Insecure Voting in LA: Padilla & Logan Are "Moscow Alex & Dean"

Updated on January 25, 2020
ralphlopez profile image

Ralph Lopez majored in Economics and Political Science at Yale University. He has been published in the Boston Globe and the Baltimore Sun.

California Secretary of State Alex Padilla, (left,) Los Angeles County Registrar Dean Logan (Right)
California Secretary of State Alex Padilla, (left,) Los Angeles County Registrar Dean Logan (Right)

The controversial election system now being implemented in Los Angeles County violates the very same hacking safeguards which, when blocked by Mitch McConnell in 2019, earned the Senate President the moniker "Moscow Mitch." The election officials responsible for the largest single block of votes in the nation, California Secretary of State Alex Padilla and L.A. County Registrar Dean Logan, may now be saddled with the nicknames "Moscow Alex" and "Moscow Dean."

Los Angeles County has a population of 10 million people, four times more than the next largest county—Cook County, Illinois. The county is make-or-break for presidential campaigns. The system is being pushed in earnest by Logan and Padilla.

Padilla said of an early version of the system in 2018:

“Los Angeles County's VSAP vote tally system is now California's first certified election system to use open-source technology. This publicly-owned technology represents a significant step in the future of elections in California and across the country.”

For his part, L.A. County Registrar Logan said:

“This is a significant milestone in our efforts to implement a new voting experience for the voters of Los Angeles County,”

Critics, however, have decried the new system as prone to hacking, no matter how strenuously the manufacturer or election officials assure that it is not. In a report commissioned by the Secretary of State himself, the consulting firm of Freeman Craft McGregor group finds unnecessary ports, the capability for Internet connection, and locks to ports that were easily picked.

Among the findings:

  • Both the vote tallying machine and the ballot marking device possess Ethernet ports which can be connected to the Internet
  • The ballot marking device possesses a USB port that the report deems not necessary for the system's basic functions. The report states: "The System also does not conform to CVSS 7.3.b, which states “Voting systems shall only have physical ports and access points that are essential to voting operations and to voting system testing and auditing.” Permitting the System to start from an external USB drive is not needed at any time to implement voting operations."
  • "Seals, locks, labels and sensors can all be bypassed."
  • "excessive root access and the ability to boot the system from a USB port give access to the system by unauthorized individuals. Either scenario can result in undetected changes to files and data."
  • The testers were able to gain access to the electronic event logs. California Voting System Standards (CVSS) state: “Any unauthorized physical access shall leave physical evidence that an unauthorized event has taken place.”
  • "It is possible to insert or remove ballots from both the BMD and ballot transfer boxes without detection."

However, from the standpoint of election security, one design criteria is fundamental. It is listed first in Section 102 of the “Securing America’s Federal Elections Act” or the “SAFE Act,” which is one of the bills that McConnell blocked last year as Senate Majority Leader, thus earning him the disparagement "Moscow Mitch." It is the requirement that the ballot is paper, and that the paper can be "inspected and verified by the voter without training or instruction or audited by election officials without the aid of any machine or other equipment."

The requirement is an assurance that the voter and audit officials can see, in plain English or language they can read, what the ballot says, and that auditors can read the ballot without the aid of any other equipment. This would disqualify the system that Padilla and Logan are advocating.

That system, the VSAP Tally and Ballot Marking Device, generates a barcode which ostensibly represents the voter's choices, but it cannot be verified by the voter. Even with "training and instruction" in finding, downloading, installing, and using a bacode reader (in this case a two dimensional code called a QR code) the code may be even further encrypted, rendering a reader useless.

The full text of Section 102(a)(2)(a)(1) of the Securing America’s Federal Elections Act which was blocked by McConnell reads:

"The voting system shall require the use of an individual, durable, voter-verified paper ballot of the voter’s vote that shall be marked and made available for inspection and verification by the voter before the voter’s vote is cast and counted, and which shall be counted by hand or read by an optical character recognition device or other counting device. For purposes of this subclause, the term ‘individual, durable, voter-verified paper ballot’ means a paper ballot marked by the voter by hand or a paper ballot marked through the use of a nontabulating ballot marking device or system, so long as the voter shall have the option to mark his or her ballot by hand. The paper ballot shall be printed or marked in such a way that vote selections, including all vote selections scanned by voting systems to tabulate votes, can be inspected and verified by the voter without training or instruction or audited by election officials without the aid of any machine or other equipment."

The QR code as the primary original document in the casting of a vote also violates present California election law.

California Code, Elections Code - ELEC § 19270 states:

"The Secretary of State shall not certify or conditionally approve a direct recording electronic voting system unless the system includes an accessible voter verified paper audit trail."

A QR code cannot be "voter verified."

The proposed voting system is manufactured by Smartmatic, whose ownership has been called a "riddle" in an investigation by the US Embassy in Venezuela, where the system was being used in national elections in the previous decade.

In contrast to Los Angeles County, by far the most populous county in the US, St. Louis County, Missouri is in the process of implementing a "print on demand" ballot which can be hand-counted, or counted by an optical scanner vote counting machine which takes a digital image of each ballot.

Those ballot images, all anonymous and which cannot be traced to any individual voter, can then be posted online for independent verification of the totals.

The technology is described in the article at Alternet entitled "New Technology Allows Election Officials to Verify Votes Like Never Before."

Election integrity activists have been unwavering in their insistence that the voter be able to read on paper the vote he or she has just cast. Although the VSAP Tally system prints out a paper ballot that has the names of the chosen candidates, with the familiar bubbles filled in next to the names, it is the generated QR code that the machine vote counter reads.

Elections activists say this presents an opportunity for a hacker to introduce malware which changes votes from what the voter can see, no matter what officials say. For example, in the unencrypted example below, the first QR code reads "Elizabeth Warren." But the QR code below that reads "Ha ha I just stole your vote."

Code reads "Elizabeth Warren"
Code reads "Elizabeth Warren"
Code reads "Ha ha I just stole your vote"
Code reads "Ha ha I just stole your vote"

Brad Blog's Brad Friedman, who has followed the story since L.A. County first proposed using the system, reports:

"L.A. County Clerk/Registrar-Recorder Dean Logan, who had been very responsive and helpful in previous years, no longer answers simple questions about the new voting system called "Voting Solutions for All People" (VSAP)"

The Freeman Craft McGregor Group report describing the system's vulnerabilities are located at the California Secretary of State's website. The most relevant documents are:

Comments

    0 of 8192 characters used
    Post Comment

    No comments yet.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, soapboxie.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://maven.io/company/pages/privacy

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)