ATLANTA — Logan Lamb, a cybersecurity sleuth, thought he was conducting an innocuous Google search to pull up information on Georgia’s centralized system for conducting elections.
He was taken aback when the query turned up a file with a list of voters and then alarmed when a subsequent simple data pull retrieved the birth dates, drivers’ license numbers and partial Social Security numbers of more than 6 million voters, as well as county election supervisors’ passwords for use on Election Day. He also discovered the server had a software flaw that an attacker could exploit to take control of the machine.
The unsecured server that Lamb exposed in August 2016 is part of an election system — the only one in the country that is centrally run and relies upon computerized touch-screen machines for its voters — that is now at the heart of a legal and political battle with national security implications.
On one side are activists who have sued the state to switch to paper ballots in the November midterm elections to guard against the potential threat of Russian hacking or other foreign interference. On the other is Secretary of State Brian Kemp, who has declared the electronic system secure and contends that moving to paper ballots with less than two months to Election Day will spawn chaos and could undermine confidence among Georgia’s 6.8 million voters.
Kemp, a Republican endorsed by President Trump — and an outspoken critic of federal election security assistance in 2016 — is running for governor in a competitive, nationally watched race against a Democrat who could become the nation’s first black female governor.
“I was absolutely stunned,” Lamb said of his discovery of the exposed data. And he was angered when six months later, despite warning officials at Kennesaw State University’s Center for Election Systems (CES), which housed the server, the data was still publicly accessible online.
The center last year was moved to Kemp’s office, and state officials insist that they have put a series of stringent controls in place to safeguard the integrity of the vote.
Georgia, the first state in the country to adopt the “direct-recording electronic,” or DRE, touch-screen machine in 2002, is now one of only five states in which electronic voting is entirely paperless. But a federal judge here is poised to rule by Monday whether the state must scrap its current system that utilizes 28,000 DREs and adopt paper ballots and paper audits instead. Her ruling could affect the other four states and send a rare signal from the bench about the urgency of reducing the risk of election interference from foreign adversaries.
“Times change,” U.S. District Judge Amy Totenberg said Wednesday at the conclusion of a seven-hour hearing. “We are in a very quickly evolving situation in terms of cyber technology and cyber crime. . . . No one wants their vote to be insecure, but moreover diluted or altered. . . . But at the same time, you don’t want people standing outside the polls giving up, being confused, being discouraged.”
She fretted “that we’re here at the 11th hour.” Yet, she said, “we have a lot of concern nationally” about the use of machines like Georgia’s. “There is a lot of criticism of the fact that the state and counties have not . . . been able to move on this, that we’re using antiquated software. . . . It’s not just a theoretical paranoid notion at this point. . . . These are real, real issues.”
Indeed, a month before the 2016 presidential election — and two months after Lamb alerted CES to the server issue — Russian military spies “visited the websites of certain counties in Georgia” seeking flaws to exploit, according to U.S. special counsel Robert S. Mueller III, who has been investigating Russian interference in the election.
Georgia’s current predicament grows out of its effort to enhance electoral security following the 2000 presidential election in neighboring Florida in which punch-card ballots marred by “hanging chads” and other irregularities spawned a recount and Supreme Court intervention. After a study, Georgia in 2002 embraced computerized electronic voting — a technology seen at the time as cutting-edge.
But over the last 12 years, researchers have shown how DREs — particularly the Diebold machines pioneered by Georgia — are vulnerable to hacking. On Wednesday, one of those computer scientists, Alex Halderman of the University of Michigan, demonstrated for the court how a malware-laced memory card inserted into a Diebold machine can alter election results.
He said that, a decade ago, the threats came primarily from “dishonest insiders or dishonest candidates” or criminals but that “everything changed in 2016.” Russia’s efforts to penetrate states’ and counties’ voter registration systems and to hack manufacturers’ software “presented a substantially new and much more serious form of threat.”
He concluded: “I don’t think there’s anything that Georgia can do to reasonably secure the paperless touch-screen machines that are in use today.”
This month, the National Academies of Sciences issued a 180-page report that recommended that “every effort should be made” to adopt paper ballots for the 2018 election and rigorous vote audits. Today, 29 states use virtually all paper ballots, according to the Brennan Center for Justice, and Georgia itself is exploring replacing its electronic system by 2020.
But even some experts who believe paper ballots are the most secure agree with Kemp that switching this close to an election may be counterproductive. “While paperless voting, as is done statewide in Georgia, is not a best practice by any means, such a statewide change this close to an election would raise serious concerns,” David Becker, executive director of the nonprofit, nonpartisan Center for Election Innovation and Research, said in an interview.
On Wednesday, Totenberg, the U.S. district judge, pressed CES Director Michael Barnes on whether he had “done anything to determine whether there was an issue” with the vulnerable server. He deflected, saying it did not contain any software used to create Election Day ballots.
He said the FBI examined the server. The bureau found nothing to indicate that Lamb had committed a crime or that a nation-state had compromised the server, according to individuals familiar with the case, who spoke on the condition of anonymity to discuss a sensitive matter.
In any event, the system has been revamped, state officials testified.
Chris Harvey, Georgia’s elections director, said that at the end of 2017 the secretary of state’s office re-examined its system, conducting a simulated election, and found that “the DREs performed flawlessly and recorded every vote as cast.” Kemp recertified the system in April.
Barnes testified that the server that holds the data that Georgia’s 159 counties use to build their ballots is “air-gapped,” or isolated from the Internet. But he acknowledged that he uses a thumb drive to transfer ballot proofs from the server to his desktop computer, which he uses for email. From there, he moves the data to a Dropbox-like site, where counties can retrieve the ballot data. “So he’s connected a supposedly air-gapped system to the Internet in at least two ways,” Richard DeMillo, a Georgia Tech computer scientist who also testified Wednesday, said in an interview after the hearing.
Richard Barron, the election supervisor of Fulton County, which includes Atlanta and is the largest county in Georgia, said that the county uses “analog phone lines” to transmit election results to the secretary of state’s office. Hacking analog phone lines is not difficult to do, DeMillo said.
The courtroom was packed, with dozens watching from an overflow room. In attendance were the plaintiffs: election integrity advocates Marilyn Marks, Donna Curling and Donna Price.
Much of the state’s argument focused on the feasibility of switching to paper ballots now.
“I don’t know any conceivable way you could change Georgia’s election system . . . in a matter of weeks,” said Cathy Cox, a former Georgia secretary of state who oversaw the 2001 study that led to the state’s adoption of DREs. “It would be chaotic beyond belief.”
With early voting beginning on Oct. 15, there simply is not enough time, state and county election officials said, to print ballots, buy optical scanners to read the ballots, train poll workers and educate the voters on the new system.
Georgia uses paper ballots for absentee voting, and Harvey acknowledged that if every voter in Georgia cast an absentee ballot in the final days before Election Day, the state and counties would find a way to make it work.
“It’s absolutely possible” to switch to paper in a tight time frame, but “it’s exceptionally difficult to do,” Edgardo Cortes, who was Virginia’s top election official until earlier this year, said in an interview. In 2015, roughly 20 percent of the state’s 2,500 precincts moved from touch screens to paper, and the process was repeated with another 15 percent of precincts last year. In both cases, the conversion was accomplished in just under two months, he said.
Despite fears of long lines and chaos, “in both of those elections, not a single complaint came in, in relation to voting equipment,” Cortes said. “There weren’t any problems with election night reporting.”
The biggest challenge was making sure there were enough optical scanners to handle the load, and that meant working with the vendors, said Cortes, now election security adviser at The Brennan Center for Justice.
“It was a substantial amount of work for local election officials — I don’t want to diminish it,” he said. “But it is logistically possible to do.”
Julie Tate contributed to this report.