Renowned expert Harri Hursti expressed concerns about the Georgia election system, stating that it lacks safeguards. Another expert, Halderman, highlighted worries about the QR code system, explaining that attackers could duplicate QR codes with no consequences. Additionally, there were last-minute software changes and missing names from a significant senate race, potentially opening the system to hackers. Hursti emphasized the importance of proper testing and avoiding rushed implementations. Raffensperger claimed that post-election audits would address QR code issues, but provided no evidence of these audits being conducted.
π Post Text
@pepesgrandma - Bad Kitty Unleashed π¦
PBS - Only 2 weeks before the 2020 election in Georgia, the renowned Harri Hursti admonished the Georgia election system:
βItβs a complicated central system that doesnβt seem to have any safeguards.β
If a trusted Democrat expert doesnβt feel safe about the Georgia system, how are we supposed to?
Halderman said that the QR code system was worrisome. And that there was NOTHING to stop an attacker from duplicating a QR code. And the new one would count just the same as the original.
And of course there was the issue where half of the names from a hugely impactful, senate race just up and disappeared from the screens. Prompting a last minute and untested change to the software.
These last minute changes opened up the system to potential hackers.
Harri Hursti:
βYou never want to rush something that is mission critical into production without proper time testing. Itβs one of the ways bad actors are finding vulnerability exploits. And finding out if they can be weaponized, if they can be exploited.β
As far as the QR code issue, Raffensperger said post election audits will catch any QR code funny business. The same audits that he provided zero evidence of them ever being done.
Thank you @ChellyLongoria for sharing this with me!
Video Transcript AI Summary
Protecting the voting process in Georgia is crucial this election season. Independent experts are examining the state's new $107 million voting system, which includes a complex array of technology such as laptops, iPads, touch screens, and scanners. While Georgia Secretary of State Brad Raffensperger believes this system is more accurate than pen and paper, critics argue that paper records marked by voters are the ideal solution. The new machines faced issues during the June primary, including long download times, incorrect race displays, and power failures. Concerns have also been raised about the QR codes used for scanning votes and a last-minute software patch. Despite these concerns, the election will proceed with the ballot marking device system, and post-election audits will be conducted.
Speaker 0: Protecting the voting process from outside interference is a high priority this election season. In his latest report, Miles O'Brien looks at some of the latest technology being used in Georgia and whether it provides a stronger defense against tampering than the traditional paper ballot. It's part of our ongoing leading edge series on science and innovation.
Speaker 1: In Georgia, early voting turnout is high. The presidential race is a toss-up, and both senate seats are in play. So naturally, the political world is nervously watching what voters here will do, while in the world of computer science, they are tensely tracking what the voting machines will do.
Speaker 2: George is kind of a petri dish.
Speaker 1: Alex Halderman is a professor of computer science at the University of Michigan.
Speaker 2: There's a lot more we have to learn about Georgia's election system, And that's going to help inform how to better secure elections, not just in Georgia in November, but across the country for years to come.
Speaker 1: He's among a handful of independent election security experts getting unprecedented access to the inner workings of the state's $107,000,000 voting system rolled out earlier this year. Also taking a deep dive, election security white hat hacker, Hari Hirschi.
Speaker 3: They have set set up a, a complicated system Which is centralized, doesn't seem to have any safeguards.
Speaker 1: Georgia's vote tallying system is a complex assortment of laptops, iPads, magnetic cards, touch screens, printers, and scanners, lots of moving parts.
Speaker 4: This is the poll pad. On election day, it is used to check-in voters.
Speaker 1: Rick Barron is Fulton County's director of registration and elections. He gave me a demo.
Speaker 4: It tells whether we've issued an absentee by mail ballot, whether Somebody's voted early, whether they've voted that absentee ballot or whether they they're still eligible to vote.
Speaker 1: Once a voter is deemed eligible, the iPad activates a magnetic card, which in turn unlocks a so called ballot marking device or BMD. This is a, pretty complicated way to do something you could do with pen and paper. The there are advantages
Speaker 4: Yes. The advantages are puts a true mark on the screen.
Speaker 1: When done, the voter prints a ballot. Elections are recorded in human readable text and in a QR code, which is read and counted by an optical scanner. Georgia secretary of state, Brad Raffensperger, says this is more accurate than pen and paper.
Speaker 5: The problem with pen and paper is sometimes you have your Instructions on what you're supposed to do, but you end up with spoiled ballots. Sometimes people will put an x here, but then they'll circle this one here, or They'll make different marks on it. What did they really mean there?
Speaker 1: Still, elections officials tell us they seldom see a hand marked ballot Where they can't determine voter intent. In 2019, Georgia bought the devices from a Canadian company called Dominion Voting Systems. They replaced paperless machines like these made by a now defunct company called Diebold Election Systems. A federal judge forced the state to scrap the discredited devices. Election security activist, Marilyn Marks, was part of the lawsuit that triggered the chain.
But for her, ballot marking devices, now used widely in 14 states, Are not the ideal remedy.
Speaker 6: We need paper records that are marked by the voter with the voters on hand where we know that was recorded the way that the voter wanted it recorded.
Speaker 1: So she and the other plaintiffs took aim at the new voting machines. The lawsuit came into sharp focus after their chaotic debut in the June primary. The poll pads took as long as 30 hours to download the voter database displayed the wrong races and would randomly shut down. And the power hungry ballot marking devices blew circuit breakers in numerous locations. Poll workers, many of whom had no hands on training Because of the pandemic, we're often befuddled by the new technology.
Speaker 4: We've learned a lot of lessons. We're putting technicians in every single polling place. We have to make sure that not only do the poll workers know how to use the equipment, but then these technicians are then gonna be relied upon to fix any issues. We wanna just Fly under the radar and do our jobs and, you know, stay away from the news.
Speaker 1: But election security experts working for the plaintiffs in the lawsuit against the state have uncovered several troubling issues. Alex Halderman looked closely at the QR codes where the votes are encoded for the scanner.
Speaker 2: By analyzing the structure of the QR codes, I've been able to learn that, there's nothing that stops an attacker from just duplicating 1, And the duplicate would count the same as the original barcode.
Speaker 1: And in late September, another concern came to light. During testing, election workers found half the names of the 21 candidates for senate intermittently disappeared from screens during the review phase. Dominion sent out a last minute software patch.
Speaker 2: I'm worried that the Georgia system is the technical equivalent to the 7 37 max. They've just made a last minute software change that, might well have unintended consequences and cause even more severe problems on election day.
Speaker 3: You never want to rush something which is mission critical, and this is mission into production without proper time testing. That's really one of the ways bad actors are finding the vulnerabilities exploit is looking for in honest vulnerabilities and finding out if they can be weaponized, if they can be exploited.
Speaker 1: Despite all the concerns, federal judge Amy Totenberg decided to let the election proceed with the ballot marking device a system. The secretary of state says post election audits will bring any QR code discrepancies to light.
Speaker 5: We're in the process of really, you know, Continue to expand the capabilities that we have so we can audit more of the races. When we do the audit, we actually do it on a human readable portion, not on the QR code.
Speaker 1: Alex Halderman and his team at the University of Michigan conducted a mock election to see if voters are likely to catch mistakes on the printouts. Only 7% spotted a deliberately planted error. So double check your ballot before you scan.
