Dominion Voting in California

California Secretary of State, Frequently Requested Information –> Dominion Voting [1]:

California certified Dominion Democracy Suite 5.10A in September 2020, despite (or because of) its openness to abuse (not “vulnerabilities”). From the Secretary of State Staff Test Report (PDF):

“The Democracy Suite 5.10A voting system consists of eight major components.”

Each component has its own security holes and/or backdoors, and many of them are sufficient to compromise the whole system. It is not just a voting machine.

“The Vote Center/Polling Place was setup with the Voter Activation Card Laptop, ICX machines, ICE machine, and Mobile Ballot Production for on demand printing. EED and RTR were setup as per the logical map below [the picture]”

RTR stands for Results Tally and Reporting, which I call Election Results Editor.

“EMS-Results Tally Reporting (RTR), v. 5.10.50.83 RTR is the main application for post-voting activities. It receives election results from the tabulators, allows for validation of the results, and reports the results. RTR can be used for the addition, and deletion of tabulator files. It also allows for manual resolution of qualified write-ins.”

Addition and deletion of tabulator files with all votes in them.

From the Democracy Suite Use Procedure (customized for CA)

3.6 DATA CLEAR

The Data Clear page allow administrators to erase results, voter data, and elections definitions. (p. 17)

Erasing results, no less! 

From the Dominion Democracy Suite ImageCast Remote 5.10 RAVBMS Security and Telecommunications Report:

“The DS 5.10 RAVBMS does not have a built-in hash verification method for the system to verify that the source code [probably meant ‘the system] is not running modified code.”

There is a whole section Potential Vulnerabilities. There are many: JavaScript code injection, Cross-site scripting (reflected), Open Redirection (DOM-Based). But genuine vulnerabilities are beyond the scope of this post. Why to attempt exploiting the vulnerabilities, when one can replace the original code with modified one, or to replace whole results files! Finally

“As directed by the California Secretary of State, this security testing report does
not include any recommendation as to whether or not the system should be
approved.”

These are just a few quotes from the latest documents related to the Dominion Voting software used in these elections.

[1] California Secretary of State, Frequently Requested Information –> Dominion Voting