Across all five Electronic Voting System Integrity subtopics—system certification, deployment configuration, public accuracy testing, security negligence, and remote access—the 93 findings in the investigative database establish that U.S. electronic voting infrastructure in 2020 operated as a high-exposure, low-attribution platform in which every core control—from federal certification through field deployment, pre-election testing, operational security, and network isolation—was more nominal than real, creating a strategic vulnerability in a designated critical-infrastructure sector.
Collectively, these findings describe a certification system that moved in one direction only—toward finality—regardless of the condition of the underlying evidence. From a national security perspective, that means the United States converted a stack of unresolved record‑integrity and system‑security failures into the legally recognized basis for presidential succession, depriving federal authorities of clean, auditable ground truth and signaling to foreign and domestic adversaries that, once a narrative and certification momentum are established, even serious evidentiary defects are unlikely to alter national outcomes.
MOST SIGNIFICANT FINDINGS
1 | Voting Systems Operated Outside Certified Configurations Across MI, AZ, GA, CO, PA, and WI, election management systems were deployed with modified executables, uncertified software tools, altered error-rate settings, and post-certification database changes — rendering the EAC certification label meaningless as a security guarantee. Antrim County’s EMS was set to a 68.05% ballot error rate — roughly 85,000 times the federal VVSG ceiling of 0.0008%. |
2 | Logic & Accuracy Testing Was Structurally Unable to Detect Deviations In every major battleground jurisdiction, pre-election L&A testing was performed on substitute machines, after configuration changes, with truncated test decks, or by the vendor inspecting its own equipment. Georgia pushed an uncertified software update to 30,000+ Ballot Marking Devices after testing concluded, voiding every completed accuracy test statewide — with no directive to re-test. |
3 | Master Encryption Keys and Credentials Left in Plaintext Forensic examination confirmed Dominion stored master cryptographic encryption keys unprotected in plaintext inside the same databases used to store votes — a direct FIPS 140-2 violation confirmed across multiple Georgia counties and in Michigan. Maricopa County’s entire EMS operated on a single vendor-installed password, never rotated, for more than two years. Election officials had no independent access to equipment they were legally responsible for. |
4 | Voting Systems Were Not Air-Gapped — Internet Connectivity Confirmed ESS DS200 tabulators shipped with active Verizon cellular modems configured to transmit results on power-up. Michigan’s Dominion contract expressly priced wireless results transmission. Fulton County, PA’s EMS server had open VNC/RDP protocols with external routing to foreign IP addresses. A Fulton County, GA absentee ballot processing computer was remotely accessed and had data deleted on October 23, 2020 — no criminal referral followed. |
5 | Federal Oversight Contradicted Its Own Classified Data On the day CISA publicly declared the 2020 election “the most secure in American history,” its own classified TLP-AMBER risk summary documented 319 Critical-severity vulnerabilities in election infrastructure with a 47% active exploitation rate. The federal vendor who provided certification oversight — the Center for Internet Security — was simultaneously funded at $27M/year to monitor internet-connected systems officials swore were offline. |
WHY SUBSTANTIVE RESOLUTION IS ESSENTIAL
Electronic voting systems — ballot-marking devices, optical scanners, election management systems, and tabulation software — were designated critical infrastructure by DHS in January 2017 because adversarial foreign powers had demonstrated both the capability and intent to exploit them. The 93 documented findings across this attack vector establish that in the jurisdictions that determined the outcome of the 2020 presidential election, those systems were not operated like hardened national-security assets. They were certified against standards that do not require foreign-ownership disclosure, supply-chain provenance review, or independent adversarial assessment. They were deployed in configurations that no certification body ever evaluated. They were tested with procedures structurally incapable of detecting the deviations that existed. Their credentials were weak, shared, and vendor-controlled; their encryption keys were stored in plaintext next to the votes they were designed to protect; their audit logs were configured to overwrite themselves; and their network isolation — the single structural premise on which every other safeguard depends — was false across every state examined. Failure to substantively address this attack vector means the United States will conduct future presidential elections on infrastructure that a moderately capable adversary — foreign or domestic — can reach, alter, and exit without leaving a forensically recoverable trace.
NATIONAL SECURITY IMPLICATION: Voting systems operating outside certified parameters — with plaintext credentials, active cellular connectivity, vendor-retained authentication tokens, and remotely exploitable database ports — represent confirmed attack surfaces for any nation-state with access to the vendor supply chain, cellular networks, or the open internet. The perjured denial of connectivity by at least one major voting system vendor is the single most significant barrier to national security assessment of whether exploitation occurred in 2020. |
Supporting Evidence
