The Kennesaw State University center that has helped run Georgia’s elections for the past 15 years may lose its contract in a matter of weeks because of concerns over security lapses that left 6.5 million voter records exposed. The secretary of state’s office said Wednesday that it is “actively investigating alternative arrangements” to using Kennesaw State University’s Center for Election Systems, news that coincided with the unmasking by Politico Magazine of the security researchers behind a data scare involving the center that became public in March. “All options are on the table,” said Candice Broce, a spokeswoman for Georgia Secretary of State Brian Kemp. The center’s annual $800,000 contract with the state ends June 30.
In the Politico report, Logan Lamb, an Atlanta-based internet security researcher, and Chris Grayson, a security colleague, for the first time detailed finding voter records, instructions and passwords for election workers, software files that could create electronic voter lists for poll workers, and what appeared to be databases for the state’s election management system.
It is not clear whether those files were current. The center, for example, does not maintain the state’s voter registration database — the files it collects are separate from the state’s main system, which is connected to the internet but housed on different servers in a different location using different security protocols.
Georgia’s more than 27,000 voting machines are self-contained and not connected to the internet, and neither are the in-house systems that create and maintain the electronic pollbooks or the election management system.