Allegations of Election Irregularities by Gregory Stenstrom of Marque Star


Today I discovered this blog, and this thread discussing the voting machine situation in PA as I was searching for some information.

I don't even know if this is an active thread anymore, but the discussions got my attention. I'll go back to read the thread again in more detail when I have more time - but I wanted to mention a few things that caught my attention.....some of these are probably very well known to those of you who have been posting on this topic.

One of the biggest issues, if not the biggest issue/concern in the Cybersecurity world these days (for quite a few years in fact) is the issue of the 'insider threat'....the possibility that a trusted insider can cause damage, steal data/information, sabotage a system, etc, etc. This risk potential is very real, and I've personally been involved in investigating more than a few situations involving insider threat and mission critical systems. In quite a few of those situations I was the person leading the investigation. Electronic voting systems are defined as mission critical systems.

There are a few things that jumped out at me when I read Gregory Stenstrom's affidavit. The situation he's describing has insider threat potential written all over it.

First, removable USB devices (vDrives, USB cards, memory sticks, whatever you want to call them) were being moved/transported without at least two people being involved. This is unacceptable in this application scenario.

Second, the transportation of the removable USB devices appears to have taken place without using control mechanisms including placing the USB device(s) in a dedicated, secure transport container. Again, this is unacceptable in this type of application scenario.

Given the importance of the function performed by the voting systems, both of these activities present an immediate high concern for insider threat risk potential. Since I don't know what the defined process is in either PA or any of the counties in the state, I don't know what the 'rules' are for this activity. If the defined process(es) allows this to happen, then that is a separate problem.

Third, allowing one person to connect a removable USB device to an operational system of this significance, by themselves, and without following a strict written verifiable checklist process, is a huge problem. This is immensely unacceptable in this type of scenario.

Based on my experience in a wide range of application areas, without using 2 person integrity when it comes to USB based removable devices/media in this specific type of application scenario, the entire process/operation used here is considered invalid, unreliable, and not secure. In other words, it presents unacceptable risk and the integrity of the operation(s)/task(s) being performed can not be trusted.

Most importantly, the lack of diligent use of chain of custody forms and processes associated with the use of removable media is a huge no-no in a system/application such as this one. This means the entire process and any data associated with it can not be trusted. No exceptions.

Without the use of rigorous, industry best practices when it comes to using removable USB devices on a mission critical system means there is no way to verify data integrity, nor is there any way to perform a forensically sound audit (which must include chain of custody forms and documented processes). This can't be over-emphasized.

Based on Mr. Stenstrom's affidavit, none of the data associated with these voting machines can be trusted, and all of it needs to be discarded.

Also, regarding the comments/discussion about making a hard drive image - unless the law enforcement authorities on the scene were provided the authority (and the appropriate training) to make a decision as to whether a potential crime had been committed and were also empowered to make a decision to 'seize' the machines which would then allow a specially trained team come in to perform the forensic data acquisition, then there's nothing they were really able to do under the circumstances.

The generalized term Mr. Stentstrom didn't use in his discussion is 'forensic write blocker', commonly referred to as just a 'write blocker'. There are both software and hardware based write blockers. For situations 'in the field' such as this scenario with voting machines, a hardware write blocker device is typically what I would expect be used if someone were to perform an acquisition and analysis on the scene. These days, it is not unusual for computer systems to remain powered up during some part of the forensic process, because the operating system or other application software will often change data, settings, or software configuration information when a system is shut down. It all depends on the scenario.

One thing I haven't seen reported in the news media (any media, mainstream or otherwise) is mention of the fact there are currently no mandatory national standards for the voting process, and no mandatory national (cybersecurity) standards for electronic voting machines. This means each state is responsible for making their own laws regarding how voting will be performed, and defining their own standards regarding whether they will accept the 'suitability' of an electronic voting machine and allow it to be used in their state.

In my personal opinion if the U.S. Congress were doing their collective job, they would have addressed this years ago....because it has come up before, more than once.
I'll go back to read the thread again in more detail when I have more time
That is a good idea.

The greatest insider threat originating from electronic voting systems is corruption from inside the company producing these machines. Imagine some software bomb, dormant until a specific date, that could awaken and modify votes as they're being cast? Because this threat is very real, there has long been a push by security researchers to move away from "paperless" voting and provide paper trails for everything. That is why every modern voting system, even if it has computerized ballot entry, provides a paper ballot that can be counted.

In the process of canvassing a vote, these paper trails are audited: every voting machine used in a polling place has printed its vote results on paper before it was shut down on election night. Every machine also has the count and images of the ballots stored on a memory locked inside the machine. When you say that "this means the entire process and any data associated with it can not be trusted", you are unfortunately ignorant of this process. There is a reason why the first counts are provisional; certification involves auditing all these safeguards.

In addition, the vDrives in question are digitally signed by the tabulating machines. To modify the data on these vDrives, you either need access to the device that created the data--and if you have that, you can just have it write false data in the first place, you then don't need custody of the vDrives--, or break the encryption.

We also don't have evidence that these vDrives were ever handled alone: Stenstrom's testimony is itself evidence that the warehouse supervisor was being observed--Stenstrom, for one, observed him, and even took photographs.

But the final fact is that the electronic vote counts were canvassed and certified at their preliminary values, which means the paper audits confirmed that the electronic data was not tampered with. That's where the trust in the vote comes from.

I thank you for confirming my ideas about the hard drive images, and about Stanstrom not using current terminology.

I agree with you on federal election security standards; I've mentioned this elsewhere on this site.

Election security has become a point of contention during the Trump era. House Democrats have passed several election-related bills, including a sweeping ethics and election reform measure, but they've hit a wall in the GOP-controlled Senate.
But from what I've learned, Pennsylvania is operating to a high standard. I don't think the lack of federal standards was an issue that affected this election in Pennsylvania; and it's off-topic to this thread.