The most closely watched and potentially pivotal election since November will be held Tuesday, here in Georgia. Two days from now.
And less than a week before the election — last Wednesday, to be exact — Politico magazine reported that a huge security gap in the state’s electronic election system puts the integrity of the whole thing in question.
Just what the state, and the country, need right now.
As reported Friday by Associated Press, “The security failure left the state’s 6.7 million voter records and other sensitive files exposed to hackers, and may have been left unpatched for seven months. The revealed files might have allowed attackers to plant malware and possibly rig votes or wreak chaos with voter rolls during elections.”
The Politico report said the initial discovery of the breach was made last August — before the general election, although there is apparently no contested November outcome as a result. Tuesday’s contest between Republican Karen Handel and Democrat Jon Ossoff is to fill the congressional seat vacated by Trump administration Health and Human Services Secretary Tom Price.
An Atlanta private security researcher named Logan Lamb reportedly made the discovery, telling Politico he found the problem when he did a search of the election website of Kennesaw State University, host site of the Center for Election Systems. What he found, according to the AP story, was “a directory open to the internet that contained not just the state voter database, but PDE files with instructions and passwords used by poll workers to sign into a central server used on Election Day.”
Lamb said the directory was already indexed by Google.
One of the most unsettling aspects of all this, aside from the compelling evidence that election security in Georgia is something of an oxymoron, is that Lamb says he was told to sit on what he had discovered. He told Politico that he had notified Center for Election Systems Director Merle King about the problem, and that King told him the problem would be repaired. (A security researcher, Chris Grayson, checked the system in March saw that it had not.) The Georgia Secretary of State’s office, which oversees all elections, apparently was not notified. (A spokesperson for the office on Friday told the Atlanta Journal-Constitution the investigation is not related to its own electronic voting network, and any breach is not in a state database of Georgia’s registered voters.)
Grayson said he was able to obtain the Georgia voter records and other files through a publicly accessible database. He reported what he found to a Kennesaw State faculty member, and the FBI was called in. No charges were filed, because no illegal “hacking” had been necessary to get information that should never have been accessible in the first place. But the FBI is still investigating how the alleged breach happened.
Meanwhile, Kennesaw State released a statement Friday that the university is “working with federal law enforcement officials to determine whether and to what extent a data breach may have occurred involving records maintained by the Center for Election Systems. Because this involves a pending criminal investigation, Kennesaw State will have no further comment on this matter and any inquiries should be addressed to the U.S. Attorney’s Office.”
As if all this weren’t troubling enough, the AP story noted that Georgia is more than ordinarily vulnerable to election disruption because the state still uses touch-screen machines with no hard-copy records, so vote manipulation is all but impossible to trace.
There is, of course, no “good” time for a problem like this. But mere days before a crucial election, with the country already more than normally distrustful of the political process, the timing could hardly be worse.