Dominion CEO Testifies Before MI Senate Under Oath

By Patrick Colbeck

Dominion Voting Systems CEO John Poulos testified under oath before the Michigan Senate Oversight Committee today.

Key takeaways:

• Dominion asserts that the Rank Choice Voting module that enables fractional voting was not installed in Michigan [Conflicts with log data obtain as part of Antrim County forensic analysis]
• Dominion asserts that their equipment is not designed to connect to the internet [Conflicts with Dominion design specifications which feature ethernet connections and wireless modem components]
• Dominion CEO refused to discuss individual Dominion employees

The following questions should have been asked during today’s hearing but weren’t:

1. What were the responsibilities of Dominion employees assigned to the “Chicago” warehouse in Detroit?
2. What is Eric Coomer’s official title and role with Dominion Voting Systems?
3. How would Eric Coomer make “F***ing sure of” rigging election for Joe Biden?
4. What system components does Dominion have in common with ES&S and Hart voting systems?
5. Are your voting systems designed to distribute information over the internet?
6. Was any source code transferred to the Chinese government as part of the sale of the security patents to HSBC on behalf of the Chinese Communist Party?
7. Does any part of the Dominion Voting system have the capacity to be connected to the internet?
8. If connected to the internet, what has been done to secure that connection?
9. What is the chain of custody for any media used to transfer voting information?
10. What version of the software was loaded on the Michigan voting machines?
11. Was the same version loaded on all machines in Michigan?
12. Does Dominion partner with any other software or related service providers? If so, who are they? Where are they located?
13. Outside of Dominion employees/subcontractors/representatives, are any other individuals or entities authorized to work on Dominion voting machines or software?
14. Is any information generated by the Dominion System inside MI shared with or transmitted to any entity outside the US?
15. If so, who are they?
16. Is any information generated by the Dominion System inside MI shared with Universities and/or institutions of higher learning?
17. Are the Ballot Images preserved for every precinct as per federal election law?
18. Are there Audit Logs for Voting machines and servers?
19. Is any aspect of the Audit Log “voluntary”?
20. Do the audit logs detail every action taken from start to finish?
21. Are the audit logs synchronized?
22. Can the audit logs be altered by the people operating the system?
23. How do MI Legislators get a copy of these logs for review? 
24. Who were the people authorized to operate the system?
25. What training and certifications are they required to possess?
26. Is each ballot individually numbered?
27. Does every individual user of the Dominion Software have their own individual login and password?
28. Who is responsible for Federally certifying voting machines in Michigan?
29. Who is responsible for certifying all voting machines in Michigan?
30. Where are the certification standards located?
31. What are the certification standards?
32. Did all the MI machines pass this certification process?
33. When were they certified?
34. What was the last legal date (Safe Harbor) for Software patches or updates prior to the election?
35. Within the “Safe Harbor timeframe” were there any Software patches or updates after the legal date for certification?
36. How many patches/updates?
37. When were the patches/updates done date/time?
38. What were the patches/updates (version)?
39. Who approved the patches/updates?
40. It appears there is much discretion left to the sworn election official with hands on access to the Dominion Machines.  What is the control mechanism/procedure to prevent/deter/or alert if, an Election Official manually changes votes and makes this obvious, transparent, and visible to all?
41. It appears that in some cases, Dominion pre-loads significant portions of the algorithms and configuration of how the machines tabulates.  This is very distressing, what is the transparent and very visible mechanism for everyone to validate this, before an election? 
42. What voting algorithms were loaded into voting Machines in MI?
43. Could a poll worker insert a memory card with voter data or access files in the shared folder.
44. Manual Uploading of ballots appears to be a feature of Dominion software, who was permitted to upload these ballots and how many times was this done in the 2020 election?
45. What is the “Purge Option” in the Dominion Software?
46. Does the Purge of Results record who conducted the purge and what votes were purged by candidate?
47. Who has access to the central server and where is the manual and security reviews of that software?
48. Is there an option to force the vote scanner to “overrun” a preset amount of ballots EVERY time anybody pauses the scan mid-batch?
49. Does your company employ a Chief Information Security Officer?  If yes, to whom do they directly report?
50. How many employees work solely on corporate or product information security?
51. In the last five years, how many times has your company utilized an outside cybersecurity firm to audit the security of your products and conduct penetration tests of your corporate information technology infrastructure?
52. Has your company addressed all the issues discovered by these cybersecurity experts and implemented all the recommendations? 
53. Do you have a process in place to receive and respond to unsolicited vulnerability reports from cybersecurity researchers and other third parties? 
54. How many times in the past five years has your company received such reports?
55. Are you aware of any data breaches or other cybersecurity incidents in which an attacker gained unauthorized access to your internal systems, corporate data or customer data? 
56. If your company has suffered one or more data breaches or other cybersecurity incidents, have you reported these incidents to federal, state or local authorities? 
57. Has your company implemented the best practices described in the National Institute of Standards and Technology (NIST) 2015 Voluntary Voting Systems Guidelines 1.1? 
58. Has your firm implemented the best practices described in the NIST Cybersecurity Framework 1.0? 
59. Were members of the legislature made aware that Dominion Software was used in foreign countries?
60. Were members of the legislature made aware that Dominion Software was used in nations such as Venezuela and Cuba?
61. Has anyone in the Legislature met with Dominion officials and/or employees?
62. Have any members of the legislature been informed of the security vulnerabilities by Dominion?
63. Were members of the legislature made aware of security vulnerabilities by members of Congress?
64. Were any members of the legislature made aware of security concerns publicly expressed by members of Congress?
65. Has Dominion briefed the Congress of security concerns?
66. Were any members of the legislature offered “election insurance”?
67. Were any members or election officials offered perks or benefits from Dominion?
68. Did any Dominion officials offer any kickbacks to members of the legislature?
69. Were members made aware that there is no chain of custody with the software?
70. Have any U.S. intelligence officials interfaced with Dominion representatives as to the 2020 election?
71. Have Dominion officials contacted any members of the legislature or election officials during this 2020 election cycle?
72. Are any Dominion employees, such as the security chief, members, or supporters of Antifa?
73. Is Dominion a sponsor of the National Association of State Election Directors (NASED)?
74. Are Dominion Systems PCI Compliant?

Subsequent to the MI Senate hearing held at 1pm, a Joint Oversight Committee Hearing was held with both Senate and House representatives. This second hearing was adjourned after subpoenas were issued for election data from the City of Livonia and the City of Detroit.