Welcome!

Craig discusses problems related to Mail-in Voting and Voting technology.

For more tech tips, news, and updates visit - CraigPeterson.com

---

Read More:

Patch Tuesday (September 2020): Microsoft Addresses 129 Vulnerabilities

Ransomware accounted for 41% of all cyber insurance claims in H1 2020

A bevy of new features make iOS 14 the most secure mobile OS ever

Don't Fall for It! Defending Against Deepfakes

Patient dies after a ransomware attack reroutes her to a remote hospital

Lock your doors, people: Verizon breach on unsecured AWS server exposes 14M customer records

Time for CEOs to Stop Enabling China's Blatant IP Theft

Newly Patched Amazon Alexa Flaws -- A Red Flag for Home Workers

---

Automated Machine-Generated Transcript:

Craig Peterson: [00:00:00] Red team-blue team. This is a very interesting problem that is now being confirmed. Through a study. A bipartisan study. We are in trouble with our election this year.

Hey everybody. Craig Peterson here. Thanks for joining us.

Man alive! can anything be more political than a presidential election cycle? It is as. Downloading what has been happening when what's being said right now. There are a number of studies that have looked into the efficacy, the ability to have a fair election where we really know the results. There've been all kinds of suggestions.

We've talked on the show before. About well, we could have, an app that we use to vote. We saw what happened with the Democrat primary in Iowa, right? Total mess. We saw what happened with this app called Vote. I don't know if you heard about this, but this is another voting company. There were some security assessments done and votes criticize the researchers and their methods.

The security issues that were uncovered with the votes application, we've actually confirmed a security company called Trail of Bits in March this year. Some serious problems.  At the USENIX security conference that just occurred here, about a week ago. Okay. They had a panel of voting experts and they got together and they talked about election security.

They in fact had a couple of sessions at the Usenix security conference that was covering the voting systems and technology. We've talked before about the black hat. Conference and how they set up these voting machines and just see if they could be he hacked. There was like a 12-year old hacked a voting machine that just so simple for so many of these machines out there.

The biggest problem with the voting machines is you don't have a physical audit trail in many cases. What did they do? They added some audit trails to some of them. They have a thermal printer. have you ever taken the receipt from the grocery store, stuck it in your pocket, and left it there for a couple of weeks and it becomes illegible or heaven forbid, it gets too warm? Maybe it is stuck in a hot room or a storage room or a car.  It turns completely black.

What good is that sort of thing going to do? All you have is a whole bunch of lines, one at a time about what the votes were. Very hard to tabulate. It's not like the cards that you can use to vote on which many States in new England Jews and frankly, our country right wide right now.

But those cards. You can sit there and analyze them. You might've seen a video of what happened in the Florida election and holding these punch cards up to try and figure out. Is this a hanging Chad and pregnant? Chad was a punched. Was it not Punched? Was this intentional? Did they mean to do that instead?

All of this craziness with the cards. Let's say the question is about the president and who was voted for, was it Joe Biden or was it, Donald Trump, and all they have to do is look at the card. Okay. there's partisan left, a partisan right, maybe a neutral observer standing there. They say this is clearly Joe Biden. So they put it in the Joe Biden pile next. Who is this? that's clearly President Trump, so we'll put it in the Donald Trump pile. Then when you're done, you just count them in the pile versus these audit trails. Yeah. They're audit trails. But how do you do that when it's a paper tape?

How do you do that? If it's been written into a database? How do you know that database wasn't altered? Yeah. Yeah. Okay. there's, there are ways to track things in databases and databases having different types of integrity protection, but overall, you can't really trust it.

And these researchers reverse-engineered this votes Android application, and they did a static analysis on this back end server software that was actually tallying the vote and without having access to the source code without having them a massive number of people who are trying to analyze the system as Russia does.

Russia has its hands on some of our voting equipment. It's easy enough to buy online and pretends you're someone you aren't. So they were doing this blind, the security researchers, and they found five high severity vulnerabilities and a serious privacy issue.

That's using one of these apps from a company that does voting. And we've talked about some of the different voting systems out there from Diebold and many others that have various types of problems. Really. The only way to know if a vote is valid. Is to have a, I like the card ID where you fill in the little circle and then that gets run through a voting machine and it's all overseen by, hopefully, independent people, but I don't care if they're partisan one way or the other and that machine tallies it and keeps the card.

So you can now go back and do a spot analysis on it, or you can do deep analysis on it. I think all of that sort of thing makes sense.

But that's not what we're talking about this year. We're talking about having a presidential election where people are mailing in ballots. It just blows my mind. People comparing it somehow to absentee ballots and absentee voting.

It is not the same thing. And here's why. If you want an absentee ballot, you go to the town clerk or the election official. And you swear out in front of them that you need an absentee ballot. Now in most places that have now been removed that requirement to say, yeah, I'm going to be out of town out of the country. Eh, whatever the reason is, I'm not going to be able to vote on that day to this year. I think it's November 3rd and therefore needed an absentee ballot. Okay. So that's step one. And that's been removed in almost all cases.

 I don't have a particular problem with that. Although I would much rather see someone showing up to vote on voting day, which by the way is required by the constitution. I have no idea how this early voting stuff has happened, how it could possibly be constitutional. The vote is November 3rd. It doesn't start on September 1st. It's November 3rd, and that allows the campaigns to get their messaging straight.

It allows the little guys to actually compete with these people who are already serving in office. Anyhow, that's a separate issue.

You have now been standing in front of that clerk's office. And that clerk now brings out the paperwork. what ballot do you want? You might have a partisan ballot, but for the general election, you don't, you have all of the final candidates and now they verify you are who you say you are.

In most cases, that means you present a valid ID. They check the voter rolls and make sure you are eligible to vote and once that's all taken care of, they will hand you the paperwork. Then you can go home. You can vote on that. You sealed it in an envelope, you sign the outside of the envelope across the seal. You follow the instructions. They are not that complicated. And you either drop that back at the clerk's office, which is the safest way to do it, or you mail it and it goes to the clerk's office and it has to be there before the election. And there's some argument that it just has to be stamped by the post office before the end of November 3rd. That's the absentee voting process.

What's happening in many States is they're saying, Oh, all you have to do now is look in your mailbox because we're sending ballots to everybody that we have a name and address for and then you just fill it out. You send it in. TaDa all done. No verification of who you are.

In some cases like the way Florida has been doing that, there is a verification that they did receive your ballot, but that's kind of it.

And there are more problems. And these are what I'm going to talk about when we get back, what are the real problems? The deep problems when we're talking about these ballots.

We'll get into that. Here are the problems that hackers could use. Very inexpensively, very easy for us to have zero confidence that the vote tally is right.

 So stick around. I'll be right back. You listening to Craig Peterson right here on the radio, on podcasts, and [email protected].

Stick around.

---

More stories and tech updates at:

www.craigpeterson.com

Don't miss an episode from Craig. Subscribe and give us a rating:

www.craigpeterson.com/itunes

Follow me on Twitter for the latest in tech at:

www.twitter.com/craigpeterson

For questions, call or text:

855-385-5553