site banner

Culture War Roundup for the week of May 27, 2024

This weekly roundup thread is intended for all culture war posts. 'Culture war' is vaguely defined, but it basically means controversial issues that fall along set tribal lines. Arguments over culture war issues generate a lot of heat and little light, and few deeply entrenched people ever change their minds. This thread is for voicing opinions and analyzing the state of the discussion while trying to optimize for light over heat.

Optimistically, we think that engaging with people you disagree with is worth your time, and so is being nice! Pessimistically, there are many dynamics that can lead discussions on Culture War topics to become unproductive. There's a human tendency to divide along tribal lines, praising your ingroup and vilifying your outgroup - and if you think you find it easy to criticize your ingroup, then it may be that your outgroup is not who you think it is. Extremists with opposing positions can feed off each other, highlighting each other's worst points to justify their own angry rhetoric, which becomes in turn a new example of bad behavior for the other side to highlight.

We would like to avoid these negative dynamics. Accordingly, we ask that you do not use this thread for waging the Culture War. Examples of waging the Culture War:

  • Shaming.

  • Attempting to 'build consensus' or enforce ideological conformity.

  • Making sweeping generalizations to vilify a group you dislike.

  • Recruiting for a cause.

  • Posting links that could be summarized as 'Boo outgroup!' Basically, if your content is 'Can you believe what Those People did this week?' then you should either refrain from posting, or do some very patient work to contextualize and/or steel-man the relevant viewpoint.

In general, you should argue to understand, not to win. This thread is not territory to be claimed by one group or another; indeed, the aim is to have many different viewpoints represented here. Thus, we also ask that you follow some guidelines:

  • Speak plainly. Avoid sarcasm and mockery. When disagreeing with someone, state your objections explicitly.

  • Be as precise and charitable as you can. Don't paraphrase unflatteringly.

  • Don't imply that someone said something they did not say, even if you think it follows from what they said.

  • Write like everyone is reading and you want them to be included in the discussion.

On an ad hoc basis, the mods will try to compile a list of the best posts/comments from the previous week, posted in Quality Contribution threads and archived at /r/TheThread. You may nominate a comment for this list by clicking on 'report' at the bottom of the post and typing 'Actually a quality contribution' as the report reason.

10
Jump in the discussion.

No email address required.

I find it kind of condescending that your idea of sanewashing reads like a struggle session excerpt.

I think once the Dominion CEO demonstrably perjured himself by claiming that Dominion voting systems don't have modems in them (photographically, demonstrably false) and then again by claiming they weren't connected to the internet (demonstrably false again per the dominion records leaked by Dar Leaf), I decided that voting machines are completely ridiculous and no one should ever assume an election in which a voting machine is involved is fair. If there's one thing that absolutely should not be networked in any way and for any reason, it's election systems. I understand there's some potential benefits like poll book cross checks, but I have a corporate lab full of half-patched decades-old Windows appliances with network ports on them, and the vast colonies of malicious, firewalled, outbound-requesting viruses they host are an object lesson in why you never, ever connect any of this junk to any network, ever, even if you think it's a secure network. Credentialed VPNs, firewalls, even semi-isolated networks like FirstNet are just giant high-value attack surfaces full of old hardware waiting to be exploited. In a post-SolarWinds universe, I have zero confidence in the security setup of any nation-wide government networks. I have no idea what kind of security setup is established for voting machines, because I can't actually audit them myself and no one will tell me on account of "trade secrets". As far as I'm concerned, they are mysterious black boxes with labels that say "trust me bro".

This is, of course, not evidence of election fraud! But the only way to get this evidence is by hand-auditing the entire system to confirm things like:

  • All the registered voters who voted actually exist, and weren't fake people electronically added to the poll books, quietly, steadily, and continuously up to election night to pre-register sufficient margin to commit fraud
  • All the ballots tabulated were actual ballots, printed by the registered manufacturer, with the correct markings, and not printed in a shed by some random asshat and populated with all those fraudulently added names and no-shows in the poll books after we stopped the counts on election night due to a water leak or whatever
  • All the precinct reports match the hand count totals; All the county totals match the (verified) precinct reports; All the state totals match the (verified) county reports
  • The totals everywhere do not demonstrate ludicrous, impossibly large record-breaking >90% turnout/registered ratios, anomalous to the last six decades of ~50% turnout/registered ratios
  • The exact source code, BOM, schematics, and system logs of all machines used on election night are fully audited by third parties, verified for consistency and correctness before and after deployment, not significantly impacted by supply chain security, etc (we're actually pretty close to compliance on BOM, schematics, and supply chain, at least on paper; but source code audits are functionally impossible, particularly when staff are live-updating source code on election night as per some of the published dominion emails. Some people even tried to do an independent audit of some source code a while back, I think in one of the Carolinas for ES&S, but got jerked around by the legal system and eventually restricted so heavily by complaints of trade secrets that the fraction of the source code audit they would be able to conduct was effectively pointless.)
  • Every action taken with one of these machines is clearly observable to partisan observers who can contest wrongdoing quickly and efficiently
  • All configurations and audit logs from election night are completely preserved and backed up before any kind of maintenance is performed to prevent wiping auditable data permanently

Anyway, this is a total fiction that we will obviously never achieve. But I'm supposed to trust some risk-limiting audits that don't actually come out right until a technician can do some kinda firmware update, and assume every machine works correctly. And no hand-recounts allowed, including when I pay for them and state law compels you to conduct one. And half my issues are, by judge's orders, thrown out on standing. Sure.

Hand counts get you 80% of the way to achieving all of the above, partially by omission of needless complexity, partially by design. Some other low-hanging fruit like Voter ID could probably clean up a lot of the remainder (provided you trust the ID checking process).

Look, maybe I can't prove fraud because I lack standing or the judge decided that state law says a risk-limiting audit is a hand-count or whatever. But given how basically every voting system in the nation is out of compliance with standards set forth by HAVA's VVSG, and given how the standards in VVSG are entirely voluntary and there's zero federal action taken against anyone for having joke-tier state standards that fall dramatically short of VVSG (which should be considered the bare minimum from a security standpoint), and given how SolarWinds had the whole government's ass hanging out in the breeze for ten months before anyone noticed, and given how the CEO of a major voting system company is lying under oath about internet connectivity even existing on their machines... Why should I be required to jump through a billion hoops to credibly allege election fraud when I can credibly validate 80% of my concerns with a single hand count? And in that case, why the hell use the machines at all?

Without Trump alleging all kinds of stupid shit, I wouldn't have really considered any of this. This isn't some weak sauce "the media is mean to us and so democracy is broke" sob story borne because Trump kicked and screamed and threw a tantrum when he lost. At least as I understand it, "directionally correct" means "how the fuck does anyone with any working knowledge about computer security believe any of this isn't pwned six ways to Sunday". I don't think I'm alone.

This is getting too long, but I'll briefly mention there's other tranches of how-the-fuckers who are equally annoyed by things like all the COVID-related legislative exploits, the ballot harvesting zuckerboxes in Georgia with the videos of dudes stuffing ballots, that one truck that got stolen after dropping off something that allegedly looked like ballots in Pennsylvania, the various dozens and hundreds of ballots registered to random empty lots in the Arizona audits, that one county in CO that paid for a hand recount per state law but got a risk-limiting audit and sued and lost, that one Democratic primary where the only way they allowed a hand recount was because somehow a candidate (who went on to win) got zero votes the first time and she knew she voted for herself (just a weird mistake with the scanners whoops wowee how did that happen - find me a hand count where this could happen)... Doubtless not all of this constitutes election fraud, some of it might even just be sore loser whining like you describe, but some of this is shady middle finger wagging backed up by porous arguments and judges not wanting to step in it, and I have no doubt that there are some people on this board who raise a directionally-corrected eyebrow at this stuff, instead of rolling their eyes on instinct.

I'm not particularly inclined to argue voting machines. As it happens I actually agree that voting machines and electronic votes in general are a terrible idea, and I feel glad that my country exclusively deals in paper ballots.

But I'm not sure how that specifically addresses the issue? Again, the StopTheSteal argument was premised on a number of specific claims of fraud. Moving from those claims to a generic argument that voting machines are a sub-optimal way to run an election - well, sure, I agree, I'll let you have that motte, but boy, that is a large and expansive bailey you've just vacated.

You can argue that no election conducted with voting machines should be considered legitimate. Sure - like I said, I don't like voting machines at all. But if so, then that also goes for 2016, 2012, 2008, 2004, 2000, 1996... in fact, over a century of American elections would have to be thrown out. (Half that if you restrict to computerised voting, but still, a long time.) That is not, however, the argument that StopTheSteal made.

I just did a search for "dar leaf dominion emails" and didn't find anything substantial. Care to share what you found?

There's a lot of documents, and it looks like the guy has been excerpting individual records as he encounters them to show them to various politicians. The whole tranche is currently up on his Twitter: https://twitter.com/SheriffLeaf/status/1769561564993192198

The documents show:

  • Source code modifications being made during deployment periods during an election - some firmware version needed to be changed, or some extra component needs to be attached at the last minute, or they suddenly need to disable parallelism on the SQL instance to keep concurrency bugs at bay, or whatever... They also talk about the software being able to receive OTA updates in places.
  • Serbian nationals accessing election infrastructure on election night (Dominion has had an office in Serbia for over a decade, where they employ many programmers; however, Serbia does not allow certain rigorous US background checks that should be standard for such employees. Presumably the access is related to bugfix work)
  • Emails that seem to indicate someone made an unauthorized access to Dominion backend systems several months before an election, from a suspicious location, on a company device or IP (extent or severity unknown, but may constitute a significant security breach?)
  • Some of the Serbia machines are behind on SQL server vulnerability patching by as much as two years (sort of a problem since their systems and testing would heavily utilize the affected SQL variants)
  • Numerous references to machines with modems installed, including some that failed acceptance testing for not having modems installed (again, plenty of good reasons for this in practice, but again, perjury)
  • The Serbians discuss sending election data over the internet as one of the use cases in a conversation about certificates
  • A long email chain showcasing the firmware programming process with a Taiwanese OEM (most computer manufacturing takes place in China or Taiwan, including firmware programming, so this isn't unusual, but it's laughably insecure)
  • Eric Coomer suggesting no VPN usage in Cook County systems for technical reasons (I like the proposed explainer where they talk about using unlicensed trial version of something and wiping the machine every 30 days to keep it installed) - seems like they eventually got a VPN up at the end
  • Eric Coomer opining on how Antrim county is full of angry conspiracy theorists, and also, gee whiz, how did that RTR misidentify the cartridges, I thought we fixed that
  • Testimony from some expert witness describing the aforementioned RTR misidentification, and how it could be utilized in conjunction with SQL database management software to trivially edit tallies without privilege escalation and avoid discovery at the end unless a total hand count was kept alongside the results (see https://twitter.com/SheriffLeaf/status/1769745766703374401)
  • Lots of "oh no, disaster, we suck" and "how can we paper over this mess to sell to customer" that I'm sure anyone in a customer-facing role at a tech company recognizes as business-as-usual
  • Numerous small firefighting cases where something didn't work right and Dominion has to cook up an explanation, occasionally beclowning themselves in front of the customer in the process, while everyone stands around waiting for the numbers to add up - a particularly noticeable instance revolved around some weird data duplication issue

It doesn't look like everyone (or anyone, really) at Dominion is twirling their moustaches and cackling as they disenfranchise the American people. It looks like they run like a standard tech company, which is to say all over the place, constantly fighting fires and doing the needful to get their sales. I'm sure 2020 was a complete nightmare scenario for these guys, where suddenly all their customers are radically transforming their deployments and doing novel, untested, gigantic-scale absentee and mail balloting.

But very clearly they're held together with duct tape and prayer in a lot of cases, which is about the opposite of what I'd like to see from critical election infrastructure. The glimpses of the architecture they have put together with all of these machines raises some significant doubts about the security of the enterprise, particularly if rank-and-file technicians can just go pop open the database manager and flip the counts around - surely this is the kind of thing that could be trivially accomplished if one could land a zero-day on any of the long-dated Windows 7 machines floating around in their customer base.

I'm told, with no particular means to corroborate this, that ES&S is about the same.

Thanks. I'll take a look. This sounds like another one of those data dumps that tries to impress by volume but which really contains very little actionable information. But the mere presence of it with the suggestion that it's important convinces motivated bystanders who never scrutinize it themselves. You would think that if there were damning evidence inside, someone would already be highlighting it, specifically.

It doesn't look like everyone (or anyone, really) at Dominion is twirling their moustaches and cackling as they disenfranchise the American people. It looks like they run like a standard tech company, which is to say all over the place, constantly fighting fires and doing the needful to get their sales. I'm sure 2020 was a complete nightmare scenario for these guys, where suddenly all their customers are radically transforming their deployments and doing novel, untested, gigantic-scale absentee and mail balloting.

Since I got downvoted for this skepticism, I think this is key part of the above explainer. Yeah, it sounds like routine software company patchwork, but it's a big leap from there to actionable claims of fraud. "Stop the Steal" is as dumb a mantra as "Most Secure Election Ever." They aim to convince through emotional appeal backed only by weak insinuations. For the kind of election fraud claimed by Stop the Stealers, you do need to find a couple of moustache-twirling villains intentionally changing vote counts through illicit means, not just the implications-without-accusations listed above.