Insecure Voting in LA: Padilla & Logan Are "Moscow Alex & Dean"
The controversial election system now being implemented in Los Angeles County violates the very same hacking safeguards which, when blocked by Mitch McConnell in 2019, earned the Senate President the moniker "Moscow Mitch." The election officials responsible for the largest single block of votes in the nation, California Secretary of State Alex Padilla and L.A. County Registrar Dean Logan, may now be saddled with the nicknames "Moscow Alex" and "Moscow Dean."
Los Angeles County has a population of 10 million people, four times more than the next largest county—Cook County, Illinois. The county is make-or-break for presidential campaigns. The system is being pushed in earnest by Logan and Padilla.
Padilla said of an early version of the system in 2018:
“Los Angeles County's VSAP vote tally system is now California's first certified election system to use open-source technology. This publicly-owned technology represents a significant step in the future of elections in California and across the country.”
For his part, L.A. County Registrar Logan said:
“This is a significant milestone in our efforts to implement a new voting experience for the voters of Los Angeles County,”
Critics, however, have decried the new system as prone to hacking, no matter how strenuously the manufacturer or election officials assure that it is not. In a report commissioned by the Secretary of State himself, the consulting firm of Freeman Craft McGregor group finds unnecessary ports, the capability for Internet connection, and locks to ports that were easily picked.
Among the findings:
- Both the vote tallying machine and the ballot marking device possess Ethernet ports which can be connected to the Internet
- The ballot marking device possesses a USB port that the report deems not necessary for the system's basic functions. The report states: "The System also does not conform to CVSS 7.3.b, which states “Voting systems shall only have physical ports and access points that are essential to voting operations and to voting system testing and auditing.” Permitting the System to start from an external USB drive is not needed at any time to implement voting operations."
- "Seals, locks, labels and sensors can all be bypassed."
- "excessive root access and the ability to boot the system from a USB port give access to the system by unauthorized individuals. Either scenario can result in undetected changes to files and data."
- The testers were able to gain access to the electronic event logs. California Voting System Standards (CVSS) state: “Any unauthorized physical access shall leave physical evidence that an unauthorized event has taken place.”
- "It is possible to insert or remove ballots from both the BMD and ballot transfer boxes without detection."
However, from the standpoint of election security, one design criteria is fundamental. It is listed first in Section 102 of the “Securing America’s Federal Elections Act” or the “SAFE Act,” which is one of the bills that McConnell blocked last year as Senate Majority Leader, thus earning him the disparagement "Moscow Mitch." It is the requirement that the ballot is paper, and that the paper can be "inspected and verified by the voter without training or instruction or audited by election officials without the aid of any machine or other equipment."
The requirement is an assurance that the voter and audit officials can see, in plain English or language they can read, what the ballot says, and that auditors can read the ballot without the aid of any other equipment. This would disqualify the system that Padilla and Logan are advocating.
That system, the VSAP Tally and Ballot Marking Device, generates a barcode which ostensibly represents the voter's choices, but it cannot be verified by the voter. Even with "training and instruction" in finding, downloading, installing, and using a bacode reader (in this case a two dimensional code called a QR code) the code may be even further encrypted, rendering a reader useless.
The full text of Section 102(a)(2)(a)(1) of the Securing America’s Federal Elections Act which was blocked by McConnell reads:
"The voting system shall require the use of an individual, durable, voter-verified paper ballot of the voter’s vote that shall be marked and made available for inspection and verification by the voter before the voter’s vote is cast and counted, and which shall be counted by hand or read by an optical character recognition device or other counting device. For purposes of this subclause, the term ‘individual, durable, voter-verified paper ballot’ means a paper ballot marked by the voter by hand or a paper ballot marked through the use of a nontabulating ballot marking device or system, so long as the voter shall have the option to mark his or her ballot by hand. The paper ballot shall be printed or marked in such a way that vote selections, including all vote selections scanned by voting systems to tabulate votes, can be inspected and verified by the voter without training or instruction or audited by election officials without the aid of any machine or other equipment."
The QR code as the primary original document in the casting of a vote also violates present California election law.
California Code, Elections Code - ELEC § 19270 states:
"The Secretary of State shall not certify or conditionally approve a direct recording electronic voting system unless the system includes an accessible voter verified paper audit trail."
A QR code cannot be "voter verified."
The proposed voting system is manufactured by Smartmatic, whose ownership has been called a "riddle" in an investigation by the US Embassy in Venezuela, where the system was being used in national elections in the previous decade.
In contrast to Los Angeles County, by far the most populous county in the US, St. Louis County, Missouri is in the process of implementing a "print on demand" ballot which can be hand-counted, or counted by an optical scanner vote counting machine which takes a digital image of each ballot.
Those ballot images, all anonymous and which cannot be traced to any individual voter, can then be posted online for independent verification of the totals.
The technology is described in the article at Alternet entitled "New Technology Allows Election Officials to Verify Votes Like Never Before."
Election integrity activists have been unwavering in their insistence that the voter be able to read on paper the vote he or she has just cast. Although the VSAP Tally system prints out a paper ballot that has the names of the chosen candidates, with the familiar bubbles filled in next to the names, it is the generated QR code that the machine vote counter reads.
Elections activists say this presents an opportunity for a hacker to introduce malware which changes votes from what the voter can see, no matter what officials say. For example, in the unencrypted example below, the first QR code reads "Elizabeth Warren." But the QR code below that reads "Ha ha I just stole your vote."
Brad Blog's Brad Friedman, who has followed the story since L.A. County first proposed using the system, reports:
"L.A. County Clerk/Registrar-Recorder Dean Logan, who had been very responsive and helpful in previous years, no longer answers simple questions about the new voting system called "Voting Solutions for All People" (VSAP)"
The Freeman Craft McGregor Group report describing the system's vulnerabilities are located at the California Secretary of State's website. The most relevant documents are: