The election equipment that was used in recent elections in Minnesota was for the most part uncertified by the EAC. Only 6 out of 87 counties in Minnesota have election software certified by the EAC.
Election Assistance Commission
The EAC was established with the Help America Vote Act (HAVA) in 2002.
Note that being certified or not certified doesn’t guarantee system security, as we shall discuss shortly.
In the following image, Red = Certified | White = Not Certified
If we zoom in on Minnesota, we find that only 6 of 87 counties have voting equipment that is certified by the EAC.
Here are the counties in Minnesota that are certified by the EAC:
Thinking that this felt off, I called the EAC and left a voicemail and sent a question by email, which was replied to the same day (04/20/2022).
This may have been comforting if not for a close reading of Minnesota election law.
Minnesota Election Laws
Minnesota Statute 206.57, Subd.6 states in full:
Subd. 6.Required certification.
In addition to the requirements in subdivision 1, a voting system must be certified by an independent testing authority accredited by the Election Assistance Commission or appropriate federal agency responsible for testing and certification of compliance with the federal voting systems guidelines at the time of submission of the application required by subdivision 1 to be in conformity with voluntary voting system guidelines issued by the Election Assistance Commission or other previously referenced agency. The application must be accompanied by the certification report of the voting systems test laboratory. A certification under this section from an independent testing authority accredited by the Election Assistance Commission or other previously referenced agency meets the requirement of Minnesota Rules, part 8220.0350, item L. A vendor must provide a copy of the source code for the voting system to the secretary of state. A chair of a major political party or the secretary of state may select, in consultation with the vendor, an independent third-party evaluator to examine the source code to ensure that it functions as represented by the vendor and that the code is free from defects. A major political party that elects to have the source code examined must pay for the examination. Except as provided by this subdivision, a source code that is trade secret information must be treated as nonpublic information, according to section 13.37. A third-party evaluator must not disclose the source code to anyone else.
It is important to note that as of now there are no other appropriate federal agencies outside of the Election Assistance Commission (EAC), which itself authorizes Pro V&V and SLI Compliance.
Are There Limits to Certifications from the EAC?
Let’s take a look at the EAC certification for Dominion 4.14-E.
On page 1 note the last sentence:
This certificate is not an endorsement of the product by any agency of the U.S. Government and no warranty of the product is either expressed or implied.
On page 2 it reads:
Note the second to last bullet point in “Significant of EAC Certification”:
An EAC certification is not: A determination that the system is ready for use in an election.
Then what might these certifications be for?
Are they meant to give the public a false sense of security?
Finally, compare the full 14-page EAC certification to the State of Minesota Secretary of State Certification of Dominion Democracy Suite Version 4.14-E Voting System reproduced below:
And page 2:
What did you notice?
Digging Deeper (into Known Vulnerabilities)
Should the public have questions when 81 out of 87 counties in Minnesota DO NOT have certified election equipment according to the Election Assistance Commission, which under Minnesota Statute 206.57 Subd.6 those election machines should have prior to use?
Are there consequences to certifications (the EAC certifications) which have disclaimers putting the value of the certification itself into question?
What should these certifications imply in a more common-sense world?
In the 3/15/2022 Nye County, Nevada County Commissioner’s meeting cyber security consultant Mark Cook described his experience with computers pre-internet in the CompuServe and Prodigy days, then as a consultant to protect companies from threats and seal off vulnerability, and finally with election systems.
Today, Dominion is a popular voting system which uses Microsoft SQL database, one which Mark was and is very familiar with as he used SQL databases from day 1. In the same meeting, he discussed how within the first minute of getting his hands on a Dominion system, he was able to access the backend and change votes without leaving a trace.
As has now been shown, certifications (and the lack of certifications) have not protected the right of men and women to vote freely and fairly in this country. For just one example, the Mesa County Colorado Voting Systems Report #3: Election Database and Data Process Analysis proves database manipulation happened inside the Colorado Dominion Voting Systems (DVS) Election Management System (EMS). Not once, but twice, in both the 2020 General Election and the 2021 Grand Junction Municipal Election.
Fortunately, there are signs around the country that people are becoming aware of the fundamental issue (that these machines are designed to allow manipulation) and using their voice to affect change how their county conducts elections. Yesterday, April 19, 2022, men and women spoke in Crow Wing, Dakota, and Sherburne counties (video from Sherburne). Recently, two counties in Nevada, Nye and Esmeralda have already decided not to use electronic voting equipment in upcoming elections. Which county commissioners will be the first in Minnesota to do the same and restore the voice that is constitutionally inherent in the right to vote to their constituents?