Georgia won’t update Dominion voting machines before 2024, despite cybersecurity expert warnings

Spread the love

Loading

By Natalia Mittelstadt

Georgia is delaying a software update for its Dominion voting machines until after the 2024 presidential election, despite cybersecurity experts warning of  vulnerabilities.

A nearly 2-year-old report was finally made public last week and showed Dominion voting machines had significant vulnerabilities, which led the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to issue a public advisory last year based on the findings.

However, Georgia election officials say that the machines won’t be updated until after the 2024 elections because it’s such a massive undertaking.

The report was completed in July 2021 by University of Michigan Professor of Computer Science and Engineering J. Alex Halderman with Professor Drew Springall, of Auburn University, and focused in part on vulnerabilities they found after examining Dominion’s ImageCast X Ballot Marking Devices for three months.

A redacted copy of the report was released June 14 by the U.S. District Court for the Northern District of Georgia, Atlanta Division. ​

The report was completed on behalf of the plaintiffs in the case of Curling v. Raffensperger and found the Dominion machines are vulnerable to vote flipping.

Halderman suggested the machines were capable of being manipulated in mere minutes by bad actors, saying the QR codes on printed ballots could be altered and malware installed on individual machines “with only brief physical access.”

The broader voting system could be attacked if bad actors have the same access to it as certain county-level election officials, the report also concluded.

However, Halderman stated there is no evidence such vulnerabilities have been exploited in past elections.

“My technical findings leave Georgia voters with greatly diminished grounds to be confident that the votes they cast on [the current Dominion ballot-marking devices] are secured, that their votes will be counted correctly, or that any future elections using Georgia’s [ballot-marking devices] will be reasonably secure from attack and produce correct results,” he wrote.

Last June, in response to Halderman’s report, CISA urged election officials to mitigate the risks caused by the vulnerabilities in the Dominion machines but also stated the agency “has no evidence that these vulnerabilities have been exploited in any elections.”

Following the Halderman report, Dominion commissioned the nonprofit MITRE Corp.’s National Election Security Lab to respond to the findings. The report, completed in July 2022, was released along with the Halderman report.

The MITRE report said the Halderman report findings were “operationally infeasible” when considering adherence to strict security measures, normal voting practices, and scale considerations.

Georgia Secretary of State Brad Raffensperger said in a statement following the release of the MITRE report that it “confirms that Georgia’s election infrastructure is secured by the toughest safeguards.”

He also said: “For years, election deniers have created a cottage industry of ever-shifting claims about conspiracies to change votes, steal elections and undermine voter confidence. This report says it all: Voting machines do not flip votes. Cast ballots are counted as the voter intended. Georgia elections are secure.”

Dominion on Wednesday referred Just the News to its website for a response to the MITRE report.

The statement in part says the report found “none of the alleged vulnerabilities listed in [the] Plaintiff’s Expert Report would allow a bad actor to change the outcome of an election, particularly given scale considerations.”

The statement also reads, “As noted in the report’s conclusions, ‘The researcher’s proposed attacks were assessed by MITRE NESL to be operationally infeasible.’”

Gabriel Sterling, the secretary of state office’s chief operating officer, said Georgia will wait until 2025 to update the voting machines because “legally, logistically and just risk-management wise, this was the safest wisest course.”

He also said the new software, to his knowledge, has never been used in any election in the world.

In addition, Sterling said the new software has been certified by the U.S. Election Assistance Commission, “which is great, but like any new software, real-world deployment always finds things that may not work the way people intended it to.”

Halderman wrote in a Twitter thread: “MITRE’s analysis is wrong because it fails to account for how elections are operated in the real world. It is entirely predicated on a false assumption: MITRE says it ‘assumes strict and effective controlled access to Dominion election hardware and software.’”

Following the MITRE report, a group of more than 20 experts in cybersecurity and elections wrote MITRE a letter requesting its report be retracted.

“MITRE’s logic is that if procedural defenses are perfectly implemented, then the system is immune from attack,” the experts wrote. “This is a completely inappropriate methodology for assessing real-world risk, since actual risk hinges on how well defenses are implemented and operate in practice.

“MITRE’s analysis isn’t simply wrong – it is dangerous, since it will surely lead states like Georgia to postpone installing Dominion’s software updates and implementing other important mitigations.”

The lawsuit for which the Halderman report was written was originally filed in 2017 by the Coalition for Good Governance and individual voters, challenging the paperless voting machines that Georgia was using at the time.

Read more

0 0 votes
Article Rating
Subscribe
Notify of

3 Comments
Inline Feedbacks
View all comments

However, Halderman stated there is no evidence such vulnerabilities have been exploited in past elections.

Because everyone refuses to look, for fear of what they might find. Of course, no need to update and take precautions. It’s only the fate of the future of the entire nation at stake.

Kemp and Raffy are “Bush Republicans”
25 years ago el Rusbo said “Bush Republicans are Democrats!”!
Part of his 1998 rationale – 3 Presidents “Bush Republicans” helped elect: LBJ, Clinton twice.

Rush is gone but I can update this part of his rationale: BHO twice, Joe; and failed third time for Clinton.

GWB’s Canucks will Cook up votes in 2024. “Its not who votes that counts, … ITS WHO COUNTS THE VOTES!”!

They should totally scrap all Dominion Voting Machines and demand their money back