Who's watching the watchers? Opaque 3rd parties control our personal info & elections in 98% of US
Updated: Dec 30, 2022
by Patrice Johnson, chair
Elon Musk's release of the Twitter Files exposed the federal government of censoring free speech for the purpose of influencing election outcomes. The revelations may well put an end to the government's totalitarian silencing of dissent at Twitter. But the files raise bigger, deeply concerning questions about federal, big tech, and media company over reach. What other election influence operations did the government and corporations conceal? Who was involved? How deep did the polluted waters run...and are they still running?
Patrick Colbeck, President of the Letsfixstuff.org and Michigan Grassroots Alliance, follows the money below and builds on the investigative reporting of Jim Hoft for The Gateway Pundit. The trail leads to a spidery web of Leftist programs--all designed to gain unfair access to local election data and protected, personal information.
Sources: Albert Sensors Front Door to Sensitive Election Data The Albert Sensor Systems: How Government and a 501(c)3 Tracks Real-Time Election Data in 98% of the US – Put Into Effect by DHS After Trump Won in 2016
Outside Twitter, a near-opaque shroud of secrecy masks the hazards to election integrity. The intent of the players? You be the judge.
Non-profit CIS Deploys Albert Sensors to all 50 states
The trail starts, as is so often the case these days, with a non-profit 501(C)3 organization. The Center for Internet Security (CIS) deploys Albert Sensors to State, Local, Tribal and Territorial (SLTT) units of government in all 50 states. The product's namesake, Albert Einstein, elicits feelings of trust and admiration.
Albert Sensors have been deployed to State, Local, Tribal and Territorial (SLTT) units of government in all 50 states. The sensors consist of a Dell server running Oracle/Unbreakable Linux operation system and additional unspecified software.
"I find it interesting," Colbeck writes, "that an organization called the Center for Internet Security is being used by nearly all counties in America to secure election equipment, considering election officials and traditional media outlets swear that this equipment is 'not connected to the internet.'"
Albert sensors, deployed to SLTT government entities across America, act as the gatekeepers. They control all data traffic into and out of each network environment. Albert Sensors enable CIS to monitor the flow of data, detect intrusion, and provide "deep packet inspection (DPI)."
CIS and each of these entities, Colbeck writes, have their own internal network connected to the internet, featuring "Election Management System (EMS) servers used to aggregate election data from other sources."
CIS "shares incoming and outgoing data with various partners" like the Suricata platform that monitors for intrusions.
However, Colbeck notes, "The capabilities provided by the Suricata platform seem to go well beyond Network Intrusion Detection."
"The capabilities provided by the Suricata platform seem to go well beyond Network Intrusion Detection," Colbeck writes.
Deep Packet Inspection
CIS likes to focus public discussions on the ability of Albert Sensors to capture Netflow Data and the use of open source Suricata software to detect network intrusions. What it rarely discusses outside of technical forums is its capability to perform Deep Packet Inspection (DPI). These “packets” are the real treasure for cybersecurity professionals and hackers alike. Netflow Data simply provides the treasure map.
The Suricata platform enables the recording of these “packets” of interest for later analysis. These recordings are sometimes referred to as packet capture (PCAPs). DPI refers to the CIS ability to “inspect” PCAPs ostensibly to detect the introduction of malware into a given network.
As far as elections go, "the packets of interest include voter registration data and election results."
The CIS Albert Sensors work in concert with Einstein, a cybersecurity system developed and administered by the Federal Cybersecurity and Infrastructure Security Agency. CISA's mission is to provide a common baseline of security across the Federal Civilian Executive Branch (FCEB) and to help agencies manage their cyber risk.
This common baseline is provided in part through the EINSTEIN system. EINSTEIN serves two key roles in FCEB cybersecurity. First, EINSTEIN detects and blocks cyberattacks from compromising federal agencies. Second, EINSTEIN provides CISA with the situational awareness to use threat information detected in one agency to protect the rest of the government and to help the private sector protect itself. --CISA.gov/Einstein
While Albert Sensors are focused on State, Local, Tribal and Territorial units of government, Einstein is focused upon security units within the federal government. CISA and CIS often work jointly on cybersecurity efforts effectively combining “Albert” with “Einstein” as a demonstration of their operational synergy.
Who is the Center for Internet Security (CIS)?
According to the latest publicly available Form 990, CIS has 308 employees and 184 volunteers plus an unknown number of subcontractors.
CIS features a management team that has significant experience working for the federal government.
CIS Management Team with Federal Government Experience
In addition to employees, CIS employs a robust suite of contractors likely privy to most if not all of the information available to employees.
2020 Form 990 Center for Internet Security
Most CIS Money Comes from the Government
One of the best ways to understand what drives the operations of any organization is to follow the money. An examination of CIS revenue sources per their Form 990 reveals that their primary source of revenue is the federal government. This revenue comes in the form of grants and various program services.
These funds enable the federal government to offer CIS products and services for free to county governments. With a 98% adoption rate, “free” cybersecurity products and services appear to be a difficult deal for most election officials to refuse.
Check out this sample of a CIS County Memorandum of Agreement (MOA).
This agreement or something similar to it is reported to cover 98% of the election infrastructure across America. So, while electronic voting systems used to manage elections may vary widely from county to county, a significant degree of homogeneity exists when it comes to who controls the data going into and out of these electronic voting systems. The significance of this unprecedented level of data access regarding our elections cannot be overstated.
Provision within CIS MOA with County Election Officials
Just to be clear, access to “any communications or data transiting” means that anyone employed by CIS including their many subcontractors and even partners would likely have access to our election data. This “data” includes user accounts, privileges, and credentials – everything one would need to go beyond “listening” to data flowing over the network and actually manipulate such data in transit.
Under the Biden Administration, this MOA has been picking up steam. On May 2021, Biden signed an Executive Order to expand the scope of the MOA’s to address more detailed “object level” data (i.e. packet information).
However, Biden signed a cybersecurity Executive Order in May 2021 that required anyone in the CDM program to sign an new agreement (MOA). This mandates they now provide the more detailed “object level” data to CISA. This is supposedly for better “assessment and threat-hunting” purposes. ALBERT customers automatically become members of MS-ISAC. This Multi-State sharing program distributes cybersecurity information amongst its 13,000 members. It’s like your PC anti-virus software which reports any cyber issue, experienced by any user, to one central command.
--The Gateway Pundit https://www.thegatewaypundit.com/2022/12/alberts-systems/
The previous MOA was between SLTT entities and CIS. The new MOA extends the terms of the agreement to include the federal government directly via CISA. Under the new MOA, the federal government is now effectively the middleman for all election data across all 50 states.
In addition to federal grants related to the deployment of Albert Sensors to SLTT entities, Program Services provide a major source of revenue for CIS. These program services are broken down into the following categories in their Form 990:
Security Best Practices
Cyber Security Network (2-1-1)
Let’s take a closer look at these services.
Security Best Practices
A significant source of revenue pertains to training services for security best practices.
In addition to providing “free” services to counties as part of the MS-ISAC program, CIS also offers cybersecurity benchmarking services to state, local, territorial and tribal (SLTT) government entities.
CIS also generates revenue by marketing their brand and various resources.
One of significant source of revenue cited by CIS in its Form 990 filing is an organization referred to as the Democracy Fund. Interestingly, Democracy Fund was also identified as one of CIS’s largest expenses under “Program Service Accomplishments.
It appears that Democracy Fund served as the cybersecurity advocacy wing of CIS with their target being election officials but it is difficult to discern their exact role.
Cyber Security Network (2-1-1)
I [Patrick Colbeck] was unable to chase down any useful information pertaining to this CIS revenue source.
The CIS Albert Sensors have been deployed to cover 98% of America’s election infrastructure. That is a significant market footprint. This market footprint corresponds to a single point of failure for what has been designated a Critical Infrastructure Component for America – our elections.Any bad actor intent upon undermining the integrity of our elections would likely focus on this single access point.
Should we be concerned about this risk? Let’s see.
Lack of Transparency
Lack of transparency provides fertile ground for the corruption of any organization. That’s why transparency in the conduct of our elections is so important. The increasing using of electronic systems to manage the conduct of our elections makes transparency more and more difficult. Election observers can readily monitor paper transactions. However, election observers are often denied access to election systems which conduct electronic transactions. How then would the general public know if our election results had been subverted via manipulation of electronic election records?
To perform this oversight, citizens rely predominantly upon Freedom of Information Act (FOIA) requests. Unfortunately, there seems to be a pattern of “outsourcing” key government election functions to privately managed, non-government organizations (NGO’s) which are not subject to FOIA requests.
CIS provides cybersecurity.
ERIC manages voter registration data.
Electronic voting system vendors tabulate our votes.
The upside to our government using outside organizations is that they are often able to secure the services of the best and brightest minds in a given field of expertise. There are significant downsides however. NGO’s such as CIS are not subject to FOIA requests.
Furthermore, these private organizations are very tight-lipped in the data they share with their customers. After all, if this data was shared with public officials, this information would be subject to disclosure via FOIA requests. In this light, the use of private organizations would certainly be beneficial to anyone attempting to prevent the public from accessing key information related to election integrity.
As “gatekeepers” to our election system, CIS sits smack dab in the middle of all data flow pertaining to our election system. This is a powerful role. We know that CIS data is unavailable to the public at large because they are a private organization not subject to FOIA requests.
Did you know that the data collected by CIS when monitoring the cyber traffic for their customers cannot even be viewed by their own customers? In the words of Nancy Churchill in the following article, “The Albert sensor is a true “black box system” – a node on the county network that the county cannot control and cannot monitor.”
Inside this “black box,” CIS operatives have the ability to capture, analyze and potentially modify packet information obtained via Albert Sensors. All this can be performed without any oversight by their customers or the general public.
Election Registration Information Center (ERIC)
Another important NGO pertaining to elections is known as the Election Registration Information Center or ERIC. ERIC is a non-profit 501(c)(3) membership organization consisting of state election officials working together ostensibly to improve the accuracy of state voter registration lists and educate eligible citizens on how to register to vote.
ERIC controls the information captured within state voter registration databases. These databases not only include lists of eligible voters for a given election, they also contain their voting history plus a significant amount of sensitive PII [personally identifiable information].
CIS has made reference to having customers in election integrity organizations in addition to their SLTT customers. ERIC is likely one of those customers, but this has not yet been confirmed. Because ERIC is a private organization, it also is not subject to FOIA requests.
The general public has no idea how ERIC and its partners manipulate the contents of state voter registration databases. If these databases contain records that enable ineligible voters to vote, our election system is exposed to a significant avenue for election fraud.
Since ERIC shares data with entities of its choosing, Leftists organizations like the Center for Election Innovation and Research (CEIR) and a the Soros'-owned Catalist database system appear to be enjoying exclusive (and legally unauthorized) access to data no other parties can access or buy.
Electronic Voting Systems
The last example of private organizations running our elections without any substantive transparency pertain to electronic voting system vendors like Dominion, ES&S or Hart Intercivic. Electronic voting systems are responsible for tabulating the votes cast on ballots across America. Due to illusory provisions in their contracts with our government, citizens and even most government officials are not allowed to examine how they tabulate the votes or even examine their audit trail.
Dominion Contract with State of Michigan
Because they are a private organization, they are not subject to FOIA requests.
The general public cannot see how our votes are tabulated, but private Voting System Test Laboratory (VSTL) vendors such as Pro V&V or SLI can. To make matters worse, the responsibility for monitoring VSTL vendors features a former voting system vendor executive. This all makes for a very opaque, close knit community responsible for the oversight of our elections.
Lack of Data Privacy
The CIS MOA includes a provision that “computer users have no reasonable expectation for privacy”. This should raise eyebrows. After all, the data collected by CIS via Albert Sensors goes well beyond election data in scope. Since CIS deploys these sensors on State, Local, Tribal and Territorial government networks, any of the data communicated through the Albert Sensor is subject to collection and analysis. Citizens file tax forms electronically. Police investigations feature electronic records. Government assistance and health records are stored and communicated electronically. Employee records and other human resource data on employees are stored and communicated electronically. CIS has positioned itself to collect a significant amount of personally identifiable information (PII) that could be used to intimidate, blackmail, or otherwise make the life of everyday citizens quite miserable…all without public oversight.
Trustworthiness of “Trusted” Organizations
Citizens are forced to place a significant amount of trust in organizations protected from transparency. Are there “trusted” organizations without our election system that should not be trusted? What would happen if Albert Sensors and the Einstein system were to enable enemies of America to operate with impunity inside the gates of our election systems?
In an organization with as broad a reach as CIS (98% of election infrastructure), all it would take is one bad actor among its employees, contractors, customers or partner organizations to compromise the security of any network to which their products have been deployed to secure. Is the trust in organizations such as CIS warranted? Let’s find out.
Twitter is a private organization that has been lionized in the media as a free speech platform that protects the general public from misinformation. This media perception of Twitter changed drastically in the wake of Elon Musk’s purchase of Twitter. Musk then proceeded to release an avalanche of information on the inner workings of Twitter known as the “Twitter files.”
Twitter Files Sample
The Twitter Files clearly reveal evidence that the Federal Bureau of Investigation (FBI) interfered with the 2020 election. CIS and their partners feature significant ties to the FBI. Their role as election data gatekeeper would certainly make them a tempting target of any bad actors in the FBI.
Hunter Biden Laptop
The FBI is not the only federal agency associated with election interference. The intelligence community was heavily involved as well as evidenced by the following letter released shortly before the November 3, 2020 general election: