Open-Source Software, Voter Authentication Will Restore US Election Integrity, Cybersecurity Expert Says

Open-Source Software, Voter Authentication Will Restore US Election Integrity, Cybersecurity Expert Says
A Clark County election worker checks a voting machine among others that are boxed up at the Clark County Election Department in Las Vegas, on Nov. 6. (Ethan Miller/Getty Images)
Ella Kietlinska
Joshua Philipp
12/3/2020
Updated:
12/3/2020

Voting systems vendors should make U.S. election software open-source for anybody to view and analyze to prevent future manipulation of vote counts, according to Gary Miliefsky, executive producer of Cyber Defense Magazine and a founding member of the Department of Homeland Security.

Voters should be properly authenticated when they register to vote and cast their ballots to prevent election fraud, Miliefsky said on The Epoch Times’ “Crossroads” program.

https://youtu.be/i40qfFlrVJg

The election gear—the software and hardware—used during this year’s election in many cases was connected to the internet, in violation of Federal Election Commission (FEC) regulations enacted in 2014 that bar any internet connectivity, including wireless, Miliefsky said.

He said that at least 30 states used technology that was able to get a software patch or update over the internet, Miliefsky said.

Other election anomalies also surfaced in various counties and states, such as “more people voted than registered to vote,” as well as hundreds of thousands of ballots with just one box marked for Democratic candidate Joe Biden that showed up at 4 a.m. on election night, Miliefsky said.

President Donald Trump has thousands of affidavits in his hands right now about election fraud across the nation, Miliefsky said.

“There’s rampant fraud, there’s enough evidence that you can’t summarily dismiss.”

Vulnerabilities

Participants are silhouetted as they pass through the IoT (internet of things) Village during the Def Con hacker convention in Las Vegas, on July 29, 2017. (Steve Marcus/Reuters/File Photo)
Participants are silhouetted as they pass through the IoT (internet of things) Village during the Def Con hacker convention in Las Vegas, on July 29, 2017. (Steve Marcus/Reuters/File Photo)

Every piece of electronic equipment that is capable of connecting to the internet by either a wireless router or an Ethernet cable “is a vulnerable piece of equipment that can be hacked remotely,” either domestically or from other countries, Miliefsky said.

At DEF CON, one of the largest and oldest hacker conventions held annually in Las Vegas, all voting gear was hacked within minutes, Miliefsky said. For example, “one person was able to get into the Dominion gear in two minutes,” he added.

The media used to cover DEF CON events “every year and since 2018, they’ve quieted down,” Miliefsky said.

Hacking voting machines is easy if a hacker has physical access to a piece of equipment, Miliefsky said.

“You can pull out the hard drive and then get admin permission to change voting; you can change the way the equipment” allocates votes to candidates.

If one citizen casts a vote for one candidate, the voting system can either allocate only one vote to that candidate or allocate 200 votes to the candidate for the one citizen who voted, Miliefsky said. He added that the manipulation is hard to detect unless somebody has physical access to the hard drive and can forensically analyze it.

To make it even more difficult to detect, a vote-weighting algorithm can be used to assign only 0.8 votes to candidate A but 1.2 votes to candidate B, so that it isn’t “one person, one vote,” Miliefsky said.

In this weighted method, if five people voted for candidate A, that candidate would receive only four votes. If five people voted for candidate B, he or she will receive six votes for the five that were cast. Essentially, 20 percent of votes would be taken from candidate A and given to candidate B.

This algorithm is called the “salami method,” Miliefsky said, as it resembles slicing salami into thinner or thicker pieces. Some people may get sandwiches with thinner slices while others will get thicker pieces, he added. Algorithms can be even more complex and sophisticated, according to Miliefsky.

Hackers also were able to connect remotely to the voting gear over the internet and send updates and patches that changed the way the machines functioned, Miliefsky said.

“I believe in this election, there was a patch update at least on the Dominion System in 30 states, where the patch needs to be reviewed and analyzed,” he said. “The Department of Justice needs to get a hold of the Dominion gear that was used in all these states” and other vendors’ gear as well and “analyze why were they connected to the internet, which violates the FEC’s ruling from 2014.”

According to Miliefsky, no algorithms should be used in vote counting: voting systems “should not be complex. It should be simple code; instead, it’s algorithmic code that already is a red flag.”

 “Software is extremely vulnerable,” Miliefsky said, and shouldn’t be subject to internet connectivity or be physically accessed.

How to Restore Election Integrity

A sign reminds voters they need photo ID to vote on Election Day at a polling station at Hillsboro Presbyterian Church, in Nashville, Tenn., on Nov. 6, 2018. (Drew Angerer/Getty Images)
A sign reminds voters they need photo ID to vote on Election Day at a polling station at Hillsboro Presbyterian Church, in Nashville, Tenn., on Nov. 6, 2018. (Drew Angerer/Getty Images)

Software and related patches and fixes should be open source, so it’s available for all citizens to read and understand how it functions, and mathematicians, computer scientists, and cybersecurity experts can validate if they work properly, Miliefsky said.

For example, the encryption algorithm, used in online shopping transactions by big merchants such as Amazon or Walmart, known as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) is open-source software, Miliefsky said. Its purpose is to ensure the security of card payments in online transactions and “it’s completely open” for the National Security Agency (NSA), as well as for mathematicians and other experts to analyze it.

Currently, no election software used across America is available for public view or for experts to explore, he added.

To prevent fraud in the U.S. election, Miliefsky recommends using a driver’s license and something like fingerprints to register to vote, which is called multi-factor authentication.

Multi-factor authentication requires the user to provide to the system two or more of three pieces of information related to something you know (like a password or PIN), something you have (like a card or ID), or something you are (like your fingerprint or other biometric data).

Multi-factor authentication on voting would ensure that a person actually voted at a polling station, got only one vote, and that his or her vote counted, Miliefsky said.

This concept is similar to voter authentication implemented in Iraq during Operation Iraqi Freedom known as “vote purple finger,” Miliefsky said. Iraqis dipped their finger in purple ink after casting their ballots to show that they voted and to prevent double-voting.

During “Operation Iraqi Freedom, after billions of dollars were spent, we gave a small country in the Middle East the ability to have un-hackable votes that we don’t have here in America,” he added.