It’s not unusual to find well-meaning, but inaccurate articles that ask interesting questions; actually it happens quite often in our experience. There are also cases where the author is deliberately attempting to strike fear into the hearts of the average reader/voter, which may ultimately cause chaos wherein the author will offer plausible denials under a cloak of legitimate journalism. And there are probably some click-bait situations in between those two cases where professional journalism is tainted by the drive for audience (“eyeballs”) as statistically measured by dozens of media-metrics instruments and services to value ad-placement.
While elections and their myriad security and integrity concerns do not have easy answers, there are at least some questions where a reasonable explanation of the process and policy exist. With that spirit, we were moved to comment on assertions made in a recent article by The Gateway Pundit (hereafter “TGP”) after we received inquiries from other media and election officials. They turned to us in order to provide context to the claims, given our perspectives as former election administrators and technologists highly proficient in election technology here at the OSET Institute and TrustTheVote® Project. Following our answers to the media inquiries, and notwithstanding the history of TGP, we felt it worth presenting our comments and clarifications here.
Here is TGP’s first assertion:
“BPro-KnowINK election software is being implemented across the country and yet it is connected to the Internet, it’s not certified, likely not audited, and now we know it can backdate records as well.”
The basic premise of the assertions regarding a specific commercial electronic poll book and election management software product in the TGP article would cause alarm in most people who are otherwise unfamiliar with the intricate and complex operations of election management and voter registration systems.
In fact, these systems exchange data with other state and local databases all the time in order to accurately register voters, maintain voter rolls, update records, ensure voters are in the correct jurisdiction, and in some cases, in a voting center, connect with a printer to produce a blank ballot (that is, a ballot for a particular jurisdiction) for the voter physically in that polling place.
There are two separate matters being reported in the TGP article. The first, at the top line, is true: Electronic Poll Books (aka digital poll books or EPBs) are systems that are not required to be federally certified by the U.S. EAC, and by necessity, use the Internet only to communicate with back-office systems used exclusively by authorized election administrators.
Importantly: that Internet connection in-of-itself has nothing to do with ballot casting or counting. It is an administrative connection for the purpose of communicating (checking and verifying) voter registration data, full stop. EPBs make it possible to verify if a voter is in the correct voting location, is eligible to vote in that election, and has not previously voted by mail or in person — all without needing to call the election office by phone to look up voters who aren’t showing up in the poll book.
To be clear, it’s not as though these particular products avoided certification — as implied — but rather that this category of product does not have a national certification requirement and regime. However, it is also worth noting that several states do have in place an EPB testing and certification program. So, here again, this is a state-by-state issue and there is no federal standard for poll book certification (at this time). For whatever its worth, we believe implementing a more rigorous federal cybersecurity testing protocol would benefit everyone.
Here is the next TGP assertion:
“It is the only software system that encompasses the entire election process into one system!”
Let’s slow the roll a bit. The quoted product marketing language is a bit hyperbolic, if not technically over-stated. But if it wasn’t, it wouldn’t be product marketing, now would it? 😏 The short of it is, in our professional experience, the “entire election process” includes far more elements than addressed by the BPro product. I also note here that the “BPro” product was acquired by KnowINK in 2021 and assimilated into a product now called “TotalVote“.
Here is another TGP assertion:
“Having one piece of software running all parts of both the registration and election system creates massive vulnerability at a nation-state level in the entire system from top to bottom.”
We agree that would definitely be a real and serious concern if it were true.
Strictly speaking, paper ballots, tabulators, and tabulation software are separate from this “one piece of software”. Yet, TGP makes a good point in observing the obvious risk of relying on third party vendor election management software to monitor and deploy voting equipment, staff, ballots, petition verification, voter records and election night reports. For all aspects of election administration infrastructure, not just voting systems, we believe high availability and redundancy are just as important as proper hardening. But to reiterate, this all-in-one software package is not the “entire system from top to bottom“. That’s simply an overstatement and a misreading of the vendor’s product description wherein “the entire election process” refers to the administrative components, not the voting components.
One clarification that may be helpful: a “voting system” is a subset of an “election administration system.” The former is focused on the processes of ballot casting and counting, with points of connection to the latter, which encompasses the entirety of the election administration ecosystem (e.g., voter registration; poll book management; ballot design, layout, production, and administration; election results reporting; and a bunch more).
NOTE: As an architectural principle in the design of election administration and voting systems both, the over-loading of applications (sometimes “called feature creep” or “capability-bloat”) is a bad idea for critical infrastructure systems. Since the beginning of the TrustTheVote Project, we have evangelized the need for the approach, discipline, and mentality of fault-tolerant, application-specific, purpose-built devices for all components of an election administration system. This is an essential approach, mindset, and discipline if we’re to produce national security operating assets of critical infrastructure. Our approach to ElectOS™ (our flagship public technology initiative) is a showcase of that design pattern, using security-centric engineering practices and user-centered design principles. It is true that commercial products like KnowINK’s TotalVote® are the software equivalent of a Swiss Army knife and that such a concentration of capability can present a security design risk.
Finally, we come to the group of claims that require far more documented evidence to be seriously entertained. Let’s next consider this large block 🙄 from the TGP article:
“Unlike other states, Hawaii assigns ‘Universally Unique Identifiers’ (UUID) to each of its voters. The UUID generator Hawaii was using is called ‘Version 1.’ It generates UUIDs based on the time and the MAC address of the computer that generated it. Using this method guarantees that the voter ID will be unique, but it also allows an analyst to decode the UUID and determine when it was created and the address of the computer that created it. Election experts working on Hawaii’s voter registration data decoded the UUIDs and compared the results with the official registration dates stored in the database. The team found that more than 75,000 registrations have an official registration date that is older than the date of the creation of the UUID – meaning these registrations were backdated when compared with the time the UUID was created. All the backdated entries were created using a MAC address that resolves to a single VMware® instance.”
Whew! As a veteran election administrator backed by colleagues here with decades more experience than I, we need to break this down to clarify, and in some cases correct the assertions. Ready? Let’s do this! 🤓
- Hawai’i (Hawaii) switched over to a new vendor system in 2017. They have approximately 850,000 registered voters, of which allegedly 75,000 have so-called “backdated” voter registration records.
- “Backdating” is a term that comes up in finance, medicine, and contract law, but not frequently in elections, as it’s not something typically required for any part of the data flows.
- There’s a much more likely cause for “un-synchronized” data: older government IT systems not updating as fast as the new ones.
- In Hawai’i’s case, the new BPro System (TotalVote) was updating in real-time via web-services, while it is very likely the municipal database was incapable of handling the load from the online voter database.
- Updating could only be done once per week, in batch form. According to the State of Hawai’i in 2017, there were approximately 70,000 voter records that required manual transfers from the old system to the new one, and (this is key) the record would retain both the original date of registration, and the date the voter’s record was updated in the new system.
We also believe it’s important to be clear about what is not being claimed in the TGP story:
- No one claims that any of the voter records in question are fraudulent voter registrations; in fact, they are about real eligible voters, whatever one might think about “backdating.”
- No one claims that the voter records in question are part of fraudulent voting. Any voter whose registration record is of concern and who voted, nevertheless voted legitimately, regardless of possible voter database registration or date modification glitches.
- Note: For those who suggest a voter registration was fraudulent because it came in after a deadline (in a state where same-day registration is not allowed), and was subsequently backdated so the late registrant could cast a ballot, I hasten to restate what’s been pointed out elsewhere: this is actually a charge of election officials dereliction of duties at best, and committing a felonious act of conspiracy that required many others to be involved — all attempting to conceal the acts. That is nonsensical conspiracy theory kraken. And if it ever were to occur and be proven in a court of law, that would be the election story of the century.
Strangely, with all the discussion of insidious software (and we completely agree with the concerns of black box proprietary software), there was no mention of KnowiNK ePulse being a confirmed victim of the iVanti Pulse Connect VPN security exploit in 2019-2020. For the geeks among us, please see this. The point being, there are plenty of legitimate things to be concerned about, if one actually understands how the system works. We understand that such additional research may have been beyond the scope or time and resources of the article’s author. Well, OK, that’s why we’re here to help straighten it out. 🤓
Additionally, if the TGP author’s final allegation is plausible regarding Hawai’i’s allegedly fake database entries all tracing back to a single MAC address linked to a VMWare hypervisor (software on one computer that emulates the capabilities of another computer, thereby creating “virtual machines” for cloud computing), then the bigger problem is not backdated registrations. Far from it. For example, it’s the potential for a cascade of ransomware attacks if 1] the state relied on an older model of the EsXi Hypervisor known for an easily exploitable vulnerability and 2] it was not patched immediately by state and local election offices.
Finally, one more thing about that backdating thingy.
The dates of voter registration are simply not an issue in states that have same-day registration deadlines, as I alluded to above (and that includes Hawai’i). For those voting-by-mail (voting at home), yes, in Hawaii their registrations need to be marked eight (8) days prior to the election (of course, this varies by state). However, let’s not make something out of (mostly) nothing. Registration dates are not really an issue, in Hawaii, or in the vast majority of cases.
In the final critique, for media covering these important issues of election integrity, we ask that you bear in mind there are plenty of actual security risks faced each day without needing to indulge in edge-of-hyperbole issues. TGP didn’t go into a conspiracy-theory rabbit hole here. Yet, they did appear to have performed a bit of an “Elastigirl” maneuver in producing an article that is really much ado about nothing… and a bit of a stretch to make a point. You read what I did there, right? Apologies to Helen Parr. 🤣