The letter below was sent individually from RecountNow to: Loretta Lynch, Attorney General; Jeh Johnson, Secretary of Homeland Security; James Clapper, Director of National Intelligence; John Brennan, Director, Central Intelligence Agency; James Comey, Director, Federal Bureau of Investigation, and to members of the Permanent Select Committee on Intelligence and the Homeland Security Committee of the U.S. House of Representatives, and the U.S. Senate Committees on Intelligence and Homeland Security.
December 29, 2016
We are a group of independent election forensic investigators, election monitors, data analysts, and election integrity advocates who have been examining and analyzing the 2016 election. We are writing to you to share our views regarding the importance of including certain systemic vulnerabilities in the scope of your investigation, and to offer our resources to assist with your investigative work.
Reports of Russian meddling in the U.S. Presidential election have brought awareness to security vulnerabilities in our email services and governmental servers. Still unknown to most of the public, however, are the significant vulnerabilities in our voting and vote counting systems that can be exploited by unauthorized parties working from outside or inside the elections infrastructure.
Mindful of the applicable timeframes, we nonetheless believe that the 2016 election and the current state of our voting system call out for an investigation of sufficiently broad scope to encompass the full array of vulnerabilities to error and manipulation, and any evidence of their exploitation.
We understand that the task you have been assigned is difficult and complex. We wish to be of service and to recommend colleagues who have particular areas of expertise. We believe that such expertise would be of great value to you in ferreting out and interpreting the pertinent evidence and arriving at valid conclusions.
We have compiled a list of the most flagrant security vulnerabilities, stones that must not be left unturned in the investigation of interference with this year’s elections.
- Despite numerous denials, the voting machines in many counties and municipalities are connected over networks including the Internet. This has been true for many years.
Most recently, wireless cellular connectivity was introduced as an option on ES&S optical scanner model DS200. When it is time for the local remote “desktop” DS200 to send its totals to the larger regional machine that aggregates the totals from all the smaller local machines, in order to access the aggregator it opens up to the Internet to convey vote totals and is wide open to hacking
a. There are an estimated 26,500 DS200s in use in over 25 states, although it is possible not all are equipped with the cellular connectivity.
b. It is also possible other manufacturers now provide the capacity for cellular modem connectivity.
2. Programming done off-site is often loaded into the machines by phone modems (where data can be intercepted). Data can be transmitted bidirectionally throughout an election.
3. Virtual Private Networks (VPNs) are not protected enough for something as important as our elections. A precinct can connect to the central system via VPN, making the central system (aggregator) dangerously vulnerable. As with the cellular connections to the central systems as mentioned above, where there is lax security any garden-variety hacker could get in. Even a central tabulator with the most robust security measures available would still be vulnerable to a government-resourced attack.
4. GEMS (Global Election Management System) software is a widely-used Microsoft Windows-based election management and tabulation software system. Since its early introduction into central tabulating equipment by Diebold, and living on with the subsequent owners of that company, GEMS has been found over and over again to have security holes that allow rigging of elections. As early as 2005, one such hack was demonstrated on national television. Election security experts have never considered the GEMS system safe: anyone with a Windows computer and even an elementary understanding of the software can hack into the GEMS system and change election outcomes.
5. Additional potential for malicious configuration has been introduced into some software by configuration that permits the fractionalization of individual votes: this has been dubbed “fraction magic.” It is believed that over 5000 subcontractors and middlemen have access to perform this for any or all clients. For an excellent eight-part series that explains this exploit, see http://blackboxvoting.org/fraction-magic-1/
6. Hosting voter registration lists on the Internet leaves them wide open to unauthorized access and manipulation. (See http://blackboxvoting.org/voter-data-breaches/)
Access to unscrubbed memory cards, audit logs and any available ballot images, as well as a thorough examination and analysis of ballot-reading and tabulation code, would of course be critical to any investigation of these vulnerabilities and their possible exploitation.
In both the primary and general elections of 2016, we have seen numerous red flags that would indicate that an election may have been manipulated, including:
- Marked disparities between exit poll results and vote totals, well outside the margin of error of the exit polls and disproportionately concentrated in key battleground states
- Significant anomalous data revealed by county- and precinct-level vote-count and vote-share analyses
- Vote-share patterns correlating strongly with, and seemingly dependent upon, type of voting equipment used
- Withholding and destruction of evidentiary materials
- Imposition of obstacles to block both recount efforts and independent investigation.
Reports of election problems available from multiple sources can provide clues about manipulation and system failures. We would be happy to provide details directly to the investigative team.
In conclusion, we are fully aware of the dangers inherent in undermining public trust in our election process. We ask, however, whether it is not ultimately a graver danger for the public to continue to trust an election process that is not remotely worthy of that trust--one that is unverifiable and vulnerable to interference by malicious forces, whether from outside or within our borders?
If you judge that our expertise can be of further service, please contact us at any stage.
cc: Elections Assistance Commission
Federal Elections Commission
Senate Committee on Homeland Security
Senate Committee on Intelligence
House Committee on Homeland Security
House Permanent Select Committee on Intelligence
Christian Science Monitor
Los Angeles Times
New York Times
Can we trust the official results of the 2016 election?
Many of the most respected computer professionals in the country continue to analyze 2016 election data and have very serious concerns about possible election fraud. We must ask, "Are the official vote totals correct? Were the right candidates declared the winners in elections around the country?"
For example, we know that the Russians hacked into U.S. electronic voter rolls (voter databases) before the election and also indicated that they planned to interfere in the election itself. Did they successfully rig the U.S. election? Did anyone?
We don't know. And we need to find out.
What can we do? Recount!
As citizens, we have an obligation to determine if the Russians, or some other entity -- foreign or domestic -- did compromise our unsecured, vulnerable electronic electoral system.
We must actually count the votes instead of trusting machine totals! Ironically, this is called a "recount."
In most states, only a candidate for an office can legally file for a recount. Green Party Presidential candidate Jill Stein has filed for recounts of the presidential election in Wisconsin, Michigan, and Pennsylvania -- three states where the data suggests a significant need to verify machine-counted vote totals. Independent Presidential candidate Roque "Rocky" de la Fuente has filed for a recount in five counties in Nevada. This does not mean that either candidate believes a recount would show themselves as the winner of the election. They are taking action in support of the public's right to know the true election result and our right to know whether our election systems are secure.
RecountNow.org supports these efforts and has come together to apply our expertise to these and other recount efforts that may emerge.
More than 98% of our votes are counted inside computers
Even if citizens vote on paper, their votes are actually counted inside an electronic machine with proprietary software accessible only to companies that in many cases are partisan
Even Fortune 100 companies and US top secret, top security websites with millions of dollars of security have been hacked or compromised
The computers running our elections have virtually no security protection; they are dangerously vulnerable to malfunction and malfeasance
- The U.S. election system cannot prove the election results it produces are accurate!
Shouldn’t some human eyes count our votes??
Recount laws vary from state to state. The focus is on those where evidence indicates the reported outcome of the presidential election and other races may not be correct, and where vulnerabilities in the election processes are known. In other words, we're focusing on the places where the wrong candidate may have been declared the winner.
Recounts are expensive, with high fees charged by the government and legal costs, and they vary from state to state.
As a group of concerned voters who have worked for years toward the goal of accurate and transparent elections, we need your help to make these recounts a reality.
The nation is counting on us. And we're counting on you.
We're working to dispatch our election integrity experts to as many of the recount areas as possible. The more donations we receive, the more experts will be on hand to help election officials and citizen observers understand the significance of irregularities already being found during the recounts.
There are opportunities for online volunteering as well. Visit our Volunteers page to sign up. No experience necessary.
We're relying on you to share this crucial project with your friends, neighbors, and networks.
How much is our democracy worth to you?