I have trouble reading long sentences on topics like this. If you do too, here's an even shorter summary of dal's email! [an attempt] Inline below. On 7/5/23, Douglas Lucas <dal@riseup.net> wrote:
Howdy Cypherpunks,
Today BradBlog.com, run for two decades and counting by journalist Brad Friedman -- host of the AM/FM radio show the BradCast, syndicated across the U.S. -- published my new investigative article titled:
Douglas wrote another article for bradblog!
_Exclusive: Georgia Secretary of State Has Failed to Certify Urgent, CISA-Recommended Voting Software Update_
Georgia Secretary Ignores Voting Software Hotfixes
and subtitled ...
_Critics charge state laws block him from doing so, even if he wanted to..._
Upgrading Voting Software Is Illegal [it seems funny to me when stated like that]
Here's the hyperlink direct to my article: https://bradblog.com/?p=14711 and my newly pinned tweet for it: https://twitter.com/DouglasLucas/status/1676695595774509057
I included a sentence just for grarpamp: "Following the breach, the intruders uploaded Dominion's 5.5-A software suite to a secret site on the Internet, allowing access to selected individuals and organizations who, themselves, may have further disseminated the swiped software." More precisely, it was a password-protected site; the intruders were partisan, and 'allowing access to selected' should have been 'restricting access to only selected individuals' ... more Leak Keeper behavior.
The voting software site password and content was shared in a partisan manner. Can grarpamp get access?? Dominion Democracy Suite 5.5-A
Summary: In short, Georgia's Secretary of State Brad Raffensperger has not contracted with a certification agent (typically a VSTL or voting system test laboratory) to get a state-level examination done for Dominion Democracy Suite 5.17. Other evidence similarly shows Raffensperger isn't moving, and cannot move, on the 5.17 software version. According to Univ
Brad Raffensperger is responsible for contracting state auditing for version 5.17 and is ignoring this.
Michigan computer science professor J. Alex Halderman -- whose report on the matter was unsealed by a federal judge last month -- 5.17 purportedly addresses the flaws he uncovered in version 5.5-A. That
CS Prof J. Alex Halderman found flaws in 5.5-A and says 5.17 resolves them.
older 5.5-A version is presumably what we'd find in place if we wheeled out the voting computers presently locked away in Georgia warehouses and closets and booted them up. It's the same defective version currently slated for use on Election Day 2024, since Raffensperger says he won't update till at least 2025. With how long these issues have been raised,
Raffensperger says he will not update until after election day 2024.
Raffensperger is taking longer to patch than the U.S.'s whole official involvement in World War II. Given the Coffee County breach (see my previous article, also posted to this list by me) and Halderman's report, the vulnerabilities and code of 5.5-A are probably widespread by now, putting a November 2024 bullseye on the swing state's back unless
5.5-A vulnerabilities are likely widespread by now [see also Coffee County].
Raffensperger's office switches to, say, hand-marked paper ballots tabulated by scanners checked through mandatory, robust Prof. Philip Stark-style risk-limiting audits.
As a swing state, Georgia is a prime vote cracking target [whitehats?] unless Raffensperger switches to paper ballots.
Some points of interest to the Cypherpunks email list in my article: A lying State Secretary spokesperson who's a higher-up at an opaque department; proprietary software (no way to really know if 5.17 actually does mend 5.5-A to any impressive degree), physical breaches leading to exact copies being uploaded to secret sites for restricted audiences seeking partisan and/or pecuniary gain (Coffee County); and many voters who typically only care about earning their I Voted stickers on Election Day -- with gale-force screeching about patriotism for a few days -- yet who ignore electoral mechanics the 36-plus other months of each presidential cycle, because, it is said, thinking too hard, caring too much, is uncool, especially when there's so much good TV lately and we work so we deserve to just be happy...
Cypherpunks?: - There's a lying spokesperson for the state secretary who is also a closed-doors higher-up - The voting software is closed source, making analysis poor quality - The building was broken into physically and the software exfiltrated to private groups (Coffee County) - Voters are acting like media-sheep for everything other than the moment of presidential ballot filling
Thanks, and curious for any meaningful feedback,
Reading through it, as/roleplaying a hobby hacker, the most interesting point is how to find access to the source code. The Coffee County article (which I'm not sure what is) sounds quite interesting, after reading this. Hackers read code easier than language. An old whitehat solution to this problem was to hack every machine to ensure its correct operation. Kind of a bigger situation than that. More likely they all get hacked to disable them, much clearer then. Regarding politics, it seems like some kind of direct pressure on it being illegal to run voting machines with a known compromise, or Raffensperger's responsibilities in office here, or if somebody demonstrating more competence or responsibilities needs power. I wonder what a lawyer would say about this situation? Slightly curious if there's a counterstory that could explain how the situation has continued, or if it's just a lot of handwaving.
Douglas