Social media is abuzz with news about the release of a report which according to one social media commentator “Exposes nine vulnerabilities of Dominion electronic vote tabulators.” The report only applies to one of several Dominion machines. The report was published July 1, 2021 but was sealed at that time by a judge because it was evidence in a lawsuit specific to the state of Georgia that exclusively used the Dominion ImageCast X ballot marking device.
- Some social media commentators mischaracterize the ImageCast X as a “tabulator.” The ImageCast X or VAT (Voter Assist Terminal) marks the ballot with the voter’s choice but doesn’t tally or tabulate their vote, according to Marc Kleiman, the Menominee County Clerk, and the training I received as a poll worker on that machine.
What the ImageCast X report means for Menominee County: Not much.
- Menominee County overwhelmingly uses another Dominion machine that the report does not address. ImageCast X is an option for people who have problems using the regular ballots or those who prefer the more graphic ImageCast system, mostly younger voters. Marc told me that there is an ImageCast X in each precinct in Menominee County, but our voters rarely use the system. The ImageCast is tested prior to every election and has security measures in place that must be verified prior to the opening of the polls on election day.
- The report’s primary author Professor J. Alex Halderman said there’s no evidence that the vulnerabilities have been used by malicious hackers to change votes or steal an election. In mid-June Cybersecurity and Infrastructure Security Agency (CISA, part of the US Department of Homeland Security) Executive Director Brandon Wales said “To date, we have no evidence that these vulnerabilities were exploited and no evidence that they affected any election results.”
- Its old news. Since the report was published in 2021 and was reviewed by numerous experts. The ImageCast’s vulnerabilities are well known and experts know what to check if someone suspects tampering.
For background, here is an NBC news overview (June 16, 2023 ) of the release:
“This week, a federal judge in Atlanta unsealed two reports in a federal court case over the use of Dominion ballot-marking devices in Georgia elections. One report, authored by University of Michigan computer science professor Alex Halderman for the plaintiffs in a federal court case seeking to block the use of Dominion machines in Georgia’s elections, argued that the machines are critically vulnerable to hacking. The other, paid for by Dominion, argued the identified vulnerabilities were practically unlikely, while Georgia officials say they are exaggerated and unrealistic.”
The Washington Post’s article goes into more detail on the back and forth among experts.
Summary of key factors in this very technical issue:
- The authors of the report (Professor J. Alex Halderman and Professor Drew Springall) are real computer security experts and qualified to evaluate such issues. NBC news reported: “…federal authorities have identified the same vulnerabilities, and more than 20 cybersecurity experts rushed to defend Halderman’s report this week”
- The experts are struggling to determine the actual feasibility of the vulnerabilities. Many experts judged they are operationally infeasible, in part because there are other security measures within the election system. CISA Executive Director Wales said: “Working closely with the security researchers, the voting system vendor, and election officials, CISA was able to responsibly disclose actionable mitigations addressing certain vulnerabilities, which affected versions of Dominion Voting Systems’ software used in ballot-marking devices deployed in several states.” Some security experts call for immediate action to remedy the vulnerabilities while others warn that rushed fixes could create other exploitable security loopholes.
- The most severe vulnerability they found was a software flaw that would allow hackers to spread malware from machine to machine, via a county’s central election management system (EMS), according to Halderman.