Sat Aug 14 02:23:57 +0000 2021

 · 6 min read
 · trapezoid of discovery

[tweet] [link]
Symposium Myth: The before/after images of the Mesa County EMS indicated that Dominion deleted logs.

Symposium Fact: The Dominion upgrade process involves restoring a known-good disk image created in a secure environment to the counties EMS server (aka, a "trusted build").

[tweet] [link]
The two disc images presented were created days apart, as seen in these screenshots.

Meaning, the first disc image was created on 5/23/2021, prior to Dominion's update taking place.

The second disc image was created on 5/26/2021, after Dominion's update taking place.

[tweet] [link]
In order to understand why the logs appeared to be missing, we need to understand the Dominion update process, and why they do things the way they do.

I'll cover the how, then I'll cover the why.

[tweet] [link]
The Colorado SoS has strict guidelines for trusted builds. As explained in the linked doc, creating a trusted build involves a strict chain of custody and multiple witnesses. The build env must be completely erased prior to creating the installation media

https://www.sos.state.co.us/pubs/elections/VotingSystems/files/trustedBuildProcedures.pdf

[tweet] [link]
After the build env has been constructed, and the VSTL has built the source code in the secure build environment, installation media is created from the executable code.

File signatures of both the build env and compiled binaries are recorded throughout the process.

[tweet] [link]
Now we have our "trusted build", which in Dominion's case, is in the form of an Acronis disc image.

Acronis is Commercial Off The Shelf software (COTS) that is used to create and restore hard disk images.

[tweet] [link]
Now, we can reference Dominion's Democracy Suite manual (though in this case for California, but the overall procedure should be similar, if not identical, for CO) for how these images should be deployed:

https://votingsystems.cdn.sos.ca.gov/vendors/dominion/ds510-use-proc-jan.pdf

[tweet] [link]
Now instead of creating an image of the trusted build, we're using Acronis to restore the image of the trusted build to the EMS server.

If you look at this screenshot of the video Ron Watkins posted, you'll notice that it's of Acronis performing a recovery

[tweet] [link]
It's important to note that this point that the Dominion manual instructs election officials to create backups multiple times, and specifically after an election. The guideline does not instruct officials to delete or overwrite previous election results.

[tweet] [link]
The manual further specifies it's the duty of the election official - in this case Tina Peters - to create and secure backups.

If backups are missing, it's because Tina Peters or her staff did not create, store, or secure them properly.

[tweet] [link]
So, that mostly sums up the process that likely happened on 5/25, meaning the disk images reviewed by Ron Watkins on stage were created before and after this process took place.

Now let's talk about why it's done this way.

[tweet] [link]
The alternative to restoring a full disk image would be to simply install the updated software packages. If you've ever upgraded software on your computer, you've done this very thing

Upgrading a software package is quick and easy, but it does not get you to a known good state

[tweet] [link]
What does that mean?

Well, some of you may have had to deal with a computer that begins to run slow. Upgrading single pieces of software may not have fixed that issue, but when you wiped everything and started over, it was as good as new!

This is roughly the same idea.

[tweet] [link]
In this case it's extremely important. What if malware had been installed on the EMS? If Dominion had simply upgraded the existing software while leaving everything else intact, that EMS would remain compromised.

Restoring a trusted build certified by a VSTL mitigates that issue

[tweet] [link]
So what happened at the Symposium?

Ron was quick to point out that the newer disk image appeared to be missing logs and other election data. That's because it was.

Again, Peters is responsible for creating backups, which should be secured and kept for 22 months.

[tweet] [link]
To recap:

  • Election Officials (Tina Peters) are responsible for creating, storing, and securing backups for 22 months (the federal retention period)
  • Updates are applied by restoring a known good disk image to existing EMS equipment
  • The images are tested extensively /cont

[tweet] [link]
* The images also have a strict chain of custody and are evaluated by a Voting System Testing Lab I don't know if it's "disk" or "disc", but I went back and forth throughout the thread Let me know if you have questions or corrections