Headed into one of the most consequential elections in the state’s history, Georgia’s new electronic voting system is vulnerable to cyberattacks that could undermine public confidence, create chaos at the polls or even manipulate the results on Election Day.
Computer scientists, voting-rights activists, U.S. intelligence agencies and a federal judge have repeatedly warned of security deficiencies in Georgia’s system and in electronic voting in general. But state officials have dismissed their concerns as merely “opining on potential risks."
Instead, an investigation by The Atlanta Journal-Constitution shows, Secretary of State Brad Raffensperger’s office weakened the system’s defenses, disabling password protections on a key component that controls who is allowed to vote.
In addition, days before early voting began on Oct. 12, Raffensperger’s office pushed out new software to each of the state’s 30,000 voting machines through hundreds of thumb drives that experts say are prone to infection with malware.
And what state officials describe as a feature of the new system actually masks a vulnerability.
Officials tell voters to verify their selections on a paper ballot before feeding it into an optical scanner. But the scanner doesn’t record the text that voters see; rather, it reads an unencrypted quick response, or QR, barcode that is indecipherable to the human eye. Either by tampering with individual voting machines or by infiltrating the state’s central elections server, hackers could systematically alter the barcodes to change votes.
Such a manipulation could not be detected without an audit after the election. Georgia plans to audit just one race on this year’s ballot.
The new voting system “presents serious security vulnerability and operational issues” caused by “fundamental deficits and exposure,” U.S. District Judge Amy Totenberg wrote in a recent order, in which she criticized state officials for not taking the problems more seriously.
“These risks,” Totenberg wrote, “are neither hypothetical nor remote under the current circumstances.”
State officials zealously defend the new system, however, suggesting hackers could mount an attack only in person, not through online connections. In court papers, lawyers for the state said the system has been subjected to extensive testing and has a variety of security features built in. The secretary of state, who oversees Georgia elections, hired a consultant to assess the system’s security, but officials refuse to release the consultant’s report, saying it contains sensitive information.
The voting system’s introduction in a statewide general election comes at a fraught moment in Georgia’s political history.
For the first time in nearly three decades, the state’s 16 electoral votes are in play and could swing the outcome of the presidential election. At the same time, both of the state’s U.S. Senate seats are on the ballot as Democrats and Republicans fight for control of Congress.
“These risks are neither hypothetical nor remote under the current circumstances."
- U.S. District Judge Amy Totenberg
These circumstances make Georgia an unusually attractive target for foreign agents, political operatives or others who want to disrupt or raise doubts about the 2020 elections, said Lawrence Norden, director of the election reform project at New York University’s Brennan Center for Justice.
“You’re going to target the places that have the most political value,” Norden said. “I’m definitely going to be holding my breath for Georgia on election night.”
Georgia purchased the $104 million system last year to replace 18-year-old equipment that recorded votes on a touchscreen device with no paper backup. The new system runs on a mind-boggling network of components: an electronic pollbook to check voters' registration, a device that encodes a ballot access card, a touchscreen ballot-marking device, a printer and, finally, an optical scanner.
No other state uses the system, manufactured by Canada-based Dominion Voting Systems, in every polling place. Texas rejected Dominion’s equipment, saying its examiners encountered “multiple hardware issues” and could not certify that it was “safe from fraudulent or unauthorized manipulation.”
Dominion disputed the Texas findings and noted that several large local governments across the United States have purchased the system. Among them are Cook County, Illinois, which includes Chicago, and San Francisco and San Diego counties in California.
U.S. intelligence agencies, however, have warned that electronic voting systems are likely targets of foreign governments trying to disrupt elections. The Department of Homeland Security says that in 2016, operatives affiliated with the Russian government probed the election systems of all 50 states; in Illinois, they accessed as many as 200,000 voter registration records but apparently did not tamper with them.
Russian-controlled agents also tried to enter the computer networks of county election offices in Georgia, Florida and Iowa, according to an indictment obtained by Special Counsel Robert Mueller during his investigation of foreign meddling in the 2016 presidential election.
This year, “our adversaries also seek to compromise our election infrastructure,” the National Counterintelligence and Security Center said in July. “We continue to monitor malicious cyber actors trying to gain access to U.S. state and federal networks, including those responsible for managing elections.”
On Wednesday, national security officials said Iran and Russia had obtained American voter registration data in an effort to influence the presidential election. They said Iran was behind an email campaign that sought to intimidate likely Democratic voters.
The National Academies of Science and the U.S. Senate Intelligence Committee, among others, have said paper ballots with readable text are the safest method for conducting elections. In a preliminary ruling on a lawsuit seeking to force Georgia to adopt paper balloting, Judge Totenberg agreed. But she opted not to order a last-minute change, despite her exhaustive findings of security problems in the new system.
Raffensperger’s office declined the Journal-Constitution’s request for an interview about security issues.
Jordan Fuchs, the deputy secretary of state, responded to the request in an email asking who else would be quoted in the story. “If the game plan is to simply interview ‘experts’ … I doubt we are interested in participating."
In a news conference last Monday, Raffensperger said his office has “really strong cybersecurity defenses” and the Department of Homeland Security would observe the election from his agency’s offices.
“I never want to say we don’t have any concerns,” he said. "We’ve always got concerns — new system, old system, it really didn’t matter. We understand that hackers work 24/7.
“If you look at your emails, every day people are looking for ways to scam you out of money. People would also love to scam you out of a vote.”
Exposing 'the gospel’
Most Georgians got their first look at the new voting system on June 9, during primary elections that had been delayed twice because of the coronavirus pandemic.
It didn’t go well.
Electronic pollbooks — computers that confirm voters' eligibility — crashed and rebooted at will. Some people were allowed to vote a second time even though they had also cast an absentee ballot. At some polling places, voters waited in lines so long that only a drone could see to the end.
Five days after the primary, the secretary of state’s office devised a solution. To speed up voting, it would disable password protections for the pollbooks, which verify voters' identity and eligibility.
“It was decided after the June election that that was a redundant security measure,” David Greenwalt, an executive with one of the state’s election equipment vendors, said during a training webinar for election officials on June 14. “So we have excluded the poll worker login screen from the process.”
Credit: Alyssa Pointer / Alyssa.Pointer@
Credit: Alyssa Pointer / Alyssa.Pointer@
The change did not prevent massive delays when early voting began this fall, when some voters waited six, eight and even 10 hours to cast ballots. The secretary of state’s office has not explained what happened, except to say the system needed additional “bandwidth.”
Officials had already suggested the passwords didn’t protect the system, anyway.
“We were taking away an entryway password that was the same for everybody in the county, that really didn’t add any security but an extra step that basically seemed unnecessary to us,” Gabriel Sterling, the voting system implementation manager for the secretary of state’s office, said in an interview this summer. “We’re trying to make it easier for people to make the poll pad function.”
This solution, however, overlooked the potential widespread harm that could occur if hackers infiltrated the system.
Pollbooks are “the gospel of who gets to vote,” said Duncan Buell, a computer science professor at the University of South Carolina who studies electronic voting systems.
Access to a single electronic pollbook could enable hackers to invade the state’s voter registration database. From there, Buell said, they could disenfranchise people in areas with certain demographics and voting patterns.
Some voters could be deleted from the rolls, making it appear they had never registered. Some could be surreptitiously assigned to a voting location other than their correct precinct. Others could be listed as having cast an absentee ballot or voted early, rendering them ineligible on Election Day. Or the entire database could be scrambled, bringing the election to a halt.
“We were taking away an entryway password that was the same for everybody in the county, that really didn't add any security but an extra step that basically seemed unnecessary to us. We're trying to make it easier for people to make the poll pad function."
- Gabriel Sterling, voting system implementation manager for Georgia
In a report last year, the U.S. Senate Intelligence Committee listed pollbooks among the “vulnerable components of the U.S. election infrastructure.” The committee recommended that officials institute multi-factor authentication on all voting databases, requiring at least two separate steps to confirm an authorized user’s identity.
But when Georgia eliminated the password requirement, it created “a vulnerable, high-risk, high-reward target for an adversary of any skill level who either seeks publicity or is deliberately disenfranchising targeted voters,” Harri Hursti, an election security expert, said in an affidavit supporting the lawsuit to block the state’s new voting system. “Passwords must be required.”
Tapping into the system would be relatively easy, Hursti said in an interview, because the pollbooks have internet capability, even if they are not always actively connected to a WiFi network, and are linked to each other through Bluetooth connections.
“You can be in a parking lot” and gain access wirelessly, Hursti said. “You can be in a nearby building.”
Streamlining the voting process, he said, is not a valid reason to remove protections against intrusion.
“Convenience is always the enemy of security.”
As Election Day approaches, President Donald Trump claims, without evidence, that the contest is “rigged” against him.
Democrats worry that changes in the U.S. Postal Service were intended to prevent the timely delivery of mail-in ballots, potentially disenfranchising millions of voters.
In Georgia and elsewhere, Republican politicians warn broadly of voter fraud, Democrats of voter suppression.
With so much distrust already in the political environment, Buell said, manipulating vote totals might not be necessary to disrupt the election.
“You could simply make it not possible to believe the result.”