Case 1:20-cv-04651-SDG Document 7-1 Filed 11/18/20 Page 1 of 9
Affidavit of Russell James Ramsland, Jr.
1. My name is Russell James Ramsland, Jr., and I am a resident of Dallas County,
2. | am part of the management team of Allied Security Operations Group, LLC,
(ASOG). ASOG provides a range of security services, but has a particular emphasis
on cyber security, OSINT and PEN testing of networks. We employ a wide variety of
cyber and cyber forensic analysts. We have patents pending in a variety of
applications from novel network security applications to SCADA protection and safe
browsing solutions for the dark and deep web.
3. In November 2018, ASOG analyzed audit logs for the central tabulation server of
the ES&S Election Management System (EMS) for the Dallas, Texas, General Election
of 2018. Our team was surprised at the enormous number of error messages that
should not have been there. They numbered in the thousands, and the operator
ignored and overrode all of them. This lead to various legal challenges in that
election, and we provided evidence and analysis in some of them.
4. As a result, ASOG initiated an 18-month study into the major EMS providers in
the United States, among which is Dominion/Premier that provides EMS services in
Michigan. We did thorough background research of the literature and discovered
there is quite a history from both Democrat and Republican stakeholders in the
vulnerability of Dominion. The State of Texas rejected Dominion/Premier’s
certification for use there due to vulnerabilities. Next, we began doing PEN testing
into the vulnerabilities described in the literature and confirmed for ourselves that
in many cases, vulnerabilities already identified were still left open to exploit. We
also noticed a striking similarity between the approach to software and EMS
systems of ES&S and Dominion/Premier. This was logical since they share a
common ancestry in the Diebold voting system.
5. Over the past three decades, almost all of the states have shifted from a relatively
low-technology format to a high-technology format that relies heavily on a handful
of private services companies. These private companies supply the hardware and
software, often handle voter registrations, hold the voter records, partially manage
the elections, program counting the votes and report the outcomes. Michigan is one
of those states.
6. These systems contain a large number of vulnerabilities to hacking and
tampering, both at the front end where Americans cast their votes, and at the back
end where the votes are stored, tabulated, and reported. These vulnerabilities are
well known, and experts in the field have written extensively about them.
7. Dominion/Premier (“Dominion”) is a privately held United States company that
provides election technologies and services to government jurisdictions. Numerous
counties across the state of Michigan use the Dominion/Premier Election
Ex. Q to TRO Motion:
Case 1:20-cv-04651-SDG Document 7-1 Filed 11/18/20 Page 2 of 9
Management System. The Dominion/Premier system has both options to be an
electronic, paperless voting system with no permanent record of the voter’s choices,
paper ballot based system or hybrid of those two.
8. The Dominion/Premier Election Management System’s central accumulator does
not include a protected real-time audit log that maintains the date and time stamps
of all significant election events. Key components of the system utilize unprotected
logs. Essentially this allows an attacker the opportunity to arbitrarily add, modify,
or remove log entries, causing the machine to log election events. When a log is
unprotected, and can be altered, it can no longer serve the purpose of an audit log.
13. The final red flag is perhaps the greatest. Something occurred in Michigan that is physically impossible, indicating the results were manipulated on election night within the EMS.
The event as reflected in the data are the 4 spikes totaling 384,733 ballots allegedly processed in a combined interval of only 2 hour and 38 minutes. This is physically impossible given the equipment available at the 4 reference locations (precincts/townships) we looked at for processing ballots, and cross referencing that with both the time it took at each location and the performance specifications we obtained using the serial numbers of the scanning devices used. (Model DRM16011 – 60/min. without accounting for paper jams, replacement cover sheets or loading time, so we assume 2,000 ballots/hr. in field conditions which is probably generous).
This calculation yields a sum of 94,867 ballots as the maximum number of ballots that could be processed. And while it should be noted that in the event of a jam and the counter is not reset, the ballots can be run through again and effectively duplicated, this would not alleviate the impossibility of this event because duplicated ballots still require processing time. The existence of the spike is strongly indicative of a manual adjustment either by the operator of the system (see paragraph 12 above) or an attack by outside actors.
In any event, there were 289,866 more ballots processed in the time available for processing in four precincts/townships, than there was capacity. A look at the graph below makes clear the This is not surprising because the system is highly vulnerable to a manual change in the ballot totals as observed here.