On Friday, August 26th, during a meeting at the Illinois State Board of Elections, the Vice President of Engineering for Dominion Voting, Dr. Eric Coomer*, was asked if it was possible to bypass election systems software and go directly to the data tables that manage systems running elections in Illinois. His response was, “Yes, if they have access.”
Bypassing the election systems software means whoever has access can potentially manipulate the vote without many risks of detection. So the question needs to be asked, who has access to these data tables?
We asked Dr. Coomer that question. Dr. Coomer replied, ‘Vendors, election officials, and others who need to be granted access.’
This is explosive information. Dr. Coomer’s statement is an admission that various vendors, election officials, and others have access to the back end data tables that permit bypassing the operating system’s configuration. It is notable that when someone accesses these systems from a data table, their actions are not logged by the system; thereby making detection much more problematic. This contradicts Dr. Coomer’s assurances that the system is secure.
Our letter to the Illinois State Board of Elections on August 17th specifically requested the Board to answer the following questions:
5) At the ISBE level:
- Who has access to software produced by vendors?
- Has the ISBE had an expert examine the computer code?
- How is access granted and documented?
- What role does the ISBE play in monitoring the GEMS software used in each election jurisdiction?
As is typical for the Board members at the Illinois State Board of Elections, with its rich history in treating citizens concerned about election security with disregard and disrespect, the Board refused to say a single word regarding Defend the Vote's concerns expressed during 'public comments'. Only 4 of the 8 members of the Board bothered to stay to hear our comments. To date, the Board has failed to provide answers to the questions asked in our letter.
And that is not all! The Board asked Dr. Coomer if he had any comments. In direct response to the Illinois State Board, Dr. Coomer made the following statement:
“We are constantly assessing different threat models against all of our systems we have fielded across the US and internationally as well. Due to the certification environment that we are in, no we are not allowed to do routine updates without having to go through re-certification efforts, but we do routinely give guidance on how to best secure systems and also going back again, to the final mitigation against all of this is a robust auditing canvasing process which all of our jurisdictions have implemented.”
Dr. Coomer failed to mention that Illinois does not have any auditing procedure for absentee mail-in ballots. In 2014, mail-in paper balloting was 8% of the vote. Across Illinois, many election jurisdictions are working to increase this percentage! Illinois does not require any justification when audits show a vote discrepancy. They simply correct the total votes that are reported to the new totals found in the audit. Further, it is not a blind audit. Auditors know what vote totals were reported before they begin the post-election re-count. So much for Coomer’s robust auditing process…
Dr. Coomer’s statement brings to light a very serious issue all voters should understand. Voting systems must be re-certified each time they make changes to the hardware or software. Recertification is an expensive and time consuming process. What Dr. Coomer told the Board is that Dominion Voting does not go back for recertification of software when threats to their code are discovered. Rather, they rely on post-election audits and providing advice to election jurisdictions about security. I have reviewed recertification documents produced by Dominion for Illinois, and I do not recall any software adjustments for security purposes.
This is the reality of the security of your vote. Software systems that count and record the vote across Illinois and throughout the USA are not updated to address security problems, and even if they were, the software can be completely bypassed by going to the data tables that drive the systems.
I am not an expert on how other states audit the vote after an election. Some do not have a paper audit trail for the electronic vote and some do not have post-election audits at all. I do know that in Illinois, at least 8% of the vote never see any post-election audit. At least that amount of the vote is vulnerable to be manipulated without much chance for detection.
*Dr. Coomer has quite a history in election systems. He held senior management roles with both Sequoia and Smartmatic. Before coming to Dominion Voting, Dr. Coomer was Senior Information Services Manager of Smartmatic Corporation and Vice President of Research and Product Development for Sequoia Voting Systems Inc. Read more about how massive voter irregularities at Sequoia and Smartmatic were alleged and investigated worldwide – which included the 2006 elections in Chicago. Wikipedia.
NOTE: This is the third in a series of articles addressing the security of software code that is used to administer, count, and report votes in elections across the USA. The software code is part of the GEMS and Hart voting systems that are used in all or most of the voting districts in Illinois.*
This article was inspired and based off of the credible research done by Blackboxvoting.org, which has obtained a legitimate copy of the GEMS application. Bev Harris and Bennie Smith have conducted the investigation into voting system software. Blackboxvoting.org has posted Fraction Magic, a 6-part series on the subject, with more EXPLOSIVE information yet to come! Defend the Vote is taking the questions raised in these articles to the election authorities in Illinois.