US election integrity depends on security-challenged firms
By FRANK BAJAK
AP Cybersecurity Writer
Monday, October 29
It was the kind of security lapse that gives election officials nightmares. In 2017, a private contractor left data on Chicago’s 1.8 million registered voters — including addresses, birth dates and partial Social Security numbers — publicly exposed for months on an Amazon cloud server.
Later, at a tense hearing, Chicago’s Board of Elections dressed down the top three executives of Election Systems & Software, the nation’s dominant supplier of election equipment and services.
The three shifted uneasily on folding chairs as board members grilled them about what went wrong. ES&S CEO Tom Burt apologized and repeatedly stressed that there was no evidence hackers downloaded the data.
The Chicago lapse provided a rare moment of public accountability for the closely held businesses that have come to serve as front-line guardians of U.S. election security.
A trio of companies — ES&S of Omaha, Nebraska; Dominion Voting Systems of Denver and Hart InterCivic of Austin, Texas — sell and service more than 90 percent of the machinery on which votes are cast and results tabulated. Experts say they have long skimped on security in favor of convenience, making it more difficult to detect intrusions such as occurred in Russia’s 2016 election meddling.
The businesses also face no significant federal oversight and operate under a shroud of financial and operational secrecy despite their pivotal role underpinning American democracy.
In much of the nation, especially where tech expertise and budgets are thin, the companies effectively run elections either directly or through subcontractors.
“They cobble things together as well as they can,” University of Connecticut election-technology expert Alexander Schwartzman said of the industry leaders. Building truly secure systems would likely make them unprofitable, he said.
The costs of inadequate security can be high. Left unmentioned at the Chicago hearing: The exposed data cache included roughly a dozen encrypted passwords for ES&S employee accounts . In a worst-case scenario, a sophisticated attacker could have used them to infiltrate company systems, said Chris Vickery of the security firm Upgard, which discovered the data lapse.
“This is the type of stuff that leads to a complete compromise,” he said. ES&S said the passwords were only used to access the company’s Amazon cloud account and that “there was no unauthorized access to any data or systems at any time.”
All three of the top vendors declined to discuss their finances and insist that security concerns are overblown. ES&S, for instance, said in an email that “any assertions about resistance to input on security are simply untrue” and argued that for decades the company has “been successful in protecting the voting process.”
STONEWALLING ON SECURITY
Many voting systems in use today across the more than 10,000 U.S. election jurisdictions are prone to security problems. Academic computer scientists began hacking them with ease more than a decade ago, and not much has changed.
Hackers could theoretically wreak havoc at multiple stages of the election process. They could alter or erase lists of registered voters to sow confusion, secretly introduce software to flip votes, scramble tabulation systems or knock results-reporting sites offline.
There’s no evidence any of this has happened, at least not yet.
The vendors say there’s no indication hackers have penetrated any of their systems. But authorities acknowledge that some election mischief or malware booby traps may have gone unnoticed.
On July 13, U.S. special counsel Robert Mueller indicted 12 Russian military intelligence operatives for, among other things, infiltrating state and local election systems. Senior U.S. intelligence officials say the Kremlin is well-positioned to rattle confidence in the integrity of elections during this year’s midterms, should it choose to.
Election vendors have long resisted open-ended vulnerability testing by independent, ethical hackers — a process that aims to identify weaknesses an adversary could exploit. Such testing is now standard for the Pentagon and major banks.
While the top vendors claim to have stepped up their cybersecurity game, experts are skeptical.
In an April 2014 meeting with Colorado elections officials, ES&S objected to a new state requirement for vulnerability testing because it didn’t allow for the results to be kept secret, Colorado Deputy Secretary of State Suzanne Staiert said in an interview. She said the company ultimately didn’t seek certification because the system it was offering didn’t meet state requirements.
ES&S did not directly respond to a query about this incident. A company spokeswoman said a review of company correspondence found no sign that it resisted the testing requirement, although it did “ask clarifying questions.”
“The industry continues to stonewall the problem,” said Bruce McConnell, a Department of Homeland cybersecurity czar during the Obama administration. Election-vendor executives routinely issue assurances, he said, but don’t encourage outsiders to inspect their code or offer “bug bounties” to researchers to seek out flaws in their software.
Sen. Ron Wyden, an Oregon Democrat, has long criticized what he calls the industry’s “severe underinvestment in cybersecurity.” At a July hearing, he accused the companies of “ducking, bobbing and weaving” on a series of basic security questions he’d asked them.
ES&S told The Associated Press that it allows independent, open-ended testing of its corporate systems as well as its products. But the company would not name the testers and declined to provide documentation of the testing or its results.
Dominion’s vice president of government affairs, Kay Stimson, said her company has also had independent third parties probe its systems but would not name them or share details. Hart InterCivic, the No. 3 vendor, said it has done the same using the Canadian cybersecurity firm Bulletproof, but would not discuss the results.
ES&S hired its first chief information security officer in April. None of the big three vendors would say how many cybersecurity experts they employ. Stimson said that “employee confidentiality and security protections outweigh any potential disclosure.”
SLOPPY SOFTWARE AND VULNERABILITY
Experts say they might take the industry’s security assurances more seriously if not for the abundant evidence of sloppy software development, a major source of vulnerabilities.
During this year’s primary elections, ES&S technology stumbled on several fronts.
In Los Angeles County, more than 118,000 names were left off printed voter rolls. A subsequent outside audit blamed sloppy system integration by an ES&S subsidiary during a database merge.
No such audit was done in Kansas’ most populous county after a different sort of error in newly installed ES&S systems delayed the vote count by 13 hours as data uploading from thumb drives crawled.
University of Iowa computer scientist Douglas Jones said both incidents reveal mediocre programming and insufficient pre-election testing. And voting equipment vendors have never seemed security conscious “in any phase of their design,” he said.
For instance, industry leader ES&S sells vote-tabulation systems equipped with cellular modems, a feature that experts say sophisticated hackers could exploit to tamper with vote counts. A few states ban such wireless connections; in Alabama, the state had to force ES&S to remove them from machines ordered for one of its counties earlier this year.
“It seemed like there was a lot more emphasis about how cool the machines could be than there was actual evidence that they were secure,” said John Bennett, the Alabama secretary of state’s deputy chief of staff.
California conducts some of the most rigorous scrutiny of voting systems in the U.S. and has repeatedly found chronic problems with the most popular voting systems. Last year, a state security contractor found multiple vulnerabilities in ES&S’s Electionware system that could, for instance, allow an intruder to erase all recorded votes at the close of voting.
ES&S referred the AP to a brief California report that found “two out of the three initially identified vulnerabilities” were fixed and that a third would be handled in “future ES&S releases.” The company did not say whether the third problem was ever resolved.
In 2014, the same contractor, Jacob Stauffer of the security firm Coherent Cyber, found “multiple critical vulnerabilities” in Dominion’s Democracy Suite that could allow skilled hackers to compromise an election’s outcome.
“These systems are Frankenstein’s monster, essentially,” Stauffer said.
The federal Department of Homeland Security began offering confidential vulnerability testing to vendors over the summer. But only one vendor has submitted to such testing, said an agency official who spoke on condition of anonymity because the official was not authorized to discuss the matter publicly.
More competition might help, but industry barriers to smaller vendors are “absolutely enormous,” said Larry Moore, president of upstart Clear Ballot. Its auditable voting system took two and a half years to win federal certification at a cost of $1 million.
Startups are hard-pressed to disrupt an industry whose main players rely heavily on proprietary technologies. ES&S and other vendors have jealously guarded them in court — and also unleash lawyers against election officials who purchase competitors’ products.
In October, ES&S sued Cook County, Illinois, seeking to void its $30 million, 10-year contract with a competitor. It also recently threatened Louisiana and Douglas County, Kansas, with lawsuits for choosing other suppliers.
Cook County elections director Noah Praetz said litigious behavior only chills modernization. Competition and innovation are already hampered in an industry with “really low” margins, especially considering limited government funding for election equipment.
“The market isn’t functioning real well,” he said.
Elections are run by the states, whose oversight of suppliers varies. California, New York and Colorado are among states that keep a close eye on the vendors, but many others have cozier relationships with them.
And the vendors can be recalcitrant. In 2017, for instance, Hart InterCivic refused to provide Virginia with a paperless e-Slate touchscreen voting machine for testing, said Edgardo Cortes, then the state election commissioner.
In this year’s midterms — as in the 2016 election — roughly 1 in 5 voters will use such electronic machines. Their tallies cannot be verified because they produce no paper record.
Cortes decided to decertify all such systems. If anyone tried to break in and alter votes, he concluded, “there was really no way for us to tell if that had happened.” Hart InterCivic’s vice president of operations, Peter Lichtenheld, did not dispute Cortes’ account in July Senate testimony, but said its Virginia customers were already moving to newer machines.
At the federal level, no authority accredits election vendors or vets them or their subcontractors. No federal law requires them to report security breaches or to perform background checks on employees or subcontractors.
Election vendors don’t even have to be U.S. companies. Dominion was Canadian-owned until July, when a New York private equity firm bought a controlling interest.
Federal oversight is limited to the little-known Election Assistance Commission, a 30-employee agency that certifies voting equipment but whose recommendations are strictly voluntary. It has no oversight power and cannot sanction manufacturers for any shortcomings.
“We can’t regulate,” EAC chairman Thomas Hicks said during a July 11 congressional hearing when the question came up. Neither can DHS, even though it designated the nation’s election systems “critical infrastructure” in early 2017.
Frank Bajak on Twitter: https://twitter.com/fbajak
New Report Documents Nationwide Spread and Failure of Anti-Muslim 2018 & 2017 Campaigns
Report Includes Polling, Videos, Voter Interviews, Anecdotes and Win/Loss Rates of Candidates Pushing Anti-Muslim Conspiracies
Washington, DC – Anti-Muslim campaigns have spread nationwide but the clear majority of them fail, according to a new report released today by Muslim Advocates. Running on Hate: 2018 Pre-Election Report maps and analyzes the rhetoric and campaigns of every anti-Muslim candidate it could identify in the 2018 and 2017 elections and is complete with trends, anecdotes, polling and original interviews with voters. It includes videos, maps, charts and several clear lessons for voters, candidates and campaign professionals. The report’s authors, local advocates for Muslims and a pollster are available for further discussion on the report. Please email firstname.lastname@example.org to coordinate interviews.
Among the key findings of the report:
Anti-Muslim campaigns are taking place nationwide. The study identified 80 anti-Muslim campaigns taking place in 33 states and every region of the country, in liberal and conservative jurisdictions, and at every level of office – from local school and planning boards up to governor and Congress. Furthermore, credible candidates are trumpeting anti-Muslim bigotry; 64 percent of the candidates in the study were already elected or appointed officials or have a presidential endorsement.
This rhetoric appeals to a small, hostile, and newly influential sliver of the electorate. The core voters who prefer anti-Muslim candidates will believe and repeat clear and obvious falsehoods in support of anti-Muslim conspiracies.
Anti-Muslim candidates face serious blowback from voters. Many candidates in the study faced serious repercussions from voters and community groups and backlash from members of their own party. Some faced recalls and pressure to withdraw, or their entire campaigns became largely defined by their anti-Muslim posture.
Anti-Muslim candidates are losing. Of the 80 anti-Muslim candidates identified, only 11 – 14 percent – were elected or are safely projected to win their elections in November 2018, according to Cook Political Report’s forecasting of congressional and gubernatorial races. Almost all of the winning candidates are established incumbents and many of them are facing historically low poll numbers.
Voters of every background reject anti-Muslim rhetoric and many do so vehemently. Original public opinion research conducted by Probolsky Research for Muslim Advocates found that super-majorities of voters from almost every demographic and both parties (including the plurality of Trump voters) preferred inclusive pro-Muslim messages over the rhetoric typically employed by anti-Muslim candidates.
“These campaigns are successful at inflaming bigotry and violence against American Muslims, but not much else,” said Scott Simpson, public advocacy director at Muslim Advocates. “The voter data and interviews and the win-loss rates of candidates all point to the same conclusion: campaigning using anti-Muslim hate is a losing strategy. Anti-Muslim campaigns only appeal to a small and hostile sliver of the electorate. Vast majorities from both parties, almost every demographic group and every region prefer candidates who embrace religious freedom for American Muslims over the absurd anti-Muslim conspiracies that are proliferating in campaigns.”
Muslim Advocates is a 501c3 charity and does not endorse or oppose candidates for office. Muslim Advocates is tracking and responding to this type of rhetoric because hate violence against Muslims is now at an all-time high and, according to California State University-San Bernardino, this rhetoric is strongly correlated to increases in hate violence.
Muslim Advocates is a national legal advocacy and educational organization that works on the frontlines of civil rights to guarantee freedom and justice for Americans of all faiths.
ACS outlines priorities
With the number of cancer survivors in the United States expected to increase within the next decade, a report released today from the American Cancer Society outlines a set of critical priorities to improve the lives of cancer survivors and caregivers. The blueprint for cancer control will appear in CA: A Cancer Journal for Clinicians and argues efforts are needed to speed up progress in three key areas:
Implementing routine assessment of survivors’ needs and functioning caregivers’ needs
Facilitating personalized, tailored information and referrals from diagnosis onward for both survivors and caregivers
Distributing and supporting the implementation of new care methods and interventions
Maryam Lustberg, oncologist and director of survivorship at The Ohio State University Comprehensive Cancer Center, agrees that it’s critically important to address the needs of survivors and caregivers as cancer survivorship continues to grow.
“Cancer impacts the whole family and caregivers often have a complex set of needs along with the patients and survivors.” said Lustberg. “One size fits all does not apply to survivorship care. We need personalized individualized survivorship care just as we have personalized precision cancer treatments.”
Attorney General’s Ohio START Program To Help Families Impacted by Substance-Use Disorder Expands
(COLUMBUS, Ohio)—Ohio Attorney General Mike DeWine and Ohio Department of Mental Health and Addiction Services Director Mark Hurst, MD, announced that funding from their offices will help the Ohio Sobriety, Treatment, and Reducing Trauma (START) Program expand to 17 new counties.
The 17-county expansion, funded by a new $3 million federal Victims of Crime Act (VOCA) grant from the Attorney General’s Office and a federal State Opioid Response grant awarded by the Ohio Department of Mental Health and Addiction Services, adds to the original Ohio START Pilot program bringing the total number of counties served by Ohio START to 34. New Ohio START counties include Ashtabula, Butler, Carroll, Delaware, Erie, Hardin, Lorain, Mercer, Morrow, Muskingum, Ottawa, Richland, Seneca, Stark, Summit, Trumbull, and Washington. The program is administered though the Public Children Services Association of Ohio.
“The focused, individualized support families in the Ohio START program receive can truly make a difference, and I am pleased that even more counties will start offering this program,” said Attorney General DeWine. “The dedication of the case workers, family peer mentors, and others has supported parents struggling with addiction and helped keep families together. I look forward to following the success of more families as the Ohio START model is implemented in more communities across the state.”
“Investing in prevention and addressing the impacts of addiction on families, is an important step on our road to defeating the opioid epidemic in Ohio. The Ohio START program provides families struggling with addiction and mental illness an opportunity to remain in-tact, and to move forward in a way that is healthy and recovery-focused,” said Director Hurst. “The use of peers in this model is especially important, and is something that echoes the Department of Mental Health and Addiction Services’ commitment to expanding access to peer services across the state.”
Ohio START brings together children’s services, juvenile courts, and behavioral health treatment providers to support families struggling with co-occurring child maltreatment and substance abuse. In addition, family peer mentorship is a critical part of the program. The mentors are individuals who have personal experience with addiction, who have achieved sustained recovery, and who have had prior engagement with the child welfare system as a child or a parent. The accountability and support they provide helps create a community collaboration aimed at helping families succeed.
“Ohio START is an innovative children services-led program that has given our pilot agencies the ability to partner with other local agencies and connect with the families we serve in a meaningful way allowing the family to heal from their trauma and provide safe and stable homes for their children,” said Fawn Gadel, Director of Ohio START. “This year, we are very excited to double the number of counties participating in the pilot, so we can reach twice as many families and children.”
Originally funded by a 2017 VOCA grant awarded by the Ohio Attorney General’s Office, Ohio START is also supported by Casey Family Programs; the Ohio Department of Mental Health and Addiction Services, through a federal 21st Century Cures grant and the State Opioid Response grant; United Healthcare Community Plan of Ohio; PhRMA, and the HealthPath Foundation of Ohio.
The Ohio State University College of Social Work and the Voinovich School of Leadership and Public Affairs at Ohio University are donating their time and resources to conduct a full evaluation of the pilot, which will be available at the pilot’s conclusion.
Original pilot counties include Athens, Brown, Clinton, Fairfield, Fayette, Franklin, Gallia, Hamilton, Highland, Hocking, Jackson, Lawrence, Meigs, Pickaway, Ross, Vinton, and Warren.
For more information and a video about the Ohio START program visit the Ohio Attorney General’s YouTube Channel.