The latest round of competing allegations arose when an outside computing expert contacted the Democratic Party of Georgia on Saturday, telling them he had found a way to obtain anyone's voter registration from the state's My Voter Page and voter registration site, according to emails obtained by The Atlanta Journal-Constitution. The expert also contacted David Cross, an attorney for a group suing Kemp over the security of the state's electronic voting machines. The Democratic Party and Cross shared the emails with the AJC.
PDF: Read Democratic emails about the alleged hack
Cross reported the concerns to the FBI and to an attorney for Kemp’s office Saturday. The FBI also reported the concerns to Kemp’s office, according to an email sent to Cross from the FBI agent he shared the information with.
Then on Sunday morning, the Georgia Secretary of State's Office emailed a press release announcing it was investigating the Democratic Party of Georgia for its role after an unsuccessful attempt to penetrate the state's registration system Saturday. Later Sunday, the Secretary of State's Office requested an FBI investigation of "possible cyber crimes."
The Secretary of State’s Office declined to release details of the allegation linking the Democratic Party to the hacking attempt.
Democratic Party of Georgia Executive Director Rebeccca DeHart said Kemp’s office should have fixed vulnerabilities in the state’s voter registration systems rather than blame Democrats.
“As Kemp aims to deflect blame for his failures, the questions everyone must be asking is: Why was the system vulnerable in the first place? Why has Brian Kemp still not taken basic steps to secure Georgians’ personal information?” DeHart said.
Abrams echoed DeHart’s criticisms, calling Kemp’s investigation a “desperate ploy” to motivate his core voters.
Kemp’s campaign said Democrats are trying to expose vulnerabilities in Georgia’s voter registration system for their own political gain.
“This was a fourth-quarter Hail Mary pass that was intercepted in the end zone,” said campaign spokesman Ryan Mahoney. “Thanks to the systems and protocols established by Secretary of State Brian Kemp, no personal information was breached. These power-hungry radicals should be held accountable for their criminal behavior.”
It’s unclear whether voter registration records were accessed, or if doing so would be a criminal act because they weren’t altered or downloaded. It’s also unknown the extent of the Democratic Party of Georgia’s communications with the alleged hacker, but the Democratic Party provided emails showing it alerted computer security experts Saturday morning.
The accusation from Kemp's office came as President Donald Trump was visiting Macon on Sunday to campaign for Kemp.
The website’s vulnerability could allow someone to access personal information, such as their driver’s license numbers and address, and potentially change voter registration information without permission, said Richard DeMillo, a computer scientist at Georgia Tech.
“The way the website is set up, once you get access to your own voter record, you can go in and change permissions and get access to anyone’s voting records,” DeMillo said. “You can change voter registration. You can download personally identifiable information.”
Instead of working to protect voters, Kemp’s office came forward with allegations against Democrats, Cross said.
“Someone was making a good-faith effort to determine if there’s a vulnerability, and he’s coming after them and saying it’s hacking,” Cross said. “It’s another failure of Kemp’s office to actually have a secure election system in the state.”
In 2016, a cybersecurity researcher found that an election server housed at Kennesaw State University had exposed Georgia voting information online for months. Kemp terminated the state's contract with KSU last year and moved elections management functions in-house.
The previous year, Kemp's office inadvertently released the personal information of more than 6 million Georgia voters to 12 organizations, including statewide political parties and news media organizations that legally buy more limited voter information from the state.
He also turned down an offer from the U.S. Department of Homeland Security to scan state election networks for vulnerabilities ahead of the November 2016 election, saying the state had already contracted with private cybersecurity companies to provide similar services.
“We have systems that contain personal information about Georgia voters that needs to be safeguarded,” said Michael Owens, chairman of the Cobb County Democratic Party who works in cybersecurity. “This is a cyber-security issue for this secretary of state, and it will be for the next secretary of state as well.”
A poll by The Atlanta Journal-Constitution and Channel 2 Action News found that many voters say they're deeply skeptical about the integrity of Georgia's elections, including concerns about tampering and ineligible voters casting ballots.
About 49 percent of respondents said they believe it’s likely or very likely that voters will show up at precincts and be told they’re not eligible. And 48 percent said it’s likely or very likely that people who aren’t eligible will vote in the election. The concerns largely broke along party lines.
The Secretary of State’s Office is meeting Monday with the FBI, GBI and U.S. Department of Homeland Security to discuss the investigation and plans to move forward.
What you need to know before voting
- Check your voter registration information, precinct and sample ballots online on the state's My Voter Page at www.mvp.sos.ga.gov.
- Bring photo ID when you vote. Georgia accepts several forms of identification, including state driver's licenses, student IDs from state colleges, state-issued ID cards and U.S. passports.
- If you have problems with your voter registration on Election Day, you can request a provisional ballot. Those ballots are counted if you verify your registration information within three days of the election.