First elections, then probes into hacking. Now, the lawsuits over election hacking. A group of Democrat and Republican voters in Georgia is suing the state to overturn its fiercely fought June special election, saying evidence the state’s voter database was exposed to potential hackers for at least eight months invalidates the results. The lawsuit, which went to pre-trial conferences this week, could be a sign of disputes to come as revelations mount about the vulnerability of the U.S. election system and Russian attempts to infiltrate it. “As public attention finally starts to focus on the cybersecurity of election systems, we will see more suits like this one, and eventually, a woke judge will invalidate an election,” said Bruce McConnell, vice president of the EastWest Institute and former Department of Homeland Security deputy undersecretary for cybersecurity during the Obama administration. Plaintiffs argue the disclosure in August 2016 by Logan Lamb, a Georgia-based computer security expert, that much of Georgia’s voting system was inadvertently left out in the open on the Internet without password protection from August 2016 to March 2017 should make the results moot. What’s more, Georgia’s use of what the plaintiffs say are insecure touch-screen voting computers, which they claim don’t comply with Georgia state requirements for security testing, means the election results couldn’t legally be certified, they say.
… Then there’s the matter of the voting machines. The suit’s plaintiffs want the state — besides overturning the election — to switch to a paper ballots-based voting system that can be audited. They argue Georgia’s use of touch-screen voting machines (known as direct-recording electronic machine or DREs) does not meet the requirements of state law, which requires that they can be certified as safe and accurate, because of their age and insecurity.
In 2006, computer security researchers at Princeton University showed they were able to hack into the AccuVote TS, the primary voting machine used in Georgia today, in just four minutes, infecting a single machine with malicious software that could spread to machines across the voting network. Since that research, California, Maryland and North Carolina have all ceased using these machines and the software that runs them.
“Every single independent study that’s been done on the machines found significant vulnerabilties. These are not well-engineered machines, and their design is bad because there’s no way to check on results — there’s no way to know if what the computer thinks the voter chose is what the voter actually chose,” said Barbara Simons, president of the board of Verified Voting, a non-partisan, non-profit organization that advocates for elections accuracy.