As millions pour into Georgia's congressional runoff, the voting machinery is among the worst in America

Computer experts have no confidence in Georgia’s election results: They're hackable, paperless and unverifiable

Published May 16, 2017 4:27PM (EDT)

 (Getty/Darren Hauck)
(Getty/Darren Hauck)

This article originally appeared on AlterNet.

AlterNet

There are so many disturbing aspects to the special election happening in Georgia’s sixth congressional district, it’s hard to know where to begin.

For starters, the election runs on Microsoft Server 2000. That is not a typo. “That’s a crap system,” said Douglas Jones, a computer science professor at the University of Iowa in a phone interview; adding that the database in use, Microsoft Access is a “toy database” that should never be used for industrial applications.

Fulton County Elections Director Richard Barron acknowledged in testimony on the troubled first round of the election, that the system is “inflexible.” But delving into his testimony further, and speaking to both local and national computer experts it’s evident that the results of the first round of the election on April 18th are legitimately suspect and that no election running on this type of computer system can be verified as accurate.

The April contest was conducted following multiple hacks on various offices, stolen electronic poll books that included a copy of Georgia’s statewide voter file, and a software system with such gaping security holes that the author of one report questioned if the gaps were a deliberate back door left open for potential manipulation. This is not the first time the question of software back doors on voting equipment has arisen. In a February 2017 article in the New Republic, Steve Friess wrote, “The machines are prone to malfunctions and miscounts, and many have back doors that can enable attackers to alter the outcome by infecting them with malware.”

The race is being widely viewed as a barometer of the Democrats 2018 midterm prospects. But unless Georgia heeds the advice of over 20 national and international computer experts and implements paper ballots and post-election audits in its upcoming June 20th race, the face off between Democratic newcomer Jon Ossoff and former Republican Secretary of State Karen Handel is likely to produce results that many voters will question.

Could they use paper ballots? Yes, they could. The counties print paper ballotsthat are used for absentee voting. Those ballots are counted on optical scan machines. Virginia Martin, the Democratic Commissioner in Columbia County, New York oversees a ballot-counting process that uses optical scan machines followed by a 100 percent hand-count audit. Because the June ballot will have just one race, she suggests, “Perhaps this is the opportunity for the State of Georgia to experiment with hand counts of paper ballots.” If the counties did a combination of optical scan and hand counts she estimates “the state would have full unofficial results certainly within 24 hours, and probably within 12.”

Meanwhile, money for the race is pouring into the district. It is now the most expensive congressional race in U.S. history with close to $30 million scheduled to be spent on T.V. advertising alone. Ms. Martin has calculated previously that the hand-count audits they do in Columbia County cost 14 cents per ballot per race or 1 percent of the county’s election budget. At that rate, for a small fraction of what is being spent on the race, the county could produce confirmation that the results are accurate.

The problem of unverifiable election results transcends Georgia’s state lines. Georgia is one of five states that use primarily touch screen machines (also known as DREs for direct record electronic) with no paper trail. New Jersey (a swing state), Delaware, Louisiana, and South Carolina all use voting equipment that relies 100 percent on computer totals and keep no paper record of how the voter actually voted.

Bizarre results get reported and certified in these situations. In 2010, Al Green, an unknown unemployed candidate facing felony obscenity charges won the South Carolina Democratic primary causing Don Fowler, a former Democratic National Committee chairman to speculate that, “someone tampered with the voting machines.”

In 15 states, including the swing states of Florida, Pennsylvania and Virginia there are counties that, like Georgia, use touch screen machines with no paper ballots. If these counties were to be targeted by hackers in an election, the shifting of a few votes per precinct could change the results of a race. Outcomes in these counties have the potential to affect not only local races, but governors’ races, the balance of power in Congress and, if the race is close, even the presidency. For example, in the 2016 presidential contest Trump won Wisconsin by less than 23,000 votes. There are more than 3,700 precincts in Wisconsin, so a difference of seven votes per precinct could have changed the outcome of that state’s results.

Manipulating the vote count is only one of a multitude of ways to gain partisan advantage in an election, and other strategies seem to be at play in the sixth district. The Lawyers’ Committee for Civil Rights Under Law sued the state over its attempt to close voter registration roughly 90 days before the June 20th run-off, saying, “States like Georgia must stop taking actions that suppress the rights of voters.”

Republican Secretary of State Brian Kemp defended the early cut-off date as non-partisan, pointing out that “the law has been in place since Democrat Cathy Cox was secretary of state.” U.S. District Judge Timothy Batten disagreed with Kemp and ordered registration to be reopened immediately until May 21st. Julie Houk, one of the committee’s attorneys, says that since the Supreme Court struck down protections that were in place from the Voting Rights Act of 1965, Georgia, Alabama, North Carolina and Texas have gone “whole hog” altering laws, eliminating precincts, purging voter rolls and changing district boundaries.

Mr. Kemp came under more fire recently when Voter GA, an elections watch-dog group released a videoshowing a link from the official Georgia secretary of state website to Mr. Kemp’s own campaign Facebook page, where he is promoting his run for governor of Georgia.

“Critical” security flaws

Earlier this month, the advocacy group Voter GA released a report on the problems that plagued the April 19th election in Fulton County. The report details how Ossoff was maintaining totals above 50 percent, the level necessary to prevent a run-off election. Then Fulton County experienced a “rare error.” Following that error Ossoff’s totals ended up below 50% requiring him to compete in the run-off.  The next top candidate Karen Handel ended up with 19.8 percent of the vote, but will now have the opportunity to compete against him one-on-one.

In his testimony before the Fulton County Board of Commissioners on the following day, Elections Director Rick Barron explained how the error occurred. Due to the late scheduling of a number of local races, Fulton County had to administer three separate ballots for the election, with different memory cards and different machines for each. In some precincts voters had to sign in twice and received two separate memory cards allowing them to vote for different races on different machines. At the end of the night, one of the memory cards for a local race was accidentally inserted into the results of the congressional sixth district race, and this caused the error. The authors of the Voter GA report say that this series of events unmasked two “critical” security flaws that would make it simple for anyone with a modicum of knowledge about the system to change the results.

Their conclusions center around the following statement from Barron’s testimony: “There’s no way for the software to recognize that an incorrect card has been sent in the data packet.” The report points out that, “This critical software flaw allows memory cards for a foreign election to be loaded and transmitted into results of a different election.”

It goes on to describe what it calls “another security flaw that is even more critical than the first.” Even if false results were inserted on a memory card, a system with good security would have a feature that alerts the central database that unauthorized data has entered the system. However the report indicates that no such safety measure exists. It concludes that, “The GEMS databases . . . will accept invalid election data from a remote or local source and inject the invalid data into live election results for totaling and publishing.”

The report further states it is likely that these flaws have been present since the system was implemented in 2002, and were not repaired when the machines were upgraded in 2011.

People who “don’t understand security”

Georgia’s election technical support and testing is provided by the Center for Election Systems at Kennesaw State University. The KSU Elections Center was itself the object of a hack in early March that was investigated by the FBI. As many as 7.5 million voters may have had their personal information compromised.

The data breach was reportedly from a security researcher “who is believed to have contacted the center at least twice — including once prior to last year’s presidential election — to notify them of the server’s vulnerabilities and apparently draw attention to them.” Professor Jones, who served on the Election Assistance Commission’s Technical Guidelines Development Committee for four years, commented that the KSU hack indicates there are "people at the top level who don’t understand security.”

The machine in use in Georgia is the AccuVote TS. In 2006 two Princeton grad students designed a computer virus on this machine that can steal votes from one candidate and move them to another candidate. The virus passes from machine to machine in the course of normal election procedures. It does not require access to the Internet to work. Professor Jones said he did not know if that security issue had been repaired, but that he would not trust assurances from the vendor that it had.

Does Jones believe the results of the election? He says they probably reflect reality, but adds, “I have no confidence that that’s the case.” If he was a hacker he would change the results by creating exactly the type of scenario that unfolded on election night. “I would slip the wrong memory cartridge in and cause them to have to back track, and while they were backtracking and fumbling and rescanning cartridges, I would slip in a ringer.” He summarizes by saying of the machines, “It’s time to retire them. It was time to retire them ten years ago.”


By Lulu Friesdat

MORE FROM Lulu Friesdat


Related Topics ------------------------------------------

Alternet Congressional Election Electronic Voting Georgia Security Voting Voting Machines