You are on page 1of 11

January 15, 2017

Marilyn R. Marks

January 15 , 2017 Marilyn R. Marks Charlotte, NC 28210 The Honorable Richard Burr 217 Russell

Charlotte, NC 28210

January 15 , 2017 Marilyn R. Marks Charlotte, NC 28210 The Honorable Richard Burr 217 Russell
January 15 , 2017 Marilyn R. Marks Charlotte, NC 28210 The Honorable Richard Burr 217 Russell

The Honorable Richard Burr 217 Russell Senate Office Building Washington, DC 20510 via facsimile (202) 228-2981 and (336) 725-4493

Dear Senator Burr:

I am writing regarding the scope of the Senate Select Committee on Intelligence and its Inquiry into Russian Intelligence Activities. Thank you for your commitment to this critical national security concern.

The scope of the Inquiry should include thorough investigations of whether the election system components (machines, tabulators, servers, reporting systems, voter database, etc.) were compromised or subject to wrongful penetration attempts. There has been considerable misinformation published on this fundamental issue since Director Clapper testified on this topic on January 5. A Committee-supervised review is essential to determine whether there was election system compromise.

A group of nation’s leading voting system computer science experts wrote Senator Lindsey Graham on January 13 asking that he include this high-risk area of election cybersecurity threats in the Armed Services Committee’s investigation. That letter is attached (and linked here https://goo.gl/NK4IRf ) for your review of the signers’ concerns. Your joint announcement with Senator Warner suggests that the Select Committee on Intelligence Inquiry may be an appropriate forum for such a technical and far-reaching inquiry. I urge you to review that letter to Senator Graham for the more detailed rationale for this request to include the safety of the voting systems in the Inquiry.

In summary, the country’s voting systems are dangerously vulnerable to cyberattack. The vulnerabilities are grossly underestimated and misunderstood by many officials and the media. Whether the systems are directly connected to the Internet, or whether they equipment is widely distributed, the systems are alarmingly easily penetrated in manners to change the results of an election. The experts signing the January 13 letter to Senator Graham have all demonstrated and proven such vulnerabilities. It seems quite unlikely that meaningful testing was conducted by DHS for purposes of reaching

any conclusions about the accuracy and fairness of the voting systems operation in the 2016 election. Yet intelligence officials, lawmakers and media continue to repeat the likely unproven claim that such systems were tested and found to be uncompromised. Americans deserve a voting system free from cybercrime threats from bad actors. We also deserve accurate, well-researched answers to whether such threats compromised our systems in 2016.

The group of voting system security experts who signed the letter to Senator Graham are willing to offer their expertise on how reliable answers could be obtained by the Committee to assure that the systems were not compromised in the 2016 election. Such an inquiry by this Committee would produce the valuable by-product of essential information on election cybersecurity risks that must be mitigated to protect future elections.

Thank you for your consideration of this request. I am pleased to talk with you or your staff about this at any time.

Thank you for your service and dedication to the interest of North Carolinians and all Americans.

Sincerely,

Marilyn R. Marks

Experts' letter to Sen. Graham

January 13,2017

Page 1 of 9

January 13, 2017

The Honorable Lindsey Graham 290 Russell Senate Office Building Washington, DC 20510 (via email: mailto:Senator@lgraham.senate.gov)

Dear Senator Graham:

We enthusiastically support your dedicated leadership efforts to investigate the cybersecurity vulnerabilities in our country’s 2016 election process. We are a group of volunteer election systems technical experts and citizen advocates for secure and transparent elections. The purpose of our letter is to encourage you to expand the scope of your inquiries to include vulnerable elements of the election system that are being overlooked in the public discussions.

There is a very common misunderstanding that voting systems are not vulnerable and that it would be difficult to alter election outcomes. This meme has been repeated in many public forums.

During the January 5 Armed Services Committee hearing on Russian hacking, we were troubled to hear Mr. Clapper seem to affirm Senator Cotton’s statement that it “would be most difficult for anyone including nation states to affect ballot counts,” and that there is “no evidence that vote tallies were manipulated or altered in any way.” Such unsupported claims have rapidly come to be much-repeated and exaggerated assertions almost universally adopted by the media and government officials.

President-elect Trump tweeted “Intelligence stated very strongly there was absolutely no evidence that hacking affected the election results. Voting machines not touched!” 1 Speaker Ryan also appears to have similarly misinterpreted the findings, given his statement, We must also be clear that there is no evidence that there was any interference in the voting or balloting process.” 2 While we are aware of no evidence of Russian hacking into the voting and tabulation systems, it is our strong belief that little or no investigation has been conducted on the vulnerable components of the systems that would justify such reassuring claims. Indeed, in fifteen states some of the components of the voting systems lack the necessary evidence of voter intent to carry out a legitimate audit.

The significant cybersecurity weaknesses in our election system are well known to many computer security professionals as well as unfriendly nations and domestic criminals. Yet federal, state, and private monitoring, analysis, and oversight to protect the very foundation of our democracy is minimal. Even while the Department of Homeland Security made its services available to election jurisdictions nationwide in the pre-election period, to our knowledge they were not examining voting and vote tallying systems for vulnerabilities, but rather scanning voter registration databases and systems for breaches.

Experts' letter to Sen. Graham

January 13,2017

Page 2 of 9

Unfortunately, the full scope of that threat to the election process is not well understood by many decision-makers and their advisors. Contrary to the claims made during and following the hearing, as citizen experts in election mechanics, we know that it is not at all difficult to manipulate election results through cybersecurity intrusions.

We would be happy to brief you with the extensive research that has proven this fact. Although there may be “no evidence” currently presented of manipulation of the 2016 election, we are confident in our view that no one has performed the required extensive testing to provide such assurances. We write to implore you and the Committee to increase the scope of your investigation to include such essential testing before drawing conclusions. Both the Committee and the public deserve well-researched documentation to confirm any conclusion of “no manipulation” of voter databases or vote tallies.

The chronic vulnerabilities of the election system mechanics are misunderstood by many government officials and media, some of whom have recently sought to calm voters’ fears by inaccurately claiming that the voting machines and tabulators are protected from cyberattacks because such machines are purportedly never connected

to the Internet. These claims, even repeated by EAC officials,

An Internet connection is not necessary for malware to infect an entire county’s machinery, as was dramatically demonstrated by the Stuxnet virus. Additionally, many components actually are connected to the Internet, sometimes in violation of state laws. These and other inaccurate claims should be debunked in a Congressional investigation of our election system cybersecurity risks, as we hope your Committee will undertake.

3

are simply inaccurate.

Former CIA Director James Woolsey recently commented on CNN about allegations of Russian hacking: "Well, the degree to which they intervened in the process is something we really need to get a handle on, but at this point, it doesn't look as if they were interfering with the voting, and in so far as that's the case, it's a very different thing than if they were hacking into the voting machines and by the way, they shouldn't be involved period, but we have to make sure that two years from now and four years from now we are protecting our voting machines and a lot of people and counties and so forth have added essentially touch screens and you can't check up on hacking "

with that. You gotta have some kind of a paper trail

4

We wholeheartedly agree with Mr. Woolsey’s views concerning the need for voting system protection. Given the inherent risks, the 2016 election data must be promptly studied by objective investigators and scientists under Congressional authority. We are certain that alarming cybersecurity weaknesses will be exposed when the systems are scrutinized by independent experts. In our view, a broad-based in-depth investigation would demonstrate the urgent and compelling need for legislation providing both resources and statutory requirements for enhanced election cybersecurity, whether future threats emanate from foreign states or domestic criminals. We encourage you to incorporate election system cybersecurity in the Committee’s investigation.

Experts' letter to Sen. Graham

January 13,2017

Page 3 of 9

On January 6, DHS Secretary Johnson declared that he would designate election systems as “critical infrastructure.” We urge the Committee to ensure that harmful practices are not permitted to be built into that designation that would shield public election system records from public scrutiny. It is essential that the public be able to verify the proper operation of voting systems without engaging in FOIA challenges. It is critical that the working policies in this designation provide clarity and transparency. That goal is likely to require Congressional support and oversight.

We are eager to be of assistance. Some of us are computer security and voting systems experts available to lend our expertise to this urgent mission. We can recommend other nationally recognized scientists and experts to advise the technical efforts of the Committee on these election system topics. We would be delighted to meet with you or your staff in Washington or South Carolina to further outline our perspective on the urgent need for these issues to be addressed as a national security matter.

We have included an appendix that lists some of the critical components of our voting systems, together in some cases with some high level recommendations for protecting those systems from cyber-threats.

Thank you for your leadership and for your consideration of this critically important matter.

Sincerely,

The Undersigned

Experts' letter to Sen. Graham

January 13,2017

Page 4 of 9

Signatories (Affiliations for informational purposes only)

Duncan Buell Professor Computer Science and Engineering

NCR Chair in Computer Science and Engineering University of South Carolina buell@acm.org

803.777.7848

JoAnne Day Julie Hussey League of Women Voters of South Carolina POB 8453 Columbia, SC 29202 jvday@yahoo.com copresident.lwvsc@gmail.com

803-251-2726

J. Alex Halderman Professor Electrical Engineering and Computer Science University of Michigan Ann Arbor MI

Eleanor Hare Associate Professor Emerita of Computer Science Clemson University

864.654.4417

eleanorhare@gmail.com

Frank Heindel 171 Hobcaw Drive Mount Pleasant SC 29464

Candice Hoke

Co-Director, Center for Cybersecurity & Privacy Protection Professor of Law C|M Law, Cleveland State University

216.687.2313

office

216.798.4643

mobile

shoke@me.com

s.hoke@csuohio.edu

Experts' letter to Sen. Graham

January 13,2017

Page 5 of 9

Joseph Kiniry CEO and Chief Scientist, Free & Fair Principal Investigator, Galois kiniry@freeandfair.us kiniry@galois.com 421 SW 6th Ave., Suite 300 Portland OR 97204-1622

Marilyn Marks Executive Director, Rocky Mountain Foundation Marilyn@AspenOffice.com 7035 Marching Duck Drive E504 Charlotte, NC 28210

704.552.1618

Neal McBurnett Elections Integrity Consultant Boulder CO http://neal.mcburnett.org/

Stephanie Singer Former Chair, Philadelphia County Board of Elections Data Strategist Portland, OR sfsinger@campaignscientific.com

Jason Grant Smith I Voted? Director/Producer Jason@ivotedmovie.com

Philip B. Stark Associate Dean, Mathematical and Physical Sciences Professor, Department of Statistics University of California Berkeley, CA 94720-3860 | 510-394-5077 statistics.berkeley.edu/~stark | @philipbstark

Dr. Daniel M. Zimmerman Computer Scientist Galois / Free & Fair dmz@acm.org

503.808.7224

Experts' letter to Sen. Graham

January 13,2017

Page 6 of 9

Appendix 1: Components and architectures at risk

We urge you to include the following components and architecture of the nation’s voting systems in the scope of the Armed Services Committee investigation. Please consider incorporating both domestic and foreign intruder-generated election system risks in the scope of the committee’s or appropriate sub-committee’s investigation. End-to-end election system framework should be assessed for vulnerabilities and included in risk- mitigation efforts in resulting legislation. In addition, the Committee should address both the threat of corruption—the purposeful changing of results—and the threat of disruption, including the introduction of chaos and uncertainty into the election process, that would create significant public distrust in the results of the election.

Cybersecurity threats can significantly undermine the election system through attacks on any of the following components:

--electronic voting machines, --on-line and electronic ballot marking devices, --ballot scanning software, --vote tabulation software, --Internet voting applications, --on-line voter registration applications, --voter registration databases, --on-line absentee ballot requests and issuance, --voter information communications, --electronic poll-book applications, --confidential voter information files,--automatic signature verification equipment, --results reporting applications, and --post-election audit programs.

Our experts are prepared to provide extensive specific, technical information on how these component weaknesses can be exploited.

Appendix 2: Analyzing vulnerabilities revealed by the 2016 election

Security risks have multiplied as computers have been integrated into all components of the election system, although few resources have been devoted to system modernization and security. From on-line voter registration and electronic poll-book maintenance to computerized vote tabulation and results reporting, the opportunities for electronic compromises of the system grow every year. The growing number of voters permitted to vote via Internet poses an increasing cyber-threat.

We believe that significant federal resources and legislation will be required to adequately mitigate material risks that will be exposed in an investigation by a Congressional Committee. We would encourage such a committee to include the following topics in its investigation and assessment of the 2016 election:

Experts' letter to Sen. Graham

January 13,2017

Page 7 of 9

--detect attempts to access or compromise the voter registration system or database, --detect attempts to access or compromise vote recording and tabulating system components, --information obtained by DHS after its offer to assist states in protecting voting systems, 5 , 6 --analysis of selected counties’ electronic voting system logs to review for unexpected events, --electronic audits 7 of vote data in selected counties employing touchscreen technology, --attempts to infiltrate voting system vendors’ information systems, 8 --statically significant anomalies in under-votes, over-votes or results, and their likely causes, and --a post-election audit should be performed for the presidential contest in selected counties. 9

Appendix 3: Suggestions for mitigating some of the cybersecurity threats.

We are confident that thoughtful, measured federal legislation can serve to mitigate many of the cybersecurity risks to elections. Badly needed new equipment funding could provide the mechanism for imposing security standards in federal elections for states choosing to obtain grants for funding. Needed provisions include:

--providing funding for new election systems that meet specified security and voter privacy requirements, --requiring paper ballots and prohibiting touchscreen machines for federally-funded equipment, 10 --prohibiting Internet voting, 11 --mandating post-election manual audits of results on new equipment, --requiring anonymous/secret ballots, --protecting private voter information, --requiring fundamental transparency that would permit public verification of results without formal recounts, --providing funding for federal technical assistance and guidelines for election cybersecurity reviews and risk assessment, and --providing funding for cybersecurity safeguards of the voter registration system. We recognize that any federal legislation must be crafted within Constitutional restraints respecting the states’ responsibilities to conduct their elections.

Appendix 4: Additional resource references

Scores of articles have been recently published, highlighting the increasing national security risks of cyberattacks on our election framework. We have included links to several of the articles that you may find helpful in the end notes and references A-F here.

Experts' letter to Sen. Graham

January 13,2017

Page 8 of 9

A. Post-recount, experts say electronic voting remains ‘shockingly’ vulnerable

https://www.the-parallax.com/2016/12/30/electronic-voting-shockingly-

vulnerable/

B. Recount 2016: An Uninvited Security Audit of the U.S. Presidential

(Talk by Dr. Alex Halderman and Matt Berhard on findings in 2016 presidential

recount efforts) https://www.youtube.com/watch?v=PUUJqUXlEzg

C. Hacking a voting machine http://www.rawstory.com/2016/08/computer-

expert-hacks-into-common-voting-machine-in-minutes-to-reveal-shocking-2016-

election-threat/

D. Politico: States unprepared for Election Day cyber attack

http://www.politico.com/story/2016/10/states-unprepared-for-election-day-cyber-

attack-230415

E. PBS Newshour: Here’s how hackers might mess with electronic voting on

Election Day http://www.pbs.org/newshour/updates/heres-how-hackers-could- mess-with-electronic-voting/

F. Documentary: I Voted? http://www.ivotedmovie.com Executive produced by

Katie Couric, this non-partisan documentary examines the capture and counting of ballots in American elections.

End notes:

1 https://twitter.com/realDonaldTrump/status/817701436096126977

2 http://www.speaker.gov/press-release/statement-ic-report-russian-hacking

3 C-Span-- Cybersecurity and Voting Machine Security (October 4, 2016) (Dr. Alex Halderman)

https://www.c-span.org/video/?415879-4/washington-journal-j-alex-halderman-

cybersecurity-voting-machines Timestamp 4:50-- inaccurate EAC statement re: protection of voting systems

4 Woolsey to CNN (12/30/16) http://edition.cnn.com/TRANSCRIPTS/1612/30/cg.01.html [16:16:31]

5 ABC News: Nearly Every State Has Asked for Federal Help to Protect Voting Systems From Hacks

Experts' letter to Sen. Graham

January 13,2017

Page 9 of 9

http://abcnews.go.com/Politics/state-asked-federal-protect-voting-systems-

hacks/story?id=43197682

6 Yahoo News: Russian Hackers Targeted Nearly Half of States' Voter Registration Systems, Successfully Infiltrated 4

https://gma.yahoo.com/russian-hackers-targeted-nearly-half-states-voter-registration-

113205790--abc-news-topstories.html

7 Auditing a DRE-based election in South Carolina http://www.lwvsc.org/files/fiveauthor.pdf

8 CNN: Feds believe Russians hacked Florida election-systems vendor

http://www.cnn.com/2016/10/12/politics/florida-election-hack/

9 USAToday Column Rivest/Stark: Still Time for an Election Audit

http://www.usatoday.com/story/opinion/2016/11/18/election-audit-paper-machines-

column/93803752/

10 James Woolsey to CNN on need for paper ballots:

Woolsey, ”Did they go further and use the computers to do something effective this last time around? It looks like they may have tried but not succeed. And what we have to worry about is what our weaknesses are in that dimension. So one of the things we've absolutely got to do is get away from having a quarter of our voting machines be touch screen only and not have paper backup. Those changes were made after the craziness of year 2000 and the change of some of them were made in the wrong direction Without a paper backup, you can't have a voting count that means a damn thing.”

http://www.cnn.com/TRANSCRIPTS/1612/16/acd.01.html

10 Heritage Foundation--Hans von Spakovsky: Dangers of Internet Voting

http://www.heritage.org/research/reports/2015/07/the-dangers-of-internet-voting