An election integrity expert claimed Friday to have identified a “serious” flaw in Dominion Voting Systems machines – one that will not be fixed before November’s midterm elections.
Sharing his findings in a Twitter thread, J. Alex Halderman, professor of computer science and engineering at the University of Michigan, wrote, “Colleagues and I have found a serious privacy flaw that affects Dominion ICP and ICE ballot scanners. We’ve already informed Dominion, CISA, EAC, and state officials, and we’ve created a site to help officials and the public understand the issue: DVSorder.org.”
According to the website Halderman shared, “DVSorder is a privacy flaw that affects Dominion Voting Systems (DVS) ImageCast Precinct (ICP) and ImageCast Evolution (ICE) ballot scanners, which are used in parts of 21 states. Under some circumstances, the flaw could allow members of the public to identify other peoples’ ballots and learn how they voted.”
Stressing that the alleged vulnerability cannot change votes or modify election results, the website notes that “some voters—especially the most vulnerable in society—may face real or perceived threats of coercion unless the privacy of their votes is strongly protected.”
According to Halderman, while some jurisdictions publish cast-vote records or ballot images, that data is supposed to be shuffled to protect voters’ privacy. The alleged DVSorder flaw, however, allows that data to be unshuffled to reveal the order in which the votes were cast, which could potentially lead to the identification of the individuals who cast them.
Thus far, jurisdictions in 11 states have been identified as having published vulnerable data from recent elections. Those states include, Alaska, Arizona, California, Georgia, Iowa, Michigan, New Jersey, New Mexico, Ohio, Tennessee, and Wisconsin.
Adding to these concerns, Halderman warned that the flaw appears to be present in all versions of Dominion ICP and ICE ballot scanners – including those certified by the U.S. Election Assistance Commission (EAC) – and that it could be exploited in the upcoming midterm elections.
“If we did not make our findings public before the election, jurisdictions would almost certainly publish a large volume of vulnerable data in November,” he noted. “Once released, this data would remain vulnerable in perpetuity, even if the scanners themselves were later patched. Raising the alert now gives election officials time to respond effectively. Our priority is to prevent this flaw from affecting voters in the midterms, which is ultimately the best way to uphold public trust.”
While election officials may have time to update their protocols accordingly, per Halderman, the EAC has advised that Dominion will not be making any software patches to correct the problem until after the November election – at least for federally certified versions of Dominion systems.
Dominion Voting Systems machines and software have faced heightened scrutiny in the wake of the 2020 election, which many believe was rigged. The company has faced several lawsuits over alleged vulnerabilities, including one filed by Fulton County, Pennsylvania, last month, which charged that Dominion’s voting machines were not only insecure but had also created “severe anomalies” in the voting data collected during the presidential election.
However, it is worth noting that concerns over the integrity of U.S. voting machines were raised long before the 2020 election.
For instance, at a 2018 Senate Judiciary Committee hearing, Kamala Harris noted the vulnerabilities of such machines, stating, “I actually held a demonstration for my colleagues here at the Capitol where we brought in folks who, before our eyes, hacked election machines.”
Needless to say, with the midterm elections just weeks away, reports of an alleged flaw that could expose millions of voters to political persecution are not going to bolster Americans’ already dwindling faith in the integrity of their elections.