Jack Cobb Had No Authority to Certify Voting Machines. The EAC Looked the Other Way for Years.
Every machine he certified after 2017 should’ve been pulled. They weren’t.
For years, Jack Cobb’s voting systems test lab, PRO V&V, certified nearly half of the voting machines used in U.S. elections knowing that his lab’s federal accreditation had quietly expired in 2017. But when someone asked a state official for proof it was still valid, a new document suddenly appeared on the Election Assistance Commission (EAC) website.
It had no date, or signature. Reportedly, if you’d had originally looked at the files metadata, it wasn’t even written by Cobb. It was allegedly written by Jerome Lovato from the EAC.
The machines he certified were already in use and the agency in charge of our elections (EAC)? They said everything was fine. No need to pull the uncertified machines.
This is the story of how a man with no security credentials, no cybersecurity background, and no independent testing approved software that ran your elections. And how the people who were supposed to stop him — didn’t. Multiple times.
Hi Again,
If you’ve been following along with my articles, you’ll remember this isn’t the first time Jack Cobb’s name came up. Hell, it’s not even the second, or the third.
But in my last article, we talked about how Cobb and the EAC were marking serious software changes as “de minimis” (meant only for hardware changes too minor for testing) even when they absolutely did not meet that criteria per EACs own rules. The rules explicitly prohibit changes to firmware or software under this.
We also talked about one of the most dangerous recent changes: ECO 1188
This was a software change submitted by ES&S, the largest voting machine vendors in the country, just weeks before the 2024 election. ECO 1188 quietly removed a hash check in the system’s configuration file. That hash check was supposed to verify that the machine was running certified code. Without it, the system could boot up any unauthorized or malicious software, and no one would know. Risk limiting audits wouldn’t catch it, either.
But here’s what I just found out and it changes everything. It’s not even clear anymore if Cobb made the decision to call ECO 1188 it minor.
In fact, based on written affidavits from Jack Cobb in the Curling v. Raffensperger lawsuit, he lets the voting machine vendors themselves decide whether a change is too minor to test (de minimis).
Oh, and just so you know… if the change isn’t minor? Then the vendor has to pay Cobb to do a full review. So guess how many changes never get tested?
The Court Dockets Cobb Never Wanted Us To Find
In Curling v. Raffensperger, it was exposed that Pro V&V let Dominion push an untested software patch through as a “de minimis” change, just weeks before the 2020 election.
The patch was installed on every voting machine in Georgia before the federal Election Assistance Commission ever signed off… a clear violation of protocol. Three top cybersecurity experts, including Harri Hursti, told the court the change was not minor, not properly tested, and potentially destabilizing.
Cobb’s lab rubber-stamped it. The EAC shrugged and 159 counties ran with it. He still has not faced repercussions for this to this day.
So here’s the way it works: The vendor (one of the companies that makes the voting machines) writes the change summary, marks it as de minimis, and hands it to Cobb. Cobbs team signs it and passes that report along to the EAC, and the EAC signs off. The vendor profits from our tax dollars, the EAC profits from our tax dollars, and Cobb profits from the vendors.
There is no independent testing from our government, no actual verification of the reported findings, and not even a second opinion.
The EAC signs only on PRO V&V/Cobb’s word. And Cobb? Well, he’s just repeating what the vendors told him.
This wasn’t a one-time fluke. I just wrote weeks ago about his time at CIBER. Where he did the EXACT SAME THING. His previous VSTL had no meaningful test capabilities of its own, no internal protocols, and no actual source code vetting. They simply "tested" whatever the vendors gave them and then gave their stamp of approval because the vendors, the people profiting from these machines, told them everything was fine.
CIBER quite literally lost their accreditation to test our voting machines after The HAVA Act (2002) became law primarily due to this scandal.
What Cobb did with Dominion? That is nearly identical to reason CIBER, INC lost it’s accreditation. So, can anyone from the EAC please explain to me why PRO V&V gets to keep theirs?
Now I can’t help but wonder when ES&S submitted ECO 1188 — a change that disabled critical hash verification and it got greenlit without scrutiny just weeks before the election — did Cobb even understand what was being removed?
Or did he just do what he’s always done, even now, let the vendor call it safe, and sign his name at the bottom?
P.S. Cobb straight-up admitted in court that he has zero background in cybersecurity. He had no choice but to come clean after botching technical testimony under oath in Curling v. Raffensperger.
And yet this man, with no formal training in digital security, no credentialed expertise in software analysis, has been certifying the software that runs our elections since the early 2000s.
Cobb’s entire track record is full of red flags the EAC chose to ignore.
According to official EAC records, Pro V&V’s federal accreditation to certify our voting machines expired in February 2017.
Under the rules at the time (spelled out in the EAC’s own VSTL Program Manual Version 2.0) voting system test labs (VSTL’s) were required to renew every two years. No reapplication = No accreditation. Period.
There’s no public record showing Jack Cobb reapplied on time.
Between late 2016 and Spring 2017, I was not able to find any documents showing he’d complied with re-accreditation requirements listed in the EAC rules.
But that didn’t stop Pro V&V from certifying voting systems used in that time. That didn’t stop Jack Cobb.
And the Election Assistance Commission — the agency whose entire job is keeping labs like Cobb’s in check — said nothing.
There was no automatic alert. No red flag in the system blinking expired. No warning that Pro V&V had lost its federal accreditation. For years, nobody noticed.. or maybe they noticed and just didn’t care because they kept signing off on Pro V&V’s work anyway.
Hundreds of software changes. Certifications. Approvals. All treated as if the lab was still in good standing.
Why is this something Jerome Lovato didn’t notice? or if he did notice he didn’t report? He is the guy whose literal job at the EAC was to oversee and validate these test labs.
It took the federal lawsuit, Curling v. Raffensperger, to even raise the question.
Just six days after plaintiffs in Curling emailed Georgia’s Secretary of State asking for proof of Pro V&V’s standing, an official Letter of Agreement from Cobb and PROV&V suddenly appeared on the EAC’s website.
It didn’t have a date and it didn’t have a signature. According to court filings, the file metadata listed EAC official Jerome Lovato as the author, not Cobb. It also incorrectly spelled Cobb’s address, and the letter was addressed to someone who had left the EAC months before it ever popped up.
So, if this letter had existed all along, why wasn’t it uploaded sooner? Why wasn’t it signed? Why was it (allegedly) created in Photoshop and quietly backfilled onto the site? Were they trying to cover their tracks?
The rules Pro V&V was operating under at the time clearly required a dated, signed letter as part of the re-accreditation process. Without that, the lab’s certifications should have been invalid. Every machine approved during that time should have been pulled but they weren’t. I cannot see any other explanation than this letter was an attempt to cover up what they’d done, but this lawsuit made that difficult.
For example, here is the initial Letter of Acceptance that PRO V&V had sent to the EAC as part of their initial certification in 2012. This is how the new one should’ve looked. Complete with a date and signature.
So, instead, the EAC suddenly retroactively changed the rules (but only after the scandal) issuing a 2021 “notice of clarification” claiming that accreditations for these actually don’t expire unless explicitly revoked. That interpretation directly contradicts the existing rules in place when Pro V&V’s accreditation lapsed.
It also contradicts the fact that there are “expired accreditations” for old VSTL labs on the EAC website, and expiration dates on their own certificates as seen below on the original Pro V&V Certificate of Accreditation. They quite literally changed the rules to whatever they covered their own ass after this scandal.
What exactly are we paying these guys for again? Oh right… To allow them to remain election commissioners indefinitely while they illegally co-sign for private, third party groups to “audit” stolen clones of our election software for MAGA.
Side Note: Does anyone else think it’s odd how Lovato quietly left the EAC in 2021? Leaving right around the time the agency scrambled to cover for Pro V&V with that retroactive, “notice of clarification.”
The Whole Damn System Is Corrupt
The deeper you dig into the Election Assistance Commission, the clearer it becomes: this wasn’t one rogue lab gaming the rules it was a system built to let them.
Because just like Cobb let the vendors tell him which software changes to test, the EAC itself let those same vendors help rewrite the rules that govern our voting machines. That’s not a conspiracy theory. That’s the basis of a federal lawsuit that’s still ongoing, Stark v. EAC, filed in 2021.
This happened behind closed doors, with no public comment, no oversight, and no transparency. The updated rulebook was quietly altered just days before release after meetings with corporate reps from the voting machine vendors.
Emails obtained in discovery confirm it: the people writing our election rules were the same ones cashing checks to build the machines.
And those are the rules Cobb and Pro V&V still use today.
A serious note. I’ve had some followers say they’re giving up. They feel hopeless… I just want you to know..
I’m not giving up. I’ll keep digging, connecting the dots, and exposing every lie they bury. And you shouldn’t give up either. Don’t let this discourage you.. vote anyway, speak up anyway, and keep the pressure on.
What can you do other than sharing? Other than voting?
Call the EAC and ask them why Cobb still has a voting lab: (202) 451-2031
Contact your own representative or senator and ask them to request hearings or launch an inquiry. Find them here: www.usa.gov/elected-officials/
File a complaint with the Inspector General: uspsoig.gov
Read my other articles, starting with part one, on the subject to make sure you have all the information. There is a lot more than what I talked about here.
Also, contact these oversight committees:
House Admin: cha.house.gov
House Oversight: oversight.house.gov
NOTE FROM THE AUTHOR:
I don’t put my work behind a paywall. These stories are too urgent, too raw, too real to keep locked away. I will never charge you to read my articles:
But when 90% of mainstream media outlets are owned by 6 billionaires, it’s becomes hard to know who to trust. I don’t take checks from billionaires, and I don’t take notes from PR firms. I just tell the damn story because I’m not part of the mainstream media.
To stay in the loop, you can subscribe for free. It helps build awareness and keeps the pressure on.
But a paid subscription helps me keep digging, filing FOIAs, verifying sources, and staying on the story long after the headlines fade. I want you to know that independent journalism takes real time, risk, and resources. If you value reporting that doesn't cower, that names names and shows receipts, please consider subscribing.
Thank you for being here
— Dissent ♥
Thank you for all your hard work!!! Much appreciated!!
Oh Dean and Zev, This is a gift from heaven re the voting machines. I hope you can make this a 1-5, all five Hot Topic Sibstact discussions. This info needs to be spread across our nations. Maybe it’s time for paper ballots??