Georgia’s E-Voting Vulnerability Underscored by Server Breach
(APN) ATLANTA — The vulnerability of Georgia’s electronic voting system to hacking and manipulation–especially without a voter verifiable paper audit trail to provide an independent backup–is underscored by a recent server breach.
Georgia is one of only five U.S. states–along with Delaware, Louisiana, New Jersey, and South Carolina–that does not have an independent way to verify how citizens voted in each election.
On March 02, 2017, Kennesaw State University (KSU) notified authorities of an unauthorized breach of their server at the Center for Elections Systems located on the campus.
It is not known if the hacker got anything, or if voter records were compromised, or if the cyber attack infected the system with a malicious virus.
The server was taken offline as soon as the breach was discovered.
The Federal Bureau of Investigation (FBI) has launched a criminal investigation into the server breach.
The FBI referred Atlanta Progressive News to a statement from KSU and would only say the breach was under investigation.
“KSU is working with federal law enforcement officials to determine whether and to what extent a data breach may have occurred involving records maintained by the Center for Election Systems,” KSU states.
“Because this involves a pending criminal investigation KSU will have no further comment on this matter and any inquiries should be addressed to the US Attorney’s Office,” KSU states.
“There is an ongoing investigation and I don’t have any information. I would be glad to share what I’ve got but I don’t have any,” Bob Page with the U.S. Attorney’s office in Atlanta told APN.
Millions of voter records are maintained by the Center for Elections Systems.
The Center is responsible for ensuring the integrity of Georgia’s voting system through training, research auditing, and testing the voting equipment, according to the Center’s website.
Since 2002, the Center has overseen Georgia’s election operation and voting machines.
KSU officials received a warning before the U.S. Presidential Election last year, in 2016, that a server system used by its Center may be vulnerable to a data breach, but it is not clear whether the university acted to address the potential problem identified by the hacker, the Atlanta Journal-Constitution reported.
Georgia Secretary of State Brian Kemp is reportedly furious that KSU did not tell his office about the contacts before this month.
The SOS will no longer share voter records with KSU until the investigation is over.
The current debacle follows an incident in 2015 where Kemp’s office accidentally released the Social Security numbers and other private information of more than six million registered voters. The information went to media outlets, political parties, and several organizations.
In 2016, the U.S. Department of Homeland Security (DHS) offered states the opportunity to scan their networks ahead of the presidential election for vulnerabilities that hackers could exploit.
Georgia did not accept the DHS offer because they have a private vendor whose name they cannot disclose.
“We cannot disclose the identity of the vendor we use for security purposes because that would expose some of the security methods they use. It is a top of the line private company, globally recognized,” Candice Broce, a spokesperson for Georgia SOS, told APN.
APN has hand-delivered to Kemp’s office an Open Records request for the contract between APN and the vendor.
Meanwhile, the plot thickens as DHS is accused of making an unsuccessful attempt to hack a computer network containing the state’s voter registration database after the November 08 election.
Kemp wrote a letter to the DHS asking why they were attempting to breach our firewall.
A representative for DHS said they had received Kemp’s letter and was investigating the matter.
So many investigations and so few answers. Georgia’s election systems are a hot mess, and it is all made possible by the underlying fact that our E-voting systems are not secure and not backed up by a Voter Verifiable Paper Audit Trail.
Georgia has had problems of vote flipping since 2002 when the Direct-Recording Electronic (DRE) voting machines were installed.
Because of complaints of vote flipping, the SOS office has additional investigations in Baldwin, Clayton, Cobb, and Coweta counties.
Georgia NAACP President Francys Johnson said his organization has received unconfirmed reports of similar problems in counties including DeKalb, Bulloch, Chatham, Dodge, Effingham, and Macon-Bibb.
Computer scientists and concerned citizens have advocated for a verifiable paper trail for years and warned that Georgia’s election system can not be trusted without a way to independently audit the votes.
The SOS office maintains it is a calibration issue with the voting machines when votes flip.
“We have not found actual cases where the votes flipped but rather the machine was not calibrated properly,” Broce said.
When properly calibrated, the machines must be tilted at an 45 degree angle toward the voter for it to mark the voter’s correct choice. That is why it is so important for voters to check the summary page before casting their votes.
However, from the beginning, many have voiced concerns about the 2002 Diebold Election System (DRE) now called Dominion Voting.
In 2002, the infamous “Rob Georgia Patch,” which was not certified by the State of Georgia, was installed over the Internet by Diebold technicians and then loaded onto Georgia voting machines.
Georgia was a majority Democratic state until 2002 when it turned majority Republican and has remained solidly Republican.
Georgia is not alone in having security breaches. Over the summer of 2016, Arizona and Illinois had separate cyber attacks on their voter registration databases.
In Illinois, the voter registration database was shut down for several weeks after it was hacked through a cyber attack of possible foreign origin and personal information was downloaded from about 200,000 voters, according to the Chicago Tribune.
Later in June 2016, Arizona’s election system was attacked and malicious software was introduced into the system by Russians, the FBI told state officials in Arizona, as reported Time magazine. It was not known if the Russian hackers were working for the Russian government.