It is Time to Close the Modem "loophole" in Minnesota Elections due to the risk of #votehacks - #transparencyproject - Part15
EXCLUSIVE: Internal Documents reveal the Office of the Secretary of State considered a legislative change to discontinue the modem-based early election results program -
Since 2005, there has been a law on the books in Minnesota which states that in Minnesota elections, No connection by modem is permitted. Yet, here we are in a risk environment where there are frequent reports1 of potential cyber attacks and the recent exposure of a sprawling election interference campaign by foreign actors, and multiple Minnesota counties continue the use of modems in our elections.
Hennepin, Anoka, Washington, Rice, Cass, Stearns, and Carver Counties in Minnesota all have ES&S equipment with active modem usage. How is this possible? These counties rely upon a little known loophole to the modem ban they refer to as the “early election-results program.” With the historic blessing of the Office of the Secretary of State, these counties rely on a limited exception in subd. 2 of the statute which they claim is a safe-harbor for modem usage. This “loophole”2 references the use of electronic transmission of “the accumulated tally for each device to a central reporting location . . .”
The Minnesota state legislature should promptly review the risks associated with continued modem usage in our elections, and remove any ambiguity that “no connection by modem is permitted” in Minnesota elections. As described below, some in the Office of the Minnesota Secretary of State’s Office agree that this modem loophole should be eliminated.
Earlier this year, the federally funded Elections Infrastructure ISAC, issued a stern warning in a guide entitled the Essential Guide to Election Security. Within that guide is a section dedicated to the risks and threats of the very same modem-based unofficial election night reporting process used in Minnesota.
The most daunting risk statement found in one bullet point warns of:
“Difficulty associated with finding, and rolling back, improper changes found after the fact.”
Wow, election officials may not even know that they’ve been hacked, and it may be difficult to roll back these changes even if identified.
Even more recently, in July of this year, the CISA and FBI issued another warning that we should expect, “Distributed Denial of Service (DDoS) attacks on election infrastructure, or adjacent infrastructure that support election operations…” This report continues:
“These low-level (DDos) attacks, which are expected to continue as we approach the 2024 U.S. general election, could disrupt the availability of some election-related functions, like voter look-up tools or unofficial election night reporting, during the election cycle but will not impact voting itself.” (emphasis added).
Academics also agree that we must protect our elections from cyber attacks or #votehacks:
In a 2016 Harvard University Publication, "Why American Elections Are Flawed (and How to Fix Them), the author articulates the risks of the “vulnerability of electronic records to hacking.” In this author’s words, this incudes the threat that “Vote counts are fiddled.” Further insight calls out “vintage software” used in voting machines which makes them, “particularly vulnerable to external cyberattack by foreign powers and terrorist groups.”
In 2018, the National Academy of Sciences released a report entitled, “Securing the Vote: Protecting American Democracy.” As highlighted in Chapter 7 of this report, “Unfortunately, our current system is vulnerable to internal and external threats. . . . recent events make it clear that our system of voting must evolve3 in order to also protect against external actors who wish to undermine confidence in democratic institutions. . . It is difficult to secure the electronic systems used in voting even now.” This chapter concludes as follows: “If the challenges currently facing our election systems are ignored, we risk an erosion of confidence in our elections system and in the integrity of our election processes.”
In a powerfully written 2020 article in the Georgetown Law Technology Review, the authors lay out a sobering overview of the risks of computer-based technology: “Computer-based methods are subject to “hacking”, that is, the replacement of legitimate vote-counting software with a computer program that changes (some fraction of) the votes in favor of the hacker’s preferred party. Hacking can be performed remotely (even if the machines are supposedly “never connected to the Internet”) and it is very difficult to detect. Voters and election administrators see nothing out of the ordinary. “
One these same authors continues his honest exposure of these vulnarabilities in his 2023 Article entitled, “Is Internet Voting Trustworthy? The Science and the Policy Battles.” I apologize for the length of this quote, but his words are so succinct:
“Twenty-first century computers are extremely complex, with many layers of hardware and millions of lines of software. These layers are susceptible to design mistakes - bugs. Some of these bugs are exploitable security vulnerabilities that leave the compute vulnerable to attack. The attack (typically) comes in the form of unexpected input provided by the attacker, which confuses the software into running programs supplies by the attacker. These attacker-supplied programs can perform all manner of malicious acts, such as altering votes in an organized way as designed by the attacker.”
As these academic articles confirm, the use of modems increases the risk of #votehacks by bad actors. Yet, the Secretary of State’s official position is to support the continued use of modems in elections.
I have, however, obtained EXCLUSIVE documents confirming that some level-headed members of the Office of the Secretary of State’s staff actually support eliminating the modem loophole. This proposal was unearthed through a government data request which disclosed a November 22, 2022 email to David Maeda, Director of Elections for the State of Minnesota. Through a follow-up inquiry, a copy of the actual legislative proposal was obtained. Sure enough, the internal document contained a specific proposal to amend Minn. Stat. section 206.845, Subd. 2 to delete any reference to the use of modems, or electronic connections in our election process. In its place, language would be added to the statute which states, “the election judges shall transfer the record of the results by disk, tape, or other physical means of communication to the central reporting office.” This legislative change would close the modem loophole in Minnesota.
I will be posting a copy of the email communication and the proposed language of this statutory change for paid subscribers in a separate post. Any current member (or candidate) of the Minnesota House or Senate that is interested in co-authoring a bill to close the modem loophole can contact me, and I will provide the exact language as recommended internally by the Secretary of State’s Office.
This is a known and clearly identified #votehacks risk threatening the security and integrity of our elections. The risk of using the modem-based early election-results program has been identified by many of the lettered federal agencies - the Elections Infrastructure ISAC, CISA and the FBI. The vulnerability to #votehacks resulting from having internet connections in our voting system is clearly identified in publications from some of our countries most prestigious Universities - Harvard, Princeton, Georgetown, and the National Academy of Sciences.
Still pinned to the top of my Benda for Commonsense facebook page is a link to this Politico article - which describes, “The voting machine hacking threat you probably haven’t heard about.” Well, now you know about this modem loophole, and the high security risks of #votehacks that this practice injects into the Minnesota election process.
Please, help spread the word to our elected officials and demand that they CLOSE THE MODEM LOOPHOLE.
As quoted in the testimony of Jean Easterly, Director of CISA, “The Office of the Director of National Intelligence’s 2024 Annual Threat Assessment highlights how China, Russia, and Iran are the primary nation-state actors leveraging influence operations to target the U.S. elections process, with the aim of exploiting perceived sociopolitical divisions to undermine confidence in U.S. democratic institutions and shape public perception toward their interests. This threat is not new and was witnessed across multiple federal election cycles. America’s adversaries target U.S. elections as part of their efforts to undermine U.S. global standing, sow discord inside the United States, and influence U.S. voters and decision making. CISA is committed to helping defend critical infrastructure, including election infrastructure, against the risk of foreign malign influence operations.
I use the term “loophole” to refer to the governments’ interpretation of this statute. I have a lawsuit pending in front of the Minnesota Supreme Court, where we are asking for a court interpretation of this statute that the transmission of early election results by modem is not authorized by this language.
In one of my legacy #transparencyproject articles, Part 11, I conclude: “In our new world of machine counting of votes, we must continue to find ways to preserve the sanctity of the ballot and the election process. As the technology of voting evolves, we must demand that those entrusted with implementing the process do so through an open and transparent process.”
Great writeup. No need for modems, especially embedded ones.
Thank you so much for the action you are taking to address this profoundly vulnerable loophole regarding the use of modems!