Category Archives: Voting

The Happy Hackers Bill approved by House Republicans

One of the major ironies of the past few days is that the administration’s fraudulent anti-voting fraud commission is asking for bundles of private voter information from the 50 states, all the while dismissing Russian interference in the 2016 election as a hoax, AND submitting a budget which we’ve known for some time would eliminate the ONE federal agency tasked with assisting state and local governments with election security.

“House Republicans are taking aim at a small federal agency that helps provide election oversight and guidance, saying its functions are no longer necessary.

A spending bill from the House Appropriations Committee unveiled Thursday would give the Election Assistance Commission 60 days to terminate itself. The small agency was created after the tightly contested 2000 presidential election. It has an annual budget of about $10 million and had just 31 employees on its rolls as of March. The agency writes election management guidelines and develops specifications for testing and certifying voting systems, among other tasks.” [GovExec]

The bill, introduced by Rep. Gregg Harper (R-MS), would hand the powers and duties of the Election Assistance Commission to the Federal Election Commission, and the little agency responsible for “developing specifications for testing and certifying voting systems” would fold up and go away under the terms of HR 634.

The tribulations and gridlock in the Federal Election Commission are well known and documented: Investigations stalled, dark money flowing freely, enforcement delayed and denied. In short a scene of “dysfunction and deadlock.”  [NYT]  Failures to investigate, and 3-3 vote ties stifling further investigations. [NBC] Thus, the Harper bill would deliver election security responsibilities to a commission already in the throes of partisan gridlock and as they say so politely, “dysfunction.”

Republicans on the Administration Committee [Harper (R-MS), Davis (R-IL), Comstock (R-VA), Smith (R-NE),  Walker (R-NC), and Loudermilk (R-GA)] voted to send the bill forward;  Democratic Representatives Brady (D-PA), Lofgren (D-CA) and Raskin (D-MD) voted “no.”  So, what do these lawmakers want to hand over the the stalemated FEC?  The part which should interest us the most at the moment is this segment from the EAC:

“EAC Certification Program is to provide clear procedures to Manufacturers for the testing and certification of voting systems to specified Federal standards consistent with the requirements of HAVA Section 231(a)(1).

Under this program, the testing and review process requires the completion of an application, employment of an EAC-accredited laboratory for system testing, and technical analysis of the laboratory test report by the EAC. The result of this process is an Initial Decision on Certification.”

It doesn’t take much effort to interpret this task as the foundation of standards for the certifying and testing of election systems.   Republicans may argue that this could be done under the auspices of the Department of Homeland Security, but this seems hollow since the bill doesn’t transfer the duties to DHS, it just wipes the EAC off the map.  The EAC already maintains a list of certified election systems,  and those which have been terminated.   The Republicans appear quite pleased to take the constable off the beat, and hope that someone, somewhere, will prevent the development and certification of voting systems from becoming the Wild West of slackers, partisan backers, and hackers.

If eliminating the EAC isn’t the answer, what might be?   The Brennan Center issued a report on “Security Election Systems from Foreign Interference,”  in a forward by former CIA Director James Woolsey,” he observes:

“In the last few months, we have learned extraordinary details about a Russian assault on our election infrastructure. While there is no evidence that this assault altered the vote count, that fact should be cold comfort as we look to protect ourselves against future attacks.”

One doesn’t have to be an expert on cybersecurity or election technology to understand how dangerous this is. Based on my experience, as a former Director of Central Intelligence, and in service to this country under both Democratic and Republican Presidents, I am confident the Russians will be back, and that they will take what they have learned last year to attempt to inflict even more damage in future elections. In particular, their history of interfering in other nations’ politics, their antipathy to the United States and Western democracies generally, and their proven ability to multiply the impact of their actions through cyberattacks should put us on the highest alert, and spur us to take all necessary actions to protect ourselves from further attack.”

In summary form, Ambassador Woolsey is convinced the Russians will be back, they will apply “lessons learned” evaluations, and they will attempt to cause even more damage in the future.  If the former CIA Director is correct, and there’s no logical reason to believe otherwise, this is hardly the time to terminate any programs to help state and local election officials secure their systems.  In fact, it’s time to do more, as outlined by the Report:

“What more must be done? The key security measures detailed in this report are the right place to start: replace paperless electronic machines, upgrade the hardware and software that supports voter registration, and conduct post-election audits to confirm the results.

These are common-sense solutions that will increase security and public confidence in the integrity of our system. Importantly, they will do so without interfering with the right of any eligible citizen to participate in the choice of who will govern the nation.”

Some of these recommendations are squarely in the EAC wheelhouse, others will require additional support for local and state election officials.

The good news is that the decentralization of American voting systems makes a concerted attack extremely difficult, there are 8,000 voting jurisdictions, and about 100,000 polling places.  However, this doesn’t mean that we should be taking much comfort from our fragmented system, because the bad news is that some jurisdictions are using antiquated equipment with operating systems no longer supported by vendors (and thus are easier to attack.)  States and localities have made progress toward greater technical voting system security since 2004, but now is no time to rest upon laurels and declare “we’re Safe!” merely because vote totals are difficult to alter.

There’s also the matter of voter registration data security.  Again, the Brennan Center recommends:

“State and local governments must fully identify potential avenues for attacking voter registration systems, mapping out all of the entities that interact with that system, and implementing mitigation strategies where weaknesses are identified. The consensus among experts interviewed by the Brennan Center is that this should be done on a regular basis, but that many states are unlikely to have completed this kind of comprehensive risk assessment in the last few years, despite the fact that both registration systems and cyber threats have evolved enormously over that time.”

Putting a more blunt perspective on it:  The risk assessment tools used to evaluate the security of voter registration data which were judged “state of the art” just a couple of years ago may now be as outdated as that Motorola StarTAC clam shell mobile phone  sitting in the bottom of someone’s junk drawer.   Add to this the notion that the Administration’s fraudulent Fraud Commission wants to centralize voter registration data from 50 states all in one convenient place — thus making it a handier target for our adversaries — and we lose the advantages of decentralization while making life easier for those wishing to practice their “foreign interference.”

There is a bill in the Congress well worth supporting, introduced by Derek Kilmer (D-WA), HR 1344, under its terms the Department of Homeland Security would assist local and state government officials as follows:

“The Department of Homeland Security (DHS) may award states with planning and biennial implementation grants under the program to:

adopt cybersecurity best practices;
mitigate talent gaps in government workforces;
protect public safety answering points, emergency communications, and continuity of communications during catastrophic disruption;
mitigate threats to critical infrastructure or key resources;
coordinate with neighboring states or countries, National Guard units, or information sharing and analysis organizations; and
establish scholarships or apprenticeships to provide financial assistance to state residents pursuing cybersecurity education who commit to working for state government.
The bill sets forth requirements for distribution of awarded amounts to local and tribal governments within states and for consultation with local and regional officials.

The Committee for Cyber Resiliency Grants is established to: (1) promulgate guidance for states to develop applications for such cyber resiliency grants; (2) provide DHS and states with recommendations regarding the approval of state plans or applications; and (3) evaluate, and report to Congress regarding, the progress of states in implementing plans.”

We’d be well advised to contact our Representatives and recommend they oppose HR 634 (perhaps on the theory that the fact we have a Navy doesn’t obviate the need to also have a Coast Guard) and to support HR 1344.

This is hardly the time to make the hackers any happier.

Local Contact Information: 

Representative Mark Amodei (R-NV2) Phone: (775) 686-5760

Representative Dina Titus (D-NV1) Phone: (702) 220-9823

Representative Ruben Kihuen (D-NV4)  (702) 963-9360

Representative Jacky Rosen (D-NV3)  (702) 963-9500

Comments Off on The Happy Hackers Bill approved by House Republicans

Filed under Nevada Congressional Representatives, Nevada politics, Politics, Vote Suppression, Voting

Election Integrity in Nevada: How Safe Is Safe?

We have a President of the United States of America who appears singularly uninterested in investigating Russian meddling in the 2016 elections.  Nothing has originated from the Oval Office to indicate he is curious about (a) Russian intrusions into some 21 to 39 state election systems; (b) Russian disinformation efforts during the 2016 elections; and (c) European efforts to blunt Russian cyber attacks on their elections.  Perhaps there’s nothing surprising about this, he’s shown precious little interest in:

(1) Bolstering NATO nation confidence in US support for their interests in addressing Russian incursions into Crimea, Ukraine, and the Baltic States; (2) Extending or enhancing sanctions on Russia for these incursions; (3) Maintaining the sanctions initiated by the Obama Administration including the removal of the Russians from two facilities used for intelligence purposes.   And, now the President wants to have something to “offer” the Russians during the upcoming meetings of the G20.

“President Donald Trump has asked National Security Council staff to come up with “deliverables” that he can offer to Russian President Vladimir Putin during their meeting on the sidelines of the G-20 summit in Germany next week, The Guardian reported Thursday.”  [Business Insider]

At this juncture it would seem necessary for citizens in Nevada to multi-task.  On one hand we need to insure that the Administration isn’t encouraged to promote its voter suppression program, at present in the form of Chris Kobach’s extensive request for voter data which will be massaged into a report which will no doubt encourage more voter suppression legislation.  There’s nothing wrong with sharing the information any county chairperson can obtain from the voting registrar or the county clerk, but there’s all manner of things wrong with asking for military status,  Social Security numbers or portions thereof, voting history, and other personal data NOT previously part of the public record.  The Nevada Secretary of State has responded in the following press release:

“Many people have asked whether or not the Secretary of State’s office plans to comply with the request from the Presidential Advisory Commission on Election Integrity for voter registration information in Nevada.  Other than the previously identified confidential information, state law (NRS 293.558) prohibits election officials from withholding voter registration information from the public.  In addition, the state’s Public Records Act requires government entities to allow for inspection of public records.  As a result, the Secretary of State’s office will provide the Presidential Advisory Commission on Election Integrity with only the publicly available voter registration information under Nevada law.”

Thus much for Kobach’s grand plan for a 50 state data accumulation of personal voting histories and “targets” for vote suppression.  However, we can reasonably predict that this will not be the end of Kobach and Von Spakovsky’s efforts to impede voting by the elderly, the young, and minority ethnic group members; in short, people who are likely to vote for Democratic candidates.

On the other hand, we need to watch out for insecurities in our own electoral systems.  One element, of course, is the integrity of our mechanical and electronic voting machines.  For those wishing to delve into the weediest of the weeds should refer to NAC Chapter 293B which specifies how these are to be maintained, tested, and audited, which led Verified Votin g.Org to declare Nevada’s overall performance as “generally good.”  Additional information concerning Nevada’s audit limitations can be found on this Verified Voting page.   We have some soft spots, but none of these seem like major issues at the moment, and most appear to be capable of repair by a legislature paying attention to the details.

Now, we need a third hand.  Since the intelligence agencies at the Federal level haven’t released the names of those states (21 to 39) which suffered Russian intrusion, we don’t know if Nevada is among the list.  The only ones which have self-identified to date are Illinois and Arizona.  This situation raises more questions:

(1)  Is the voter registration data maintained by the Secretary of State’s office fully secure and safe from hacking?  Is access to this information secured in such a way as to prevent unlawful or illicit compromise?  What tests are performed to verify the security, and by whom are the tests conducted?  To whom are the results reported? Are those receiving the test reports empowered to fix any and all issues discovered?

(2) Is the voter registration data maintained at the local level secure from unauthorized access?  Is there sufficient funding and expertise at the local level to conduct tests of access security?  Is the ‘calendar’ of security testing at the local level adequate to prevent unauthorized or illicit access?  Are there “gaps” in access security, such that some localities are more secure than others?

(3) Are local voting systems/machines secure from unauthorized access and tampering?  Is the State (or local agencies) doing adequate security testing and auditing of results? Are our present systems safe, or is there more we could be doing?  Do we need to consider more in the way of risk limitation auditing .

It’s now beginning to look like we need to have some more hands involved, rather more like an octopus to get a handle on all the questions.

There are some things that Nevada may not have the capacity to do on its own.  We probably shouldn’t be required to conduct our own “elves vs. trolls” in the manner of the Lithuanian government’s efforts to fight off disinformation campaigns.  Germany, the United Kingdom, France, the Baltic nations, Sweden and the European Union have all devised national and cross-border efforts to publicize and blunt Russian efforts. [WP]

It would be extremely helpful to have a federal Executive Branch more engaged in countering Russian meddling than in vote suppression and declaring the obvious FACT of Russian cyber assaults to be Fake News.

Comments Off on Election Integrity in Nevada: How Safe Is Safe?

Filed under Nevada, Nevada politics, Politics, von Spakovsky, Vote Suppression, Voting

They’ve Only Just Begun: Hacking the Silver State?

If the President of the US isn’t all that interested in how the Russians hacked and meddled in the 2016 election, voters and voting officials in the US should be, and this includes the state of Nevada.  There are several layers to the issues, the voting itself and the processes which are elements of the total election system.

Voting Machine Vulnerability

The good news is that Nevada has a relatively robust voting system in place that is more difficult for a foreign power — read Russian operatives — to hack, the bad news is that the Sequoia (Dominion) system could still have some issues most related to “insider” attacks

“The software suffers from numerous programming errors, many of which have a high potential to introduce or exacerbate security weaknesses. These include buffer overflows, format string vulnerabilities, and type mismatch errors. In general, the software does not reflect defensive software engineering practices normally associated with high-assurance critical systems. There are many instances of poor or absent error and exception handling, and several cases where the software behavior does not match the comments and documentation. Some of these problems lead to potentially exploitable vulnerabilities that we identified, but even where there may not be an obvious vulnerability identified, the presence of such errors reduces our overall confidence in the soundness of the system as a whole.” [VerifiedVoting]

The problems associated with Nevada’s voting machines are mostly of the variety perpetrated by “insiders,” those who have control of the machines during set up, maintenance, and handling.  This is good news for preventing ‘rigging’ issues in terms of election outcomes being vulnerable to outside forces.  A statement from the Secretary of State describes the election audit system. (pdf)

Voter Registration Record Security

The election voter data isn’t quite so reassuring.  Nevada is a “member” of the Cross Check system.   The system certainly can be used to remove individuals from the voter rolls with deleterious effect, and the exchange between

voting officials and the Nevada ACLU isn’t all that comforting:

Wayne Thorley, Nevada’s deputy secretary of state for elections, counters that the program just matches data and doesn’t target anyone. “Just because someone comes back as a match on the Interstate Crosscheck list, it doesn’t automatically trigger cancellation of their account,” he said. “And then, further investigation is done by the state.” He said Nevada also uses the Electronic Registration Information Center to match names from the Crosscheck list with DMV records. Voters then get a postcard to verify their address and if they don’t respond and don’t vote in two elections, they’re dropped from the rolls. Tod Story, executive director of the Nevada ACLU, worries that the postcard system could be problematic. “It does not seem to be fair and certainly would affect more low-income and minority voters, who tend to be more transient, who are going to move more frequently,” he said. Thorley said that is certainly not the intent. “If that has a disparate impact on members of minority communities, I’m not aware of that,” added Thorley. “But it’s not targeted that way at all. We’re simply following the federal law.”

First, Mr. Thorley should be aware of “that” — there is, and has been demonstrated to be a disparate impact on members of minority groups.  Secondly, the post-card system is, and has been demonstrated to be, an ineffective way of contacting individuals who are ‘challenged’ under the Cross Check system.  [RS]  The results of using the Cross Check system are also not reassuring:

“The program has since expanded to 30 states, according to the National Conference of State Legislatures (NCSL), but it’s been controversial from the start. For one thing, it’s resulted in very few actual cases of fraud being referred for prosecution, as alleged cases of double voting in multiple states turned out to be clerical and other errors. One tally found that while the program has flagged 7.2 million possible double registrants, no more than four have actually been charged with deliberate double registration or double voting. Meanwhile, some states including Florida dropped out of the program due to doubts about the reliability of its data — though others, including the swing state of North Carolina, joined despite those issues.”  [TVN]

Get that? Out of 7.2 million ‘flagged’ 4 individuals have been charged with double registration or double voting.  In addition to obviously being ineffective (A 0.00005.5% catch rate doesn’t seem worth the effort) the collection would appear to be a grand place for a hacker to start if he or she has mischief in mind.

Initial Russian assaults are still a matter of confidentiality, no Secretaries of State have yet been cleared to receive the reports of hacking collected by our security agencies although there is testimony that 21 states were subjected to attacks of some kind. [LAT]  We do know that Illinois was one on the states in which voter registration rolls were hacked.

“The hack had nothing to do with counting the votes in elections in Illinois. The hackers looked at voting registration data: name, address, date of birth, gender and the last four digits in the Social Security number.

The hackers searched through about 80,000 records overall, with the elections board confirming that the records of just under 3,000 voters were viewed by the hackers.” [CST]

The Chicago Sun Times reported how the hack was accomplished, and how it was detected.   The state of Arizona also had a major scare, as reported by Michele Reagan, AZ Secretary of State:

Reagan said she was alerted to the hack after the Federal Bureau of Investigation found a credential — a username and login — for the state system for sale on the dark web.

“It was really frightening and scary considering we’re in charge of almost four million people’s information,” Reagan said.

Reagan said her office had a lot of decisions to make in short amount of time to protect voter safety and took the system offline.

“At that moment in time, the most important thing was what do we do with that database,” she said. “How do we inspect it? We need to make sure that no information was taken, no information was altered, a virus wasn’t inserted into that system.”

She said, while the voter database was hacked, the voting registration system was not.

“We got lucky once,” she said, adding that the state has added multi-factor authentication, required the changing and strengthening of passwords and made other tweaks to better protect the system. [KTAR]

It would be reassuring to know if Nevada has implemented “multi-factor authentication” and other measures to better secure Nevada voter data.

I’ve not read any reports to date assuring me that the Russian hacking was a “one-off” and unlikely to be replicated.  Indeed, nearly every article asserts that what we’ve seen in 2016 was only the beginning.  A few intrusions in anywhere from 21 to 39 states, a peek into voter information data, some attempts to ‘phish” their way into systems — and many warnings that this indicates increasing interest in going deeper into US elections rather than any foray for temporary recreational purposes.

Recommendations

Retain the sanctions placed on the Russians by the Obama Administration, and enact new and greater sanctions on them as proposed by the U.S. Senate.  House Republicans have stalled the bill which passed the Senate on a 98-2 vote. [NYT] As of June 23, 2017 the White House indicated it would step up lobbying efforts against the Russian sanctions bill. [WP]  Those tracking the progress of this bill will want to follow GovTrack S 722.

Review and potentially revise Nevada voter data security processes and products.  Have issues revolving around the infamous Cross Check program been resolved?  Have procedures been adopted that would prevent access such as happened in Illinois and Arizona?

Russian probing, and interference, will not stop…it will be up to the US Congress and the 50 states, to reject their efforts.

 

1 Comment

Filed under Nevada politics, Politics, Vote Suppression, Voting

Good Morning: The Administration wants all your voting data, and wants to make it public

The President’s “election commission,” established to cover his allegations that millions of illegal voters prevented His Vulgarity from attaining triumph in the popular vote, is requesting voter roll data from all 50 states. Nevada is included in this list.

“On Wednesday, all 50 states were sent letters from Kris Kobach — vice chair for the Presidential Advisory Commission on Election Integrity — requesting information on voter fraud, election security and copies of every state’s voter roll data.

The letter asked state officials to deliver the data within two weeks, and says that all information turned over to the commission will be made public. The letter does not explain what the commission plans to do with voter roll data, which often includes the names, ages and addresses of registered voters. The commission also asked for information beyond what is typically contained in voter registration records, including Social Security numbers and military status, if the state election databases contain it.” [ProPublica]  (emphasis added)

There are many layers of just how wrong this is.   First, and most obviously, why worry about Russian hacking into voter roll information for the purpose of making mischief if everything they want is right out there in public view?  Nothing like One Stop Shopping for voter data for the Kremlin?

Secondly,  conspicuously absent from the letter is any indication about what processes and procedures will be applied to protect voters’ privacy.  Mr. Kobach’s documented sloppy handling of his Cross Check program data is not reassuring.

Third, while full Social Security numbers may not be included, even partial number releases may be a bridge too far for those concerned with identity theft; and, does the Pentagon really want the status of members of the Armed Forces right out there for all the world to see?  How handy for the Bad Guys to have an instant way of finding out a soldier’s home address?

Finally (for the moment) there’s the purpose for which all this data is sought — rest assured, it’s NOT for the purpose of “election integrity,” in fact given the participation of Kobach and Von Spakovsky the obvious intent is to scramble the data for inclusion in a “report proving” that there’s a “need” for more voter suppression.

Nevada citizens who do NOT want their voter data/records shared in this haphazard and insecure way should call the office of Nevada’s Secretary of State: 775-684-5708, fax 775-684-5725; or e-mail at <sosmail@sos.nv.gov>

1 Comment

Filed under Nevada, Nevada politics, Politics, von Spakovsky, Vote Suppression, Voting

Meanwhile back in the real world: Cyber Security Questions

If the American media can get off the horse race/predictable elections tangent it’s been on of late, there are some stories needing far more explication and analysis than they’ve received, a not-so-modest-list on one topic:

Cyber Security:  There are questions in this realm that need to be explored, and if I had my druthers there would be far more discussion of —

(1)  How individuals can secure their data, or at the very least be assured that the results of data mining operations can be regulated such that breaches can be minimized and misuse mitigated?  If you aren’t a bit disturbed by recent Congressional action to allow the collection and compilation of your information from the Internet to the providers — without your consent, and certainly without paying you for it — then please give this another thought or two.   There’s been entirely too much “ho hum” attached to reports of data breaches.  This, in the face of the fact that 47% of data breaches in 2015 were either malicious or criminal in nature.  In 2015 Anthem Inc. was hit, 80 million customers at risk; in 2014 Ebay was hit, 145 million customer records were compromised; also in 2014 76 million JPMorganChase customers had their data in peril. [Bankrate]

There have been other breaches, which hit the news flaring like a roman candle on the 4th of July, and then flaming out of view just as quickly.  Ok, the subject matter is technical and explanations can be tedious, but aside from advising people to secure their data and change passwords, etc. the media has been behind the story in too many cases.

(2) No state Secretary of State and no local election officials want to be the subject of allegations they’ve not secured voter information.  Our ears should perk up when any one or more of these officials say things even remotely related to “it can’t happen here.” We know that this has happened in at least 39 states, and it obviously DID happen here.  Again, if “meddlers” (a kind word for foreign interests — Russian) want to muddle our elections then a break-in to election rolls, coupled with a few changes here and there, mixed with the already documented problems with the Cross Check program, is an obvious recipe for serious issues.

Update:  And the the WTF Moment — Secretary of State Tillerson says his desire is to work with the Russian government on…Cyber security.  We might want to wait on this until we find out the full extent of Russian efforts to intrude on our election systems and election information sources??

(3) Now, imagine that a breach can be made of such things as the Republican National Committee data on US voters. Oh wait.  It has been left vulnerable, for 12 days no less, simply sitting in a cloud file in a nicely packaged spreadsheet format– of nearly 200 million people.  This may not count as a “breach,” perhaps more like a giant leak.  And, will this major spill be investigated?  Broadly reported? Endlessly analyzed?  If the past is any indicator — probably not.  Yet, if major parties or marketers are allowed (maybe even encouraged) to compile large files of voter/customer data, then what liability do these entities have in terms of securing what has been collected?

Common sense would appear to dictate that “if you collect it you must secure it.”  Further, we need to ask: Are current penalties for storing data in such a state that it is vulnerable to attack sufficient to deter collectors from sloppy data management systems? If you haven’t heard talking heads opining on this lately,  neither have I.

Perhaps we should.

Comments Off on Meanwhile back in the real world: Cyber Security Questions

Filed under Politics, privacy, Privacy and Civil Liberties Oversight Board, Voting

From Deep Throat to Deep Root: Republicans Careless With 200 Million Voter Files

Oh for the Olden Times when the Grand Old Party had its individual and collective knickers in a twist over Secretary Clinton’s “carelessness” with State Department e-mails on <clutch pearls here> a private server…  However, now we have to visit the Business and Technology section of the Washington Post to find the following:

“Detailed information on nearly every U.S. voter — including in some cases their ethnicity, religion and views on political issues — was left exposed online for two weeks by a political consultancy which works for the Republican National Committee and other GOP clients.

The data offered a strikingly complete picture of the voting histories and political leanings of the American electorate laid out on an easily downloadable format, said cybersecurity researcher Chris Vickery. He discovered the unprotected files of 198 million voters in a routine scan of the Internet last week and alerted law enforcement officials.” (emphasis added)

Translation:  Data mined information on 198 million Americans was  collected, collated, compiled, and then left for 12 days in an UNPROTECTED STATE for the eyes of any and all — criminal identity thieves, criminal scammers, and anyone who didn’t want to go to the bother of hacking into any server in any location.  For 12 days all this information was out there, like the food on a buffet — those in line just had to recognize what was on offer.

Where are the calls for hearings?  The Outraged cries for an investigation into how this could have happened?  The questions as to how we might be able to guarantee something this horrendous doesn’t happen again.

If a “good guy” could find this data during a “routine scan” what might happen when someone with less admirable intentions conducts a targeted scan of what’s available on American voters?

Let this sink in.

Comments Off on From Deep Throat to Deep Root: Republicans Careless With 200 Million Voter Files

Filed under Politics, privacy, Public Records, Vote Suppression, Voting

Assault On America

Even if this is only partially true we need to pay attention:

“We are creeping ever closer to actual evidence that there was Russian ratfcking of the vote totals in the last election. Not long ago, people wouldn’t even suggest that out loud. We were made vulnerable to something like this because of the interference by the Supreme Court in Bush v. Gore, by the curious goings-on in Ohio in 2004, by a relentless campaign to convince the country of an imaginary epidemic of voter fraud, and by a decade of voter suppression by any means necessary. The Russians wanted to undermine the confidence Americans had in their elections? We made it pretty damn easy to do that.”

Perhaps we might approach the problem by classifying our voting system as a matter of infrastructure. Critical infrastructure.  Such as designation came only after the 2016 election. We might have saved ourselves some distress if we’d done this a bit sooner.

We’d not tolerate a foreign adversary attacking 39 dams, or 39 bridges, or 39 tunnels, or 39 points on our electrical grid — but there is now evidence that the Russians hacked into various points of our electoral system in 39 states:

“Russia’s cyberattack on the U.S. electoral system before Donald Trump’s election was far more widespread than has been publicly revealed, including incursions into voter databases and software systems in almost twice as many states as previously reported.”

One of the things that might have saved us is the decentralized voting systems in the 50 states.  While that might make us feel better, being honest requires acknowledging that there are only 50 states, not an overwhelming number for a small army of dedicated “patriotic Russians” who just happened to be interested in our elections.

There are several layers to this attack, all of which deserve far more attention than we are currently bestowing on the subject.

(1) Disinformation is part of the Kremlin Play Book.  The trolls, bots, propagandists, and other associates made their appearance known in 2016, [pdf Senator Whitehouse] and we ought not conclude that this is the full extent of the Russian interference in the last general election.  The Russians appear to be making use of the distrust of the media engendered, and perhaps inflamed, by right wing messaging that disparages mainstream media outlets.  This distrust can be easily weaponized on both ends of the political spectrum.

We’ve moved past the era in which disinformation was primarily disseminated via chain e-mails from Uncle Fred and friends, in an age of instantaneous social media there’s a greater need to provide news “consumers” with information not only about the veracity of the “news” but the origin as well.  There are some pieces of useful advice, for example “How to Recognize a Bot,” “How to Spot Social Media Bots,” and “The Fake Factor,” (identifying bogus Facebook accounts.)  Institutional responses are helpful, but we can amplify the response to attacks by being personally informed about how to spot the phonies.

(2) Adequately funding voting systems at the state level.  Inadequate funding breeds more problems — the lowest software bidder may not always be promoting the most secure product, the lowest bid for voting machines may not be the safest machines.  What states should be looking for is the BEST product, which may not always be the cheapest.   The funding should also include audits.  Voting officials should conduct regular, and thorough, audits of their systems — registration, data transfers, and compilations.  We should have Zero Tolerance for any attempts to manipulate any and  all voting data.

(3) Focus.  Too often the voting security discussion centers on cries of alarm about voter impersonation — an extremely rare event — and places too little emphasis on vote suppression and vote tampering.  Nothing serves the Russian purposes better than having us questioning our voter registration, data collection, and voting processes.  Tangential discussions which dismiss attention to these foreign threats as the function of unsatisfactory election results aren’t helpful.

Consider what is possible if a foreign adversary were to tap into the possibilities of the CrossCheck program.  What chaos could be caused by changing selected addresses, something as simple as altering a house or apartment number? Or, changing the middle initial of a registered voter? Or, changing a name from George to Jorge?  We need to attend to the problems arising from these kinds of manipulations.

Consider what might result from a direct hack into voter registration files.  Again, with the same kinds of alterations mentioned above.  We need to secure our voting data with the same attention we apply toward securing our physical infrastructure and national security apparatus.

Consider what might happen were a foreign power able to breach our vote tallying systems?  Unthinkable?  Probably not. In short, our voting infrastructure should be carefully audited at every single level.   At no point should we smugly assume that our decentralization and current systems make us impermeable to foreign assault.

Estote Semper Parati

Comments Off on Assault On America

Filed under Politics, Vote Suppression, Voting

Ripped from a few Headlines: Friday Edition

If you haven’t already seen the New Yorker article concerning Trump, Putin, and what the Russians want…click immediately for some excellent reporting and analysis. Here’s a taste:

“The great fear is the neutering of NATO and the decoupling of America from European security. If that happens, it gives Putin all kinds of opportunities. If Trump steps back the way he seemed to as a candidate, you might not even need to do things like invade the Baltic states. You can just dominate them anyway. You’re beginning to see the collapse of institutions built to insure our security. And if that happens you will see the re-nationalizing of Europe as a whole.”


If anyone is counting, and they are, there have now been THREE Jewish cemeteries vandalized within the last few weeks, St. Louis, Philadelphia, and Rochester, NY. And then there are the bomb threats to Jewish community centers.

“In all, 48 JCCs in 26 states and one Canadian province received nearly 60 bomb threats during January, according to the JCCA, an association of JCCs. Most were made in rapid succession on three days: January 9, 18 and 31. A number of JCCs, including Orlando’s, received multiple threats. On February 20, another wave of bomb threats hit 11 JCCs across the country, bringing the total to 68 incidents targeting 53 JCCs, according to the JCCA.” [CNN]

It would appear that while most people are protesting immigration related raids, Muslim travel bans, and assorted Trumpian outrages, others are taking the opportunity to express their antisemiticism, racism, and bigotry.


Meanwhile in the last two months four mosques have been attacked by arsonists.  The Oval Office remains silent:

“The press has certainly covered Trump’s attitudes—and those of his top advisors—toward Islam, particularly since he announced a ban on travel from seven majority-Muslim nations on January 27. But attacks on American mosques have received far less attention than the bomb threats against Jewish Community Centers. As far as I’m aware, no reporter has asked Trump about them at a press conference. And no major network would suggest that Trump’s failure “to adopt a stern, public line” against Islamophobia has been “politically damaging.”


Floating around in the Swamp, the Trumpster Regime — again (and again) says there was no connection between the campaign and Russian operatives. This, of course, goes nowhere toward explaining the contacts made by Paul Manafort, Carter Page, Jeff Sessions, Jared Kushner, Roger Stone, Rudy Giuliani, Michael Flynn, … and what names are to come?


The most bizarre explanation for opposing Motor Voter/automatic  registration in Nevada comes compliments of Nevada’s political gadfly and whack job Ira Hansen, did you miss this one?

“Assemblyman Ira Hansen, R-Sparks, was the most vocal opponent during the committee hearing and said it represented an overreach of people’s privacy, especially those who don’t want to partake in the electoral process.”

 

Comments Off on Ripped from a few Headlines: Friday Edition

Filed under Foreign Policy, Hate Crimes, Immigration, Nevada legislature, Nevada politics, Politics, racism, Voting, White Supremacists

Questions Remain About Nevada Crosscheck Program

I must admit I’m not fundamentally opposed to the Interstate Voter Registration Crosscheck Program – IF it will prevent Allistair Barrenfarm Gotrocks IV from rolling his Bentley to his convenient polling precinct in the Hamptons early on some fine election morning, then hopping into his Bombardier Global 8000 to his equally convenient polling station for his second home in Florida; while his absentee ballot is counted in his resort community of Ketchum, Idaho.  This, I could do without.  However…

As RollingStone magazine pointed out last August, this isn’t the ulterior purpose of the Crosscheck Program.   The process was supposed to have included names (including middle names and initials) birthdays, and Social Security numbers.   If the voting officials in a particular state don’t require the Social Security number, the birthday, and the middle name all that the Crosscheck list presents is a mass of very common names.  And, the bias begins:

“This inherent bias results in an astonishing one in six Hispanics, one in seven Asian-Americans and one in nine African-Americans in Crosscheck states landing on the list. Was the program designed to target voters of color? “I’m a data guy,” Swedlund says. “I can’t tell you what the intent was. I can only tell you what the outcome is. And the outcome is discriminatory against minorities.”  [RollingStone]

The response from Nevada, which participates in the Crosscheck program,  was a bit confusing.  A Nevada official replied to the Crosscheck question by saying:

“I can’t comment specifically on their study. What I can say is that in Nevada, we follow the federal and state procedures when it comes to removing voters from the rolls. We don’t look at a person’s name. We don’t actually collect demographic data on voters, so we don’t know race, ethnicity on any voters in our list.” [News4]

How can maintenance of up to date voter registration lists be done without looking at names? Either John P. Smith, of Henderson, NV has voted in the last two general elections – or he hasn’t.  He’s either been declared dead by Social Security officials – or he hasn’t.   The official from the Nevada Secretary of State’s office got a bit more specific:

“Wayne Thorley, Nevada’s deputy secretary of state for elections, counters that the program just matches data and doesn’t target anyone.
“Just because someone comes back as a match on the Interstate Crosscheck list, it doesn’t automatically trigger cancellation of their account,” he said. “And then, further investigation is done by the state.”
He said Nevada also uses the Electronic Registration Information Center to match names from the Crosscheck list with DMV records. Voters then get a postcard to verify their address and if they don’t respond and don’t vote in two elections, they’re dropped from the rolls.” [PNS.org]

It seems that names do matter?  However, there are still questions which might be raised about how the Crosscheck list is actually used in Nevada. For example:  What further investigation is done by the State?  Does this mean that the election officials just compare the voter registration with DMV records?   The NAC can provide us with a bit more clarification regarding how the Secretary of State’s office is to handle voter lists:

NAC 293.462  Verification of information by Secretary of State. (NRS 293.124, 293.675)  On each business day, the Secretary of State will check the contents of the statewide voter registration list by:

     1.  Determining whether any person is included as a registered voter in the statewide voter registration list more than once.

     2.  For every registered voter who submitted an application to register to vote on or after January 1, 2006, comparing the driver’s license number, identification card number or last four digits of the social security number of the voter set forth in the statewide voter registration list, if any, with the information in the appropriate database of the Department.

     (Added to NAC by Sec’y of State by R018-07, eff. 9-18-2008)”

At least Nevada officials must incorporate at least part of the Social Security number in the “investigation.”  But when we’re just starting to get comfortable there’s this section which isn’t quite so clear:

“NAC 293.466  Correction of inaccurate or duplicative information; casting of provisional ballot in certain circumstances. (NRS 293.124, 293.675)

     1.  If a county clerk receives notice from the Secretary of State or another county clerk that the statewide voter registration list contains information that is potentially inaccurate, duplicative or otherwise requiring verification, the county clerk shall, not later than 5 calendar days after receiving such notification, take such action as is necessary to correct the information in the statewide voter registration list and in the computerized database established pursuant to NAC 293.454.

     2.  If the county clerk is unable to obtain the correct information relating to the voter that is described in subsection 1 before the day of an election, the voter must show such identification before any ballot may be cast, except that a voter may cast a provisional ballot pursuant to the provisions of NRS 293.3081 to 293.3086, inclusive.

     (Added to NAC by Sec’y of State by R018-07, eff. 9-18-2008)”

What would make a state election official think a registration was ‘potentially inaccurate?’ Duplicative? “Otherwise requiring verification?”  If a Crosscheck list shows a John Paul Smith registered to vote in Richmond, VA and a John P. Smith registered to voter in Henderson, NV, then does this make John P. Smith liable for be investigated as “otherwise requiring verification?”  The Nevada Revised Statutes make this a little more clear:

“NRS 293.675  Establishment and maintenance of list; requirements pertaining to list; duties of county and city clerks; cooperative agreement with Department of Motor Vehicles; verification of information in conjunction with Social Security Administration; agreements with state agencies to obtain information necessary for list; information may be requested from or provided to chief election officers of other states.

      1.  The Secretary of State shall establish and maintain an official statewide voter registration list, which may be maintained on the Internet, in consultation with each county and city clerk.   2.  The statewide voter registration list must:

      (a) Be a uniform, centralized and interactive computerized list;

      (b) Serve as the single method for storing and managing the official list of registered voters in this State;

      (c) Serve as the official list of registered voters for the conduct of all elections in this State;

      (d) Contain the name and registration information of every legally registered voter in this State;

      (e) Include a unique identifier assigned by the Secretary of State to each legally registered voter in this State;

      (f) Except as otherwise provided in subsection 6, be coordinated with the appropriate databases of other agencies in this State;

      (g) Be electronically accessible to each state and local election official in this State at all times;

      (h) Except as otherwise provided in subsection 7, allow for data to be shared with other states under certain circumstances; and

      (i) Be regularly maintained to ensure the integrity of the registration process and the election process.”  (emphasis added)

If (e ) above requiring the unique verifier is applied then the probability that a person can be purged from voter registration lists is diminished, especially if this means both the full name and the Social Security number.  We’re still not quite out of the woods yet.

We’re still going to have to deal with domestic migration, especially in Clark County:

“People moving to Clark County from other places in the United States are at a five-year high, data released by the U.S. Census on Thursday show. The number of people moving into the county from within the U.S. outnumbered residents moving out from July 1, 2014, to July 1, 2015. The net increase, which has been rising for the past two years, was close to 25,000, with foreign migration accounting for an additional 8,000 new residents.

Clark County has grown incrementally over the last five years, rising from 0.7 percent growth in July 2011 to 2.2 percent growth in July 2015. What has changed is that domestic migration is driving that growth. Births minus deaths, or natural population change, once paralleled domestic migration numbers in the county from July 1, 2011, to July 1, 2013. The year before that, Clark County saw negative domestic migration. In the years following, domestic migration comprised most of the growth.”

[… ]  Just who are the new residents? January data of new Nevada driver’s license applicants show that a third, or 20,000, are from California followed by Texas and Florida at 3,000 each.

Perhaps more telling is that roughly half are in the 19-to-39 age range. Sure, some could be college students, but mostly, they are assumed to be part of the growing workforce that accompanies job growth.”  [LVRJ] (emphasis added)

The age range is important – 19-39, as in  eligible to vote.  How many “domestic migrants” to Nevada didn’t bother to tell California county clerks they moved, never intended to vote in a California election again, intended to be permanent residents in Nevada and register there?  The Didn’t Bother Factor drives some of the right wing conspiracy theories about the number of ineligible, i.e. potential duplicate, voters – particularly among the followers of Purger In Chief Kobach of Kansas:

“In January 2013, Kobach addressed a gathering of the National Association of State Election Directors about combating an epidemic of ballot-stuffing across the country. He announced that Crosscheck had already uncovered 697,537 “potential duplicate voters” in 15 states, and that the state of Kansas was prepared to cover the cost of compiling a nationwide list. That was enough to persuade 13 more states to hand over their voter files to Kobach’s office.”  [RS]

In the fevered minds of conspiracy theory advocates 697,537 “potential duplicate voters” is the same things as real ballot stuffing felons.  Some of these people are the same ones who believe “3,000,000 illegal votes were cast for Secretary Clinton in the last election.”  First, there was no epidemic of ballot stuffing across the country.  Secondly, this canard was spread by none other than Dick Morris, and promptly debunked. [Polifact]  Third, that didn’t stop the Federalist Society from climbing on board the “potential” fraud bandwagon citing conservative sources and 20 instances of fraudulent voter registration applications in Virginia.  Not actual voter fraud mind you, just fraudulent applications which obviously were caught. One of the more intriguing claims in the Federalist piece is that we can’t know how much voter fraud is going because people don’t report regular criminal behavior. Under reporting is not proof of criminal behavior, and arguments by analogy break down faster than just about any other form.

Since the Crosscheck program has been so problematic that Florida and Oregon have dropped it, and since the implementation of it has been plagued with the issues cited in the RollingStone article, Nevada should seriously consider dropping its participation.  Failing that, Nevada could consider specifying more clearly what the Unique Verifiers are in NRS 293.675 – requiring state election officials to compare middle names or at least initials, and Social Security numbers.   No county clerk’s office should be handed a list without the assurance of state officials that mistakes have not been made concerning ANY potential duplication.  The use of a faulty list to “improve election integrity” is self defeating and frankly makes no sense whatsoever.

Comments Off on Questions Remain About Nevada Crosscheck Program

Filed under elections, Nevada politics, Vote Suppression, Voting

Early Voting Begins in Nevada, and why it should be expanded

Vote Early And it’s on! Early voting has started in Nevada, and for those not already saturated by campaign information we share the times for voting in at least one of the rural counties (Humboldt):

Monday October 24 through Friday October 28: Early voting can be done at the County Courthouse (Winnemucca) from 8 am to 6:00 pm.  The Clerk’s office will be open from 10 am to 6 pm on Saturday October 29, and Early Voting hours are 8 am to 8 pm from Monday October 31 through Friday November 4.

You know you’re a battleground when POTUS shows up.  The Las Vegas Sun covers his speech on behalf of Hillary Clinton and Catherine Cortez Masto.  The billionaire’s fishwrapper of record gains the dubious distinction of being the only major paper to endorse Donald Trump.  Let’s Talk Nevada has Pictures, and interesting information, well worth the click over to their site.   There’s always at least one willing to douse the enthusiasm for early voting – and this year he doesn’t disappoint.

“There is no good reason – for almost every voter – not to wait until Election Day, so you have the maximum information, including something that could break in the final fortnight. A scandal. A revelation about someone’s character. More information.”  [RGJ]

Here’s what’s fundamentally wrong with this analysis.  First, it promotes one of the worst features of American campaign politics – the last minute unanswerable attack.  This, for many election cycles, has been a campaign scheduling trick designed to attack an opponent with a charge which due to the timing is predicated on the notion that the victim of the ploy doesn’t have time to answer. Thus, all the dirty tricks are withheld until the last possible effective moment – like 24 hours before election day.   So, if I were to employ this artifice I’d have a lovely Photo-Shopped graphic of my opponent embracing a wild-eyed maniac beheading a baby while slaughtering puppies and kittens, all presented in a shiny colorful mailer.   There’s no time to adequately debunk this bit of bluster.  Early voting allows a campaign to avoid this destructive, and definitely uninformative, tactic.

Secondly, the argument is dismissive of any effort to relieve the burden on voting registrars, election officials, and county clerks.  There was a time in which all voting could be done in 24 hours without long delays and attendant problems – but that day has long gone in the face of population increases.

In 1980 Clark County, Nevada had approximately 463,067 residents, the 2014 estimates place it at 2,069,450.  Washoe County had 193,623 residents at the time of the 1980 elections; the 2014 estimate is 436,797.  Mineral County is the only statistical area in which there has been a population decrease since 1980, and others like Nye County have experienced significant growth from 9,408 to 45,456 or Lyon County growing from 13,594 to 53,334 during the same period. [NV Demo]  [WRDC pdf]

The counter, of course, is that as populations increase so do the number of polling sites.  Not really.  An EAC study reported that the number of polling sites increased with some regularity until 2000 at which time the precincts  actually decreased.

Table 13a. Number of Precincts Nationwide, 1980–2004
Number of
Election Year Precincts
2004 185,994
2002 189,900
2000 184,850
1998 185,444
1996 180,834
1994 181,497
1992 177,691
1990 177,101
1988 178,034
1986 176,326
1980 167,037

While it might be tempting to engage in some conspiracy theories at this point – and some voter suppression schemes do tend to reduce polling places in minority and lower income neighborhoods – there’s also a plausible explanation incorporating the notion that polling has become far more expensive with the electronic voting machines required.

Therefore, given the populations increases, the increased cost of election equipment, and the costs of staffing precinct polling sites, combined with the pressure to reduce local government budgets, one has to either accept that elections are going to be more expensive (and budget accordingly) or hope that early voting periods allow a local government to spread overtime and equipment budgets over a longer period of time so that additional costs aren’t incurred.

Third, the argument while traditionalist is also condescending to those who don’t have the luxury of waiting in line for three hours to vote.  Nevada includes time and distance into the allowance of time off to vote on a work day:

NRS 293.463  Employees may absent themselves from employment to vote: Procedure; penalty.
     1.  Any registered voter may be absent from his or her place of employment at a time to be designated by the employer for a sufficient time to vote, if it is impracticable for the voter to vote before or after his or her hours of employment. A sufficient time to vote shall be determined as follows:
     (a) If the distance between the place of such voter’s employment and the polling place where such person votes is 2 miles or less, 1 hour.
     (b) If the distance is more than 2 miles but not more than 10 miles, 2 hours.
     (c) If the distance is more than 10 miles, 3 hours.
     2.  Such voter may not, because of such absence, be discharged, disciplined or penalized, nor shall any deduction be made from his or her usual salary or wages by reason of such absence.
     3.  Application for leave of absence to vote shall be made to the employer or person authorized to grant such leave prior to the day of the election.
     4.  Any employer or person authorized to grant the leave of absence provided for in subsection 1, who denies any registered voter any right granted under this section, or who otherwise violates the provisions of this section, is guilty of a misdemeanor.

If the county can’t spread out the time for voting, then it’s entirely possible a person could be 2 miles from the polling site and have to wait in a two hour line.  And, presumably, the employer could dock paychecks within the reading of the law.

Aside from the practical matter of long lines and tenuous guarantees of permission to take time off to vote, there’s the matter of condescension.  To argue that voting is the ultimate act of civic duty which everyone should embrace no matter the personal cost, is perilously close to the contention that voting is a privilege.  No amount of flag waving, banner hoisting, and parading about, will remove the scent of patronization – those who are really truly patriotic will vote even if it costs them dearly – which is very nice for the boss and those who can take the entire day if they wish, and not so convenient for those who can’t.

Finally, in an election season such as this one – interminable, and more annoying than necessary – early voting gives a citizen a way to say: Whatever someone else may want is fine – just let me get this over with!

Comments Off on Early Voting Begins in Nevada, and why it should be expanded

Filed under Vote Suppression, Voting