Cybersecurity Challenges in Georgia’s Elections

Georgia’s elections have become heavily scrutinized. After Joe Biden won the presidency due to a narrow lead in Georgia, and the senatorial election of Raphael Warnock determined control of the Senate, the state’s role in national politics cannot be ignored [1].

Recently, former President Donald Trump, and 19 other defendants, were charged by a grand jury in September for a conspiracy to overturn the 2020 election in Georgia, by Fulton County District Attorney Fani Willis [2]. Fani Willis, the District Attorney of Fulton County, has stated that her investigation encompasses a January 2021 phone conversation in which Trump urged Brad Raffensperger, the Georgia Secretary of State, to “find” the necessary votes for his victory in Georgia [3].

Although Raffensperger didn’t give in to Trump’s prodding, that doesn’t mean that Georgia’s elections are completely safe. In June, two reports that were part of a federal court case relating to the use of Dominion ballot-marking devices in Georgia elections were revealed by a federal judge [4].

These reports were conducted as part of a lawsuit against Raffensperger, from individual Georgia voters and a voting rights organization, where they asserted that the state’s use of direct recording electronic (DRE) voting systems violated their Fourteenth Amendment rights due to a lack of due process and equal protection [5]. 

This first report, a 96-page write-up by computer science professors J. Alex Halderman from the University of Michigan and Drew Springall from Auburn University, revealed that Georgia’s election equipment exhibited weaknesses in virtually every aspect accessible to potential attackers [6]. This raised massive concerns about the possibility of vote manipulation and its potential impact on election results.

The second report, paid for by Dominion Voting Systems, the manufacturer of the state’s electronic voting system, reported that “none of the alleged vulnerabilities… would allow a bad actor to change the outcome of an election.[7]” Twenty-nine computer scientists from the Georgia Institute of Technology, Stanford, Yale, the Massachusetts Institute of Technology, and other prestigious US universities and organizations wrote a letter to Mirte asking them to retract this “dangerously misleading analysis. [8]” As of this writing, Mitre has not. 

Instead, Raffensperger, working off of the potentially biased Mitre report, has chosen not to update the state’s software before the 2024 presidential elections [9], issuing a press release stating that “Georgia elections are secure.[10]”

Raffenspereger refusing to update the system, or recognize the faults in it, puts Georgia voters at risk. He may believe that admitting any fault in the system gives more credence to parties like Former President Trump, who believes elections are flawed in the first place. But ignoring this technical issue has the potential to undermine the trustworthiness of voter’s choices and jeopardize the nation’s political stability and security. Electoral officials like Raffensperger must prioritize the security and integrity of the election process to maintain trust in the democratic system and protect the rights of all citizens. 

Georgia’s voting systems are controlled by the Secure, Accessible, & Fair Elections (SAFE) Commission, which was started by then Secretary of State Brian Kemp to study different options for Georgia’s voting system. The SAFE Commission’s security rules require that “vendors hold responsibility for cybersecurity failures and are incentivized to properly maintain equipment under contract,” which the Halderman report appears to have shown is not taking place [11]. 

Georgian voters deserve better than this confusion and should know whether or not their votes are secure. The state already has canceled 75,676 names from the voter rolls because the voter died or moved out of Georgia, according to Raffensperger’s office [12]. He plans to strike roughly 116,000 more before the 2024 election [13]. 

According to Georgia law, people who don’t vote in two consecutive general elections and don’t update their registration information are designated as “inactive.” Following this, they have two additional general elections to cast their votes and restore their active status. If they don’t, the secretary of state sends a letter, and voters have 30 days to respond before possible removal [14].

This additional cybersecurity issue poses yet another barrier to Georgia’s citizens, beyond this strict maintenance process, from exercising their fair vote. Another idea to fix these cybersecurity issues, instead of relying on the judicial system, is to exercise the power of the already formed SAFE Commission to investigate these voting systems. 

This investigation should include a detailed, non-partisan, expert-driven inquiry into Dominion Voting Systems. By doing so, the commission can gather valuable information and insights that may not only help rectify any potential issues between the reports but also enhance the overall integrity and transparency of the electoral process. The issue with the original reports was their partisan nature–they were written directly as part of a report suing the Secretary of State. Any solution relying on the information from one of those reports will just be criticized by the other side.

In order to truly have both sides rally around protecting the rights of Georgia voters, we need the state itself to create a report, not rely on reports from outside sources. These outside sources can be part of creating the report, but Raffensperger and the SAFE Commission must step up and lead it. Georgia voters deserve a safe vote, and it’s the state’s responsibility to protect it.