This is a multi-part investigation into the security of American elections. Readers should know my voting registration is “no party preference.” I do not and have not voted for Democrats or Republicans at any level of local, state, or federal government. I vote only for Green Party and independent candidates.
My interest in promoting election security should not be mistaken for an argument Trump lost the 2020 election due to a rigged vote. I do not know whether the 2020 election result was fraudulent or not. I do know, however, that U.S. elections are not as secure as they should be, as this investigation will show.
See Part 1: History of the election services market, which established the following facts:
The first hack of an American election was in San Fransisco in 1906, two years after voting machines were introduced in the U.S. in 1904.
Sequoia Voting Systems sold the infamously faulty punch cards used during the 2000 U.S. election, which resulted in the “hanging chad” scandal that motivated the shift to electronic voting machines in U.S. elections.
Venezuelan national Antonia Mugica pivoted Smartmatic Corporation into the voting machine industry in 2000 in response to the hanging chad scandal.
Smartmatic’s 2005 contract with the state of Michigan stated, “Sequoia Voting Systems Support staff is supplemented by Smartmatic Corporation who have successfully worked with Sequoia staff in many large elections in 2002.” (Emphasis added.)
The first use of Smartmatic’s voting machines in an election was the 2004 Venezuela recall President of Hugo Chávez.
Smartmatic Corporation restructured as the London-based Smartmatic International. In 2005, Smartmatic Intl. purchased Sequoia only to sell the same in 2007 following an investigation by the Treasury Department’s Committee on Foreign Investment in the United States (“CFIUS”) and public pressure from Congresswoman Carolyn Maloney.
According to Edward M. Burke, Chairman of the Chicago City Council Committee on Finance to Langdon D. Neal and Chairman of the Chicago Board of Election Commissioners, Smartmatic’s sale of Sequoia appeared to be a “sham transaction designed to fool regulators.”
Dominion Voting Systems acquired Sequoia on June 4th, 2010. In 2013, Dominion’s pitch to the state of Colorado advertised their systems engineer, Venezuelan national Ronald Morales, worked for Smartmatic during the 2004 election and was responsible for developing Sequoia’s legacy systems at Dominion.
In 2014, Mugica appointed Lord Marc Malloch-Brown to become the chairman of the board of directors of SGO corporation, a holding company based in London that owned Smartmatic International. Malloch-Brown led observers from the United Nations Development Programme to supervise the collection of signatures for the 2004 Venezuela recall election.
See also Part II: Expert criticism of voting machines and internet voting, which proved:
There is an overwhelming consensus among experts that voting machines and internet voting systems can be hacked to change the result of an election.
The voting machines used in real U.S. elections have significant security vulnerabilities that can result in widespread vote manipulation.
There remain serious gaps in America’s election security infrastructure today.
“I do not think we should have pushed for an election in the Palestinian territories. I think that was a big mistake. And if we were going to push for an election, then we should have made sure that we did something to determine who was going to win.”
— Senator Hillary Clinton, in private remarks to the Jewish Press, September 5th, 2006.
(Emphasis added.)
Venezuela 2004 Recall Referendum
Background
Hugo Chávez was a career military officer in Venezuela. He founded the Revolutionary Bolivarian Movement-200 paramilitary group, which he led in 1992 in an unsuccessful coup against then President of Venezuela Carlos Andrés Pérez. Chávez received a prison sentence for the attempted coup but was pardoned two years later. Following his pardon, Chávez founded a political party called the Fifth Republic Movement. Chávez was elected President of Venezuela in 1998 with 56.2 percent of the vote.
Chávez backed the creation of the Constitution of the Bolivarian Republic of Venezuela in 1999, which replaced Venezuela’s 1961 Constitution. Articles 72 and 233 of the 1999 Constitution created a mechanism to replace elected officials, including the President, before the end of their term. Under the mechanism, a recall referendum is triggered by collecting signatures from 20 percent of the electorate.
At the time, 2.4 million signatures were required to trigger a recall referendum. In August 2003, Súmate (“Join Up”) presented 3.2 million signatures in support of recalling Chávez. However, the Venezuela’s National Electoral Council (“CNE”) rejected the signatures for being collected prematurely, before the midpoint in Chávez’s first term. A second slate of 3.6 million signatures was presented in November 2003. However, the CNE again rejected the petition on the basis 1.1 million signatures were of questionable authenticity and 460,000 signatures were invalid. The decision to reject the recall petition for a second time led to riots. Although the Venezuela Supreme Court reinstated over 800,000 disputed signatures, the Constitutional chamber of the same Court overturned the Electoral chamber’s decision because the latter did not have jurisdiction for its ruling.
Thereafter, the Chávez government began collecting signatures itself, which signatures were then posted online in an apparent act of intimidation. The government allegedly dismissed signatories of the recall petition from government positions, as well as jobs at state oil and water companies, and hospitals. Nevertheless, the CNE eventually collected more than the 2.4 million signatures necessary to trigger a recall. The referendum went ahead on August 15, 2004, despite the Chávez government's claim the opposition used forged ID cards to reach the signature threshold for a recall.
70 percent of the electorate turned out to vote in the referendum. Chávez won with official results claiming 59 percent of voters supported his presidency. He would go on to be elected two more times with official majorities of 62.8 percent in 2006 and 55.1 percent in 2012, before dying in office on March 5th, 2013.
The 2004 recall referendum was the first use of Smartmatic’s voting machines in an election.
Evidence For and Against Fraud
Exit Polls
Primero Justicia (“Justice First”), a centre-right political party, conducted an exit poll, which found 60.5 percent of voters supported Chávez’s recall. Coordinador Democrática (“Democratic Coordinator”), an umbrella group of Venezuelan political parties and organizations opposed to Chávez, commissioned a second exit poll by American firm Penn, Schoen & Berland. Volunteers from Súmate conducted the second poll, which collected responses from 20,000 voters, giving the poll a very small sampling error. The Súmate poll showed 59 percent of respondents voted to recall Chávez, the opposite result of official results. Based on the poll, Schoen stated, “I think [the referendum result] was a massive fraud.”
The results from the Súmate poll were illegally leaked to Venezuelan media while voting was still ongoing. Former President of the United States Jimmy Carter claimed Súmate “deliberately distributed this erroneous exit poll data in order to build up, not only the expectation of victory, but also to influence the people still standing in line.” After winning the referendum, Chávez branded the leaders of Súmate as conspirators backed by the U.S. government and charged members of the group with treason. The basis of the charge was a $53,400 grant from the National Endowment for Democracy. (NED is widely considered to be a “second CIA.” NED cofounder Allen Winstein said, “A lot of what we do today was done covertly 25 years ago by the CIA.”)
Shortly after the referendum, Jennifer McCoy, Carter Center Director for the Americas, said, “We found a variation of only 0.1 percent between the paper receipts and the electronic results [in an audit of voting centers]. This could be explained by voters putting the slips in the wrong ballot box.” Carter himself said, “We have no reason to doubt the integrity of the electoral system or the accuracy of the referendum results. There is no evidence of fraud, and any allegations of fraud are completely unwarranted.”
Statistical Analyses
Súmate responded to criticism of their exit poll by asking Professors Ricardo Hausmann (Harvard) and Roberto Rigobón (MIT) to perform a statistical analysis of how fraud could have occurred in the referendum. (Hausmann & Rigobón, 2004.) (Original paper in English; Spanish translation.) The analysis compared official results from 340 electoral centers, with the number of signatures collected by the opposition the year prior, and both exit polls. Hausmann and Rigobón concluded there was a 99 percent probability of fraud in the recall referendum. Responding to McCoy’s argument the paper trail matched electronic results, Hausmann claimed CNE conducted audits at voting stations that were neither representative of the general population nor randomly selected. Hausmann argued CNE chose voting stations from electoral centers where the vote was not manipulated, so that the audit would not detect any irregularities.
The Center for Economic Policy and Research (“CEPR”) criticized Hausmann and Rigobón’s analysis. (Weisbrot, Rosnick & Tucker, 2004.) CEPR’s report found the probability of the 150 audited voting centers reporting 59 percent against recall, if the true result was actually 59 percent in favor, was less than one in 28 billion trillion (1 to 28,000,000,000,000,000,000,000.) The CEPR paper addressed Hausmann’s argument the 150 polling centers were not randomly selected by pointing out the sample “was chosen in front of a live television audience, as well as the international observers from the Carter Center, the Organization of American States, and another group of European observers.”
The CNE requested a group of university professors to develop a sample generation program for the 2nd audit. The program is written in Pascal for the Delphi environment.
The program receives a 1 to 8 digit seed. The CNE delivered to the international observers the source code, the executable code, the input file, and the sample. Carter Center experts analyzed the program and concluded:
The program generates exactly the same sample given the same seed.
The program generates a different sample given a different seed.
The program generates a sample of voting stations (mesas) based on the universe of mesas that have voting machines.
The source code delivered produces the executable file delivered.
The input file used to generate the sample is missing only six of 8,147 voting stations (mesas). The input file has one missing voting center.
The program, when run enough times, includes each mesa (voting station) in the sample, and the number of times a given mesa is included in a sample is evenly distributed, indicating the sample generation program is random.
The sample generation program was run 1,020 times. With no exception all of the 8,141 mesas appeared at least 14 times in a sample. Not a single mesa was excluded from the sample in the test run.
The Carter Center therefore concluded that:
“The sample drawing program used Aug. 18 to generate the 2nd audit sample generated a random sample from the universe of all mesas (voting stations) with automated voting machines. The sample was not drawn from a group of preselected mesas.”
The CEPR report concluded “the theory of electronic fraud put forth by Hausmann and Rigobón, and supported by others in Venezuela, appears to be logistically impossible.” Similarly, the Carter Center’s 2005 report into the referendum concluded “none of the reports examined present evidence that there was significant fraud[.]” However, Dr. Tulio Alvarez, an independent observer of the referendum and subject matter expert in the relationship between the CNE and Smartmatic, described the center’s finding as “insufficient, superficial, and irresponsible.” In response to the criticism and continued allegations of fraud in the 2004 Venezuela election, the Carter Center released a 2010 report reaffirming the center’s earlier finding the election was free and fair.
Both Hausmann & Rigobón (2004) and Weisbrot, Rosnick & Tucker (2004) self-published and, as such, neither paper was subject to peer-review by an academic journal. In 2012, Hausmann and Rigobón responded to criticism of their 2004 paper in Statistical Science, a peer-reviewed paper edited by the Institute of Mathematical Sciences. (Hausmann & Rigobón, 2012.) In their 2012 analysis, Hausmann and Rigobón reiterated their 2004 conclusion that “the statistical evidence is compatible with the occurrence of fraud that has affected every machine in a single precinct, but differentially more in some precincts than others.” The analysis concluded the election data was “compatible with the hypothesis that the sample for the audit was chosen only among those precincts whose results had not been altered.” (Although Hausmann and Rigobón do not explain how CNE might have manipulated the selection of voting centers to audit, the possibility remains CNE provided altered source code to independent observers for verification. There is no evidence in the historical or academic record the code supplied for independent verification was in fact the same code that selected voting centers for audit in front of a live audience.)
Other researchers have published peer-reviewed research demonstrating both audits of the 2004 referendum are “not only ineffective but a source of suspicion.” (Delfino & Salas, 2011.) The same-day “hot audit” of election machines was not random, according to Delfino and Salas.
The CNE assured the Venezuelan citizens that the voting ma- chines had to accurately reflect the voters intention, because a sample of 192 machines (1% of them) would be randomly selected and audited the same day of the referendum. This is indeed a valid way of eliminating suspicion, as long as the selection is a truly random sample of all the voting machines.
The day of the referendum, the CNE informed the public that because of logistical reasons, the sam- ple would be taken from a restricted universe of 20 counties located in urban areas, leaving out of the audit more than 300 counties. With this decision, confidence in the results was adversely affected to say the least.
The computerized voting centers inside and out- side of the 20 counties, to which the hot-audit universe was reduced, are shown in Figure 12. It is clear that these 20 counties are not representative of all the computerized voting centers.
Furthermore, out of 192 centers selected for hot audit, only 26 were actually audited in the presence of witnesses representing the opposition and the international observers. The following excerpt from the Carter Center Comprehensive [2005] Report is very illustrative:
“Auditors, table members, and military per- sonnel were not properly informed that the audit would occur nor were they clear about the procedure to be followed. The instructions themselves did not clearly call for a separate tally of the Yes and No votes, and in some centers, the auditors only counted the total number of voters.”
[. . .]
“Nevertheless, Carter Center observers were able to witness six auditing processes. In only one of the six auditing sites observed by The Carter Center did the paper ballot receipt counting actually occur. In this place, the auditing was conducted by the mesa president, and the recount of the ballots produced exactly the same result as the acta printed by the voting machine. In the rest of the sites observed, the auditor appointed by the CNE did not allow the opening of the ballot box, explaining his/her instructions did not include the counting of the Yes and No ballots from multiple machines.”
“There were also complaints of military deny- ing access to voting centers where audits were being conducted. Carter Center ob- servers could not confirm this claim. [. . .] The CNE provided The Carter Center with copies of the audit reports of 25 centers. It was clear from the forms that the au- dit was not carried out in many places because the fields in the form were left empty, there were no signatures of pro- government or opposition witnesses, etc. The forms were poorly filled out, clearly showing inadequate training. The instructions issued by the CNE to the auditors were either incomplete or unclear. This is a direct consequence of issuing the audit regulation three days before the election.”
The same-day “[a]uditing [of voting machines in] only 26 centers out of 192 selected centers, is basically a cancellation of the auditing process.” The researchers concluded the audit of 27 centers was not a random sample and the chances of the hot audit returning the official results was one in 50 million.
Delfino and Salas also criticize the “cold audit” made three days after the referendum. “The audited entity itself [CNE] cannot select centers to be audited. According to the OAS/Carter report, ‘The sample was generated by CNE staff’ on its own computer using its own software.” Additionally, “[t]he control mechanisms that had been implemented to certify that the samples were unaltered was not used.” Further, although the selection of centers to audit was broadcast on live television, “the results were not shown.”
Delifno and Salas conclude “the official sí results in computerized centers seem to behave in an excessively linear fashion relative to the number of signatures in support of the [recall referendum] in each voting center”; “[t]he official sí results in computerized centers are surprising given the results of the 1998 elections in those same centers”; and “[t]he percentage of votes for the opposition seem to be too highly correlated with [ ] the relative number of signatures in a voting center, in particular in those centers were [the relative number of signatures] was small.” “While none of this constitutes proof of tampering, we believe that our analyses of some of the data collected in association with the recall referendum cast some doubt about the accuracy of the official results.”
Other peer-reviewed research concluded there are discrepancies between the official results and exit polls. (See Prado and Sansó, 2011.) Multiple other researchers concluded, based on statistical analysis, that the recall referendum was fraudulent. (See also Cordero & Márquez (2006); see generally “Special Section: Revisiting the 2004 Venezuelan Referendum,” Statistical Science, 26(4), November 2011.)
Therefore, the weight of statistical evidence suggests, first, that the Carter Center’s conclusion the recall referendum was free and fair is inconclusive, because the conclusion was based on inadequate observational data of only one voting center; and, second, that multiple independent researchers have concluded the two audits of the referendum were inadequate and/or the official results were fraudulent.
The Downs Memo 2006
Robert Downs, a U.S. intelligence officer in Caracas, wrote a CONFIDENTIAL memo to the U.S. Secretary of State and various embassies, on July 10, 2006. The memo analyzed allegations of fraud by Smartmatic and Chávez in the 2004 Venezuela election.
The Venezuelan-owned Smartmatic Corporation is a riddle both in ownership and operation, complicated by the fact that its machines have overseen several landslide (and contested) victories by President Hugo Chávez and his supporters. The electronic voting company went from a small technology startup to a market player in just a few years, catapulted by its participation in the August 2004 recall referendum. Smartmatic has claimed to be of U.S. origin, but its true owners -- probably elite Venezuelans of several political strains -- remain hidden behind a web of holding companies in the Netherlands and Barbados. The Smartmatic machines used in Venezuela are widely suspected of, though never proven conclusively to be, susceptible to fraud. The company is thought to be backing out of Venezuelan electoral events, focusing now on other parts of world, including the United States via its subsidiary, Sequoia [Voting Systems].
Downs claims Smartmatic’s rise was based on political favor in suspicious circumstances. The company did not have a marketable offering at the time it secured the contract to make the machines for the 2004 election. ES&S and Indra, a Spanish election services provider, supplied election systems to Venezuela up until 2003. Then, “when the new pro-Chávez CNE [national elections council] was named in September, 2003, it immediately set out to replace all existing systems.” The 2004 referendum was not even scheduled at this time, yet Chávez declared the bid process to be an emergency so the CNE could bypass normal procedures and close with Smartmatic. The Chávez government paid Smartmatic $128m for 20,000 voting machines (reengineered from old lottery machines), which Smartmatic had yet to make and despite the fact Smartmatic had no electoral experience to justify landing such a large contract.
In addition to the corruption issue, according to Downs, there was strong circumstantial evidence of fraud in the election itself. Downs notes eight contemporary statistical analyses of exit polls, signatures, drives, and previous election results, which all found evidence of fraud in the referendum. A study based on the CANTV network data log proved “the Smartmatic machines were bi-directional and in fact showed irregularities in how they reported their results to the CNE central server during the referendum.” (“Bi-directional” means the voting machines were not only sending information to a central server, but also receiving information back from the server.) “The most suspicious data point in the Smartmatic system was that the machines contacted the server before printing their results, providing the opportunity, at least, to change the results and defeat the rudimentary checks set up by international observation missions.” (Emphasis added.)
Downs notes that, before the 2006 election in October 2005, Smarmatic paid then CNE President Jorge Rodriguez’s bill at an exclusive resort in Boca Raton after showing him an unspecified electoral system Smartmatic was developing, most likely the voting machine used in the 2004 recall referendum. Downs says there were “subsequent, unconfirmed rumors” that Rodriguez lobbied for Smartmatic in other countries. A few months prior, in March, Smarmatic had entered the U.S. market by acquiring Sequoia.
Downs continues by observing that, apart from CEO Anthony Mugica, the only other known owners of Smartmatic were Mugica’s co-founders, CFO Alfred Anzola and President Roger Pinate. According to Mugica, about 30 other owners of Smartmatic remain anonymous. Anzola’s father-in-law, Jose Antonio Herrara, was the first cousin of then-Ambassador to the U.S. Bernardo Alvarez. Herrera told U.S. intelligence in 2004 the silent partners were mainly upper class Venezuelans who supported Chávez, which seems to be the basis for Downs’s conclusion the ownership of Smartmatic is concentrated among elite Venezuelans.
The Bonifaz Report 2008
John Bonifaz, co-founder of Free Speech for People and founder of the National Voting Rights Institute, served as lead counsel for a coalition of US soldiers, parents of American soldiers, and members of Congress in John Doe I v. President Bush, a constitutional challenge to President Bush's authority to wage war against Iraq absent a congressional declaration of war or equivalent action. In 2008, Bonifaz turned his attention to election security, authoring a report on Sequoia and Smartmatic’s links to the Chávez government, which he submitted to the National Institute of Standards and Technology at the Department of Commerce. The report frames the issue of election vulnerability within the penumbra of U.S. national security.
U.S. national security is potentially at risk because software used to count votes in 20% of the country during U.S. elections is owned and controlled by a Venezuelan-run company with ties to the Venezuelan government of Hugo Chávez,1 which has been described as “the foremost meddler in foreign elections in the Western hemisphere.”2 Foreign-owned and foreign-run Smartmatic’s control over vote- counting software used in the voting machines of Sequoia Voting Systems, Inc. (“Sequoia” or “SVS”) presents a potential national security risk now just as it did in 2006 when the U.S. Committee on Foreign Investment in the United States (“CFIUS”) opened an investigation of Smartmatic’s ownership of Sequoia.3
The Bonifaz report continues.
Sequoia voting machine software poses serious risks of tampering. Princeton Professor of Computer Science, Andrew Appel, testified as an expert in litigation in New Jersey involving the Sequoia Advantage voting machines that “[i]t’s very easy to replace the software inside a computerized machine so it tells the voter it is voting for one candidate but really puts the vote in the wrong column,” and “You can even program it to do that only on election day.”4 Later this year as part of the same litigation, Professors Edward Felton and Andrew Appel of Princeton University will examine Sequoia Advantage voting machine software to determine why the voting machines registered ghost voters in the 2008 presidential primary election in New Jersey.5
In 2007, the California Secretary of State decertified use of the Sequoia AVC Edge voting machines in that state. In doing so, the Secretary reported that independent experts found that the software in Sequoia voting machines could be made to “shift[] votes from one candidate to another and [the shift] was not detectable on the voter verifiable paper audit trail (VVPAT).”6
(Emphases added.)
Bonifaz highlights other findings from California’s top-to-bottom review of Sequoia voting machines, which:
“[A]llow the insertion of a Trojan program via a malicious USB removable storage media device that could modify ballot definitions and results[.]”7
Are “designed to conduct Logic and Accuracy testing in a mode distinct from Election Day mode, which enables malicious firmware . . . to avoid operating in an incorrect manner while in testing mode.”8
Contain “a shell-like scripting language in the firmware . . . that could be coerced into performing malicious actions, in apparent violation of 2002 Voting System Standards . . . [and that] includes, among others, a command to set the protective counter of the machine . . .; a command that can be used to overwrite . . . the system firmware or audit trail; and a command to reboot the machine at will.”9
Permit “corrupted or malicious data injected into removable media . . . with potentially serious consequences including alteration of recorded votes, adding false results, and, under some conditions, causing damage to the election management system when the corrupted or malicious data is loaded for vote counting.”10
All of these software bugs — or features — in Sequoia’s machines were designed by Smartmatic personnel, according to Jack Blaine, then President and CEO of both companies.11 After framing Sequoia’s relationship with Smartmatic as merely historical, Blaine lied to the city of Chicago’s Board of Election Commissioners in a letter dated March 7th, 2008, stating that “Smartmatic has no ownership, control, and operational rights of any kind in Sequoia.” (Emphasis added.) However, a letter opinion from the Court of Chancery in Delaware, dated March 31st, 2008, revealed Smartmatic still controlled intellectual property rights to software used on Sequoia’s machines. (“Hart [InterCivic] promises not to compete with Smartmatic in Latin America, the Philippines, and Belgium. In return, Smartmatic promises to grant Hart a license to use its intellectual property found in Sequoia’s machines.”) (Emphasis added.) Sequoia was so dependent on Smartmatic’s software that, after a week-long delay in tabulating the 2006 mid-term federal primary results in Chicago, Sequoia resorted to flying in more than a dozen Smartmatic engineers to troubleshoot the problem. This point is in addition to the fact that Venezuelan national Ronald Morales controlled the design of the systems architecture at Smartmatic, Sequoia, and Dominion.
Jorge Rodriguez, who previously served as the President of the CNE, which government agency was responsible for running elections in Venezuela and had selected Smartmatic as the nation’s sole election services provider, became Vice President of Venezuela under Chávez. Bonifaz notes that Vice President Rodriguez engaged in criminal activity with a Smartmatic attorney, Moisés Maiónica.
At the end of 2007, the U.S indicted several Venezuelans, including a lawyer who apparently has worked for Smartmatic, Moisés Maiónica, in a case that “has highlighted the alleged interference of the government of Venezuela's leftist President Hugo Chávez in the politics of neighboring countries.”12 In December 2007, a U.S. grand jury in Miami, Florida, charged Maiónica and two other Venezuelan men with crimes in connection with alleged financing by Venezuelan President Hugo Chávez of the campaign of now-President Christina Fernandez de Kirchner of Argentina.13 Maiónica pleaded guilty in January 2008 and apparently admitted to having been working for then Vice President of Venezuela, Jorge Rodriguez, in offering $2 million to an FBI informant for his silence.14 Jorge Rodriguez is reported to have stepped down as Vice President of Venezuela in January 2008, after Maiónica’s public indictment, due to his “close relationship” with Maiónica.15
The relationship between Rodriguez and Maiónica is reported to have been instrumental in the Smartmatic-led SBC consortium securing the contract from the Chávez controlled Venezuelan National Electoral Council (“CNE”) to run the 2004 Venezuelan presidential recall election. According to a press report, “[i]n February 2004, the Venezuelan electoral authorities selected the company Smartmatic to provide technology that automates the process of voting . . . The lawyer Moisés Maiónica would have acted as a proxy [for] Smartmatic and made all the legal and financial engineering with the approval of then member of the CNE and former [V]ice [P]resident of the Nation, Jorge Rodriguez.”16
Not only was Chávez’s future pick for Vice President running the CNE, the Venezuelan government had an ownership stake in the SBC consortium (Smartmatic, Bizta R&D, and CanTV) that ran elections and broadcast official results.
Prior to 2004, however, Smartmatic had no election experience and otherwise was a fledgling business.17 Reportedly critical to the SBC consortium’s award of the $91 million 2004 recall election contract from the Chávez-dominated CNE was a $150,000 plus investment by the Venezuelan government in Bizta R&D Software, C.A. (“Bizta R&D Software”),18 the SBC consortium member focused on voting machine software.19 The Venezuelan government secured this 28% stake in Bizta R&D Software and then Bizta R&D Software gave power to a Venezuelan government official and software engineer with the Venezuelan Ministry of Science and Technology, Omar Montilla Castillo, by making him a Bizta R&D Software director.20 Bizta promised to repay the Venezuelan government for its investment and remove the government official from its board of directors after the Miami Herald revealed the consortium’s ties to the Chávez government.
CIA Cybersecurity Expert Steve Stigall’s Testimony 2009
In 2009, CIA cybersecurity expert Steve Stigall testified to Congress’s Election Assistance Commission and made the following points:
The CIA monitored the use of electronic voting systems in Venezuela, Macedonia, and Ukraine. The CIA’s interest stemmed from foreign efforts to hack U.S. election systems.
Computerized electoral systems can be manipulated at five stages, from altering voter registration lists to posting results.
Voting equipment connected to the Internet could be hacked, and machines that were not connected could be compromised wirelessly.
Most countries’ machines produce paper receipts, which voters then drop into boxes, but this technique does not prevent corruption.
Venezuelan mathematicians found a “very subtle algorithm” that appeared to adjust the vote in Chávez’s favor in 2004.
The supposedly random number generator used to select the Smartmatic machines for audit (100 of the 19,000 machines used in the election) was provided by Chávez’s government.
Elections can be manipulated when votes were cast; when ballots were moved or transmitted to central collections points; when official results were tabulated; and when the totals were posted on the Internet.
In the former Soviet republic of Georgia, hackers resurrected the dead by adding the names of people who had died in the 18th century to computerized voter-registration lists.
In Macedonia, names of many Albanians living in the country were purged from computerized voter lists.
In Ukraine, Yushchenko lost the 2004 presidential election runoff after Yanukovych snuck an unauthorized computer into the Ukraine election committee national headquarters.
Following Stigall’s testimony to Congress, the CFIUS launched an investigation into Smartmatic, culminating in the Obama Justice Department’s antitrust May 2010 action in the Smartmatic/Sequoia acquisition.
Conclusion
Although the CIA is not a reliable source of intelligence, the agency’s account corroborates the Downs memo, the Bonifaz report, multiple statistical analyses, and the exit polls from the day of the 2004 referendum. Special weight should be given to the Downs memo, since it was published by Wikileaks and, therefore, represents a true assessment (i.e., not for public perception or propaganda purposes) of an American spy on the ground at the time. Further, the circumstances surrounding how Smartmatic won a $91 million contract to run their first ever election are suspicious and reek of corruption, especially considering the fact the Venezuelan government had a direct ownership stake in the consortium responsible for running the election and broadcasting official results. Suspicious circumstances are compounded by the fact Sequoia repeatedly tried to obscure official investigations into its relationship with Smartmatic and Smartmatic’s legacy software used on Sequoia’s machines in U.S. elections. When these facts are combined with the findings of California’s top-to-bottom review, which showed Sequoia’s voting machines can be hacked to change election results, on the balance of probabilities, it seems more likely than not that the 2004 recall referendum was fraudulent.
The foregoing assessment raises questions over Lord Marc Malloch-Brown’s position as Chairman of SGO corporation (and therefore Smartmatic Intl.). If the 2004 referendum was in fact fraudulent, international and political observers are either not capable of detecting fraud or are complicit in vote rigging. Given the uncertainty of the 2004 results, it is not appropriate for a presumptive British foreign intelligence agent, who was involved in overseeing (or possibly whitewashing) the 2004 referendum, to hold a senior position with influence over U.S. election security.
Venezuela 2017 Election and 2020 Fire
The U.S. has long targeted the Chávez government, raising the possibility there exists a U.S.-backed psychological operation to undermine Chávez’s credibility using false claims of election fraud. Such an argument would be viable but for the fact there is conclusive evidence of fraud in Venezuela’s 2017 election for the Constituent Assembly, the legislative branch of government, as admitted by Smartmatic’s CEO.
“We know, without any doubt, that the turnout of the recent election for a National Constituent Assembly was manipulated,” Smartmatic CEO Antonio Mugica said at a news briefing in London.
[ ]
“We estimate the difference between the actual participation and the one announced by authorities is at least 1 million votes,” he said.
Mugica declined to directly answer whether the manipulated turnout numbers changed the result of the election, in which authorities said 8.1 million people voted.
The election of the legislative super-body has been decried by critics as illegitimate and designed to give the unpopular government of President Nicolas Maduro powers to rewrite the constitution and sideline the opposition-led congress.
Mugica said the authorities in Venezuela would likely not be sympathetic to his comments and that he had not yet passed the evidence to the Venezuela’s electoral council.
Smartmatic tried to frame their electronic voting system as the reason why the fraud was detected. In reality, it was only possible to fabricate “at least” a million fake votes because the election was run using an electronic system.
It is important to highlight that similar manipulations are made in manual elections in many countries, but because of the lack of electronic security and auditing safeguards, they go unnoticed.
So, what happened? Why can we stand by the results of previous Venezuelan elections but we cannot endorse the elections held last Sunday? Our automated election system is designed to make it evident when results are manipulated, however, there must be people auditing the system and watching for that evidence. During the National Constituent Assembly elections there were no auditors from the opposition parties as they did not want to participate.
A vulnerability of any election that is clearly identified is that the consolidated results report that the system produces at the National Tabulation Center at the end of Election Day can be ignored by the authorities in charge of running the election and that altered results can be announced in its place. This is why, in all previous elections since 2004, representatives from all the political parties have been present in the Tabulation Center when the results report is issued to have access to the same information. In the election of the Constituent Assembly in 2017, there were no such representatives.
[ ]
It is important to point out that this would not have occurred if the auditors of all political parties had been present at the different stages of the election.
There is no reason to think having different political parties in the National Tabulation Center would be any safeguard at all, if the observers do not have the access or technical ability to monitor the entire election systems network and its code in real-time.
Moreover, it is worth noting that, in President Nicolás Maduro interview with Max Blumenthal of The Grayzone, Maduro did not acknowledge the fact the 2017 election was rigged. On the contrary, Maduro repeatedly highlighted his “legitimacy” by pointing to his party’s victory in 23 of the past 25 elections in the country.
In these 20 years, we have had, for example, 25 elections. Presidential elections every time the Constitution calls for it. Parliamentary elections, elections for governors of the 23 states, elections for mayors of the 330 municipalities, elections for local and regional legislatures. Elections for referendums for consultations on national issues, such as reforming the constitution. 25 elections.
Our forces, the Bolivarian, Chavista forces, have won 23 of those 25 elections. We have won against the united opposition. They are always united. We have beaten them 23 times.
Last time, for example, we beat them, just two years ago or less – 18 months ago, we beat them in 19 of 23 governorships, including in the country’s biggest states.
Of the 335 municipalities, through popular votes, we beat the opposition in 307. And on May 20th of last year, I beat two opposition candidates who participated in the elections, with 68 percent of the vote.
Venezuela has an open electoral registry. Venezuela does not have compulsory voting. It has an electoral registry in which 99 percent of voting age people are registered. In contrast to the United States in which over 30 percent of voting age people are not in the electoral system. It’s a big difference.
I won with 68 percent of the votes cast. But I can give you more information. I won 33 percent of registered voters. How much did Donald Trump get when he won? 22 percent of registered voters, on top of the fact that 30 percent of voting age people in the US are not registered. There are small details one can see.
The level of legitimacy of the Bolivarian revolution, of Venezuelan democracy, the level of legitimacy of my leadership as president of the republic, of the governors, of the mayors, of the constituent members, of the legislators, is very high, it’s real. It’s what the KKK of the United States does not want to understand. They don’t want to understand that our legitimacy is real. We are real, just as this wood is. We are real. Our legitimacy is real, certain, strong.
That is why they fail and will continue to fail, Max. Write it down. We’re in 2019 and they have failed. They will continue to fail in their coup attempts, their destabilization, they will fail in everything, we will defeat them in everything with votes, with the people, with democracy, with freedom, with institutions.
Nor did Maduro address the 2020 fire at a warehouse that destroyed most of the country’s voting machines before the parliamentary elections that year. It is noteworthy the 1906 hack of the San Fransisco election occurred under similar circumstances, after a fire destroyed sealed voting machines, which were then replaced by machines with preloaded votes.
Philippines 2010 Election
The 2010 election of Bengigno Aguino in the Philippines did not go smoothly for Dominion due to a “glitch” in the software on the eve of the election.
Sean Dean, product manager of Dominion Voting Systems, said the company only found out about the voting machine glitch during the final testing and sealing of PCOS machines in several municipalities last Monday.
[…]
The Dominion official said fraud or manipulation of votes is impossible once the ballot enters the PCOS. He said once the PCOS reads the ballot, there is no way for the vote or count to be changed because of the 128-bit encryption, which is the same protective encryption used by banks.
The “glitch” was the result of an error in the “configuration [of] the compact flash cards,” which “affected the automated count for the local positions.” Further, “an adjustment in the ballot design for the local elections affected the machine count.” Dominion claimed their use of “128-bit encryption, which is the same protective encryption used by banks,” made their system completely impenetrable. Dominion said it resolved the issue by sending 76,000 configured flash cards to voting centers three days before the election.
However, as Prof. Halderman explained at length in Part II, the flash cards themselves are a vulnerability. Malicious code can be loaded onto the flash cards and then downloaded to voting machines when the cards are inserted into the machines, bypassing encryption. Therefore, although there is no direct evidence of fraud in the Philippines election, there is conclusive evidence a viable attack vector existed on the eve of the election that a malicious actor could have exploited.
Other Case Studies
Election insecurity is not limited to developing nations like Venezuela and the Philippines. With the rare exception of nations like Canada that use only paper ballots, almost every country has demonstrated vulnerabilities in their election infrastructure, including the world’s largest so-called democracies:
Brazil’s voting machines run on software with vulnerabilities that could result in election fraud.
The Government of India falsely claimed their electronic voting machines were “infallible.” (38m55s, first video, below.) As it turns out, the government did not even have access to the source code to make such a determination. Three or four private employees of the election service provider were the only people who had access to the code. (53m0s.) A conspiracy between four people could determine the fate of a population of 1.38 billion. Moreover, India’s internet voting system is also vulnerable to hacking. (Second video, below.)
Researchers discovered vulnerabilties in Sctyl voting machines in New South Wales, Australia, in 2015:
Researchers also discovered a backdoor in Sctyl’s internet voting system in Switzerland in 2019, which hackers could use to change votes and the outcome of an election.
Researchers conducted a successful TEMPEST attack on the Netherlands in 2006:
Estonia’s President called Prof. Halderman a “communist” for discovering the country’s internet voting system could be hacked to change the vote:
Russia hacked the Ukraine’s election in 2014, changing the winner of the election, before the hack was discovered a few hours before fraudulent results were scheduled for public release:
Various other countries have known vulnerabilities in their voting machines and internet voting systems:
Conclusion
The proper context for understanding election security issues is the history of repeated attacks against numerous countries across the world over the course of decades. Partisans who limit the scope of the issue to the 2016 election between Presidents Trump and Biden turn a blind eye to real threats to American democracy.
Part IV will investigate evidence of election fraud in U.S. elections.
This is Law and Politics. Until next time . . . .
Richard Brand, Why is Hugo Chávez Involved with U.S. Voting Machines?, REAL CLEAR POLITICS, Mar. 28, 2006, http://www.realclearpolitics.com/articles/2006/03/forget_dubai_worry_about_smart.html; Brad Friedman, Voting Machine Company Chief Lied to Chicago Officials About Ownership, Control of Company, (May 21, 2008), http://www.bradblog.com/?p=6005&print=1;
Richard Brand, Hugo Wants Your Vote, INVESTOR’S BUSINESS DAILY, Apr. 6, 2006, available athttp://www.investors.com/editorial/editorialcontent.asp?secid=1501&status=article&id=155832&secur e=2496.
In 2006, the Wall Street Journal reported that Smartmatic “would sell its U.S. subsidiary [Sequoia] to end a review by the Committee on Foreign Investment in the U.S. into whether Smartmatic is partially owned by the Venezuelan government.” Bob Davis, Smartmatic to Shed U.S. Unit, End Probe Into Venezuelan Links, WALL ST. J., Dec. 22, 2006, at A6, article available for purchase at http://www.wsj.com. The Wall Street Journal also reported a Department of Justice investigation into whether Smartmatic had engaged in bribery or tax fraud. Id. see also Bob Davis and Glenn Simpson, U.S. Authorities Probe How Smartmatic Won Venezuela Election Pact, WALL ST. J., Dec. 1, 2006, at A9, article available for purchase at http://www.wsj.com (“The company says it paid $1.5 million to a Venezuelan consultant who is close to the Chavez government and helped to win Smartmatic business. The allegation being investigated is that Smartmatic actually paid as much as $4 million to the consultant, then deleted a substantial portion of those payments from its corporate records to hide the extent of its payments to a friend of the Chavez regime.”).
Elizabeth Dwoskin, Judge Gives New Jersey a Week to Fix Voting Machines, N.Y. TIMES, Sept. 6, 2007, at 3, available at http://www.nytimes.com/2007/09/06/nyregion/06vote.html?_r=1&oref=slogin.
Diane C. Walsh, Judge Allows Review of Voting Machines With Discrepancies, THE STAR-LEDGER (Newark, New Jersey), Apr. 26, 2008, article available for purchase at http://www.lexis.com.
Withdrawal of Approval/Conditional Reapproval – October 25, 2007 Revision for Sequoia, available at http://www.sos.ca.gov/elections/elections_vsr.htm, hyperlink to Withdrawal of Approval/Conditional Reapproval - October 25, 2007 Revision for Sequoia, at 4.
Id. at 4.
Id. at 3.
Id. at 3.
Id. at 2.
Gerardo Reyes, Vote machine firm ties to Venezuela questioned; A Chicago Alderman is not satisfied that a voting-systems company is free of influence from Venezuela President Hugo Chavez, MIAMI HERALD, Mar. 19, 2008, at 3, article available for purchase at http://www.miamiherald.com/; see also Hearing Transcript of Joint Committee on Finance, Committee on Budget and Government Operations and Committee on Committees, Rules and Ethics (“Joint Committee”), City Council of Chicago, Apr. 7, 2006, at 105-06 (bottom page).
Agence France Presse, Indictment ties Caracas intelligence to Argentine funds case, Dec. 21, 2007, available at, http://rawstory.com/news/afp/Indictment_ties_Caracas_intelligenc_12212007.html; United States v. Maionica, et al., Indictment, Case Number 07-20999-CR-Lenard/Torres (Dec. 20, 2007).
Id.; United States v. Maionica, et al., Criminal Complaint, Case Number 07-3513-Dubé, with affidavit of Michael J. Lasiewicki, Special Agent with the FBI (Dec. 12, 2007).
Id. United States v. Maionica, et al., Case Number 07-20999-CR-Lenard/Torres, Docket Sheet. (Plea Jan. 25, 2008
Valijero arrastró al vice de Chávez (Valijero dragged the vice Chavez), www.totalnews.com.ar/pol- tica/valijero-arrastr-al-vice-de-ch-vez.html (“estrecha relación”). After the CNE awarded business to Smartmatic, Smartmatic reportedly paid for “vice president Rodriguez[’] . . . trip to a luxury resort in Boca Raton.” Irina Hauser, Maionica, el bien conectado (Maionica, well connected), PAGINA/12, Mar. 2, 2008, http://www.pagina12.com.ar/diario/elpais/1-100012-2008-03-02.html (“le pagó al ex vicepresidente Rodríguez un viaje a un lujoso resort de Boca Ratón”). Smartmatic’s U.S. operations are located in Boca Raton, Florida. Exhibit 10, supra, footnote 8. Jorge Rodriguez served as Vice President of Venezuela from January 2007 until January 2008. Clodovaldo Hernández, Chávez Designates Former Electoral Director As Vice-President, EL UNIVERSAL, Jan. 4, 2007, available at http://english.eluniversal.com/2007/01/04/en_pol_art_04A821081.shtml; Chavez Appoints New Vice President, WTOP NEWS.COM, Jan. 3, 2008, available at http://www.wtopnews.com/?nid=105&sid=1320452.
Valijero arrastró al vice de Chávez (Valijero dragged the vice Chavez), www.totalnews.com.ar/pol- tica/valijero-arrastr-al-vice-de-ch-vez.html (“En febrero de 2004, las autoridades electorales venezolanas seleccionaron a la empresa Smartmatic para suministrar la tecnología que automatizara los proceses de votación . . . El abogado Moisés Maiónica habría actuado como apoderado de Smartmatic y realizado toda la ingeniería legal y financiera con el visto bueno del entonces titular de la CNE y ex vicepresidente de la Nación, Jorge Rodríguez.”)
Richard Brand and Alfonso Chardy, Venezuela Owns Stake In Ballots, MIAMI HERALD, May 28, 2004, at 1A, article available for purchase at, http://www.miamiherald.com Alexandra Olson, Doubts over touchscreen tech choice for Venezuela recall, USA TODAY, Feb. 24, 2006, available athttp://www.usatoday.com/tech/world/2004-07-12-venezuela-evote_x.htm.
Minutes of the Extraordinary Shareholders Meeting of the Bizta R&D Software C.A. Company (Jun. 10, 2003), Venezuela; Alexandra Olson, Doubts over touchscreen tech choice for Venezuela recall, USA TODAY, Feb. 24, 2006, available athttp://www.usatoday.com/tech/world/2004-07-12-venezuela-evote_x.htm.
See, e.g., Jim Ash and John Lantigua, Venezuelan Opposition Scrutinizes Touch-Screen Voting, PALM BEACH POST, Jun. 19, 2004, at 16A , article available for purchase at http://www.palmbeachpost.com/. The third member of the SBC consortium is CANTV, a Venezuelan government sponsored television company. Id.
Minutes of the Extraordinary Shareholders Meeting of the Commercial Corporation ‘Bizta R&D Software, C.A.’ (Dec. 15, 2003), signed and notarized by Alfredo Anzola Jaumotte and bearing the stamp of the Republica De Venezuela. Howard Gleckman, One Man, One Vote, One Conspiracy Theory, BUSINESS WEEK, June 5, 2006, available athttp://www.businessweek.com/magazine/content/06_23/b3987042.htm?campaign_id=rss_magzn. Hugo’s Revenge, INVESTOR’S BUSINESS DAILY, Nov. 6, 2006, at A18, available at http://www.investors.com/editorial/editorialcontent.asp?secid=1501&status=article&id=247450590171 629&secure=1877.