Ridiculous Issues in Dominion Voting System Certification in California

We know the systems can be hacked, but these voting systems have so many loopholes it is embarrassing!

Dominion Voting Systems has submitted its Democracy Suite 5.19 for certification in California. While election technology must evolve to meet modern security needs, this release raises significant concerns that should prevent certification until key issues are addressed.

Read our full official comment here: https://copswiki.org/w/pub/Common/M2034/COPS%20Comment%20on%20Dominion%20Democracy%20Suite%205_19.pdf

What is being certified?

Dominion Voting Systems has submitted its Democracy Suite 5.19 for certification in California. This comprehensive election management system is designed to handle various aspects of the electoral process, from election definition to results reporting.​ This system includes the “Central Tabulator” which is responsible for aggregating all the results from all machines.

I’m not a big fan of the general architecture of our current voting systems, but until we have many laws and requirements changed, we are stuck with these systems.

Key Features of Democracy Suite 5.19:

• Election Event Designer: Manages the import, entry, and tracking of all districts, precincts, contests, candidates, voting locations, and hardware.​

• Results Tally and Reporting: Consolidates results from all voting channels into a single comprehensive database, supporting both physical data transfers and air-gapped, closed networks.​

• AuditMark®: Provides a clear and fully auditable single vote cast record for every ballot, enhancing transparency and allowing stakeholders to review both ballot images and the tabulator's interpretation.​

You can read more about this system on the Dominion Voting Systems web site: https://www.dominionvoting.com/democracy-suite-ems/

Certification Process in California:

As of March 10, 2025, the California Secretary of State's Office of Voting Systems Technology Assessment (OVSTA) has listed the Democracy Suite 5.19 under "Post-Testing" phase for full certification. This stage follows rigorous testing to ensure the system meets California's stringent requirements for security, accuracy, and accessibility. On March 13, we submitted our official comment document which recommended that the system NOT be certified.

The Problem with Near-Monopoly Control of Election Systems

Dominion and ES&S (Election Systems & Software) collectively control about 90% of the U.S. voting system market. The Dominion Democracy Suite 5.19—with serious security risks and transparency failures—impacts the majority of jurisdictions in the country.

Security & Transparency Issues That Should Stop Certification

We were disappointed that the review package did not include a list of software components used in the system, including “Commercial Off-The-Shelf” (COTS) software packages. To allow us to still review this, we looked at the later version 5.20 which was certified (unbelievably) by the federal reviewers associated with the Election Assistance Commission (EAC). (See our official submission for full details).

All software components should be disclosed!!

1. Visual Studio 2022 Is Included in the Deployment

   • An Integrated Development Environment (IDE) has no place in a certified election system. Such an IDE is used by software engineers to help them design, change and debug software. A certified voting system should not have any chance that it can be modified.

   • The presence of Visual Studio suggests the ability to modify software post-deployment, which violates election security best practices.

   • The idea that election officials may want to modify the source code is beyond belief.

2. SQL Server Management Studio (SSMS) Is Likely Included

   • SSMS was discovered in previous Dominion deployments and could be used to manipulate the vote database outside of controlled security mechanisms.

   • SSMS is not listed in the official COTS components for Democracy Suite 5.20, but is it being installed anyway?

   • This was discovered and reported on by the technical review instigated by former Mesa County, CO election official Tina Peters, who was subsequently sentenced to nine years of incarceration. We don’t think she handled the situation very well, but the sentence was far too long given that she actually provided a service by outing this troublesome situation due to the presence of this database management studio, which allows unlimited inspection and alteration of the Dominion database.

     

     (See the technical report by the analysts hired by Tina Peters, most importantly, finding 1: https://useip.org/wp-content/uploads/2022/03/mesa-county-forensic-report-no.-2.pdf)

3. Event Logging Can Be Disabled

   • Critical election systems should never allow logging to be turned off.

   • Disabling logs would make unauthorized changes to vote data undetectable.

   • The only safeguard described is manual verification in Event Viewer, which is not a serious security measure.

4. Voter-Verified Ballot Images and Cast Vote Records (CVRs) Lack Transparency

   • The DVSorder vulnerability (DVSorder.org) showed that Dominion’s pseudo-random number generator made it possible to determine the order of ballots cast.

   • Ballot images should be publicly verifiable with cryptographic hashing to prevent tampering.

   • Public keys for scanners should be published before elections to allow independent validation of ballot images.

5. No Auditing Standards Are Enforced

   • There is no system-wide requirement for risk-limiting audits (RLAs), ballot image audits, or batch audits.

   • The SQL database should be snapshotted before and after the election to verify that all log entries correctly reconstruct the final results.

   • Without a strong auditability framework, certification should not proceed.

Conclusion: Certification Should Not Proceed Until These Issues Are Fixed

With the ability to turn off event logging, possible inclusion of SSMS, and the presence of Visual Studio 2022, the certification of Dominion Democracy Suite 5.19 should not move forward without serious scrutiny.

Voters deserve election systems that prioritize security, transparency, and auditability. The certifying body should reject this application until these concerns are addressed.

—Ray

P.S. I will be posting more information about our analysis of the 2024 election and fishiness we are finding very soon.

Prior Post: https://substack.com/home/post/p-156974909 Election Audits in NC: Improvement needed!
All posts: https://substack.com/@raylutz/posts

Comments

[Karin Desrochers]

Having read this post, I’m even more mystified as to why the Democrats did not challenge results in this November election. I simply do not get it. With mask and all the other tech Bros involved it is far more likely than not that there was hacking. Can someone explain to me why Harris Biden didn’t challenge that election at least in the swing states????

[sotoportego]

If America does not have a tamper-proof voting system before the mid-terms in 2026, it's all over.

Every responsible state jurisdiction should be accessing and responding to your forensic analysis.