Last week, a team of security researchers who run the DefCon hacking convention released a report on voting machines in use around the country that contain structural flaws ripe for exploitation by hackers. Among its dismaying findings, DefCon reported a flaw in one widely used voting tabulator that, if hacked, “could enable an attacker to flip the Electoral College and determine the outcome of a presidential election.” Though it’s been nearly two years since the 2016 election, there remains a startling gap between the well understood need to secure our elections against cyberattacks and the reality on the ground. Computer security experts and leading intelligence and law enforcement voices have sounded the alarm on the persistent and serious threats facing election systems. Yet the actors best positioned to take broad action — state governments, Congress, and election system vendors — have moved slowly, and in some cases stalled.
However, a recent court decision suggests that the federal courts could break the impasse. In Curling v. Kemp, a federal judge found that vulnerabilities in Georgia’s paperless electronic voting system raised profound constitutional issues, requiring urgent action from state officials. While the court did not force Georgia to implement an alternative voting system by November’s election, it did conclude that the plaintiffs are likely to prevail in their challenge to the state’s system.
Significantly, the court found that casting ballots on a system as vulnerable to cyberattacks as Georgia’s burdened the plaintiffs’ rights to vote under the Due Process and Equal Protection Clauses of the Fourteenth Amendment. (A similar case brought by Protect Democracy, where I work, is progressing in South Carolina. Protect Democracy also filed a friend-of-the-court brief in Curling.)
The Curling decision reflects a foundational principle: When government officials fail to safeguard constitutional rights, courts have a critical role to play in holding those officials accountable.