Right before midterms, a United States District Court judge found that Georgia’s electronic voting machines are extremely vulnerable to hacking and foreign meddling — including from Russia — but ruled against changing the state’s elections systems to avoid voter confusion and chaos. But by simply highlighting the vulnerability of Georgia’s electronic voting machines, the judge may have already undermined voter confidence just weeks before the midterms. The new ruling from Judge Amy Totenberg in Curling v. Kemp found that Georgia’s electronic voting machines are so easily hacked that it is irresponsible for a locality or state to use them without a paper audit trail. Georgia’s machines do not have paper audit trails. Totenberg admonished the state of Georgia for not properly addressing election security issues in time for the 2018 midterm elections, reminding them that “2020 elections are around the corner” and that “if a new balloting system is to be launched in Georgia in an effective manner, it should address democracy’s critical need for transparent, fair, accurate, and verifiable election processes that guarantee each citizen’s fundamental right to cast an accountable vote.”
Over the past few years, cybersecurity experts and lawyers have told state and local governments repeatedly that electronic voting machines and platforms are easily hacked and should either be substantially reinforced or at least have verifiable paper audit trails.
Just last week, an MIT computer scientist demonstrated how to hack an electronic voting machine — the AccuVote TS-X — which is used in some localities of 18 states, but is used statewide in Georgia.
Atlanta attorney Bruce Brown, who told the state of Georgia that its central election server was “insecure” months before the 2016 presidential election, told Totenberg in an August court filing that it would be “prudent” for the state to switch to paper ballots.
According to the ruling, “In August 2016, Logan Lamb, a professional cybersecurity expert in Georgia, went to CES’s public website and discovered that he was able to access key election system files, including multiple gigabytes of data and thousands of files with private elector information. The information included electors’ driver’s license numbers, birth dates, full home addresses, the last four digits of their Social Security numbers, and more. Mr. Lamb was also able to access, for at least 15 counties, the election management databases from the GEMS central tabulator used to create ballot definitions, program memory cards, and tally and store and report all votes. He also was able to access passwords for polling place supervisors to operate the DREs and make administrative corrections to the DREs.”
Lamb alerted authorities but the state did not act on his research.