expertise, or transparency.
|
An argument supporting the deferral of updating Dominion Voting System's (DVS) Democracy Suite (DS) 5.11-CO to DVS DS 5.13:
By Shawn Smith June 2, 2021 |
Read the report. Election data intentionally deleted in Mesa County.
August 2021 
| ||||
Even ignoring the multitude of unresolved indicators from other states' use of Dominion Voting Systems-produced, Pro V&V-tested voting systems now in various stages of audit and legal challenge (Fulton Cty, GA; Antrim Cty, MI; Windham Town, NH; Maricopa Cty, AZ, etc), a number of unresolved and unexplained indicators in Colorado beg public scrutiny (e.g. large shifts in registered active voters in certain counties in the runup to the election, unexplained curve-fitting between rates and times of unaffiliated voters casting votes on 2-3 Nov in some counties, but not others, down-ballot roll-on, etc). The Colorado Risk-Limiting Audit (RLA) is not intended to or capable of verifying anything other than accurate tabulation of ballots under ideal circumstances; it does not account for voter verification, influx of fraudulent ballots, or a multitude of conceivable mechanisms for manipulation of the RLA process and opaque software to evade detection of election anomalies and fraud.
1. The People have a right to inspect records, including both electronic (where they are the primary record) and physical (e.g. paper) in order to satisfy THEMSELVES of the integrity/accuracy of elections. There is a case to be made that the physical hardware, including magnetic and removable media, networking devices, cables, etc, all constitute records which may reveal unauthorized access to/manipulation of, or undisclosed/unknown process/operation of voter registration systems, voting systems, and election auditing systems. The Colorado Risk-Limiting Audit is not sufficient
2. The fact that the CO SecState certified DVS DS 5.11-CO, in violation of CO state law, without the required testing by a Federally-accredited Voting System Testing Lab (VSTL) (DS 5.11-CO was tested in 2019 by Pro V&V, which was not accredited at that time, and had not been for ~2 years) is prima facie evidence of a crime that obligates sworn public officials, in general, and law enforcement officers, in particular, to preserve associated evidence, including the unperturbed state of all associated machines and media at the time they were used for the Nov election. Having been advised of this fact, any sworn public official who allows or engages in the perturbation of that evidence must be considered a potential accomplice through obstruction of justice.
3. The DS 5.13 system testing report from Pro V&V, which recovered its VSTL accreditation as of Feb 2021, reveals that they did not test all components of DS 5.13, but that their report relied upon their own prior testing of DS 5.11 components reused in DS 5.11; this means that not only did SecState Griswold violate CO state law in certifying DS 5.11-CO, she has violated state law again in certifying DS 5.13. County clerks should not concede to the modification of an illegally-certified voting system with an illegally-certified update.
4. The DS 5.13 Test Report (https://www.sos.state.co.us/pubs/elections/VotingSystems/DVS-DemocracySuite513/testReport.pdf) list several "test cases specifically designed to evaluate the modifications listed below:
―EED -Added ability to store tabulator resources in the NAS project folder [EED= election event designer; why can't EED resources be stored in the NAS project folder, where CO's elected officials have access to them?]
―RTR -Removed the Byte Order Marker (BOM) from the beginning of the export file [The presence of a byte order MARK (BOM) ALONE is significant; the fact that a unicode character may have been used in the Results Tally and Reporting (RTR) files should raise suspicion that executable, covert code was embedded in the RTR files, potentially enabling the selective exclusion of some records from "random" RLA selection, for example]
―ADJ -Added option to only allow adjudication of contests that meet the out-stack criteria as defined in the Adjudication project [This indicates that adjudication (which can modify, delete, or duplicate individual ballots or entire batches of ballots, so that the ballot images and resulting cast vote records (CVR) do not match the paper ballots) could have been run, either locally or remotely, on ballots that had no legitimate reason for being subjected to adjudication]
―Modified ICC log entry text to be more descriptive for double feed errors [Does this mean that ImageCast Central (ICC) (the DVS systems used to scan paper ballots and produce ballot images and CVRs) systems were capable of double-feeding or double-scanning ballots with no indication to operators, or ON LOGS which public officials and the public would use to audit an election?]
―Corrected functionality to allow discarding of batches after 999 [So DS 5.11-CO may have been used to process batches with batch numbers higher than 999, which may have been excluded from random selection, or processed differently by the RTR functions?]
―Modified ICC to not accept a batch without a Poll ID [Then DS 5.11-CO would accept batches, e.g. remotely or from hidden partitions on removable media, added to scanned batch folders with no Poll ID?]
―Added ability to print Batch Header Cards from ICC
―Added support for HiPro firmware 1.0.1074 [And what was wrong with and changed from the prior HiPro (fastest scanner used in DS) firmware version?]
―Changed maximum Poll ID length from 6 characters to 32
―Added support for ICX BMD to produce a ballot without a barcode [This is a placebo; just because you can't see a barcode/QR code on a paper ballot doesn't mean there isn't a steganographic code embedded on the ballot design, read by software on the scanning system - this is exactly how the counterfeit-deterrent system (CDS) works to prevent U.S. paper currency from being scanned and manipulated at high resolution on U.S.-sold scanners and in Adobe Photoshop.]
―Added support for Avision AP3061 printer [Avision (DS 5.11-CO and DS 5.13 also use Avision touchscreens for ImageCast X (ICX) assistive voting in CO Voting Service Polling Centers (VSPCs); Avision manufactures in Suzhou, China. Did we really need MORE PRC-manufactured equipment and software in our voting systems?]
―Added option to display only a 10-key keyboard when only numeric values are required for entry
―Added option to print a Daily Print Report that provides statistics for auditing but no results
―Added support for new Aegis USB memory devices [These will be described as a security improvement, but they're the same USB memory sticks that Toshiba used to sell, and there's a hard-coded reset pin procedure. Furthermore, and more importantly, the software CO officials use to "format" the USB drives is Dominion-provided and run on Dominion machines - it could very well be covertly excluding or encoding information without CO officials' knowledge. The truth is that NO USB drive is secure and the "air gap" is a fairytale for children. Single-use, single-direction optical media are a far, far more secure (and STILL vulnerable) method for transfer of data.]
―Corrected scroll bar display on Samsung device when first voting session after power up is an accessible voting session"
I have added comments to these test cases, in brackets [ ]; the fact that these conditions may have been present in DS 5.11-CO at the time it was illegally used in CO's Nov 2020 election is cause enough to demand an independent (competent) forensic cyber audit of CO's Dominion voting equipment, and this is ONLY what has been accidentally revealed to us through Pro V&V's test report.
1. The People have a right to inspect records, including both electronic (where they are the primary record) and physical (e.g. paper) in order to satisfy THEMSELVES of the integrity/accuracy of elections. There is a case to be made that the physical hardware, including magnetic and removable media, networking devices, cables, etc, all constitute records which may reveal unauthorized access to/manipulation of, or undisclosed/unknown process/operation of voter registration systems, voting systems, and election auditing systems. The Colorado Risk-Limiting Audit is not sufficient
2. The fact that the CO SecState certified DVS DS 5.11-CO, in violation of CO state law, without the required testing by a Federally-accredited Voting System Testing Lab (VSTL) (DS 5.11-CO was tested in 2019 by Pro V&V, which was not accredited at that time, and had not been for ~2 years) is prima facie evidence of a crime that obligates sworn public officials, in general, and law enforcement officers, in particular, to preserve associated evidence, including the unperturbed state of all associated machines and media at the time they were used for the Nov election. Having been advised of this fact, any sworn public official who allows or engages in the perturbation of that evidence must be considered a potential accomplice through obstruction of justice.
3. The DS 5.13 system testing report from Pro V&V, which recovered its VSTL accreditation as of Feb 2021, reveals that they did not test all components of DS 5.13, but that their report relied upon their own prior testing of DS 5.11 components reused in DS 5.11; this means that not only did SecState Griswold violate CO state law in certifying DS 5.11-CO, she has violated state law again in certifying DS 5.13. County clerks should not concede to the modification of an illegally-certified voting system with an illegally-certified update.
4. The DS 5.13 Test Report (https://www.sos.state.co.us/pubs/elections/VotingSystems/DVS-DemocracySuite513/testReport.pdf) list several "test cases specifically designed to evaluate the modifications listed below:
―EED -Added ability to store tabulator resources in the NAS project folder [EED= election event designer; why can't EED resources be stored in the NAS project folder, where CO's elected officials have access to them?]
―RTR -Removed the Byte Order Marker (BOM) from the beginning of the export file [The presence of a byte order MARK (BOM) ALONE is significant; the fact that a unicode character may have been used in the Results Tally and Reporting (RTR) files should raise suspicion that executable, covert code was embedded in the RTR files, potentially enabling the selective exclusion of some records from "random" RLA selection, for example]
―ADJ -Added option to only allow adjudication of contests that meet the out-stack criteria as defined in the Adjudication project [This indicates that adjudication (which can modify, delete, or duplicate individual ballots or entire batches of ballots, so that the ballot images and resulting cast vote records (CVR) do not match the paper ballots) could have been run, either locally or remotely, on ballots that had no legitimate reason for being subjected to adjudication]
―Modified ICC log entry text to be more descriptive for double feed errors [Does this mean that ImageCast Central (ICC) (the DVS systems used to scan paper ballots and produce ballot images and CVRs) systems were capable of double-feeding or double-scanning ballots with no indication to operators, or ON LOGS which public officials and the public would use to audit an election?]
―Corrected functionality to allow discarding of batches after 999 [So DS 5.11-CO may have been used to process batches with batch numbers higher than 999, which may have been excluded from random selection, or processed differently by the RTR functions?]
―Modified ICC to not accept a batch without a Poll ID [Then DS 5.11-CO would accept batches, e.g. remotely or from hidden partitions on removable media, added to scanned batch folders with no Poll ID?]
―Added ability to print Batch Header Cards from ICC
―Added support for HiPro firmware 1.0.1074 [And what was wrong with and changed from the prior HiPro (fastest scanner used in DS) firmware version?]
―Changed maximum Poll ID length from 6 characters to 32
―Added support for ICX BMD to produce a ballot without a barcode [This is a placebo; just because you can't see a barcode/QR code on a paper ballot doesn't mean there isn't a steganographic code embedded on the ballot design, read by software on the scanning system - this is exactly how the counterfeit-deterrent system (CDS) works to prevent U.S. paper currency from being scanned and manipulated at high resolution on U.S.-sold scanners and in Adobe Photoshop.]
―Added support for Avision AP3061 printer [Avision (DS 5.11-CO and DS 5.13 also use Avision touchscreens for ImageCast X (ICX) assistive voting in CO Voting Service Polling Centers (VSPCs); Avision manufactures in Suzhou, China. Did we really need MORE PRC-manufactured equipment and software in our voting systems?]
―Added option to display only a 10-key keyboard when only numeric values are required for entry
―Added option to print a Daily Print Report that provides statistics for auditing but no results
―Added support for new Aegis USB memory devices [These will be described as a security improvement, but they're the same USB memory sticks that Toshiba used to sell, and there's a hard-coded reset pin procedure. Furthermore, and more importantly, the software CO officials use to "format" the USB drives is Dominion-provided and run on Dominion machines - it could very well be covertly excluding or encoding information without CO officials' knowledge. The truth is that NO USB drive is secure and the "air gap" is a fairytale for children. Single-use, single-direction optical media are a far, far more secure (and STILL vulnerable) method for transfer of data.]
―Corrected scroll bar display on Samsung device when first voting session after power up is an accessible voting session"
I have added comments to these test cases, in brackets [ ]; the fact that these conditions may have been present in DS 5.11-CO at the time it was illegally used in CO's Nov 2020 election is cause enough to demand an independent (competent) forensic cyber audit of CO's Dominion voting equipment, and this is ONLY what has been accidentally revealed to us through Pro V&V's test report.
Election security outsourced to Dominion - no public oversight, tech expertise, or transparency.
By Holly June 2, 2021
By Holly June 2, 2021
CENTENNIAL, COLORADO, June 2, 2021 - In a leaked newsletter sent to all Colorado County Clerks, it’s been discovered that the Colorado Secretary of State has outsourced its election security to a vendor, Dominion, rather than safeguarding election equipment using certified, independent security experts.
Particularly troubling is that seventeen Colorado counties have completed the update in May, without any public notifications. The remainder of Dominion machines in Colorado counties are still to be updated. Arapahoe is scheduled for this summer.
In the newsletter sent by Dominion, County Clerks were told updates include: “Hardware Check 5.13 Training, 5.13 Upgrade Schedule for May 2021, Pre-Upgrade Prep, CRM Breakdown.” No further details on what exactly the hardware checks entailed, who was conducting them, what the Dominion representative’s security credentials included, how County Clerks were to conduct pre and post update confirmations etc.
“The Arapahoe County Clerk hasn’t been given enough information on what’s going on with the machine and the updates. We are trusting Joan Lopez… the Clerk is trusting The State... The State is trusting Dominion. This is not acceptable when we’re talking about the security and integrity of Arapahoe County elections.” Linda Bissett
Across the state, County Clerks have reported an outpouring of interest in the Dominion updates from their constituents. Elbert County delayed the Dominion update until August to better understand what the Dominion update entails. Several other counties are following Elbert County’s example in order to ensure county residents and independent security experts are included in the process of election security and transparency.
State election law requires ballots, envelopes and all voting records are preserved for twenty-two months in case an audit is necessary. This includes electronic records which also include the data stored in the Dominion machines’ hardware, not just machine software records. The Dominion updates most likely raise election law record violations.
Given Dominion has been mired in an array of lawsuits that are still in progress across the U.S. pertaining to election security issues, Secretary of State Griswold’s decision to use the questionable vendor to conduct election security work has raised legitimate questions from Colorado County Clerks and voters from across the state.
Particularly troubling is that seventeen Colorado counties have completed the update in May, without any public notifications. The remainder of Dominion machines in Colorado counties are still to be updated. Arapahoe is scheduled for this summer.
In the newsletter sent by Dominion, County Clerks were told updates include: “Hardware Check 5.13 Training, 5.13 Upgrade Schedule for May 2021, Pre-Upgrade Prep, CRM Breakdown.” No further details on what exactly the hardware checks entailed, who was conducting them, what the Dominion representative’s security credentials included, how County Clerks were to conduct pre and post update confirmations etc.
“The Arapahoe County Clerk hasn’t been given enough information on what’s going on with the machine and the updates. We are trusting Joan Lopez… the Clerk is trusting The State... The State is trusting Dominion. This is not acceptable when we’re talking about the security and integrity of Arapahoe County elections.” Linda Bissett
Across the state, County Clerks have reported an outpouring of interest in the Dominion updates from their constituents. Elbert County delayed the Dominion update until August to better understand what the Dominion update entails. Several other counties are following Elbert County’s example in order to ensure county residents and independent security experts are included in the process of election security and transparency.
State election law requires ballots, envelopes and all voting records are preserved for twenty-two months in case an audit is necessary. This includes electronic records which also include the data stored in the Dominion machines’ hardware, not just machine software records. The Dominion updates most likely raise election law record violations.
Given Dominion has been mired in an array of lawsuits that are still in progress across the U.S. pertaining to election security issues, Secretary of State Griswold’s decision to use the questionable vendor to conduct election security work has raised legitimate questions from Colorado County Clerks and voters from across the state.
