Can a tech savvy person explain to me what kind of information would be stored? Couldn't plenty of votes be altered while the machines are not connected to the internet thus making data records obsolete? Or would such changes be somehow encoded and later recorded if/when they connect to the internet?
Computers, especially servers, often record a tremendous amount of data about actions performed that can be uncovered by digital forensics experts. It's not all-encompassing and the level of detail can be turned up and down, but the controls for exactly what is recorded when and where are not fully understood by most typical administrators.
As for what they may look for, database transaction logs, firewall logs, crash dumps, snapshots, and any scripts or custom binaries would be the primary targets. This information could reveal manual data manipulation outside of coded behavior, connection origins for where data came from and was sent to, and bugs or intentional malevolent code. Deeper forensics could reveal tremendous information about administrative actions performed going right back to when the system was originally set up.
There is an adversarial relationship with complexity though. Bigger environments are more likely to hold more logging data for longer, but forensic pieces will be more spread out as single actions can touch thousands of servers. What constitutes a "server" can get fuzzy as the layers of abstraction deepen through virtualization, containerization, and orchestration. Transient data that is useful for forensics can be rapidly overwritten and fully destroyed as physical servers are given more roles and shared between customers. The haystack can become very big, very fast while the needle stays exactly the same size. At the scale of Amazon, Microsoft, and Google, cooperation with the environment's operators becomes explicitly necessary to make meaningful discoveries.
TL;DR, we can't know in advance. There could be a smoking gun, there could be nothing but scrambled data, there could be data that leads us to look elsewhere but is useless alone, and so on. It's worse than a box of chocolates, because much of what could be found inside depends upon the skill of who is looking.
Thank you for the in-depth explanation. I heard some machines used flashdrives to transfer votes to some type of official record keeping computer. I wonder if that would completely conceal a lot of corruption. Hopefully we find out I guess...
The transfer media itself isn't as important as the anti-tamper mechanisms used. If Dominion used hardware-based key attestation to sign results files and the central system only accepted a single tabulation file with a valid signature from each known system with multi-party sign-offs on missing results, that's probably a security measure they'd be proud of and would advertise. It's not bulletproof alone by far, but would help raise the bar by a good measure.
Given they don't, it's probably a shitty .csv file that anybody with hands-on can edit. That's the kind of system the lowest bidder will build and can only be "disproven" with a full hand recount of paper ballots.
I say this as someone who spends way too much personal and professional time working with computers and finds them unendingly fascinating: electronic equipment more complicated than a printing calculator has no business in any election.
Can a tech savvy person explain to me what kind of information would be stored? Couldn't plenty of votes be altered while the machines are not connected to the internet thus making data records obsolete? Or would such changes be somehow encoded and later recorded if/when they connect to the internet?
Computers, especially servers, often record a tremendous amount of data about actions performed that can be uncovered by digital forensics experts. It's not all-encompassing and the level of detail can be turned up and down, but the controls for exactly what is recorded when and where are not fully understood by most typical administrators.
As for what they may look for, database transaction logs, firewall logs, crash dumps, snapshots, and any scripts or custom binaries would be the primary targets. This information could reveal manual data manipulation outside of coded behavior, connection origins for where data came from and was sent to, and bugs or intentional malevolent code. Deeper forensics could reveal tremendous information about administrative actions performed going right back to when the system was originally set up.
There is an adversarial relationship with complexity though. Bigger environments are more likely to hold more logging data for longer, but forensic pieces will be more spread out as single actions can touch thousands of servers. What constitutes a "server" can get fuzzy as the layers of abstraction deepen through virtualization, containerization, and orchestration. Transient data that is useful for forensics can be rapidly overwritten and fully destroyed as physical servers are given more roles and shared between customers. The haystack can become very big, very fast while the needle stays exactly the same size. At the scale of Amazon, Microsoft, and Google, cooperation with the environment's operators becomes explicitly necessary to make meaningful discoveries.
TL;DR, we can't know in advance. There could be a smoking gun, there could be nothing but scrambled data, there could be data that leads us to look elsewhere but is useless alone, and so on. It's worse than a box of chocolates, because much of what could be found inside depends upon the skill of who is looking.
Thank you for the in-depth explanation. I heard some machines used flashdrives to transfer votes to some type of official record keeping computer. I wonder if that would completely conceal a lot of corruption. Hopefully we find out I guess...
The transfer media itself isn't as important as the anti-tamper mechanisms used. If Dominion used hardware-based key attestation to sign results files and the central system only accepted a single tabulation file with a valid signature from each known system with multi-party sign-offs on missing results, that's probably a security measure they'd be proud of and would advertise. It's not bulletproof alone by far, but would help raise the bar by a good measure.
Given they don't, it's probably a shitty .csv file that anybody with hands-on can edit. That's the kind of system the lowest bidder will build and can only be "disproven" with a full hand recount of paper ballots.
I say this as someone who spends way too much personal and professional time working with computers and finds them unendingly fascinating: electronic equipment more complicated than a printing calculator has no business in any election.