Alright, I can't help myself. I hate disinformation. I also hate ignorance. More than anything, I'm not a fan of people spreading information they wish were true without doing even basic diligence to verify it. So, of course, I can't stand anything that is being said about this election on either side of the issues.
I've been challenging many people lately to provide some actual evidence of election fraud from an actual first hand source, and I finally found something. This is a forensic report performed on some of the voting hardware used in Michigan. Below, is my analysis of the report.
Summary
For those who don't want to unpack this whole thing, here is my high level take away.
- The company who produced the report would never get my business. The report itself is poorly written, makes statements and assumptions that are inappropriate in a forensic analysis, and repeat many demonstrably false claims that are floating around the internet. They should be embarrassed.
- The report identifies a few things that I find extremely concerning. It is enough that I would whole heartedly support the FBI, or another government agency, obtaining forensic images from across Michigan to perform a much deeper analysis. I think there could be reasonable answers to much of this, but there could also be very troubling answers as well.
- The report also reveals some things that I consider very sad, but totally expected and not actually nearly as concerning as they might first appear.
Long story short, there is evidence that suggests someone may have successfully hidden their tracks. What they did is unclear. However, it is crucial to note that the sort of fraud that *might* have happened in Antrim Michigan does not worry me. And here is why. It would require perpetrating such fraud at the precinct level. This means that even flipping a single state would require hundreds of well trained operatives across hundreds of precincts. Each would have had to successfully executed their role without being caught. In each case, they would have needed access to log in to the machines in question. And they would have to do so in a way that avoided a re-count, as a hand re-count, or even a machine based one, would uncover and unravel their efforts. The logistical effort required is simply so immense that anyone capable of doing this would have been a fool. There are just far easier ways to manipulate an election.
Holy Guacamole Batman
OK, so first with the damning items.
Mismatched Vote counts
Item B.3 and D.8-10 outline situations in which the votes in Central Lake Township were tabulated twice (or three times. it's not totally clear). In short, the different counting runs came up with very different results. As I understand it, this has been explained by the state as being the result of a configuration problem with the machines. That explanation is fine and well, but should be verified and validated though independent analysis. As ASOG explains, it is not at all clear that this was the result of a mis-configuration. It certainly could have been, but I think we deserve to understand that in much more detail than has been provided. ASOG's analysts clearly could not find a "configuration" change that explained what they saw in the results. I don't have nearly the information they do, but from what I see in their report, I can't detect any obvious pattern such as all republican votes going to democrats and vice versa. Below is the most glaring example:
Configuration Changes
Speaking of mis-configuration; ASOG goes into extensive detail about the requirement that voting machines and configurations be certified and "frozen" 90 days prior to the election. I know nothing about these rules, so I'll take their word for it. As such, even the changes that the state has admitted were made are potentially problematic. Perhaps ASOG's interpretation of the law is lacking? Even if that is the case, a clear explanation of exactly what was wrong with the configuration and how it impacted things is not at all unreasonable in this situation.
Moreover, as ASOG makes clear, there are testing protocols in place. I completely agree that it is very odd that configuration changes would have been made that were not thoroughly tested. If I understand the
statement from the secretary of state correctly, they are claiming that the configuration only impacted the "unofficial" counts that were shared with the press. The official counts were not misconfigured in the first place. Here, again, if that's the case we simply deserve a much deeper explanation so that any concerns to the contrary can be put to rest. This could, potentially, explain why tests were successful if the testing was only concerned with the official vote counts.
Missing Audit and Security Logs
Alright, here is the big one. Two critical types of logs were missing from the systems; First, the adjudication logs, which I believe show changes made by election workers to ballot counts, and second, the system security logs, which would show who logged in and deleted the adjudication logs. This is a really big deal. It opens up a very real possibility that someone "flipped" votes and then covered their tracks. The adjudication logs for prior years are still present, which makes the missing 2020 logs all the more suspicious. Similarly, only a few days of security logs are missing.
The purpose of the adjudication function is to allow election workers to fix ballots. For example, if someone were to mark the wrong candidate, cross that out, and then mark the candidate they intended to vote for. In that situation the system would flag the ballot and an adjudicator would "correct" the ballot. While this feature has been decried as an intentional hole built to invite fraud, it is actually a critically important feature of any viable election system.
There are some major concerns posed online about how dominion handles adjudication. I really can't comment as I have no experience with their systems. If I were building such a function, I'd require at least two people to sign in first to ensure at least some oversight. I would then ensure a clear log of all adjustments made and who made them. This would all go into a tightly secured area of the system to ensure any fraud would easily be tracked back to the perpetrator. No idea how much of that Dominion does, but given that whatever adjudication logs they have are missing in this case, it really doesn't matter. This means we don't know how many ballots went to adjudication nor what happened to them once they got there. One piece of good news - a hand recount of the ~1,500 ballots in Central Lake Township would easily answer the most important question here: was there fraud. If the official vote counts match the re-count, then we're left with some really suspicious behavior that had no real impact.
Ballot Reversals
Directly from the report:
For examples, there were 1,222 ballots reversed out of 1,491 total ballots cast,
thus resulting in an 81.96% rejection rate. Some of which were reversed due to
"Ballot's size exceeds maximum expected ballot size".
I'm not sure what to say here. This is strange, but without more information it's hard to piece together. The report doesn't mention the election workers saying they had to adjudicate almost all of their ballots. I would think this would have made more headlines and caused more immediate concern about the vote totals, but who knows. Long story short, it's very concerning if it is an accurate statement, however I suspect this is a case where ASOG may have made some bad assumptions about what they were seeing in the log files. Nonetheless, simply deposing the election workers and asking them would help to get to the bottom of this very quickly.
Error Rates
A review of the tabulation log found 10,677 distinct error entries. Now, don't get me wrong, this is not unusual. Your bank's software probably throws hundreds of error messages a day. Very few companies can boast of a 0% error rate, and most of those that do are really only showing off how poor their error monitoring is. Errors are part of software. However, this is election software. Next to software that can determine if someone lives or dies (think life support systems on aircraft), there are few applications that should have a higher standard than election systems. This is a LOT of errors for a system that processed only ~1,500 ballots. I'll talk later in this post about why I disagree with ASOG's analysis of these errors, but I do agree with the overall premise that this is a very strange result. Perhaps it's related to the configuration issue that was later corrected? If so, again, we deserve that in depth explanation.
Conclusion
I join with ASOG on this one when they state:
We recommend that an independent group should be empaneled to determine
the extent of the adjudication errors throughout the State of Michigan. This is a
What I see here is enough to warrant investigation. Plain and simple. I think there is a very real chance that there is nothing much going on, but elections are pretty sacred in my book. So, yes, we should get to the bottom of these claims, and we should do so quickly.
Scary Like the Monster Under your Bed
Adjudication
As noted earlier, the majority of ASOG's concern with the Dominion system is that they believe it produced a large number of adjudicated ballots, and these are far more susceptible to fraud. They even share
this video showing how easy it is to use adjudication to commit fraud. They're right, sort of. I don't worry about adjudication fraud for two simple reasons. First, it must happen at the precinct level. To influence even a close state like Michigan, you would need to perpetrate this type of fraud broadly across hundreds or thousands of precincts. In each one, you would need to find a willing participant. That conspirator would have to avoid detection by the other workers in the precinct, including anyone who might provide oversight to the adjudication. They'd have to keep their total impact small enough to avoid a recount due to suspicion, but large enough to actually impact the results. And they'd have to do this all with the knowledge that a recount could expose them. Finally, this would all have to done in a one-sided manner. Lots of fraud for one party, and very little for the other. So, yes, adjudication is an opportunity for fraud, but is it likely to impact an election, no.
Basic Cyber Security
The report included a number of other findings that are probably very concerning to those unfamiliar with cybersecurity practice. And, honestly, my elaborating might make you even less comfortable with the safety and security of not only our elections, but also your every day life. But, here goes anyway.
The report mentions several major flaws in the security of the Dominion systems. This includes the hard-drives not using encryption, shared administrator credentials, unsecured database files, overdue security updates, etc. This is an all too common reality. I'm not sure who maintains the voting machines, but if it's local or even state government then I'm not surprised. Few non-federal government agencies can afford high quality cyber security and systems administration talent. States can and should, but for cities and counties that is a hard budget item. So, it is likely that your local DMV, your city utilities, your local police department, and so forth all have similar security failures. This excuses nothing. It's BAD. It is really BAD. I only point it out so you understand why I'm not surprised by it.
Am I concerned by it? Yes, and no. This goes back to the issue with adjudication. These machines are air-gapped (though ASOG found they could be connected to the internet, they are not supposed to be). So to take advantage of any of these issues would require an advanced threat - a government sponsored level of effort. Could China or Russia use issues like these to impact our elections? Yes, they could. But they have far easier ways to influence things. If you doubt they influence our elections already, you're living under a rock. They don't even need to change the outcome; all they need to do is make us question it.
A Lesson in Credibility
OK. So far we've given ASOG a free pass by assuming they are honest, know what they are doing, and know what they are talking about. If you are a trump supporter who wants to believe he can still win, you might want to stop reading at this point, because you probably won't believe half of what I have to say anyway.
There is a LOT in this report to scoff at. From unprofessional delivery to outright false statements. It all calls into serious question the validity of ASOG and their trustworthiness. It's sad because 90% of this has little to do with the analysis they were hired to perform. They could have left these things out, made a strong case, and come out looking very professional. But they did not.
Credentials, or the lack thereof
Any good expert testimony starts with a declaration of the expert's "expertness". This one, not so much. Russell Ramsland, a member of the management team, starts off by stating his personal credentials. Harvard MBA, political science degree, some name dropping of who he's worked with/for (NASA and MIT). Note, nowhere does he mention cyber analytics or election systems. He goes on to paint a pretty picture of his team of experts, but fails to name any of them or state any of their credentials. They are simply a "group of globally engaged professionals who come from various disciplines to include Department of Defense, Secret Service, Department of Homeland Security, and the Central Intelligence Agency." In short, "we're really cool experts, but you'll just have to trust us."
Despite my best efforts, I can't find anything about who they actually are. No linked-in profiles, no "about us" on their webpage. Nothing. Their web domain was purchased on 1/30/2020, so they have at least existed longer than a few months. It is registered to Allied Special Operations Group (slightly different name) which has their own website alliedspecialops.us which was purchased in 2017. Long story short, I don't think they were created for the sake of this analysis. It is not unusual for cyber security consulting companies to be very secretive about their employees. So we can give them some degree of a pass here.
Professionalism
When you write a professional analysis, it is critical to focus on facts. You avoid value judgements, and especially avoid assigning intentions as these are highly subjective and opinion based. In some cases it might be appropriate to make statements about intent, but these are almost always qualified. For example "this could indicate malicious intent" rather than "this is a clear indication of malicious intent". ASOG clearly doesn't think this is important. I'll quote a few parts of their report with my commentary.
"We conclude that the Dominion Voting System is intentionally and purposefully
designed with inherent errors to create systemic fraud and influence election
results."
and
"The systemic errors are intentionally designed to create errors in order to push a high volume of ballots to bulk adjudication."
Not only do they make the value statement that the errors are intentional (how can you know that, and where is the evidence?), but they also go so far as to state the reason for the intentional errors as fact. This was done to "create systemic fraud and influence election results". They offer no evidence or reasoning for their conclusion. So, basically, we are to believe that a company that builds election software intentionally makes it poorly so that it can be used to do exactly what it purports to prevent?
A purposeful lack of providing basic computer security updates in the system software...
In this case, they are claiming that whoever is responsible for maintaining the dominion equipment (likely a government employee or employee of a government contractor) was intentionally avoiding good security. They don't even indicate who would be responsible for this, but have no problem accusing that person(s) of intentional poor security explicitly to invite fraud. This is quite the deep conspiracy now.
Dubious Claims
Some of their conclusions are just strange to me. In many cases, they appear to be crafted to make good headlines, rather than to accurately represent facts. (see how I used that qualifier :) )
For example, they talk about a 68% error rate. The implication seems to be that the system messed up on 68% of ballots. However, a careful reading shows something quite different. When inspecting the "tabulation log" they noted that 68% of log file entries were error messages. This tells us nothing about error frequency. It simply tells us that the system logs errors more often than it logs other things. Each ballot does not necessarily result in a log message (~1,500 ballots resulted in more than 15,000 log messages). I can't say more without seeing the actual logs, but it's possible that all of those error messages were during the system's startup and before any ballots were even processed. We simply don't know, and ASOG doesn't give us enough information to draw our own conclusions.
Next, in J.8, ASOG claims that a user attempted to "zero out election results" and provides the following error message as "direct proof of an attempt to tamper with evidence."
Id:3168 EmsLogger - There is no permission to {0}- Project: User: Thread: 189.
Now, I've done a lot of troubleshooting in my day. I've read a lot of error messages. I can tell you that I have NO IDEA what this error message is saying. It reminds me of what happens when the error message itself has an error. It appears to be trying to replace "{0}" with the name of the missing permission. How ASOG interprets this message to be an attempt to zero out anything is beyond me. Without direct access to the Dominion source code, I don't see any way they could properly interpret that error.
In B.20 ASOG claims that the ICP machines have the ability to connect to the internet. This is certainly problematic, as they state. Oddly, they go on to state they connected a network scanner to the ethernet port of the machine and recorded traffic, but then immediately state they do not know the origin or destination of the connection. This is odd for two reasons. First, in a proper forensic analysis, you don't connect to, boot, or utilize the initial system hardware. That corrupts the integrity of the system being studied. Second, a packet capture would show both the source and destination of the connections being captured. Even if all traffic were encrypted, the IP addresses involved would be clear. I have no idea what to make of this claim as it's simply odd and inconsistent with my limited experience with cyber forensics.
Section J.4 tries to suggest something nefarious about write-in ballots being sent to adjudication. Given that Dominion's software lacks any AI based handwriting recognition, there is really no way to process write-in ballots other than through human interventions. This is one of the primary purposes of the adjudication functionality. The attempt to paint it as suspicious suggests a bias in the report's conclusions.
Inconsistent Statements
Throughout the report, ASOG consistently emphasizes the risk of adjudication to election security. They then make frequent claims (in B.2, B.8, B.10, B.12) that there were a large number of ballots needing adjudication. At one point even stating "A staggering number of votes required adjudication." However, they then go on to claim (B.15 and B.21) that the records of adjudicated ballots were deleted from the server which "prevents any form of audit accountability".
Because the intentional high error rate generates large numbers of ballots to be adjudicated by election personnel, we must deduce that bulk adjudication occurred. However, because files and adjudication logs are missing, we have not yet determined where the bulk adjudication occurred or who was responsible for it. Our research continues.
How they know that there were "a staggering number" of adjudicated ballots without the needed records is a mystery left to the reader.
Outright False Statements
Ok, to top this all off, we get this gem of a paragraph. It's full of claims that have circulated for a while on social media. They've been well debunked, but we'll touch on them anyway.
Dominion voting system is a Canadian owned company with global subsidiaries.
It is owned by Staple Street Capital which is in turn owned by UBS Securities
LLC, of which 3 out of their 7 board members are Chinese nationals. The
Dominion software is licensed from Smartmatic which is a Venezuelan owned
and controlled company. Dominion Server locations have been determined to be
in Serbia, Canada, the US, Spain and Germany.
- Dominion Voting Systems is NOT Canadian owned. The company was founded in Canada, but in 2018 it was acquired by Staple Street Capital, which is a US based company. Dominion themselves have headquarters in both Toronto and Denver.
- Staple Street Capital's relationship with UBS Securities LLC is not totally clear to me. They are an investment firm, and UBS is one of their clients. From what I can tell, UBS has ~$400M invested with Staple Street Capital. What's not clear is if that is a $400M ownership interest, or a $400M investment. It appears, after more reading tonight, that it may have been a stock purchase, suggesting that UBS now owns some share of SSC. However, what % ownership is represented by $400M is unclear.
- Yes, 3 of UBS's board members are Chinese.
- Dominion does not license software from Smartmatic. I've been able to find lots of people claiming this, but zero evidence. Meanwhile we have Dominion and Smartmatic both publically stating that no such relationship exists. While it's possible they are lying, it would be pretty disastrous to both companies' interests if they were caught in such a lie. Without meaningful proof to the contrary, I'm inclined to believe them.
- Where Dominion has servers is not relevant to anything as those servers have nothing to do with the tabulation of votes. From everything I can tell, vote tabulation is strictly air-gapped to ensure security. Votes can be transferred via flash-drive, CF card, or point-to-point modem connections.
In Conclusion
ASOG has a major credibility problem, but they are nonetheless making some powerful claims. Some of these claims are solid enough, and backed with enough evidence, that I believe they demand an investigation. However, none of this is indicative of wide-spread fraud. A hand re-count in Georgia of ballots using the same Dominion system found no meaningful discrepancy, which further reduces the chances that there was some wide-spread coordinated effort to impact election results. I expect this to be somewhere between a local scandal and a non-story. However, our elections are a HUGE deal. In addition to a hand re-count in the effected precinct, I would whole heartedly support an FBI investigation into both this local race as well as a small selection of random voting machines from throughout the state. This is one case where you really can't be too safe.
Finally, President Trump is still in office for another month. He controls a number of agencies who have the talent and resources to investigate these claims. He clearly believes them. He clearly has every reason to want to prove them true. So, stay tuned. If you hear nothing meaningful about the FBI, CIA, NSA, CISA, etc. finding that ASOG is right, then you can be quite certain that there was nothing to be found. There can be no doubt Trump will have multiple armies (maybe even THE Army) investigating this ASAP.