There was no hacking of our elections. Period.

I have struggled trying to write something about the underlying IT of our recent elections without making this overtly partisan or political. So here goes: there was no hacking of our ballots. We had probably the most secure election in our nation’s history. No foreign power changed any ballots. Numerous recounts verified the results. Biden won, fair and square.

Yes, the precise tabulation of votes was off by a few votes here and there. But not enough to change the overall result or who will become our next president. The states that were called for each candidate – including an early prediction by Fox News that Biden won Arizona on election night — remained unchanged.

Sunday night on 60 Minutes Chris Krebs was interviewed about his role in securing our election. Krebs ran the Cybsersecurity and Infrastructure Security Agency for DHS for several years and built up a powerhouse support team for local elections officials. If you haven’t yet watched the segment, please take the time to do so, or at least read the transcript of his interview. He makes it very clear what happened, and more importantly, what didn’t happen. The claims by our president are just pure fantasy.

Krebs reiterates the points made in this November 12th letter signed by various government election officials who have been supporting the underlying security efforts: “There is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.” Krebs wrote an op-ed for the Washington Post.

Krebs and his team put together a special website called “rumor control” that is still online. It contains FAQ about rumors and misinformation about our electoral process. We should have similar pages across all government agencies, especially in these times where facts are hard to come by. The Rand Corporation calls this truth decay and how we can’t agree on the facts anymore.

Ironically, many of these rumors were started by our president and his advisors.

Krebs was very accessible on election day, hosting a series of teleconferences with reporters every few hours. It was an odd series of briefings. I kept waiting for the ball to drop but as the day wore on, it was clear that our vote was clean. “It is just another Tuesday on the Internet,” Krebs said at one point. It was clear that he had done his job well, and we should have praised him. Instead, he was fired by a tweet a couple of weeks later.

In the process of writing about elections security for Avast’s blog, I have met and interviewed some of the computer scientists who wrote their own letter. They firmly state that claims about rigged elections “either have been unsubstantiated or are technically incoherent.” This includes allegations about the operations of one of the tech voting machine vendors: there was no wholesale transfer of votes.

Another irony: it is the abundance of paper ballot backups – and the 100M people that voted early and by mail — that made these claims false. Look at the Georgia manual recount. Yes, Georgia has had some tech problems in the past year, documented by this investigation in the Atlanta newspaper. But they ultimately pulled it together for November. Again, their final tally differs by a few votes here and there. There were some counting errors, but those were done by humans, not computers. And more importantly, they were discovered and corrected. The final tally for both candidates increased slightly. But Biden’s victory margin was tens of thousands of votes and remained intact after the recount. What is more impressive is the number of counties where the counts remained exactly the same.

Our elections – and our democracy – worked. Krebs said last night that it is “a travesty what is happening now with all these death threats to election officials. They are defending democracy. They are doing their jobs.” Here is more from another interview where he talks about these threats to a WaPost reporter.

10 thoughts on “There was no hacking of our elections. Period.

  1. I don’t think “hacking” is what is being alleged. There were differences in how the signature matching was done (if at all) and in many cases ballots were accepted without a postmark.

    • Ballots don’t need a postmark – there are drop boxes in most states. Signature matching is done on the envelope, then the envelope is separated from the ballot for privacy. Then the ballots are counted.

      Unless someone comes forward to claim that someone else submitted a ballot that was mailed to them, or someone thinks they voted but can’t verify that their ballot was counted, I don’t see what point you’re trying to make. It’s not necessary to answer fictive claims about the process. Ballots were mailed to registered voters. Ballots have been accounted for.

      • Ballots absolutely do need a postmark. Not sure how anybody could claim otherwise. The Pennsylvania Supreme Court override this requirement despite the law being very clear about this.

        • I’m not sure you want to use the word “absolutely.” Different states do things differently. In the state of Maryland, I requested a mail-in ballot. I received it shortly before the election. I filled it out and then brought it to my local high school, where Montgomery County had placed one of 30 or so ballot drop-boxes.

          Later on, I received an email that my ballot had been accepted.

          As far as I know – no postmark was required in that process – a process I found to be remarkably well run. I’ve always been proud of our local county government – and they did very well.

          I have no question that this was a secure and fair election – same as 2016.

          The candidate with the most votes and electoral votes won. Of course, in 2016, the candidate with the most votes lost – but the candidate with the most electoral votes did win. That’s the way it works.

  2. David
    travesty: so true.

    Now, democracy has a challenge: how to deal with the web filter bubbles which allow the trolls ( local and foreign) to manipulate millions of people. Can we fix the bubbles before thousands more people die?

  3. David, I think your article is accurate and it does not strike me as political or partisan. This country is in very deep trouble because we have millions of people who are stupid, or gullible at best and live in bubbles of unreality. And many of them are armed.. I understand why we need to have section 230 but something has to be done about how fake news and death threats so quickly proliferate on the internet. I just heard this morning that Chris Krebs is also getting death threats. I am so worried for this country’s future. Anyhow thanks for this article

  4. Thank you David for posting this. The more accurate and true information that is published, the better for our country and upholding democracy. We need to state, restate, tell and retale the facts, to compete with the incredible amount of noise around the unsubstantiated and false claims that are circulating about our voting system. Oregon was the first state to pass vote by mail (back in the late 90s)–the result: voter fraud decreased and has stayed much lower than it ever was when we voted in person at the polls.

  5. Thanks for putting yourself out there on this. My view is a bit different. Whether or not fraud existed is for the investigators to determine. I have no basis to form a conclusion. I certainly won’t do so based on the claims, counter-claims, and propaganda I see.

    With that said, it is simply unacceptable in this day and age that our voting systems are a security swiss cheese. The issues are (1) voter identification, (2) voter eligibility, and (3) secure capture and counting of votes from eligible people only. Every one of these building blocks is badly broken. As result we have this debacle we are witnessing. Trust in the vote is the cornerstone of democracy (and democracy is a key component of our way of life). Details follow.

    (1) Political pressure to allow unidentified people to vote has been ongoing, with “it’s too hard” being the excuse for not identifying voters. The US is the worst of the “developed” countries at this. The press against voter ID creates one massive cognitive dissonance in virtually everyone. We all need ID to do the most basic activities of life. Even Mexico issues voter ID cards and one must have exactly that or … no votar.

    (2) Registering to vote (certification of eligibility) and maintenance of eligible voter rolls is a mess. Dead voters, people voting multiple times. The anecdotes of poll workers in our area saying that many people came in and tried to vote saying “I just moved here from California”. I’m sure you can see why an excuse like that is so lame. Just one of many ways people “work the system” when the system is incredibly broken as far as validating someone’s eligibility to vote (this includes state and local elections which are the most important!). Utility bill? Right.

    (3) This is the one that everyone is currently at odds on. The question I pose is “Are ballots and their votes worthy of the same due care as evidence in a trial?” What if you were accused of murder and evidence was presented which was sent through the mail, or delivered by some random person who promised they didn’t tamper with it? In court, “chain of custody” is mandatory. Any question and the evidence is excluded, period. We see all sorts of shenanigans with ballots and the vote count data. Questionable software, data reduction machines running unvetted software, some of which are not even air-gapped. Here in my county (and many others I suspect) mail-in and early ballots are, by state law, to be enclosed by the voter in a “securely sealed” envelope (quoting state law) and then signed on the outside so that their signatures may be validated before the envelope is opened. Well, the envelopes are sealed with a weak lick-glue that may easily be opened, allowing the ballot to be replaced, and then resealed WITHOUT DETECTION. As an IT professional, you can see this “man in the middle attack” which would instantly invalidate any financial transation system. The envelopes should be “tamper evident”, impossible to open without detection. They have been around for decades. And the envelopes are couriered from the polling places to a counting house by a single “nonpartisan courier” ha ha ha. Where can you find one of those??? Also the County provided Sharpies as markers and they bled through to the back. We were promised that “It’s OK, the scanners only look at the columns containing the bubbles and the bleed doesn’t appear there.” Right, I trust you. I could go on… Ridiculous in this day and age. Imagine a Voter ID containing your private key. You vote and digitally sign the ballot. When you register you proivide your public key. Boom, tamper proof and positive identification of the voter far far more solid compared to a lick-sealed paper envelope with a signatuire and phone number on the outside.

    Repeating, voting should be subject to strict identification and verification of eligibility. Vote capture and data should be subject to strict chain-of-custody, tamper-proofing with digital signatures, etc.. We have incredibly strong data security technology as you well know, and it has been in extremely widesperad use in banking for decades, yet we use ridiculously weak systems for handling voting. Given how people behave in real life, especially when involved in a mammoth power struggle, this is truly ridiculous. And it is why we are where we are today. Saying “it probably didn’t happen” is not enough.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.