For Immediate Release
September 2, 2021
California Recall Election Security Threat
Experts Recommend Post-Election Audit to Mitigate Risk
On Thursday, eight experts in voting systems and cybersecurity urged California Secretary of State Dr. Shirley Weber to mitigate the newly emerging risks to the Dominion voting system that will be used in many counties in the pending recall election. The election was recently put at elevated security risk when Dominion’s election management system software was publicly released by unauthorized individuals in other states.
The letter from these highly respected experts explains the escalated threat to the recall election because of the indiscriminate access to the widely used software. The experts’ letter explains why the escaped code is a valuable asset for would-be attackers and why urgent mitigating action is required by California’s election officials. Fortunately, the mitigation is straightforward and can be rapidly implemented—a post-election risk limiting audit on trustworthy paper ballots.
Coalition for Good Governance (“CGG”) is a non-partisan non-profit organization focused on election security, election transparency and voter privacy. CGG has ongoing litigation initiated in 2019 to require auditable elections in Georgia, which seeks to eliminate the Dominion touchscreen machines that do not produce a trustworthy record. The auditable solution is one that most California counties use, hand marked paper ballots counted on optical scanners, although more rigorous audits by election officials are needed in both states.
Marilyn Marks, CGG’s Executive Director said, “California is facing a grave security risk that can easily result in the loss of voter confidence if the danger is not mitigated with a rigorous post-election audit. California has often led the way in election security initiatives and is well positioned to swiftly solve this critical problem. California can take this immediate action to ensure that voter confidence is earned in a way that sets the standard for all other states as they conduct their November elections.”
Dr. Richard DeMillo said, “The impact on the California recall election should not be underestimated. For years the voting tech market has used the cloak of invisibility like a shield to protect their products from the threats that every day exploit weaknesses in computer systems. That shield never really existed but now it's not even a fig leaf. Students around the world are taught how to analyze these images to reveal both capabilities and limitations of adversaries.” Dr. DeMillo is the Founder and Chair of School of Cybersecurity and Privacy at Georgia Tech and one of the authors of the letter.
Dr. Duncan Buell, an author of the letter said, “It is imperative that California immediately address the breach of the Dominion election management system to provide the mitigation that can only be achieved by the use of hand marked paper ballots counted by scanners with the outcomes tested in thorough post-election audits. Election officials should operate on the assumption that the similarities in the various versions of the software put all versions at substantial risk of exploitation.” Dr. Buell serves as an expert witness in CGG’s Curling v. Raffensperger lawsuit referenced above.
Professor Philip Stark (UC Berkeley), also an author of the letter and expert witness in the CGG election security litigation, used a metaphor to describe the Dominion software breach risk in a recent interview with Brad Friedman, “If I were trying to break into a bank, how helpful would it be to have blueprints of the bank and the bank vault? How helpful would it be for me to have an actual exact copy of the bank, completely at my disposal, to try different ways of breaking in and so forth? Not even a scale model, but literally the exact same thing, just in a different place. That's what having a copy of these disks amounts to."
Simply voting by hand marked paper ballots and employing a Risk Limited Audit to test the outcome as tabulated by the optical scanning of ballots will mitigate this elevated risk, as the experts describe in the letter. This is a solution that all candidates and parties should embrace to ensure that an evidence-based defensible election is conducted in the most transparent manner.
Marilyn Marks, Executive Director
704. 292. 9802