, 12 tweets, 4 min read Read on Twitter
1/I have Dominion's response to Friday's letter from NY Board of Elections. A rare glimpse into anti-security mindset of voting machine vendors. Hacking concerns may delay Westchester's $6.1M plan to buy new voting machines lohud.com/story/news/loc… via @lohud
READ THIS THREAD
@lohud 2/Here's Dominion's non-responsive response. "Before addressing the various safeguards for the ImageCast Evolution (ICE), I would like to..." (let me paraphrase) launch an irrelevant attack on the "security maximalists" who pointed out the vulnerability
dropbox.com/s/tz02zj9l7zv5…
3/How does Dominion address safeguards? They don't. Here's what they say. First, we're accessible & our approach to is so superior that NY should pay any price for it, including insecure voting for all. That's what "critical balance between security and accessibility" means.
4/ Dominion doesn't allow independent researchers to access to their equipment. That doesn't mean they can rely on secret information to assert that ICE is secure. I specifically called out this argument in my letter to NYSBOE: dropbox.com/s/zl1f912f9stn…
5/Next, they say: We've already been through multiple tests and certifications with no problem, so what's the big deal? As the NYSBOE memo points out, prior certifications did not address unknown vulnerabilities, and election laws require a response: dropbox.com/s/f9p4gyfrlxhw…
6/They then throw in a bit of marketing: "ICE provides the only truly independent voting experience for voters with disabilities." Competitors (with more secure products) disagree. Oh, and by the way, there are no independent studies to support their claim.
7/Now to the meat of the letter. The safeguard separating printing & scanning is (drumroll) ....."there is no way for the ballot marking device to make additional marks.." That's it. How does this bit of magic happen? Can they point to the lines of code where enforced? Why not?
8/In the spirit of trying to help them thru this rough patch: I think what they're getting at is there is a software lock on the solenoid that should prevent a verified ballot from being overprinted. Fine where is that lockout implemented and is the software trusted?
9/And what about when the "permission to cheat" option is selected by a poll worker?
10/Next, they shift course & acknowledge threat but say that to carry it out "certified firmware would be required to completely change how the device functions." Does ICE boot securely? If so how? They should know that self-erasing malware haunts boot blocks. No Internet needed
11/They finish with: ICE should be given benefit of the doubt. Another ad hominem attack on Appel (chaired full professor at one of the great computer science departments in the world), followed by "we take security seriously."
freedom-to-tinker.com/2018/10/16/des…
12/Look, no one likes to hear snarky back-and-forth over something as serious as election security. The best approach would be for all the vendors to stop misrepresenting to layppl the state of their knowledge and follow accepted engineering practice for critical infrastructure.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Richard DeMillo
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!