Did some California counties allow voters to use ImageCast Remote software to mark their mail-in ballots? Yes, that's true, but election officials insist the system is secure from fraud. The ImageCast Remote system allows voters to download a ballot on their personal computing devices, mark that ballot with their choices and then print or save that ballot and send it back by postal mail, email or fax. This type of voting is often called Remote Accessible Vote by Mail (RABVM). It is not the same as online voting in which a voter would mark a ballot and then return it directly online.
The claimed appeared in a tweet (archived here) posted on Twitter by Ron Watkins, a noted promoter of conspiracy theories, on December 28, 2020. It said:
Did you know California SOS allowed the use of the "ImageCast Remote" system in the Nov3 election to "allow voters to mark their selections using their own compatible technology to vote independently and privately in the comfort of their own home"?
This is what the post looked like on Twitter at the time of writing:
(Source: Twitter screenshot taken on Mon Dec 28 17:49:58 2020 UTC)
The Twitter post by Ron Watkins is correct: More than two dozen voting districts in California used Dominion's ImageCast Remote system to help voters cast their ballots. But the unspoken implication that use of the voting system led to possible election interference -- given Watkins' prolific espousal elsewhere that there was fraud in the November 3, 2020 presidential election -- is unproven.
The California Secretary of State's office, which conducts elections in the state, notes that a voter using Remote Accessible Vote by Mail (bold face emphasis theirs):
- Downloads the application to mark their selections,
- Marks their selections for each contest using their compatible technology, on their computer or tablet,
- Prints and returns their marked selections by mail using the postage paid envelope included with their vote by mail ballot or using their own envelope which would require postage. The return envelope used in any instance, must have the voter's signature on the outside of the envelope. The voter can also return their selections in person to a voting location, drop box, or their County Elections Office. A voter cannot submit their selections online. It must be mailed or returned in person.
The Verified Voting organization, which identifies itself as non-partisan organization focused exclusively on the critical role technology plays in election administration, offers a more detailed explanation of the ImageCast Remote system:
Voters can use the system on their personal computer, tablet, smartphone, or touchtone phone. After the voter has marked their ballot, the system generates a PDF of an "Electronic Mobile Ballot," which is a representation of the voter's summary ballot, containing a human readable summary of the voter's selections and a 2D QR code, which is not human readable and allows the ballot to be scanned by a Dominion ImageCast ballot scanner instead of being remade onto traditional ballot paper by hand or with a ballot duplication system.
And Verified Voting stresses:
The ImageCast Remote does not support the electronic return of voted ballots (internet voting).
The voting organization also points out the security steps to try to ensure authenticity:
The voter must authenticate themselves using their login ID and PIN, as well as their first and last name. The voter must also complete a "Human Interface Challenge" (CAPTCHA) by entering the characters they see or hear on the screen. The voter is then presented their particular ballot style and selects their preferred language from the list of available languages.
The ImageCast Remote system is one of four certified by the California Secretary of State Alex Padilla. They are:
- Five Cedars Group Alternate Format Ballot v5.2.1
- Democracy Live Secure Select 1.2.2
- Dominion Voting Systems Dominion ImageCast Remote 5.10A
- Los Angeles County Voting Solution for All People Interactive Sample Ballot 2.5
ImageCast Remote has been used in elections since 2006 and is employed in 25 counties in California, as well as the entire state of Alaska, according to Verified Voting.
Verified Voting said it found some possible security lapses with bar codes and QR codes:
Bar codes and QR codes are not readable by humans and, as Michael A. Specter and J. Alex Halderman point out in their Security Analysis of the Democracy Live Online Voting System -- not Dominion's ImageCast Remote system -- an attacker could encode false votes within a bar code without the knowledge of the voter. The ballot summary could properly display the voter's selections in the human-readable section, but contain the hacker's choices in the QR code, which the voter cannot read.
According to California's Dominion Voting Systems Democracy Suite 5.10 Staff Report, created by the California Secretary of State's Office of Voting Systems Technology Assessment in 2019, the QR codes are encrypted and there is thus no way to verify the selections contained within it without scanning it on an ImageCast scanner. The Office of Voting Systems Technology Assessment tested the ImageCast Remote, generating 25 summary ballots, which were duplicated on a Dominion ImageCast X and by hand, and then scanned on all Dominion scanners to verify compatibility. The Office of Voting Systems Technology Assessment was unable to verify that the selections within the QR code matched the selections on the human readable portion of the summary ballot without scanning the summary ballots on an ImageCast device. Upon tabulating the ballots, the Office of Voting Systems Technology Assessment found they scanned as expected.
The California Secretary of State votings systems team said in a December 29, 2020 email to Lead Stories that it had not encountered any problems:
We have not received any complaints or encountered any problems with the Dominion ImageCast Remote RAVBM. In addition, after extensive testing and certification, we do not have any security concerns. Further, California counties are required to provide a report of the usage of, and any problems encountered with an RAVBM after each election.
Furthermore, the Secretary of State office said, there are stringent security measures in place:
Election security is a major concern at all levels of government. The end goal of election security is to deliver a process that is not only safe and secure, but also fair, accurate and accessible. In California, at both the state and county level, there are a multitude of layered security protocols in place.
California exceeds Federal requirements for election security. California uses paper ballots that are tabulated in the county the voter resides in. No ballots are tabulated outside the state of California. Certified voting systems in California give the voter the opportunity to verify that their paper ballot contains the exact choices they selected.
All certified voting systems including Dominion's ImageCast RAVBM must undergo months of extensive independent certification testing which includes:
- Examination and testing of system software;
- Software source code review and evaluation;
- Hardware and software security penetration testing;
- Hardware testing under conditions simulating the intended storage, operation, transportation, and maintenance environments;
- Inspection and evaluation of system documentation; and
- Operational testing to validate system performance and functioning under normal and abnormal conditions.
The currently certified version of Dominion ImageCast Remote used in California is 5.10A. As part of the certification testing all RAVBM systems in California, including ImageCast Remote 5.10A, are subjected to a Source Code Review and security penetration testing ("Red Team" testing).
In addition, the California Secretary of State mandates voting system vendors, security consultants and county officials follow strict chain of custody requirements for RAVBM software and hardware throughout the testing and certification process. Upon certification of a system, the "trusted build" is held in a secure location and all distributed copies of the trusted build are hand delivered by Secretary of State staff to the recipient county officials. In addition, the trusted source code is held in escrow and one complete set of the system is held in a secure locked facility at the Secretary of State while the voting system is used in California.
Once a voting system is certified in California and the trusted build is delivered to the county, by law it cannot be modified without prior approval from the Secretary of State.
Additionally, California counties are required to abide by stringent sets of rules and regulations regarding implementation and use of an RAVBM or voting system. A few notable rules and regulations include: performance of logic and accuracy testing on voting systems prior to each election and ensuring specific procedures for programming, deployment and use of voting equipment during elections are met.
Further, as a safeguard to ensure votes were accurately read and tallied, pursuant to California Elections Code section 15360, county elections officials are required to conduct a manual tally of one percent of the precincts, or a Risk Limiting Audit pursuant to California Election Code section 15367 as part of the official canvass of election results.
Dominion Voting Systems has been a target of conspiracy theorists who posit, without any proof whatsoever, that their voting systems were hacked to help Joe Biden win the presidency. Lead Stories has written extensively to debunk those false claims. You can find some of those stories here, here, here and here.
Dominion also denied on its website accusations that it was involved in fixing the election.
The Twitter post was made by Ron Watkins, an election conspiracy advocate who has been peddling the disproven notion that the election was stolen from Donald Trump. The Insider online news site referred to Watkins this way in a December 15, 2020 article:
Watkins, whose father, Jim, is suspected by some experts of being the anonymous "Q" figure who leads the QAnon movement, has emerged as a top pro-Trump, post-election advocate spreading voting conspiracy theories online.
According to a December 15, 2020 Vice article:
Watkins has tweeted a total of 1,056 times in the last 30 days alone, according to data from social media analytics company SocialBlade, representing a 500% rise over the previous 30 days.
Ron and Jim Watkins have a long history with the controversial website 8chan, now known as 8kun. Cnet mentioned in a November 7, 2019 article how at last three mass shooting suspects posted on 8chan, which consisted of user-created message boards.
And Wired detailed in an August 16, 2019 article how Ron and Jim Watkins were intricately associated with 8chan, which Jim Watkins owned.
Despite efforts by Ron Watkins and many others -- led by President Trump -- none of the conspiracy theories has been proven.
The New York Times examined in a December 26, 2020 article how Trump has lost 59 of 60 lawsuits to try to overturn the election but "how the myth of stolen elections lives on."
Then-Attorney General William Barr, who left office December 23, 2020, said he saw no evidence of wrongdoing and had no reason to appoint a special counsel to investigate the election, as reported by CNN in a December 21, 2020 article.
And Yahoo News detailed in a November 12, 2020 article several reasons why the election was not stolen.
