FLASHBACK: The Mesa Report - Is There Trust In A Trusted Build If The Builders Broke Our Trust?
In preparation for her upcoming trial in March 2023, I am republishing my contemporaneous reporting of Tina's journey, written as it happened.
Originally published on September 19,021
Welcome, my friends, to the United Soviet States of America where Trust is now compulsory. Dare to question the State’s narrative or intent and you will be silenced, dehumanized, and destroyed. Just ask Nicki Minaj.
What we continue to learn from our current dystopia is that our Trust should definitely be withheld.
On Thursday, September 16, 2021, Tina Peters' defense team delivered a copy of the Forensic Examination and Analysis of Mesa County images from both before and after the Dominion Trusted Build update (“the Mesa Report”) to the District Attorney in Mesa County, Colorado. On Friday, September 17, 2021, the Mesa Report was delivered to the three County Commissioners Janet Rowland, Scott McInnis, and Cody Davis.
These four elected officials are the only persons read-in on this report prior to it being filed at 12:00AM Saturday, September 18, 2021, outside of Tina’s defense team, the technical experts who performed the analysis, and the technical experts who peer reviewed the analysis -- all of whom are under NDA and have kept the report’s existence quiet up until now.
And yet, Grand Junction Sentinel reporter Charles Ashby, whose beloved “beat” is attacking the Mesa County grassroots, reported this morning that he got a copy of the report on late Friday, September 17, 2021.
America's Mom Sherronna Bishop certainly thinks so and took to Facebook this morning to share her take.
Regardless of the leak, the report centers on Dominion’s Trusted Build. You will hear a lot about the findings of this report in the coming days and weeks, but to truly understand the implications, it is critical that you understand the concept and intention of a Trusted Build.
So let’s dive in.
trust us, bro -- the trusted build
Consider Microsoft Windows 10 as a Trusted Build. Educated consumers would decide to buy a personal computer (over a Mac, for example), in part, because of the familiar operating system: Microsoft Windows. It’s simple to install (often already installed), and you know what you’re getting.
Now, keep in mind that MS Windows 10 has averaged 337 discovered vulnerabilities per year, including 14 of the most severe possible vulnerabilities discovered just this year, seven years after Windows 10 was introduced.
Doesn’t matter: Despite the security vulnerabilities, Windows 10 would be considered a Trusted Build because all of the components have been vetted and verified -- by Microsoft. And that is a very important point:
The term Trusted Build is used by the U.S. Government to describe chain of custody for a specific configuration of applications inside elections technology. According to the U.S. Election Assistance Commission (EAC),
“A trusted build is a build that is performed with several security and verification measures to a [sic] such an extent that the executable machine code can confidently be shown to be a faithful and authentic representation of the source code.”
Presumably, every Trusted Build is evaluated with the same attention to detail they applied in that definition. (This is important and comes up later.)
While the term Trusted Build is specific to elections, the concept mirrors a Golden Image in the business and consumer technology space. For non-technical folks, an “image” is basically a template for technology configuration. A Golden Image is where a technology team centrally builds a master template with the security, hardware, and software configurations needed for its purpose. The IT team can then confidently roll out their trusted build to all the machines in their technology ecosystem.
For Colorado (and any other state using Dominion), the Dominion team centrally created their master template for Colorado voting machines (Design) and installed it onto all the Dominion Colorado voting machines (Implementation) -- 62 of 64 Colorado counties including Mesa.
This concept isn’t new -- every entity with a computer system (i.e., all of them) must protect the fidelity of their systems and code to ensure the effectiveness and security of their enterprise (e.g., their business, agency, election infrastructure, etc.).
code fidelity? who is responsible for that?
On paper, for elections, it’s the County Clerks. The County Clerk is who the People elect to protect the integrity of our elections.
#trustusbro The buck stops with the Secretary of State. Photo cred: Denver Post - Jena Griswold certifies the November 2020 election.
But here is what really happens:
The U.S. Election Assistance Commission (EAC) accredits a Voting Systems Testing Lab (“the Lab”), such as Pro V&V or SLI, as able to test election technologies for certification.
The election technology vendors, such as Dominion, Clear Ballot, or ES&S, complete their Trusted Build.
The Lab tests the Trusted Build, and reports to the Secretary of State that the vendor’s Trusted Build is compliant with all Federal and State Voting System Standards (or not, in theory; but in practice, they always seem to be good enough).
SecState, an elected official who historically has little to no technology experience, takes the word of (read: outsources her responsibility to) the Lab and certifies the Trusted Build.
In a highly collaborative relationship, SecState's staff and the election technology vendor’s team deliver and install their Lab-tested, SecState-approved Trusted Build in the County’s voting machines.
At this point, the State team hands over the keys to the Clerk and her IT team. Keep in mind that the Clerk has responsibility for the execution of the election and accountability for the integrity of its outcome.
And also keep in mind that, up to this point, the Clerk has had zero involvement and has no authority over the design, build, testing, and certification of the system.
Further, the Clerk is contractually -- and even legally -- forbidden from doing anything other than complying with the vendor and SecState guidance and demands. Did you vote for that?
On paper, the County Clerk is responsible to ensure the integrity of the election in her county. In reality, the integrity of the election depends on the confidentiality, integrity, and availability of the hardware and software delivered to them -- into which she has no true visibility and over which she has no control.
In Colorado, our Clerks have been assuring the public of that code fidelity since November: It’s the gold standard; it’s the trusted build. That’s what the SecState told them. That’s what the Vendor told them. That’s what the Lab told them. That’s what the EAC told them. That’s even what Matt Crane and the Colorado County Clerks Association told them.
And most of them can’t pick a modem out of a line-up.
the use of “trust” in “trusted build” is tenuous at best.
As previously mentioned, the EAC uses the term Trusted Build to apply to election systems’ chain of custody across the nation. EAC regulates the Labs who are responsible for affirming that the Trusted Build complies with the law and all applicable standards. The SecState certifies the Trusted Build and also determines which election technology vendors can be contracted within the State. The Clerk selects which vendor her county will use from the SecState list, and any local technology needs for the Trusted Build are managed by either county IT or the vendor themselves.
But the TRUST that they demand we summon is trust in the actual coding and configuring of the systems -- and that coding and configuration is done by the vendor.
We talk a lot about how Colorado is the Election Fraud Test Kitchen for the nation. If you go search, “Trusted Build,” one of your first results will be the Law Insider definition, which provides samples of government Trusted Build documentation going back to 2012.
“Trusted build means the write-once installation disk or disks for software and firmware for which the Secretary of State has established the chain-of-custody to the building of the disks, which is then used to establish or re-establish the chain-of-custody of any component of a voting system that contains firmware or software. The trusted build is the origin of the chain-of-custody for any software and firmware component of the voting system.”
All of the sample government documents about Trusted Build that are provided at Law Insider are from -- wait for it -- Colorado.
Three of these samples are below, and please note that the earliest example is from 2012, back when Republican Secretary of State Scott Gessler was at the helm. Gessler is widely known in Colorado for not believing in election fraud and for terrible judgement when talking to reporters. Here is a quote of Gessler talking about our Colorado elections:
"Colorado has one of the best and most sophisticated Risk Limiting Audits out there. When I say Colorado is better than other states, it is in a lot of ways, at a lot of levels. As much as we’re grumpy, as much as I’m grumpy about Colorado, compared to other states, it’s far better. Okay?" Source
Is it though?
So, for those counting, Colorado set the national standards for:
Mass Mail-in Balloting
Electronic Voting Machine Standards
Risk Limiting Audits
Automatic Voter Registration
Trusted Builds
and more...
eyes on the trusted build
The release of the Mesa Report — which forensically compares the backup image from before the May 2021 Dominion Trusted Build update with the backup image from after that update — is quite concerning. (Note: This has been updated to reflect May, rather than March which I posted in error — come on, man, they both start with M. Thanks to canncon.locals.com for pointing it out!)
Remember: Image = centrally designed computer template. Let’s consider the implications.
The Mesa Report image analysis reveals that Election Records, required for preservation under current document retention laws, were deleted. This is a violation of the law, and it appears the Trusted Build was designed and implemented to remove those records.
In other words, the Trusted Build was designed and implemented to violate the law, and…
The Lab knowingly or incompetently reported the Trusted Build as compliant with the law, and…
The EAC knowingly or incompetently accredited the Lab that reported the Trusted Build as compliant with the law, and…
The SecState knowingly or incompetently certified the Trusted Build as compliant with the law, and…
The Trusted Build wasn’t compliant with the law -- as shown by the forensic comparison of the images before and after the Trusted Build update, and...
The above players -- along with local law enforcement, the Colorado Bureau of Investigation, the FBI/DOJ, and likely others -- knowingly or incompetently covered up the violation of the law, including the flaws in the systems design and potentially other more devious, actions.
Those are what I see as the major implications.
So, what happens next?
we are about to find out what happens next
Did you notice who is missing in the list of implications above? The for-profit and, in Dominion’s case, foreign election technology vendor that actually builds the Trusted Build. That is by design, and we can thank our elected officials for this reality where companies like Dominion Voting Systems have all of the power over American elections and none of the accountability or, on paper, liability.
Does it really matter if it was “knowingly” or “incompetently?” For prosecutorial reasons, sure. If the Trusted Build was DESIGNED to remove election records -- as this peer-reviewed report alleges -- the answer to that question is pretty clearly “knowingly.”
But I am more interested in the Public Trust.
How can we ever again TRUST any of the individuals, companies, agencies, or institutions that are involved in our current election nightmare? Remember, they’ve all been telling us the system is perfect and that November 2020 was the most secure and transparent election in history.
What if they are proven to be lying?
Let’s be honest: Trust cannot be restored until Accountability is realized. When #RussiaGate happened, I realized something that I now know is a pattern of behavior by our enemies in this fight:
Don’t ever forget that.
You can download the Mesa Report here.
Ratio Invictus, Data Jeff, and Monsanto Mole contributed to this article.
Buckle up folks, it’s going to be an interesting week.