When Georgia Democrats were alerted to what they believe to be major vulnerabilities in the state’s voter registration system Saturday, they contacted computer security experts who verified the problems. They then notified Secretary of State Brian Kemp’s lawyers and national intelligence officials in the hope of getting the problems fixed. Instead of addressing the security issues, Kemp’s office put out a statement Sunday saying he had opened an investigation that targets the Democrats for hacking. Kemp’s statement has become top news nationwide, but the context and background have yet to be reported — so we are providing it below. By the time Democrats reached out to the experts, Kemp’s office and the Federal Bureau of Investigation had already been alerted to the problem on Saturday morning by David Cross of the Morrison Foerster law firm. Cross is an attorney for one of the plaintiffs in a lawsuit against Kemp and other elections officials concerning cyber weaknesses in Georgia’s election system. A man who claims to be a Georgia resident said he stumbled upon files in his My Voter Page on the secretary of state’s website. He realized the files were accessible. That man then reached out to one of Cross’s clients, who then put the source and Cross in touch on Friday. The next morning, Cross called John Salter, a lawyer who represents Kemp and the secretary of state’s office. Cross also notified the FBI.
WhoWhatWhy, which exclusively reported on these vulnerabilities Sunday morning, had consulted with five computer security experts on Saturday to verify the seriousness of the situation. They confirmed that these security gaps would allow even a low-skilled hacker to compromise Georgia’s voter registration system and, in turn, the election itself. It is not known how long these vulnerabilities have existed or whether they have been exploited.
Just before noon on Saturday, a third party provided WhoWhatWhy with an email and document sent from the Democratic Party of Georgia to election security experts that highlighted these potential vulnerabilities within the state’s My Voter Page and online voter registration system.
According to the document, it would not be difficult for almost anyone with minimal computer expertise to access millions of voters’ private information and potentially make changes to their registrations — including canceling them.