Ben Cotton, an IT expert proficient in forensics and digital systems analysis, issued a declaration last month about flaws with Maricopa County’s voting machine tabulators. It was included in Kari Lake’s and Mark Finchem’s latest pleadings in their complaint challenging the use of voting machine tabulators in elections. One of those findings was that unauthorized executable programs were installed on the machines at least three times during the 2020 election, which could be used to alter election results without detection.
Cotton, whose firm CyFIR was hired by the Arizona Senate in 2021 to audit the 2020 election, summarized his findings, “It is clear, based on my findings, that unauthorized programs, databases, configuration settings, and actions were present on the voting systems in Maricopa County for the elections in both 2020 and 2022.”
Regarding the executable programs, he said, “The Maricopa EMS has a compiler installed that provides the ability to modify and create executable files and drivers on the fly that could be used to alter election results without detection. There is evidence new executable files were created at least three times during the active voting period in 2020.”
The U.S. Election Assistance Commission (EAC) did not authorize the programs to create the executable files when the agency approved the software on the machines. “These programs are not found as part of approved and certified Voting System Platform software that is listed on the EAC’s Scope of Certification posted on the EAC’s website,” Cotton said.
In addition to the three executable files created during the election, “twelve thousand five hundred and seven (12,507) executable files were created or modified after the August 6, 2019 installation date of the DVS Democracy Suite on the Maricopa voting systems,” which also were not approved by the EAC. “The creation and implementation of these files created after the installation date and certification date of the DVS Democracy Suite software violates and undermines the entire purpose for the EAC certification process,” Cotton said.
A second concerning discovery he made was that the security system to tabulate the results had no encryption, so anyone could query the database to access it.
“The encryption keys used to secure the results, encrypt and decrypt the tabulator results and protect the integrity of the EMS operations are stored in plain text in an unencrypted SQL database that is accessible with a simple SQL query,” he said. “This egregious security lapse provides anyone with access to the voting system with the tools to alter election results without likely detection.”
He said there was only one easy hurdle a hacker had to overcome.
“The only barrier to access these keys is the Windows-log-in. This log in obviously would not prevent a malicious insider from changing results. A non-insider could easily bypass the Windows log-in feature in about 5 minutes with well-known hacking techniques available on the internet,” the IT expert said.
Cotton added, “Simply put, this is like a bank having the most secure vault in the world, touting how secure it is to the public and then taping the combination in large font type on the wall next to the vault door.”
Third, Cotton found that the software used on the machines, Dominion Voting System (DVS) Democracy Suite version 5.5B, was “materially altered” after it was approved by the U.S. Election Assistance Commission (EAC). “The MBS file and the database version could not have been produced by the DVS version 5.5B,” he said.
He added that this was the case in the 2022 election, too.
Cotton said all the slog.txt files he examined contained a warning that stated, “[Verification] Election database version: 1.24 is not the same as election domain version.”
Finally, Cotton found that “EAC authorized voting system auditors Pro V&V and SLI Compliance failed to detect material changes to the voting systems in their audits of February 2021.”
“The auditors only analyzed the hash values of a very small subset of the executable files on the systems,” Cotton said. “Notably the auditor did not analyze or compare any files in the subdirectories of the Windows\.Net directory associated with the EMSApplicationServer functions or any other directory on the system. The auditors did not perform a comparative analysis of the software listed in the EAC Scope of Conformance and note any deviations from the certified baseline.”
He said the “files which do not match the EAC certified file hashes are configuration files,” which “is especially significant because changes to configuration files change how the election software acts and whether ballots have been accurately recorded and tabulated.”
Cotton said, “This is an egregious breach of basic security practices that must be remedied immediately. No election results provided by these voting machines can be trusted given the subjects identified and described in this report.”
A group of election integrity investigators in Arizona exposed voting machine tabulators’ lack of compliance with the EAC’s requirements in 2022 and filed legal actions to stop their use but got nowhere.
State Senators Wendy Rogers (R-Flagstaff) and Sonny Borrelli (R-Lake Havasu) held a press conference last month revealing some new findings.
– – –
Rachel Alexander is a reporter at The Arizona Sun Times and The Star News Network. Follow Rachel on Twitter / X. Email tips to [email protected].
Photo “Voting Machine” by kafka4prez. CC BY-SA 2.0.