DeMillo said bystanders could easily see the screens from 30 feet away, presenting serious privacy concerns. In some counties, elections officials reported that programming problems led to delays in checking in voters, and in some precincts, the machines unexpectedly shut down and rebooted.
Georgia is preparing to roll out 30,000 of the machines in every polling place for its presidential primary in March, replacing a paperless electronic voting system that a federal judge declared insecure and unreliable.
But election security experts said the state’s newest voting machines also remain vulnerable to potential intrusions or malfunctions — and some view the paper records they produce as insufficient if a verified audit of the vote is needed.
The concerns in Georgia come as paperless machines are set to be used in parts of at least half a dozen states in 2020 — a practice that leading experts and government officials warn is risky.
For its part, Georgia has struggled with a string of election security issues in recent years, including buggy software, insecure file sharing and an exposed voter registration database.
“They seem to be structurally unable to confront the fact that the voting system in Georgia is at risk,” DeMillo, a vocal critic of the Georgia’s approach to election security, said of state officials.
Georgia Secretary of State Brad Raffensperger declined to be interviewed through a spokesman, citing litigation. But in an October court filing, his office dismissed the concern as a “remote, unfounded speculation” and said the new machines were part of “a safe and secure voting system.”
Worries about the state’s election security have fed a broader distrust of the voting process in Georgia that has festered since a bitter 2018 gubernatorial race, when Democrats say rejected absentee ballots and suspended voter registrations led to widespread disenfranchisement, especially of voters of color. Republican Gov. Brian Kemp, who beat Democrat Stacey Abrams, has rejected those assertions, arguing that the state saw record turnout.
Some experts and government officials say not enough has been done to shore up election systems around the country, despite warnings that foreign interests will attempt to interfere in next year’s presidential race.
“We expect 2020 to be a target for our adversaries,” said Matt Masterson, senior adviser on election security for the U.S. Department of Homeland Security. “Disinformation campaigns have been ongoing across democratic institutions and we expect that to continue and perhaps even ramp up heading into 2020. The threat is real.”
The agency has boosted efforts to help state and local governments protect their election systems since 2016, when Russian government hackers targeted voter registration files or public election sites in 21 states and visited election websites in two Georgia counties.
Department officials acknowledge, however, that some election jurisdictions aren’t as protected as they’d like heading into the 2020 contest. “Many of these election officials have been really pushing to get the level of resourcing they need,” Masterson said.
Last week, Congress authorized more than $400 million in federal funding to be distributed to states for election administration. Georgia is expected to get more than $10 million, according to initial estimates. But, over the objections of election security advocates and many Democrats, there is no law specifying that the money must be spent on security measures.
'Flaws and vulnerabilities'
During the past two years, revelations about the state’s election security problems emerged in the Atlanta courtroom of U.S. District Judge Amy Totenberg as part of a federal lawsuit filed by Georgia voters and election security advocates.
They had argued that Georgia’s paperless electronic voting machines were vulnerable and asked Totenberg to bar the state from continuing to use them. They said they instead wanted a hand-marked paper ballot system, a method endorsed by leading cybersecurity experts.
In a ruling in August, Totenberg agreed that the state must stop using its paperless system after 2019, writing that it was “running on software . . . with well-known flaws and vulnerabilities and limited cybersecurity.”
Georgia has said it was already planning to replace the old equipment with new touch-screen machines known as ballot-marking devices, purchased recently from the company Dominion Voting Systems for more than $100 million.
Under the new system, voters mark their choices on a screen and — unlike the old machines — get a paper record with a summary of their vote and a computer code. Voters then feed the paper record into a scanner, which uses the code to tally the vote.
While the plaintiffs in the case say the new method is still too insecure, Totenberg said that determination is beyond the scope of the case. But her ruling did require Georgia to have a contingency plan if the new machines aren’t ready in time for 2020.
State officials said they will be ready to switch to hand-marked paper ballots if necessary but told local election administrators last week that all the machines would be ready.
Totenberg expressed doubt.
“The Court has real reason for concern regarding the State’s capacity for effectively handling the mammoth undertaking of starting from scratch and facilitating a rollout of the new voting system” in time for next year, she wrote.
“The past may here be prologue anew,” she added. “It may be ‘like déjà vu all over again.’ ”
One vulnerability that was particularly concerning to election security advocates was discovered in August 2016 by Logan Lamb, a cybersecurity expert who found he was able to access personal information about voters on Georgia’s election system, as well as passwords for county election supervisors.
Alarmed, Lamb contacted officials at Kennesaw State University’s Center for Election Systems, which ran the system. Six months later, the data was still publicly accessible online.
The university ultimately lost its contract to help run Georgia’s elections, and state officials have testified that the system has been revamped.
The previous electronic voting machines, purchased more than a decade ago, were also a major point of contention in the 2018 midterms.
Some touch screens flipped voters’ selections from one party to the other, and ballots would “self-cast,” among other issues, according to dozens of affidavits submitted by voters in various state and federal court cases.
“Repeatedly had ballot changed from Abrams to Kemp,” read one summary of a voter’s affidavit submitted in February. “Took three tries before it remained on Abrams.”
Voting advocates and experts have also pointed out the curious phenomenon in which about 80,000 people did not vote for lieutenant governor but voted in races further down ballot. Republican Geoff Duncan beat Democrat Sarah Riggs Amico by 123,000 votes in that race.
A leading statistician’s analysis found this year that it is nearly impossible for the undervote in the lieutenant governor’s race to have occurred by chance.
“I think the statistical evidence is pretty compelling that something went wrong,” said Philip Stark, a professor of statistics at the University of California at Berkeley who invented an audit widely seen as the gold standard for election integrity. “The question is, what, and whether, it caused the wrong candidate to appear to win.”
State officials have said that Georgia’s elections are safe and secure, noting in a response to a lawsuit that the undervote in the lieutenant governor race “can be easily explained by the fact that voters are not obligated to cast a vote in each contest appearing on their ballots.” Experts and advocates countered that voters did select candidates in races that were farther down the ballot.
'A perfect storm'
The case in Totenberg’s courtroom has provided a rare window into a state’s election security, as tens of thousands of pages of court testimony, security reports and other documents regarding the state’s election problems have become public.
Among the revelations was an admission by the state’s chief election security administrator, Michael Barnes, about the handling of the state’s sensitive election files.
Barnes testified last year that contractors for Election Systems & Software, the private company that has for years helped administer Georgia’s elections, worked out of their homes to build the ballots for the November 2018 election.
He said they shared the files via a flash drive to avoid exposing them to the Internet. But computer security experts noted that the files could have been corrupted or exposed to malware simply by being uploaded onto a computer that may have at any point been connected to the Internet.
“You have to kind of not project your emotions too much, but if I would have been able to put my head down between my legs and just shake my head, I would have done that,” DeMillo said, recalling his reaction as he watched the testimony in the courtroom. “It is literally a perfect storm for increasing risk in computer systems.”
Internal emails obtained through a public records request by the National Election Defense Coalition, an election security advocacy group, and provided to The Washington Post show that as recently as February, Election Systems & Software contractors were uploading sensitive election ballot files directly to the Internet.
The server was encrypted, the emails show. DeMillo said that was meaningless.
“If you’re emailing it to someone, unless you’re using military grade email systems, you might as well just be publishing it in The Washington Post,” said DeMillo, who previously served as chief technology officer for Hewlett-Packard.
Election Systems & Software spokesman Katina Granger told The Post in an email that the company was working under Georgia’s direction, referring questions to the state.
State officials did not respond to a detailed list of questions about Georgia’s election security. In a statement, Walter Jones, a spokesman for the Georgia secretary of state’s office, said DeMillo was “leading a national activist disinformation campaign.” He did not respond to a request for specifics.
Debate over new machines
Millions of voters in more than half a dozen states, including Texas, Ohio, Louisiana and Indiana, will continue to cast their ballots on paperless machines in at least some areas in 2020. Other states still don’t have good auditing practices, election security advocates and experts say.
“We’ve got close to half of the states in America that don’t have all the reforms that the experts believe are needed,” said Sen. Ron Wyden (D-Ore.), who has introduced legislation in Congress that would mandate hand-marked paper ballots in every state. Democratic leaders in the House passed a version of the bill in the fall, but Senate Majority Leader McConnell (R-Ky.) has blocked a vote in the Senate.
“I’m not going to let Democrats and their water carriers in the media use Russia’s attack on our democracy as a Trojan horse for partisan wish-list items that would not actually make our elections any safer,” McConnell said in July.
After the 2018 elections, the calls in Georgia for a hand-marked paper ballot system intensified, with experts contending that the option is cheaper and far less prone to hacking or computer errors that could lead to long lines on Election Day.
A diverse coalition of unlikely allies, from Grover Norquist’s Americans for Tax Reform and the conservative FreedomWorks to Democratic groups such as Abrams’s organization Fair Fight, demanded paper as an option. Fair Fight Action even paid for an ad during the Super Bowl this year.
“Every vote should be counted, from every corner of our state,” Abrams said in the ad, appearing next to a Republican county commissioner in Georgia.
Georgia’s state Republican leaders and election officials ultimately decided to buy tens of thousands of new electronic voting machines called ballot-marking devices. They said the machines provide a paper trail because they print out a piece of paper that states the person’s vote. In court filings, Georgia officials have referred to the machines as part of a “paper-ballot election system.”
But many experts say most voters don’t check to make sure the paper printout matches who they actually voted for on the touch screen.
“You only have a false sense of security and accountability,” said Wenke Lee, a professor of computer science at the Georgia Institute of Technology. “You’re spending many, many tens of millions of dollars for something that’s just not even better.”
In a declaration filed in the federal case, Andrew Appel, a professor of computer science at Princeton University, said the ballot-marking devices — like any computer — can still be hacked.
“If hacked, they can systematically change votes from what the voter indicated on the touch screen when printed on the paper ballot; few voters will notice, and those that notice have only the mitigation that they might be able to correct their own ballots, not their neighbors; and finally, recounts or audits will see only the fraudulently marked paper,” he wrote.
Some experts say that with enough outreach and training of poll workers and voters, people will properly verify the paper record of their ballot. They also say that the machines are important tools for voters with disabilities.
Michael Shamos, a professor in Carnegie Mellon University’s School of Computer Science, who was retained by the state as an expert in the federal case, said in an interview that he believes the new system in place in Georgia is a “rational method of voting” that produces a paper trail voters can verify — as long as the paper trail can be maintained.
“Everything depends on Georgia and all of its counties being very careful about how they handle those paper ballots,” he said.
Many are skeptical Georgia will be able to replace all of its paperless machines with 30,000 new ones in time for the 2020 primary. In Colorado — where most voters cast ballots by mail — it took about two years to roll out less than 1,500 ballot-marking devices across the state, according to Dwight Shellman, who helped oversee the effort for the Colorado secretary of state’s office.
Kay Stimson, a spokeswoman for Dominion, said the company is focused on getting the system successfully installed in time for 2020. “Feedback to us has been overwhelmingly positive,” she said, “and where there are recognized areas for improvement, we are striving to address them in timely fashion.”