Jenny Cohn published an excellent piece of investigative journalism called “Election Assistance Commission Investigated ES&S Voting Systems”:
It exposes how software from the prominent election system company, Election Systems & Software (ES&S). was installed in several states, including Texas, bypassing standard checks to confirm that election software tested by the federal Election Assistance Commission (EAC) is the exact same software that is now on those machines. It turns out, it was not, and this was not properly reported.
“Documents obtained by WhoWhatWhy show that, about 40 days before the 2020 election, the federal Election Assistance Commission (EAC) quietly investigated concerns that ES&S’s software installation and validation methods could have left touch-screen voting systems in up to 19 states vulnerable to the installation of malicious or otherwise unapproved software. The documents also suggest that ES&S may have initially misled election officials about this issue.”
“ES&S was conducting the hash-validation tests itself, as opposed to having the jurisdictions conduct them, a “fox guarding the henhouse” situation…”
The Little Bits Matter
Elections matter. This should be very clear, especially since Insurrection Day, January 6th, 2021. We need to be able to confirm beyond a doubt that election results are indeed accurate. This is very difficult to do, as elections are extremely complex, involving over 1,000 steps in detailed procedures. With over 3,000 counties, there will necessarily be issues. But we must aspire to make as much of the process as public as possible.
Early on, the EAC tests election systems to see, in theory, if they work as they should. They then bundle the software into a package, run the package through a “hash function”, which reads everything in the package, and comes up with a very long number, which I will liken to a finger print for the entire package. The EAC then sends the package on to elections officials, who install it onto the election systems. If you scan that software, it should come up with the exact same long number. If not, we have a problem (Texas).
The problem was, (1) some ES&S systems in Texas did not have the correct number. And (2) officials who should have reported the problem failed to do so.
Once this was discovered, some digging around found that an innocuous looking file called “sysload.bmp” was different. A bmp file, for “bitmap”, is a file containing a picture, similar to a png or jpg file, only it’s used in MS Windows. Some officials called this situation “de minimus”, which is jibberish (aka Latin) for : trivial. It doesn’t really matter, it’s just a picture.
Only every bit matters. All of them. Experts can program a computer to ignore the “bmp” at the end of a file name, read the bits in the file as real computer code, and follow the instructions in that code, whatever it says.1 People checking out a system are likely to not pay attention to bmp files, as they are “just pictures”. Only if that file has been changed, and someone has programmed the system to follow the instructions hidden in the picture, you can rig the system, and nobody knows. This is one of the kinds of insider threats I’m been most concerned about since 2005. The possibility is real, and it’s why we have to double-check our election systems down to the last bit.
History is littered with red-flag warnings from engineers that were ignored by politicians and bureaucrats. The o-rings on the space shuttle Challenger are an example. It’s the specialists who understood the implications of seemingly trivial details. They were warning about the o-rings for years, were ignored, until Challenger blew up.2
In election systems, every little bit matters. When they don’t add up, something could be wrong. When they are not fully reported, something is wrong. I’m not saying that these systems were rigged. I don’t know; but that’s the problem.
The three problems Ms. Cohn refers to in her article need to be addressed, soon. They are red-flags. These details matter.
“Election Assistance Commission Investigated ES&S Voting Systems”:
1) “Alert: BMP Files May Contain a New Virus”, https://www.helpnetsecurity.com/2004/05/14/alert-bmp-files-may-contain-a-new-virus/
2) “Challenger: The Final Flight” (Netflix), https://www.netflix.com/watch/81012171 About the o-ring ref-flags, see especially the 3rd and 4th episodes.
May 14, 2004
Alert: BMP Files May Contain a New Virus
Agent, a new Trojan using BMP files has been mailed to users worldwide
Kaspersky Labs, a leading information security software developer has detected a mass mailing of a new Trojan named Agent. Agent infects victim machines when users view graphics in BMP format.