Case 1:20-cv-04651-SDG Document 7-1 Filed 11/18/20 Page 1 of 9

Affidavit of Russell James Ramsland, Jr.

1. My name is Russell James Ramsland, Jr., and I am a resident of Dallas County,


2. | am part of the management team of Allied Security Operations Group, LLC,

(ASOG). ASOG provides a range of security services, but has a particular emphasis

on cyber security, OSINT and PEN testing of networks. We employ a wide variety of

cyber and cyber forensic analysts. We have patents pending in a variety of

applications from novel network security applications to SCADA protection and safe

browsing solutions for the dark and deep web.

3. In November 2018, ASOG analyzed audit logs for the central tabulation server of

the ES&S Election Management System (EMS) for the Dallas, Texas, General Election

of 2018. Our team was surprised at the enormous number of error messages that

should not have been there. They numbered in the thousands, and the operator

ignored and overrode all of them. This lead to various legal challenges in that

election, and we provided evidence and analysis in some of them.

4. As a result, ASOG initiated an 18-month study into the major EMS providers in

the United States, among which is Dominion/Premier that provides EMS services in

Michigan. We did thorough background research of the literature and discovered

there is quite a history from both Democrat and Republican stakeholders in the

vulnerability of Dominion. The State of Texas rejected Dominion/Premier’s

certification for use there due to vulnerabilities. Next, we began doing PEN testing

into the vulnerabilities described in the literature and confirmed for ourselves that

in many cases, vulnerabilities already identified were still left open to exploit. We

also noticed a striking similarity between the approach to software and EMS

systems of ES&S and Dominion/Premier. This was logical since they share a

common ancestry in the Diebold voting system.

5. Over the past three decades, almost all of the states have shifted from a relatively

low-technology format to a high-technology format that relies heavily on a handful

of private services companies. These private companies supply the hardware and

software, often handle voter registrations, hold the voter records, partially manage

the elections, program counting the votes and report the outcomes. Michigan is one

of those states.

6. These systems contain a large number of vulnerabilities to hacking and

tampering, both at the front end where Americans cast their votes, and at the back

end where the votes are stored, tabulated, and reported. These vulnerabilities are

well known, and experts in the field have written extensively about them.

7. Dominion/Premier (“Dominion”) is a privately held United States company that

provides election technologies and services to government jurisdictions. Numerous

counties across the state of Michigan use the Dominion/Premier Election

Ex. Q to TRO Motion:

Ramsland Affidavit

Case 1:20-cv-04651-SDG Document 7-1 Filed 11/18/20 Page 2 of 9

Management System. The Dominion/Premier system has both options to be an

electronic, paperless voting system with no permanent record of the voter’s choices,

paper ballot based system or hybrid of those two.

8. The Dominion/Premier Election Management System’s central accumulator does

not include a protected real-time audit log that maintains the date and time stamps

of all significant election events. Key components of the system utilize unprotected

logs. Essentially this allows an attacker the opportunity to arbitrarily add, modify,

or remove log entries, causing the machine to log election events. When a log is

unprotected, and can be altered, it can no longer serve the purpose of an audit log.

Fraud affidavit

13. The final red flag is perhaps the greatest. Something occurred in Michigan that is physically impossible, indicating the results were manipulated on election night within the EMS.

The event as reflected in the data are the 4 spikes totaling 384,733 ballots allegedly processed in a combined interval of only 2 hour and 38 minutes. This is physically impossible given the equipment available at the 4 reference locations (precincts/townships) we looked at for processing ballots, and cross referencing that with both the time it took at each location and the performance specifications we obtained using the serial numbers of the scanning devices used. (Model DRM16011 – 60/min. without accounting for paper jams, replacement cover sheets or loading time, so we assume 2,000 ballots/hr. in field conditions which is probably generous).

This calculation yields a sum of 94,867 ballots as the maximum number of ballots that could be processed. And while it should be noted that in the event of a jam and the counter is not reset, the ballots can be run through again and effectively duplicated, this would not alleviate the impossibility of this event because duplicated ballots still require processing time. The existence of the spike is strongly indicative of a manual adjustment either by the operator of the system (see paragraph 12 above) or an attack by outside actors.

In any event, there were 289,866 more ballots processed in the time available for processing in four precincts/townships, than there was capacity. A look at the graph below makes clear the This is not surprising because the system is highly vulnerable to a manual change in the ballot totals as observed here.