A voting machine displayed this summer at a meeting of a commission named by Secretary of State Brian Kemp. BOB ANDRES /BANDRES@AJC.COM
Photo: Bob Andres/bandres@ajc.com
Photo: Bob Andres/bandres@ajc.com

The Jolt: The Democratic emails behind Brian Kemp’s allegations

No matter what happens in the next 48 hours, one thing is certain: This weekend fundamentally changed the debate over whether a sitting secretary of state should oversee his/her own election to higher office.

You can click here for more information, but these are the basics from our AJC colleague Mark Niesse:

Just two days before the election, Georgia Secretary of State Brian Kemp’s office launched an investigation Sunday into the Democratic Party after an alleged attempt to hack the state’s voter registration system.

Kemp, who is the Republican candidate for governor on Tuesday’s ballot, didn’t provide evidence linking the Democratic Party to the hacking attempt. He faces Democrat Stacey Abrams in the election.

The Democratic Party of Georgia called the allegation “100 percent false” and “an abuse of power” by Kemp’s office.

Kemp has provided no evidence to justify the investigation. But before we pursue that point, put in your pocket these lines from Gov. Nathan Deal on his reasons for vetoing Senate Bill 315, a cyber security bill passed by the Legislature this year:

Under the proposed legislation, it would be a crime to intentionally access a computer or computer network with knowledge that such access is without authority. However, certain components of the legislation have led to concerns regarding national security implications and other potential ramifications. Consequently, while intending to protect against online breaches and hacks, SB 315 may inadvertently hinder the ability of government and private industries to do so.

Now, back to the main theme. On Sunday, after Secretary of State Kemp announced an investigation of the party of his rival, Candidate Kemp’s campaign sent out a press release that included this:

"In an act of desperation, the Democrats tried to expose vulnerabilities in Georgia's voter registration system. This was a 4th quarter Hail Mary pass that was intercepted in the end zone. Thanks to the systems and protocols established by Secretary of State Brian Kemp, no personal information was breached. These power-hungry radicals should be held accountable for their criminal behavior."

Pressed for evidence that her boss’ weekend announcement was warranted, Secretary of State Kemp’s communication director, Candice Broce, declined to offer any on-the-record details – except to send out this text to reporters, which amounted to an all-points bulletin:

“The FBI is looking for information on ‘Rachel Small.’ We welcome any information about this person’s identity or motives to provide to federal authorities.

“Who is Rachel Small? Is that her real name, and for whom does she work?

“Why was she talking about trying to hack the Secretary of State’s system with Sara Ghazal, the Democratic Party of Georgia’s Voter Protection Director?

“All information will be passed on to federal authorities. Anyone with information can contact our investigator, John Bagwell, at….”

We have located the mysterious Rachel Small, a.k.a. Rachel Small. She is a volunteer with the Democratic party’s voter protection section. We know this because the Democratic Party of Georgia sent us a string of emails, annotated, outlining how they were told of a potential breach in Georgia’s voter registration data system, and their reaction thereto. Stroll through them below.

The notes in red belong to Seth Bringman, the party’s spokesman. The emails suggest that the mysterious Rachel Small -- and by the way, we only have Secretary of State Kemp’s word that the FBI is looking for her -- did the logical thing and informed her boss, Sarah Ghazal, who fired off a note to two cybersecurity experts, and asked them to evaluate. She asked them to evaluate the attachment sent to Small (which was not included in what was handed to the AJC).

One of those receiving Ghazal’s email was Wenke Lee, a cybersecurity expert on Secretary of State Kemp’s SAFE Commission.

David Cross, an attorney for a group suing over the security of Georgia’s electronic voting machines, was also brought into the loop. His emails include a written conversation with an FBI representative, Chad Hunt, who assures Cross that he has informed Secretary of State Brian Kemp of the situation.

The last email in the bunch below is one sent to reporters by Cross, offering his observations on the day’s events. So have at them here:

Now, back to SB 315, the vetoed measure that we mentioned a few paragraphs ago. On Sunday, Robert Graham of Errata Security, a cybersecurity blog, put up a post that included this:

Earlier this year, the legislature passed SB 315 that criminalized this activity of merely attempting to access a computer without permission, to probe for possibly vulnerabilities. To the ignorant and backwards person, this seems reasonable, of course this bad activity should be outlawed.

But as we in the cybersecurity community have learned over the last decades, this only outlaws your friends from finding security vulnerabilities, and does nothing to discourage your enemies. Russian election meddling hackers are not deterred by such laws, only Georgia residents concerned whether their government websites are secure.

It's your own users, and well-meaning security researchers, who are the primary source for improving security.

Perhaps Secretary of State Kemp can show otherwise, but the emails above indicate that what happened Sunday is precisely why the governor vetoed SB 315. A white-hat effort to make authorities aware of a security vulnerability resulted in an attempt to shoot the messenger – a messenger whose candidate for governor is on Tuesday’s ballot.

***

CNN’s Jake Tapper grilled Democrat Stacey Abrams on Sunday on legislation she sponsored in 2016 that called for certain types of assault rifles to be banned and confiscated. 

The gubernatorial candidate has long called for assault weapons to be banned, but has been less willing to say she wants them to be seized. 

Pressed by Tapper on the latter point, Abrams called the legislation the “beginning of a conversation.” 

“I am absolutely certain, where we to pass this in Georgia, we’d have a conversation about grandfathering in, whether or not people would turn their guns in, whether there would be buy-backs,” she said. 

Asked again by Tapper whether that meant she didn’t support the legislation or just wanted to start a dialogue, Abrams disagreed:

“Legislation in the state Legislature is about starting the conversation. Very few pieces of legislation are introduced and come out the same way they go in. That’s the process of making the law. My mission in 2016 was to be a part of the conversation. I believe we have to ban assault weapons in the state of Georgia.” 

Watch the back-and-forth here.

***

One by one, Trump praised the seven of Georgia’s nine Republican U.S. House members who were at the Macon rally. Unmentioned were the three who weren’t. 

One was U.S. Rep. Doug Collins, who is on military duty as a member of the Georgia National Guard. But two other absences are worth noting: U.S. Reps. Karen Handel and Rob Woodall, both of whom are in tough reelection battles in the competitive suburban territory of north Metro Atlanta.

Handel did tweet some words of welcome during Trump’s visit.

Hers is a delicate balancing act. This morning, Dave Wasserman of the nonpartisan Cook Report said his operation had placed Handel’s Sixth District congressional race against Democrat Lucy McBath back into the “toss-up” category.

***

Never miss a minute of what’s happening in Georgia Politics. Subscribe to PoliticallyGeorgia.com

Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.

Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.

X