Those Who Forget The Past …. — By Tommy Purser
At last week’s meeting of the Jeff Davis County Commission, each commissioner present was given a questionnaire with the introductory line, “Many of our Jeff Davis Republican Party members would like to know where our local elected officials stand on important issues. So, in the public interest of transparency we respectfully request your reply to the following 5 questions regarding the recently unsealed ‘Halderman Report’.”
I had not heard of the “Halderman Report” so I did some research.
The Halderman report has become the basis for attempts to replace Georgia’s electronic voting system with hand-marked and hand-tabulated ballots.
In 2017 a lawsuit initially known as Curling, et al, v. Kemp et al, was filed to challenge the outcome of the 2017 special election between Republican Karen Handel and Democrat Jon Ossoff. Handel won that race. Since Handel won, the law suit was filed by a group of Democrats and a Colorado-based Democrat run 501(c)(3) called “Coalition for Good Governance.”
Georgia Gov. Brian Kemp at that time was Georgia’s Secretary of State. When Brad Raffensperger became Secretary of State his name became the name for the defendants in the suit.
In 2017, Georgia used the Diebold DRE machines. The Plaintiffs first argued that the DRE machines were unconstitutional.
Georgia election law was changed in 2019 and the plaintiffs switched their argument to demand, again, that the new BMD (Ballot Marking Device) machines were unconstitutional.
Ultimately, the plaintiffs’ case was ended in the 11th Circuit Court of Appeals.
At some point, the plaintiffs hired J. Alex Halderman to conduct a security analysis of the ImageCast X (ICX) BMD and associated equipment used in Georgia elections.
Halderman is a Professor of Computer Science and Engineering, Director of the Center for Computer Security and Society, and Director of the Software Systems Laboratory at the University of Michigan. He holds a Ph.D. in computer science from Princeton.
Fulton County provided Prof. Halderman with an ICX and he “played the role of an attacker and attempted to discover ways to compromise the system and change votes ….”
He and his assistant, also a Ph.D. computer expert, spent “a total of approximately twelve person-weeks studying the machines, testing for vulnerabilities, and developing proof-of-concept attacks.”
I assume a “person-week” is equivalent to 40 hours, the normal work week. Forty hours times 12 weeks gives the two Ph.D.s 480 hours of work.
In addition to having been given a voting machine to work with, Prof. Halderman was also given all passwords.
Halderman said in his report, “Many of the attacks I successfully implemented could be effectuated by malicious actors with very limited time and access to the machines, as little as mere minutes.”
As one scribe put it: “Sooooo….are we to believe that random ‘bad actors’ could implement an attack on a BMD in ‘as little as mere minutes’ when it took Mr. Super Computer Expert 240 hours or so, in an isolated environment, and given ALL passwords, to figure out how to attack and corrupt the voting process?”
In researching the matter, I also found that included in the Curling plaintiffs was one of the founders of VoterGA, Ricardo Davis. VoterGA is an organization that promotes the idea that Georgia 2020 election fraud resulted in, well, a fraudulent election.
Wait a minute. Wasn’t the initial law suit filed by a group of Democrats? And it is Republicans who today are insisting the 2020 election was fraudulent?
While there are, indeed, large groups of Republicans backing the Halderman report, there are two prominent Georgia Republicans who disagree — Secretary of State Brad Raffensperger and former Secretary of State and now-Governor Brian Kemp.
And, of course, both Sec. Raffensperger and Gov. Kemp are in the crosshairs of former President Donald Trump.
VoterGA advocates for doing away with all voting machines and returning to hand-marked and hand-tabulated ballots.
I’m old enough to remember the use of paper ballots in the past.
As the old saying goes, “Those who forget history are doomed to repeat it.”
Well, I haven’t forgotten. VoterGA advocates must have forgotten —— or never knew in the first place.
I am a recently (2021) retired computer science professor, and I have been an expert for the Curling plaintiffs. I have read the unredacted Halderman report after signing the agreement. In a nutshell: Halderman’s unredacted report is basically this: If I present this system to an upper level undergraduate computer science class, what flaws are they likely to look for, and could those flaws be exploited? And his report lists something like a dozen obvious flaws, and the unredacted report shows exactly how each of those could be exploited.
It’s almost a no-brainer, for good undergraduates, except that this is a multi-zillion dollar system being used in a vast swath of jurisdictions across the country.
So let’s not stick our heads in the sand. This is a huge deal. Halderman and Springer showed that “the obvious” attack vectors could in fact be exploited. And the code was copied from Coffee County, and placed almost into the wild, so any and all bad actors can now be assumed to have it.
This is a big deal. Voters need to trust that the election will be secure, auditable, and trustworthy. It’s not clear that this is the case for any jurisdiction using Dominion equipment.
And, even if it needs to be said … Let’s not let amateurs try to raise issues on topics about which they know almost literally nothing. Software is hard. This is a serious technology issue, and the serious technology people need to be listened to. I have 15 years experience at a lab in support of the National Security Agency, and more than a dozen years actually analyzing election data. I know whereof I speak, and I suspect many who opine on this issue don’t have that background or knowledge.
This piece includes a number of important mistakes that render it inaccurate and misleading. You need to correct those errors or retract it entirely. Providing misinformation like this is dangerous and irresponsible.