We need to encourage our legislators to support legislation to address the two vulnerabilities pointed out below and legislation to conduct a full forensic audit of the 2020 election in Madison, Shelby, Baldwin, Lee, and Limestone counties. Alabama Secretary of State John Merrill spoke at our county meeting earlier this week. He weaves a very good web of “nothing to see here, move along”.

So far my research into the Alabama election process has revealed two vulnerabilities.

1) While Alabama may have specified in the contract with ESS that the tabulation machines will not have wireless modems, to my knowledge they have never conducted a Physical Configuration Audit (PCA), or any inspection, to verify that the tabulators actually don’t contain modems. You don’t know what’s in the machine until you look.

2) While the process does have a way to verify that the number of paper ballots run through the tabulator matches up to the number of ballots handed out to voters at the precinct, there is no provision in the election process to be able to verify that the by candidate vote count output from the tabulator matches the input into the tabulator from the paper ballots. Recounts are conducted by running the paper ballots through a tabulator, not a hand count of the paper ballot.

We cannot blindly trust the machines. Even "air gapped" computers/electronic machines are vulnerable to being hacked. Remember the Stuxnet virus? It is the reason that the US government does not allow USB drives to be used on their computers.

"Because the computers are air-gapped from the internet, however, they cannot be reached directly by the remote attackers. So the attackers have designed their weapon to spread via infected USB flash drives. To get Stuxnet to its target machines, the attackers first infect computers belonging to five outside companies that are believed to be connected in some way to the nuclear program. The aim is to make each "patient zero" an unwitting carrier who will help spread and transport the weapon on flash drives into the protected facility and the Siemens computers."

https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

Then there's the problem of hardware components that are designed to deceive and contain hard coded backdoors or algorithms like the mysterious missing transformer made in China but never delivered to the customer.

"Sometime in 2019, something extraordinary happened at the Port of Houston. A huge electrical transformer, weighing between 250 and 500 tons, which was destined for the Washington Area Power Administration’s Ault, Colorado substation, was seized by the
Department of Energy and the Department of Homeland Security.
The transformer was taken to the Sandia National Laboratory in Albuquerque, and nothing has been heard of it since then. It would have been a companion to one already in service on the WAPA system.

It is believed that the transformer was grabbed because of fears of “backdoor” electronics which could be activated, or which were timed by its Chinese manufacturer to change the operation and affect the electric grid."

https://www.forbes.com/sites/llewellynking/2021/01/28/how-the-supply-chain-in-heavy-bulk-power-equipment-is-vulnerable-to-undetected-cyberattack