Experts Want Audit to Protect California Recall Against ‘Cyberattack’

By Zachary Stieber
Zachary Stieber
Zachary Stieber
Reporter
Zachary Stieber covers U.S. news and stories relating to the COVID-19 pandemic. He is based in Maryland.
September 4, 2021 Updated: September 6, 2021

Cybersecurity experts are urging California’s top elections official to conduct an audit of ballots cast in the recall election to ensure no problems occurred.

The recent disclosure of binary images of the Dominion Voting Systems’ election management system boosts the risk of nefarious action against the state’s election system, the group of experts warned in a Sept. 2 letter to California Secretary of State Shirley Weber.

The software versions shown in the images are not the same ones as those used in California, but the differences are relatively minor, they added.

“The release materially elevates threats to the trustworthiness of the ongoing California recall election and to public trust in the election. We urge you to address the issue by taking one critical action–a statewide risk-limiting audit (RLA) of trustworthy paper ballots—which can substantially mitigate these threats,” Mustaque Ahamad, a professor at Georgia Tech’s school of cybersecurity and privacy, Philip Stark, professor at the University of California, Berkeley’s Department of Statistics, and the other experts wrote.

Dominion, whose systems are used across more than half of the states in the nation, told The Epoch Times in an email that it was aware of the release of the images and pointed to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency saying it doesn’t view the breach as “a significant heightening of the election risk landscape at this point.”

“Strong election security protocols—such as bipartisan testing of election equipment before and after elections, rigorous post-election audits, and paper ballot records—are used to ensure the integrity of elections. To help our customers—local elections officials—continue to facilitate the safe and secure use of their certified voting systems, Dominion has updated its chain of custody guidance,” the company added.

“We recommend that customers with questions reach out to their state election authorities. As always, we welcome good-faith researcher comments submitted through our Coordinated Vulnerability Disclosure Policy protocol.”

The office of Weber did not respond to a request for comment.

Jenna Dresner, a spokeswoman for Weber, told The Associated Press that the version of Dominion’s system used in 40 California counties is different from the one referenced in the letter and said there are a range of security measures in place that protect against attacks.

“California has the strictest and most comprehensive voting system testing, use, and requirements in the country, and it was designed to withstand potential threats,” Dresner said.

A Dominion spokesperson told the outlet that the company had become aware of the reported release of images of its system and reported it to the authorities but that the release isn’t seen as boosting the risk to election security.

Epoch Times Photo
Mail in ballots run through a sorting machine at the Sacramento County Registrar of Voters office in Sacramento, Calif., on Aug. 30, 2021. (Rich Pedroncelli/AP Photo)

The images were allegedly made public at a cyber symposium on elections held in South Dakota last month.

The experts said one image came from Antrim County in Michigan while two came from Mesa County in Colorado. The images were made available online and “have been widely downloaded,” they said.

“While it is prudent to assume that other nation states have had that software for a long time, thousands of other people with unknown affiliations, motives, and physical access to voting systems now have it also. That increases the risk of undetected outcome-changing cyber-attacks on California counties that use Dominion equipment and the risk of accusations of fraud and election manipulation which, without rigorous post-election auditing, would be impossible to disprove,” they wrote.

Stark, one of the experts, introduced the concept of risk-limiting audits in 2007. The process includes manually checking a sample of ballots, or other paper records, until the amount of evidence is sufficient to prove the reported outcome is correct, according to the U.S. Election Assistance Commission.

Absentee ballots for the recall election, which presents voters with the choice of whether to remove California Gov. Gavin Newsom and who to replace him with if he is recalled, were sent out last month. Voters can also go to the polls on Sept. 14.

Nearly a quarter of all registered voters in the state had returned ballots as of Thursday, according to Weber’s office. The bulk returned ballots by mail, with many others using drop boxes.

Editor’s Note: This article has been updated with comments from Dominion.

Zachary Stieber
Zachary Stieber covers U.S. news and stories relating to the COVID-19 pandemic. He is based in Maryland.