Georgia’s hard-fought and nationally watched governor’s race erupted into one more battle over voting issues just two days before the election — this time over the security of the state’s voting system.
The office of Secretary of State Brian Kemp, the Republican candidate for governor, announced Sunday morning it opened an investigation into the Democratic Party of Georgia after a failed attempt to hack the state’s voter registration system. Kemp faces Democrat Stacey Abrams in Tuesday’s election.
Democrats said the allegation is false, and that Kemp is trying to cover up vulnerabilities that could expose voters’ personal information.
The late-breaking claims capped years of back-and-forth battles between Kemp and Abrams over voting issues before Election Day. Kemp has emphasized efforts to safeguard elections from fraud while Abrams has focused on expanding access to voting by registering more people.
Democrats say Kemp should resign as the state’s top election official while he’s also running for the highest office in Georgia. Republicans say their rivals are trying to undermine Kemp by casting doubts on his ability to protect voters.
The latest round of competing allegations arose when an outside computing expert contacted the Democratic Party of Georgia on Saturday, telling them he had found a way to obtain anyone’s voter registration from the state’s My Voter Page and voter registration site, according to emails obtained by The Atlanta Journal-Constitution. The expert also contacted David Cross, an attorney for a group suing Kemp over the security of the state’s electronic voting machines. The Democratic Party and Cross shared the emails with the AJC.
Cross reported the concerns to the FBI and to an attorney for Kemp’s office Saturday. The FBI also reported the concerns to Kemp’s office, according to an email sent to Cross from the FBI agent he shared the information with.
Then on Sunday morning, the Georgia Secretary of State’s Office emailed a press release announcing it was investigating the Democratic Party of Georgia for its role after an unsuccessful attempt to penetrate the state’s registration system Saturday. Later Sunday, the Secretary of State’s Office requested an FBI investigation of “possible cyber crimes.”
The Secretary of State’s Office declined to release details of the allegation linking the Democratic Party to the hacking attempt.
Democratic Party of Georgia Executive Director Rebeccca DeHart said Kemp’s office should have fixed vulnerabilities in the state’s voter registration systems rather than blame Democrats.
“As Kemp aims to deflect blame for his failures, the questions everyone must be asking is: Why was the system vulnerable in the first place? Why has Brian Kemp still not taken basic steps to secure Georgians’ personal information?” DeHart said.
Abrams echoed DeHart’s criticisms, calling Kemp’s investigation a “desperate ploy” to motivate his core voters.
Kemp’s campaign said Democrats are trying to expose vulnerabilities in Georgia’s voter registration system for their own political gain.
“This was a fourth-quarter Hail Mary pass that was intercepted in the end zone,” said campaign spokesman Ryan Mahoney. “Thanks to the systems and protocols established by Secretary of State Brian Kemp, no personal information was breached. These power-hungry radicals should be held accountable for their criminal behavior.”
It’s unclear whether voter registration records were accessed, or if doing so would be a criminal act because they weren’t altered or downloaded. It’s also unknown the extent of the Democratic Party of Georgia’s communications with the alleged hacker, but the Democratic Party provided emails showing it alerted computer security experts Saturday morning.
The accusation from Kemp’s office came as President Donald Trump was visiting Macon on Sunday to campaign for Kemp.
The website’s vulnerability could allow someone to access personal information, such as their driver’s license numbers and address, and potentially change voter registration information without permission, said Richard DeMillo, a computer scientist at Georgia Tech.
“The way the website is set up, once you get access to your own voter record, you can go in and change permissions and get access to anyone’s voting records,” DeMillo said. “You can change voter registration. You can download personally identifiable information.”
Instead of working to protect voters, Kemp’s office came forward with allegations against Democrats, Cross said.
“Someone was making a good-faith effort to determine if there’s a vulnerability, and he’s coming after them and saying it’s hacking,” Cross said. “It’s another failure of Kemp’s office to actually have a secure election system in the state.”
In 2016, a cybersecurity researcher found that an election server housed at Kennesaw State University had exposed Georgia voting information online for months. Kemp terminated the state’s contract with KSU last year and moved elections management functions in-house.
The previous year, Kemp’s office inadvertently released the personal information of more than 6 million Georgia voters to 12 organizations, including statewide political parties and news media organizations that legally buy more limited voter information from the state.
He also turned down an offer from the U.S. Department of Homeland Security to scan state election networks for vulnerabilities ahead of the November 2016 election, saying the state had already contracted with private cybersecurity companies to provide similar services.
“We have systems that contain personal information about Georgia voters that needs to be safeguarded,” said Michael Owens, chairman of the Cobb County Democratic Party who works in cybersecurity. “This is a cyber-security issue for this secretary of state, and it will be for the next secretary of state as well.”
A poll by The Atlanta Journal-Constitution and Channel 2 Action News found that many voters say they’re deeply skeptical about the integrity of Georgia’s elections, including concerns about tampering and ineligible voters casting ballots.
About 49 percent of respondents said they believe it’s likely or very likely that voters will show up at precincts and be told they’re not eligible. And 48 percent said it’s likely or very likely that people who aren’t eligible will vote in the election. The concerns largely broke along party lines.
The Secretary of State’s Office is meeting Monday with the FBI, GBI and U.S. Department of Homeland Security to discuss the investigation and plans to move forward.
Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.
Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.
Download the new AJC app. More local news, more breaking news and in-depth journalism. AJC.com. Atlanta. News. Now.
Download the new AJC app. More local news, more breaking news and in-depth journalism.