Election Administration Using Voting Machines Part 1 of 6
I have questions.
Perhaps there are reasonable answers to my questions.
If I was employed by a County, I would want answers to these questions and as a voter, I expect that County officials at a minimum understand the answers and supervise the vendors.
Remember, we paid for these machines.
At the time of this writing, the video linked below is publicly accessible. It is also archived on the wayback machine. The way to read this article is to have one window open with the video running and another with these questions.
The questions asked below are only based on the features demonstrated, not every feature available for use.
Decide for yourself if they are worth asking…..
What additional question do you have?
Time stamp 0:00:00
How was this desktop machine accessed and what credentials were used?
Who has access to those credentials?
Are they shared group credentials or individual credentials with unique passwords?
Time stamp 0:00:20
This is a windows machine. In the lower right, you can see the icon indicating that it is connected to a network.
What network is this machine connected to?
Is this a hard wired network or a wireless network?
How do we know there isn’t unauthorized access being made to this networked machine?
There is also Internet Explorer loaded on this machine. You can see the icon in the lower left.
Why is Internet Explorer loaded on this machine?
What purpose does it have related to certified election procedures?
Time stamp 0:00:30
This person states that the files used to configure the election need to be loaded and they may have been setup by the County or the vendor.
Why is the vendor being relied on to program the election and not the County?
Does the County have the technical expertise to program the election?
If the vendor is being relied on, what quality control is in-place to ensure the vendor setup the election properly?
Is there a technical review by the County?
Is that review documented by a quality control unit employed by the County?
Is that review of the vendor’s work publicly available? If not, why not?
Time stamp 0:00:50
The files to be installed are distributed to the County via an FTP location.
How secure is the FTP location?
How is the FTP location accessed?
Is the FTP site accessed with one of the election machines directly?
Time stamp 0:01:24
In the copying procedure being demonstrated from the File Explorer, the root drive C: is visible.
As an admin of this system, is access to all of the directories on the C: drive permitted?
If so, is there a change log available?
On the Filer Explorer, in the lower left, a network is visible. What network is that and is it accessed via hardwire or wireless connection?
Time stamp 0:01:45
Do the two files that are received to setup this election, include a formal chain of custody document or audit trail to show that what is being installed is the correct configuration?
What quality control is in-place to review and approve the election configuration files before they are installed?
Time stamp 0:02:45
In order to restore the election project, the user must manually navigate using File Explorer, find the correct file, and ensure that it is not unzipped. Then select the file.
What type of quality control measures are in place to ensure the correct file is chosen? For example, how does the admin ensure that an older file is NOT chosen versus the correct file?
Given that the loading procedure is manual via File Explorer, what prevents a user from loading a file that is located on the network instead of the local directory?
Time stamp 0:03:00
The project is now loaded into the event designer.
Before choosing “OK”, are there any quality control measures in place to ensure that the correct file has been chosen?
What quality control procedures are in place to verify the meta data on the election project before choosing OK?
If any of the data on the election project is incorrect, what procedural controls are in place to rectify the problem?
Time stamp 0:03:09
A warning screen pops up because this election project has been previously loaded. The user here decides not to make a backup copy of the prior project and deletes it.
Why is it “optional” to make a backup copy of the prior election project? Shouldn’t all election data be retained?
Why would an election project exist with the same name in the first place?
Time stamp 0:03:15
The message states that if the restoration process is interrupted, it could permanently damage the consistency of the project data.
If the restoration process WAS interrupted, why would it be possible to use a corrupted project in the first place? Doesn’t the system have checks in place to ensure that a corrupted project would never be used?
Time stamp 0:04:07
After the project is restored, it is loaded by going to the menu option Election Project>Restore Project. In the video, there is a second option available on that menu which is “Create Project” that is not used.
Why would the admin need to create a project if the project files are being supplied by either the County or the vendor?
Why isn’t this option disabled?
Time stamp 0:04:26
When loading a project, credentials need to be entered.
Why are group credentials being used instead of individual credentials? The username is “Admin”, for example.
Time stamp 0:06:22
After the project has been restored, the user has access to File Explorer showing directories for all elections.
What controls are in place to prevent the admin from altering or deleting any of the files located in any of the election directories present?
Time stamp 0:07:28
The registration counts are manually entered by precinct into Excel.
What is the source of these values and what type of quality control is in place to ensure that the correct values are entered and verified and not changed?
Time stamp 0:08:30
The voter registration numbers are manually imported from a file created by the admin.
What safeguards exist to prevent the admin from choosing the wrong file?
What are the consequences to the reporting if the wrong file is chosen?
How is the voter number verification process formally confirmed?
Time stamp 0:10:22
Smart card configuration is accessed through the Election Project>Project Setting menu. There is a user password type field that permits the selection of “Default” with a Default password.
Why can a single Default password be applied to all user types?
Why are group user accounts permitted with shared passwords?
Why are password complexity rules not utilized (besides length 4-8).
Time stamp 0:10:37
Election smart cards for Technicians are not election specific based on the settings on the Smart Card tab.
Why are technician smart cards NOT election and precinct specific? The net result is that any Technician smart card can be used on any tabulator as long as it is not expired.
What prevents the admin from changing the service URL on the smart card to a non-intranet location?
What data validation is in place to prevent the admin from entering an expiration date that is incorrect?
Why is overwriting of election smart card data permitted? The system could be configured that once data has been burned to a smart card, it can never be deleted.
Who and what is the source of the smart card itself?
What chain of custody exists around the smart card?
How is it verified that no malware exist on the smart card before inserting it into the machine?
Time stamp 0:11:30
When creating smart cards (voter, technician, admin), once a type is assigned, it cannot be changed (voter, technician, admin etc).
What is to prevent an admin from creating a smart card that is intended to be used by say, a voter type but instead is configured for an admin?
What technical or procedural controls exist to prevent the mis-use of an admin card or technician smart card?
Time stamp 0:12:20
When configuring poll worked smart cards, the access pin is assigned automatically.
Where is the access pin configured before it is assigned?
How is the access pin for the poll worked smart card distributed?
Time stamp 0:14:11
Any poll worker card will work on any tabulator for any precinct.
What is the purpose of this unified data structure?
Why not program the poll worker card for a specific tabulator since it is clearly possible in the software to know what tabulators exist?
Time stamp 0:15:50
The precinct smart card setup requires that two smart cards be configured, the primary and a backup. CF1 card is the card with the election data that is inserted into the admin slot on the tabulator. CF2 is a blank card that is formatted without data that inserted into the poll worker slot. Result files and log files are written to both cards simultaneously.
Why does the system erase any data on the smart card prior to formatting CF1?
Why does the system NOT reject formatting a smart card with data on it and instead request that a new blank card be inserted?
The backup card CF2 does not contain any data but is initialized. What is the purpose of the initialization?
Time stamp 0:18:16
The security key iButton is programmed with the security access information for the poll worker.
Where are the security parameters established for the iButtons?
Why are the iButtons not configured to be precinct specific? Any iButton can be used on any precinct level tabulator.
Why are iButtons not programmed for a specific person in charge of being the poll worker at the specific tabulator?
Time stamp 0:21:23
The election data (*.dat file) used by the USB drive are manually copied to the drive from the EMS.
What technical or procedural controls exist to verify the integrity of the *.dat file before it is transferred to the USB drive?
What chain of custody exists on the USB drive being used to ensure no malware exists on the drive itself?
Election Event Designer – User Procedures:
Wow. Haven't even watched the video yet but I get it. What a mess. I've had another concern for a while now. I saw some video of Maricopa ballot curing room where people worked in pairs, presumably one D and one R. Thing is, I could tell which one was which. A lady with purple hair and a lip piercing, likely dem. A guy with black t-shirt and ball cap and a mustache who would look 100% normal in a camo hunting outfit, probably repub. What I noticed was that the ones who seemed to me to be D, were confident while the ones who seemed to me to be R, had mouths gaping open at times. Their eyes rapidly scanned the screen like they were trying to figure things out.
Dems are generally better at tech than conservatives. They also have many well funded NGOs and non-profits that train people for election work. Elections are high tech now and one side has a clear advantage. "Learn to Code." Or at least take some free courses on how to use a computer.
Election software should be Open Source - Linux based preferably. Ok, watched the first minute and will download. Oddly enough, the Dominion Voting youtube channel says "This channel doesn't have any content".
I'm all for "may the best man or woman win", no matter the party, for their locale. I just want to see the game be fair. Did a search and found one other Dominion video and will download that and also look for operator's/admin manuals. I know they were available on the web a few years ago. I'm wanting to collect as much info as possible. I'm working on an research and educational website to even things up. How To. Ballot harvesting where legal, election laws in layman's terms, tech etc.
Extremely useful. Why can’t we get the answers to all of these questions? Seems reasonable to me! Thank you for all your efforts!