Scott County has purchased all-new election equipment and software for the upcoming, highly contentious 2024 election. It is fair to say that the purchase was fast-tracked in 2023 with approval by the Scott County Board of Supervisors, even though relevant concerns and questions from the public were not addressed, let alone satisfied.
Below are questions for the current Scott County Auditor Kerri Tompkins about election equipment, software, Internet capacity, and election processes as they relate to safe and secure elections. The questions have been categorized and distilled to facilitate the public's understanding of the gravitas of the potential vulnerabilities with electronic election equipment and software that include Internet capabilities.
With appreciation for County efforts, and in the spirit of cooperation and election education for Scott Countians, the Reader will publish the responses to the questions below in the next issue, scheduled for publication prior to the November 5 election.
VOTER ROLL CLEANUP
* Do Iowa county auditors each maintain independent voter registration rolls outside of what they send the SOS?
* What is the Scott County Auditor’s internal process for updating and cleaning its voter registration roll?
* Why don't known “Cancels” migrate off the voter registration roll at the time of notification?
* What is the protocol(s)/steps for making changes to the voter registration roll(s), and how often are the changes forwarded to the state for updating?
* What is the process for verifying that the two databases, State and County, reconcile/match?
CAST VOTE RECORD
* Do you generate a Cast Vote Record (CVR) for the county’s records?
* Are there two definitions of a Cast Vote Record (CVR), and if yes, please explain the difference?
* Are you allowed to review the Cast Vote Record (CVR) created internally, without ES&S' permission and/or oversight?
* According to Election Guidelines (EAC.gov), election equipment is required to produce a Cast Vote Record (CVR) of the election. You claim you do not do this after Scott County elections. Why?
* Is our election equipment capable of producing a Cast Vote Record (CVR), meaning an historical account of the votes cast in the election, especially in case an audit or recount is necessary?
* If you don't produce a CVR, either by choice or because the equipment does not have the capability, does this mean the County is out of compliance with the certification rules for election equipment?
* If the election equipment does not produce a CVR of the election, how do you actually comply with this requirement?
* Do you retain each election database once it is closed and certified, including the vote history (defined as the Cast Vote Record in most states) for 24 months as required by Iowa law?
THUMB DRIVES
* Once the election closes, thumb drives are removed from each tabulator and sealed along with the tally sheets from the same tabulators, then transported to you for transmission via a secure dedicated computer. Exactly where do you transmit the contents of these thumb drives?
* Do you retain physical possession of these same thumb drives once their contents are transmitted?
* Who provides these thumb drives to you?
* Do these thumb drives install specific programs resident on these thumb drives when inserted into the tabulators?
* Are you able to open and review the programs that come resident on the thumb drives before or after inserting them into the tabulators and/or installing them?
* What specific programs run after voting is over, but before the election is closed and the thumb drive is removed on each tabulator?
* Are the ballots printed by the tabulator vendor, in this case ES&S?
* If not, who prints Scott County's ballots?
* Who owns the the thumb drives, and who owns the data that is collected and recorded to the thumb drives throughout the election?
SCYTL
* Why do you upload the county's election results (each precinct's election totals) to a third party private vendor, Scytl, headquartered in Barcelona, Spain, instead of sending directly to Iowa's Secretary of State?
* What exactly does Scytl do with the County's election results before passing along to the SoS and Edison for media distribution that you as Auditor or the SoS cannot do?
* As Scott County Auditor, how do you verify that the Scott County totals SYTL receives electronically, and eventually passes on to the SoS and to Edison (who reports results to media), matches precisely what is on Scott County's thumb drives both individually and aggregately?
Scytl Election Technologies, headquartered in Barcelona, Spain, is currently owned by Comitia MSG, an Argentina corporation, touting Scytl's InVote Election Technology Platform that specializes in online and mail-in voting. Big surprise online voting emerges as the real hidden agenda behind the federal creep into state and local elections. Make no mistake, our federal government, in cooperation with global leaders, are serious in the extreme to gain administrative control over US and global elections.
Neither blue or red states, including most U.S. counties, appear adverse to this federal usurpation. Bureaucracies that usurp together stay together, so its up to the American people to reclaim constitutional dominion (pun intended) collectively over elections and individually over our own votes. Politicians are lost to us, evidenced by the inexcusable unrelenting resistance by both political parties' participants to any meaningful election reforms that advantage the interests of the people over those of the government, whether elected, appointed, or career bureaucrats.
ALBERT SENSORS
Counties do not have access to the data that Albert Sensors are collecting. Center for Internet Security (CIS), a private non-governmental organization (NGO) that is contracted by the Department of Homeland Security’s (DHS) Cybersecurity Infrastructure Security Agency (CISA) in a private-public partnership to monitor U.S. elections for illicit activity by bad actors both foreign and domestic. And to establish a management model for election-related “Misinformation,” strategically-therefore-broadly redefined by DHS as a potential domestic threat. CIS oversees election cyber protection, Albert Sensors, that monitor county election system networks' bidirectional traffic to detect and report breaches (unwanted activity) of election system components that are connected to the Internet.
Which begs the question: Which components if our election systems do not have WiFi capabilities? In other words, protection only extends to network components connected to the Internet or with Internet connectivity capability? Huh, pretty sure we have been told repeatedly our election systems are not connected to the Internet. So what is CIS and its Albert Sensors protecting?
* Can the Albert Sensors access the voter registration databases, poll books, tabulators, or any other part of the election system network before, during, or after elections?
Until this year, during an election, a county’s Voter Registration Roll (data) was installed on each precinct’s master poll book. This master poll book was hardwired using a local LAN network to subordinate processing poll books used to check-in and verify voters, confirm eligibility to vote in that precinct, and to issue them ballots. Each transaction via all the poll books was simultaneously recorded in the master poll book database, updating that precinct's voter registration information, including ballot issuance for cast vote records et al, all of which is eventually merged with the County’s entire Voter Registration Roll (database) using a dedicated computer for security.
All the precincts report their results to the County Auditor, results stored and transported via a secure sealed thumb drive taken from each precinct's tabulators containing all the ballot images and vote totals, then hand delivered by a Sheriff’s Deputy as a Chain of Custody measure. The contents of the thumb drives are uploaded to the Secretary of State using dedicated air-gapped computers for the secure transfers of election results/data. At no time during the election were the master poll books or the secondary processing poll books permitted WiFi connectivity to the Internet, thereby securing election data from manipulation or other nefarious purposes. At least that is what the public has believed for decades.
But What About Bluetooth?
As of 2024, Scott County Auditor Kerri Tompkins fast-tracked a purchase, early in a general election year, of Tenex election equipment and software, including new election management software, spending some $480,000 amidst reasonable objections from the public concerning the wisdom, the price tag, the security of election equipment that did not appear properly vetted, and installed for first-time use during a highly contentious election amid much controversy and public mistrust of fair and secure election equipment and processes.
Instead of aggregate election systems internally protected by a closed LAN network with no outside access possible, Tenex uploads the entire County’s Registration database and stores it on the cloud (Amazon Cloud services to be specific), requiring WiFi for Internet connectivity be installed on all the new iPad poll books in order to access the Scott County Voter Registration Roll (database ) during elections that contains its 63 individual precincts.
This means that all traffic to and from the Cloud relative to county-wide election data (all 63 precincts in Scott County) is exposed to cyberthreats, potentially resulting in election interference, including voter rolls, poll book, tabulation, and printer manipulation, and potential theft, rendering elections arguably far more vulnerable than with traditional LAN networking and old fashioned paper ballots.
Obviously, this means that the Albert sensors have access to the Iowa’s entire state-wide voter registration rolls (databases), and to those specific county’s voter registration rolls (databases) who contract with CIS. It is important to note that Albert Sensors are not strictly limited to monitoring elections, other county computer networks are eligible for monitoring by Albert Sensors.
CIS acknowledges it collects data via Albert Sensors from every computer network interface in both directions of the networks' devices it is monitoring, compresses and encrypts it all, then analyzes it. CIS also claims it does not see any of the data, nor listen to it, or even know what data is captured by the Albert Sensors. The Albert Sensors run the data collected through its own databases of known bad actors and compares it to the counties' sources of data, looking for matches. If found, it alerts the county to the potential issue(s).
That said, it is still a departure from at least the spirit of traditional law for a private non-profit entity (CIS) to monitor state and county elections, let alone prohibit the public from seeing what it collects, how it is identifies specific threats, or disclosing whether it shares what it collects with others, and/or whether it has additional capabilities not disclosed.
* Does CIS share the data it collects with other governmental entities, such as CISA or other DHS departments, or other government agencies, or other NGOs or private enterprises?
* If yes, with whom and for what specific purpose(s)?
* If no, how do you know it strictly confines itself to data collected during disclosed monitoring when you, as election officials serving your voting constituency at large, are denied access to your own county/state dashboard for scrutiny?
This lack of transparency is evidenced in various contract provisions, such as counties having no access to the specific dashboards monitoring their own computer networks showing what data the Albert Sensors are collecting and perhaps even sharing.
* Why is this lack of transparency acceptable to you, and why should it be acceptable to voters in Scott County?
The deliberate opaqueness of these operations is disconcerting, and perhaps even Constitutionally violative, considering elections are mostly the jurisdiction of the American people at the state and local levels. Any federal jurisdiction is minimal and exists strictly for federal elections, which represent a significantly smaller portion of elections nationwide. Otherwise, there is no constitutional authority for this veiled intrusion that using a private and distinctly partisan NGO will cure.
Keep in mind that no executive order, legislative action, or judicial ruling can violate Americans' constitutionally protected rights. Elections are the people's domain, albeit usurped by the two privately held political parties for decades. These two bully clubs have irreparably subverted our Republic's political process, reducing it to a mere facsimile of representative democracy. Americans face the harsh objective truth (yes, objective truth still exists) that we the people are no longer even marginally represented by the political pretenders we stubbornly, blindly continue to elect based almost entirely on whether they have an R or a D behind their name. And to a man and women, most serve with epically decreasing merit. “We get the government we deserve” fits like a glove in the 21st Century.