To the Board of County Commissioners

CC: Chair of BOCC

From: Florida First Freedom Alliance
RE: Electronic Voting Systems Vulnerabilities and Illegalities

Overview and Purpose

Florida First Freedom Alliance, Inc. (“F3A”) is a nonprofit whose purpose is to enhance election
integrity in Florida. We believe that our Florida Elections should be transparent, simple and
secure. We also believe the state of Florida should be adhering to not only state laws, but also
federal laws as well as well established cybersecurity industry standards for Critical
Infrastructure while conducting our elections. We are contacting you today to express our grave
concerns regarding the security of our voting system as we believe the conditions to maintain
security are not being met. In Florida, the governing body responsible for purchasing the voting
machine equipment, and thereby holding the contracts to these machines, are the county board of
commissioners. (see F.A.C. Rule 1S-2.004) Therefore, we turn to you to voice our strong
opposition to the use of any Electronic Voting Systems here in the State of Florida for the
reasons contained herein.

Are our elections secure?

Since the 2020 General Election, a wide array of data has emerged shining a light on the
vulnerabilities of our voting systems. Declarations have been made by various cybersecurity
experts in multiple states that have alluded to the fact that our elections systems are not secure. J.
Alex Halderman had testified in 2021 in the northern district of Georgia that there are “numerous
security vulnerabilities” in the voting systems there1. The facts found in this declaration were so
damning that in June of 2022, the Cybersecurity and Infrastructure Security Agency (CISA),
published an official US report that stated there are vulnerabilities affecting versions of the
Dominion Voting Systems (https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01 ). These
vulnerabilities are not limited to Dominion and encompass all of the Electronic Voting Systems.

1
See exhibit 1. Halderman declaration
In Michigan in 2021, a lawsuit there provides documentation that not only Dominion, but ES&S
and HART have 4G wireless modems in their systems are in fact connected to the internet. We
have been told on multiple occasions that our election systems are not connected to the internet,
however this court case proves otherwise,
(https://www.depernolaw.com/uploads/2/7/0/2/27029178/ex_5-10.pdf) .

In 2022, The Daugherty declaration in, Lake v. Hobbs (2:22-cv-00677) in

Arizona, states that the early and day of election totals were tampered with. (Daugherty
Declaration and any supporting exhibits | Frank Speech the Home of Free Speech). The Mesa
County, Colorado report published by Dr. Daugherty and Jeff O’Donnell2 provide additional
evidence that vulnerabilities such as those outlined by both Halderman and the CISA report were
exploited. https://frankspeech.com/sites/default/files/2022-
03/Bombshell%20Proof%20Of%20Election%20Machine%20Manipulation%20%282%29.pdf.
Furthermore, the declaration of Col. Shawn Smith [Ret.], also from Lake v. Hobbs, states that
our machines are not secure, and that we have serious supply chain issues. The parts in our
machines, such as microchips, come from China3. During his presentation “Enemy Inside the
Wire” at “The Moment of Truth Summit” on August 21, 2022 (must see:
https://frankspeech.com/video/ret-col-shawn-smith-speaks-moment-truth-summit ) Colonel
Shawn Smith reveals a number of current chips in use today inside of voting machines that are
clearly labeled MADE IN CHINA (see figure 1).

2
See Exhibit 2. Statement Regarding ICS Advisory (ICSA-22-154-01) (Vulnerabilities Affecting Dominion Voting
Systems ImageCast X By Jeffrey Dean O’Donnell
3
See Exhibit 3. Shawn Smith declaration
(figure 1)
In summary, Colonel Smith points out the fact that nearly all electronics currently made,
including voting machine components, are manufactured in China with absolutely no oversight
over the supply chain. Thus, rendering the cybersecurity industry standard assumption that all
components have substantial vulnerabilities unless otherwise examined, in cases of voting
machines, by a full cyber forensic audit post-election or a qualified risk/threat assessment test
pre-election performed by a qualified third-party cyber security expert. Without such, we are left
to rely on independent expert analysis of publicly sourced data such as that by Lisa “Draza”
Smith, which depicts significant abnormalities and irregularities in the data which suggest vote
manipulation occurred throughout our state in the 2020 election.4

FISMA, NIST and EAC

In addition to the multitude of abnormalities we have stated above regarding the security of our
electronic voting systems, these systems also do not follow the law. In 2002, a federal law was
passed called the Federal Information Security Management Act (FISMA). This act, together
with the National Institute of Standards and Technology (NIST), created what is known as
FISMA compliance. According to the act, there needs to be an information security program in
place to protect electronic data.
Furthermore, as stated by Gail Golec in Golec v. Hobbs; (bit.ly/FISMAWrit) “In January
2017, the Obama Administration gave the Department of Homeland Security (DHS) additional
authorities to protect federal systems. DHS designated the United States elections as critical
infrastructure, (Source: statue 1016(e) of the USA Patriot Act of 2001 (42 U.S.C. Statute
5195c(e))) thereby requiring the federal information security modernization Act of 2014
(FISMA 2014) https://www.cisa.gov/federal-information-security-modernization-act To update
the federal government‘s cyber security practices to include FISMA risk assessments pursuant to
the Help America Vote Act, to include: “ (1) periodic assessment of the risk and magnitude of
the harm that could result from the unauthorized access, use, disclosure, disruption, modification,
or destruction of information and information systems that support the operations and assets of
the agency, which may include using automated tools consistent with standards and guidelines
promulgated under section 11331 of title 40;” https://www.govinfo.gov/content/pkg/PLAW-
113publ283/pdf/PLAW-113publ283.pdf (pg.7)”
“The FISMA risk assessment is one of the most important prerequisites for FISMA
compliance. The NIST guidelines suggest agencies conduct three – tiered risk assessments to
detect risks at all levels, such as organizational level, business process level, and the information
system level. https://csrc.nist.gov/topics/laws-and-regulations/laws/fisma”

Upon knowledge and belief, a qualified mandated FISMA Risk Assessment Test, or that
which is equivalent to such rigorous standards, has not been completed on any of the voting
systems currently in use in Florida. “In order to be compliant with FISMA standards the current

4
See Exhibit 4. PowerPoint 2020 Election Data Review by Draza Smith (follow up questions encouraged)
voting systems must go through a four-phase process to achieve certification and accreditation.
The four phases are initiation, planning, certification, accreditation, and monitoring.”
(https://www.appsealing.com/fisma-compliance/ ). According to the Electronic Assistance
Commission (EAC) in 2022, this has not happened yet, specifically in regards to our Poll books.
(E-Poll-Book-Evaluation-Pilot.pdf (bowencenterforpublicaffairs.org)

Additionally, in January 2020 the EAC agreed with the two election integrity groups and
sent ES&S a letter in January indicating it was violating the EAC testing and certification
program rules “by representing or implying that the DS200 with modem configuration is EAC
certified when in fact only the DS200 without modem is EAC certified. ES&S also may have
violated Section 5.16 by failing to warn purchasers that adding an uncertified modem to the
DS200 will void the EAC certification of the voting system in its entirety.”5 (Source.
https://www.politico.com/news/2020/08/13/election-voting-machine-misleading-claims-394891)

According to official records obtained from the FDOS via FOIA requests, Florida is in
possession of these very machines. In an NBC news interview in January 2020, it is revealed that
“ES&S told NBC News 14,000 of their DS200 tabulators with online modems are currently in
use around the country.” Kevin Skoglund, senior technical advisor at the National Election
Defense Coalition states, “We kept hearing from election officials that voting machines were
never on the internet,” he said. “And we knew that wasn't true.” They go on to report, “Skoglund
said that they identified only one company among the systems they detected online, ES&S.
ES&S confirmed they had sold scanners with wireless modems to at least 11 states. Skoglund
says those include the battleground states of Michigan, Wisconsin, and Florida.” This is
extremely concerning because “ES&S, told NBC News their systems are protected by firewalls
and are not on the “public internet.” But both Skoglund and Andrew Appel, a Princeton
computer science professor and expert on elections, said such firewalls can and have been
breached.” https://www.nbcnews.com/politics/elections/online-vulnerable-experts-find-nearly-
three-dozen-u-s-voting-n1112436

What do the experts say?

At “The Moment of Truth Summit” on August 21, 2022, a number of actual
cybersecurity experts gave their professional analysis on the security of our voting systems. One
of such, whose credentials and experience are beyond reproach, was the former Pro V&V Voting
System tester Clay Parikh, Cybersecurity Expert – CEH, CISSP, CHFI, who stated, “And I’ve
testified in federal court already6, and I’ll be testifying again. And I’m just stating that as a
person who seen the inside, who scammed them, who’s tested them – I’m telling you, your home
PC is probably a lot more secure than these electronic voting systems.” He also discussed the
fact that he was able to hack any of the current voting systems, on average, in about 5 to 10

5
https://freespeechforpeople.org/wp-content/uploads/2020/01/EAC.ESS-Letter-re-modems-with-
Attachments-01.07.20.pdf
6
See Exhibit 5 Clay Parikh unofficial transcript testimony in Lake v. Hobbs
minutes and his best time was 2.5 minutes. (Must see: https://frankspeech.com/video/clay-
parikh-speaks-moment-truth-summit )
Ret. Col. Shawn Smith informs, “Anyone telling you the systems are secure either has no
idea what they’re saying, or they’re lying.”
Also at the summit, Democrat lawyer and former computer programmer whistleblower
Clint Curtis, who testified under oath before a US House Judiciary Committee admitting to
developing what is regarded as the first algorithm to flip votes while working for Yang
Enterprises in Oviedo, Florida, for our very own former State Representative Tom Feeney in
2000. He explained how he has since been influential, through consultation, in a number of
countries decisions to move away from voting machines. He described how, in 2018, the
Netherlands called him for advice on how to protect their machines from Russian interference
and his advice to them was simple, “you can throw them into the ocean” and they subsequently
were able to transition to paper ballots in six months. He further admits, “the problem [with
algorithms is] when you start off with a weapon, you don’t get to keep that weapon” and “if you
use machines, they are so hackable, it’s almost ‘the last guy in wins’ …. So other than the fact
that it’s a bad idea to cheat democracy, it’s also not really secure either.”
https://frankspeech.com/video/clint-curtis-democrat-whistleblower-exposes-truth-about-how-he-
created-machine-algorithm-51
Moreover, Col. Ret. John Mills, a national security professional who also spoke at the
summit, reveals, in his presentation ‘All Networks and Components Are Vulnerable — Except
Election Machines?: Reject The Theory’, the redundancy of the real problem by stating, “We
have a situation here where everything else is getting broken into, except for election machines.
And we don’t know how because we’re not allowed to look at the software. We’re not allowed to
look at operating systems. We’re not allowed to look at the supply chain. We’re not allowed to
break down the machines and bench test them…” He goes on to say, “If you know the black arts
of all the little trade craft of how to hide things in different electronic components, you would be
amazed! And unless you’ve been on the inside and actually done that and actually seen things
like this, and seen it done to us, you would be shocked. You would be shocked at what can be
done.” https://frankspeech.com/video/col-ret-john-mills-speaks-moment-truth-summit
On November 25, 2020 Dr. Navid Keshavarz-Nia, A cybersecurity expert whose career
“spans 35 years performing technical assessment, mathematical modeling, cyber-attack pattern
analysis, and security counterintelligence linked to FIS operators” with “advanced training from
the Defense Intelligence Agency (DIA), Central Intelligence Agency (CIA), National Security
Agency (NSA), DHS office of Intelligence & Analysis (I&A) and Massachusetts Institute of
Technology (MIT)” and has “worked as a consultant and subject-matter expert supporting the
Department of Defense, FBI and US Intelligence Community (USIC) agencies such as the DIA,
CIA, NSA, NGA, and the DHS I&A supporting counterintelligence, including supporting law
enforcement investigations” (pg. 1), submitted a declaration7 under the penalty of perjury
concerning the first hand knowledge he has on the vulnerabilities inside our voting systems. He

7
See Exhibit 6 DECLARATION OF DR. NAVID KESHAVARZ-NIA
reveals that “The USIC has developed the Hammer and Scorecard tools, which were released by
Wiki Leaks and independently confirmed by Lt. Gen Thomas McInerney (USAF, retired), Kirk
Wiebe, former NSA official and Dennis Montgomery, former CIA analyst). The Hammer and
Scorecard capabilities are tradecrafts used by US intelligence analysts to conduct MITM attacks
on foreign voting systems, including the Dominion Voting System (DVS) Democracy Suite and
Systems and Software (ES&S) voting machines without leaving an electronic fingerprint. As
such, these tools are used by nefarious operators to influence voting systems by covertly
accessing DVS and altering the results in real-time and without leaving an electronic fingerprint.
The DVS Democracy Suite Election Management System (EMS) consists of a set of applications
that perform pre-voting and post-voting activities” (pp. 1-2). He also states, “I have performed
forensic analysis of electronic voting systems, including the DVS Democracy Suite, ES&S
(acquired by DVS), Scytl/SOE Software, and the Smartmatic systems used in hundreds of
precincts in key battleground states. I have previously discovered major exploitable
vulnerabilities in DVS and ES&S that permit a nefarious operator to perform sensitive functions
via its built-in covert backdoor. The backdoor enables an operator to access to perform system
updates and testing via the Internet without detection. However, it can also be used to conduct
illicit activities such as shifting votes, deleting votes, or adding votes in real-time (Source: DVS
Democracy Suite EMS Manual, version 5.11-CO::7, P.43). These events can take place through
the Internet and without leaving a trace.” It is his expert opinion that, “the combination of DVS,
Scytl/SOE Software/eClarity and Smartmatic are vulnerable to data manipulation by
unauthorized means.” He concludes, “that a combination of lost cryptographic key contained on
stolen USB memory cards, serious exploitable system and software vulnerabilities and operating
system backdoor in DVS, Scytl, SOE Software/eClarity and Smartmatic created the perfect
environment to commit widespread fraud in all states where these systems are installed. My
analysis of the 2020 Election from NY Times data shows statistical anomalies across the
battleground state votes. These failures are widespread and systemic - and sufficient to invalidate
the vote counts” (pp. 8-9).
In conclusion, we take great heed to the above experts’ opinions as well as the
preponderance of evidence which continues to pour out across the nation indicating there are
major issues and vulnerabilities with our voting systems, even here in Florida. Upon knowledge
and belief, none of the current voting systems in use today have successfully completed a
qualified mandated FISMA compliant Risk Assessment Test or an equivalent Cybersecurity
industry standard Threat/Risk Assessment Test for Critical Infrastructure. We respectfully urge
you to immediately suspend any and all contracts with voting machine vendors and return back
to a hand counting system. Not only is this possible but it has been done in countries across the
world and we have great confidence that you and your county will be able to successfully make
this transition and aid in the restoration of confidence in the security, as well as the integrity, of
our election system.
Additional Supporting Documents:
ES&S Representative Admits All Machines Are Vulnerable | Frank Speech the Home of Free
Speech
EXCLUSIVE: Because No Voting System Testing Labs Were Legitimately Accredited at the
Time of the 2020 Election, Less Than 5% of All Voting Systems Were Likely Properly Certified
(thegatewaypundit.com)
ES&S Vulnerability to Hacking Explained https://rumble.com/vkpe2z-top-cybersecurity-author-
kim-zetter-on-election-hacking-february-7-2020.html