May 10, 2023

FROM: Clay U. Parikh

Sr Cyber Information Assurance Analyst
clayparikh@gmail.com

TO: Councilman Joseph T. Brazil

201 N. Second St.
St. Charles, MO 63301

SUBJ: Illegal Maintenance Performed on Electronic Voting System

Councilman Brazil,
First let me thank you again for letting me attend the conference your county held back in
March. It is vital that local governments keep their citizens informed on how they serve their citizens. I
appreciate the breakfast the following day. It gave myself and Clint Curtis the perfect opportunity to
answer any of the county’s questions concerning electronic voting systems. However, I do want to point
out there were some statements made by county officials/employees that gave me concern.
My concern is based on the actions they performed to ensure that the voting systems could not
connect to the internet. Concerning the ballot tabulators, I believe they stated "We put a device in that
and broke it” referring to the RJ45 jack. “as well as opened the machine. And we physically cut the wires
going from the motherboard to the jack. So, they have physically been damaged." These statements are
very concerning. The standard term to describe these actions would be “Illegal Maintenance”. In normal
IT Operations you would have what are known as Engineering Review Boards (ERB) and Configuration
Change Boards (CCB) that would review and approve these types of changes. Whether or not those
happened is irrelevant to the county’s electronic voting systems.
I know this sounds serious. I don’t make this statement lightly. I am basing this off my 20 years
cyber experience, as well as my 9 years of performing security tests on electronic voting systems for the
Voting System Test Labs (VSTL). The reason normal IT practices are irrelevant is because electronic
voting systems have separate certification processes. They are either State or Federally certified. The
physical alterations to the system would require recertification as well as operational tests to ensure
functionality has not been hampered.
I do not know whether the county purchased the systems or is leasing. I am sure there is a
vendors contract for maintenance, at a minimum. These may possibly all be voided. As you may know
Maricopa County had to purchase all new systems just because of forensic audit after the 2020 election.
A forensic does no physical damage to the system.
As these actions were done by county employees and officials. It is in the best interest of the
county and the state to have an independent IT and security professional come in and inspect the
systems. As you know the vendors can not even certify their systems or audit them, they rely on the
VSTLs and EAC. County, State or Unisyn Voting Solutions employees should not conduct the any of the
inspections as there would be a serious conflict of interest. Their involvement should only be from an
observational perspective. Please feel free to reach out to me if you or anyone from the county has
questions.

/S/
Clay Parikh