News Analysis
The firm hired by Georgia’s secretary of state to conduct an “audit” of Dominion Voting Systems technology used during the 2020 elections is the same one that previously certified the Dominion systems and also approved a last-minute system-wide software change just weeks before the election.
Secretary of State Brad Raffensperger failed to disclose that the company, Pro V&V, had a preexisting relationship with Dominion that dated back years, in his
Nov. 17 statement announcing the results of the audit.
Raffensperger also failed to disclose that Dominion had used technical conclusions from Pro V&V in a pre-election Georgia lawsuit that questioned the reliability of Dominion’s systems during a last-minute software fix before the Nov. 3 election. The testing from Pro V&V had been
characterized as “superficial” and “cursory testing” by an expert cited in court documents.
In the widely quoted
statement, Raffensperger said that the audit of Dominion machines was complete, there was “no sign of foul play,” and that “Pro V&V found no evidence” of tampering with the machines:
“We are glad but not surprised that the audit of the state’s voting machines was an unqualified success,” said Secretary Raffensperger. “Election security has been a top priority since day one of my administration. We have partnered with the Department of Homeland Security, the Georgia Cyber Center, Georgia Tech security experts, and wide range of other election security experts around the state and country so Georgia voters can be confident that their vote is safe and secure.”
Raffensperger also included an impressive description of Pro V&V in his statement, but again failed to disclose the firm’s relationship with Dominion, nor did he address the fact that Pro V&V appears to be a very small and private company that
operates out of a single office suite.
“Pro V&V, based in Huntsville, Alabama is a U.S. Election Assistance Commission-certified Voting System Test Laboratory (VSTL), meaning the lab is “qualified to test voting systems to Federal standards.” VSTL certification is provided for under the Help America Votes Act of 2002. Pro V&V’s accreditation by the USEAC was also recommended by the National Institute of Standards and Technology (NIST), the U.S. government’s physical science laboratory dedicated to creating standards and measures that would help America be the leading science innovator in the world. NIST contributes regularly to the development of cybersecurity and elections security standards for the U.S. and the world.”
According to the Election Assistance Commission (EAC) website, it appears that the federal commission currently has only two accredited testing labs for the entire country: Pro V&V and SLI Compliance. There are seven
voting system test laboratories (VSTL) listed on the EAC site, but five of these companies have notations showing their accreditations as expired.
Additionally, although the EAC
lists Pro V&V as being accredited, the link for Pro V&V’s accreditation certificate leads to a “
page could not be found” warning. An older
certificate of accreditation for Pro V&V can be found separately, on the
company’s profile overview. It has an issue date of Feb. 24, 2015, and shows as being effective through Feb. 24, 2017. It’s unclear if the company’s accreditation has expired or if the fault lies with the EAC website.
Raffensperger’s characterizations of Pro V&V gave no indication that he had any prior familiarity with the company and one could easily believe that there was no affiliation or long-standing ties between Dominion and Pro V&V, although that impression is inaccurate.
Raffensperger’s
statement does indicate that Pro V&V’s post-election audit work was fairly limited, describing only the extraction of “the software or firmware from the components to check that the only software or firmware on the components was certified for use by the Secretary of State’s office.”
The EAC site has a
listing of Certified Voting Systems in which Dominion has 14 voting system versions detailed. On Feb. 8, 2017, Dominion introduced its Democracy Suite version 5.0 and concurrently, Pro V&V apparently became the primary
testing lab for Dominion’s newer voting systems. With only
one important exception—a
modification (5.5-A) tested by SLI to conform Dominion’s Democracy Suite 5.5 for the State of Pennsylvania (the same version that would later be used by Georgia)—Pro V&V has been the only testing lab for Dominion Voting Systems to date.
In July 2019, Georgia
purchased a $106 million election system from Dominion. In a lawsuit that
originated in 2017, critics
contended that the new Dominion system was subject to many of the same security vulnerabilities as the one it was replacing. Raffensperger was
listed as a defendant in the case, and state and county attorneys have been present at various hearings.
Following Georgia’s purchase of the Dominion system, two employees from Pro V&V, Michael Walker and Wendy Williams, approved the
testing report for Dominion Voting Systems Democracy Suite 5.5-A for the State of Georgia on Nov. 26, 2019. Additionally, it was these same individuals who provided this year’s
April 13 and
June 16 testing of Dominion’s modified Democracy Suite 5.5-C. Williams would also play a role in some last-minute certification issues for Dominion.
But even here, there was an issue. The specific software version 5.5-A, ultimately used by Georgia, had actually been tested by SLI for Pennsylvania, and wasn’t tested by Pro V&V—a matter that would be later
noted by the courts:
“Mr. Cobb’s first affidavit discloses that Pro V&V did not itself conduct any form of penetration or security testing of the 5.5-A software version specifically to be used in Georgia (certified by Dominion in August 2019) but relied on another company’s security testing of earlier versions of the Dominion Democracy Suite software.”
Instead, Pro V&V had relied on its initial testing of the Dominion Suite 5.5 version. And as the courts
noted, “Dr. [Eric] Coomer testified that there is a difference between the 5.5 and 5.5-A Dominion Democracy Suite versions – a change to the ICX software that was not deemed de minimis.”
In an Aug. 24
sworn declaration, Harri Hursti, an acknowledged
expert on electronic voting
security, provided a first-hand description of problems he observed with Georgia’s new voting systems during the June 9 statewide primary election and the runoff elections on Aug. 11.
Hursti told the court of a series of problems, including that “the scanner and tabulation software settings being employed to determine which votes to count on hand-marked paper ballots are likely causing clearly intentioned votes not to be counted.”
Then, during pre-election testing of Dominion’s voting systems in late September, Georgia officials discovered a
problem relating to the displays for the U.S. Senate race, finding that under certain circumstances, not all of the candidates’ names would fit properly onto a single screen.
Dominion embarked on a software modification to address the problem, which required testing validation from Pro V&V as the software had now been changed across the Dominion systems. There was some disagreement as to the breadth of the software changes made and the possible need for resulting system re-certification due to the changes. As a result, a
Zoom meeting was held by the court on Oct. 1 to address the matter.
One of the people
present on this call was Ryan Germany, general counsel for Georgia’s secretary of state’s office.
During the back and forth of court proceedings, lawyers for Dominion
described the problem and the resulting software fix as “de minimis” and one that didn’t invalidate the previously issued EAC certification. Lawyers for “voting integrity activists,” already involved in lawsuits over Georgia’s new Dominion system, voiced concerns over “the severity of the problem and the security of a last-minute fix.”
Some of these concerns were echoed by the
court, which noted that, due to the statewide implementation of the software modification, there could be “larger implications.” The issue wasn’t a small one, as explained by a Dr. J. Alex Halderman, a security expert present at the hearing:
“I would like to reiterate the substance of the security concerns that I have. We have to be clear that even if the change to the source code is a small one, as Dominion says it is, the process of updating this software requires replacing completely the core of the Dominion software on every BMD.”
Dominion had
submitted the software fix to Pro V&V for evaluation. Again, Pro V&V had recently provided certification testing for Dominion’s Democracy Suite 5.5-C on
April 20 and
June 16, leading to the
July 9 EAC certification but hadn’t caught the software problem at the time.
During the
Oct. 1 Zoom call, Dr. Eric Coomer, director of product strategy and security for Dominion Voting Systems, told the court, it was his belief the software change “was de minimis,” but stated that Dominion didn’t make that determination, but instead “submit that change to an accredited laboratory, in this case, Pro V&V. They analyze the change. They look at the code. And they determine whether it is de minimis or not.”
The official designation of the software being deemed “de minimis” was important, as it would have bearing on the need for complete EAC recertification of the Dominion Systems—something that might require more time than was available ahead of the Nov. 3 presidential election.
If the software change was deemed de minimis, it’s then submitted to the EAC as an engineering change order or “ECO.” As Coomer testified, “So there is no new EAC certification effort. It is simply updating the current certification for this ECO.”
Indeed, on Oct. 2, a
letter from Wendy Owens of Pro V&V was sent, confirming “that this version of the ICX software corrected the issue with displaying of two-column contests.” The letter concluded with a recommendation from Pro V&V that the software change to Dominion’s systems be “deemed as de minimis.”
Pro V&V’s position was formally disputed in an Oct. 3
declaration from Halderman, who stated that the “report makes clear that Pro V&V performed only cursory testing of this new software. The company did not attempt to independently verify the cause of the ballot display problem, nor did it adequately verify that the changes are an effective solution. Pro V&V also appears to have made no effort to test whether the changes create new problems that impact the reliability, accuracy, or security of the BMD system.”
Nevertheless, on Oct. 11, Judge Amy Totenberg issued a ruling (
pdf) in the case, noting that “despite the profound issues raised by the Plaintiffs, the Court cannot jump off the legal edge and potentially trigger major disruption in the legally established state primary process.”
On Dec. 3, during a Georgia Senate Government Oversight Committee
meeting on election fraud, Ryan Germany, counsel for Georgia’s secretary of state’s office, again addressed the issue of the Dominion equipment audit, noting that:
“That’s something we’ve already done. We had an independent voting systems testing lab come in after the election and audit a cross-section of our machines ... What they found was the machines were working exactly properly. The software on the machines is exactly what’s supposed to be on there.”
Germany also stated that Pro V&V goes in to “check the hash value, make sure that it’s what we expect, and it was in every instance.”
But once again, there was no disclosure regarding Pro V&V’s affiliation with Dominion, nor were criticisms of Pro V&V’s work raised, even though Germany had been personally involved in the litigation surrounding Dominion systems and was aware of Pro V&V’s role in providing the crucial “de minimis” determination.
Interestingly, in her
October ruling, Totenberg noted that it was the secretary of state who “retained Pro V&V to perform a review of its newly adopted BMD voting system, as required for EAC certification purposes, for submission to the EAC for approval.”
Totenberg also singled out Jack Cobb, the director of Pro V&V, for criticism,
noting that he “actually claims no specialized knowledge or background in cybersecurity engineering and did not himself perform any security risk analysis of the BMD [Ballot Marking Device] system.”
Totenberg observed that “Cobb indicated he was not familiar with the fact that malware could defeat or disable the hash values – a concern addressed by all of Plaintiffs’ cybersecurity specialists who provided declarations or testimony in this case.“
Finally, Totenberg
pointed out that “the State Defendants did not present any independent cybersecurity expert to directly address the cybersecurity issues and risk vulnerabilities of Dominions’ QR code voting system raised by Plaintiffs.”
Instead, “State Defendants relied on Dr. Coomer’s testimony, to address—based on his professional experience—some of the significant cybersecurity issues raised by Plaintiffs.”