Connect with us

Hi, what are you looking for?


Risk Management

Georgia’s Use of Electronic Voting Machines Allowed for Midterms

Judge Amy Totenberg ruled Monday that the state of Georgia’s existing plans for the midterm elections to be conducted via some 27,000 Diebold AccuVote DRE touchscreen voting machines must stand. Her remarks, however, suggest that this should be the last time.

Judge Amy Totenberg ruled Monday that the state of Georgia’s existing plans for the midterm elections to be conducted via some 27,000 Diebold AccuVote DRE touchscreen voting machines must stand. Her remarks, however, suggest that this should be the last time.

Plaintiffs, comprising the Coalition for Good Governance and citizens of Georgia, had filed a Motion for Preliminary Injunction against the Secretary of State for Georgia, Brian Kemp, in an attempt to force a switch to paper-based voting in time for the November elections. The primary argument is that the direct-recording election (DRE) machines to be used cannot produce a paper-based audit trail to verify accurate elections.

This coupled with the exposure of the registration details of 6.7 million Georgia voters on an unprotected internet-facing database, repeated demonstrations that such voting machines can be hacked, federal government advice that audit trails are necessary, and the constitutional right for citizens to vote was the basis of the plaintiffs’ argument.

The Secretary of State’s response, while insisting that the machines are secure, was primarily focused on the cost, lack of time, and potential confusion that such a late switch could cause.

Judge Totenberg ultimately agreed with the defendants and denied the plaintiff’s motion — but her concluding remarks demand that the state change its attitude in the future. “The State’s posture in this litigation — and some of the testimony and evidence presented — indicated that the Defendants and State election officials had buried their heads in the sand,” she wrote.

She indicated that she is not happy withc the way the state handled “the ramifications of the major data breach and vulnerability at the Center for Election Services” and “a host of serious security vulnerabilities permitted by their outdated software and system operations.” 

Nor was she happy with the way the state presented its case. “Defendants will fail to address that reality if they demean as paranoia the research-based findings of national cybersecurity engineers and experts in the field of elections.” In its response to the Motion, the state had dismissed the plaintiffs’ concerns as ‘paranoia’.

Advertisement. Scroll to continue reading.

Furthermore, reading between the lines of her concluding remarks, she intimates that she expects the case to come back before future elections, says that she will insist “on further proceedings moving on an expedited schedule”, and concludes, “The 2020 elections are around the corner. If a new balloting system is to be launched in Georgia in an effective manner, it should address democracy’s critical need for transparent, fair, accurate, and verifiable election processes that guarantee each citizen’s fundamental right to cast an accountable vote.”

Robert A McGuire, lead attorney for Coalition for Good Governance, expressed disappointment in the ruling, but confirmed that the case will continue. “We will continue to press these voting rights claims, and we fully expect to prevail in the end,” he commented.

Bruce P. Brown, Atlanta attorney for the Coalition, added, “Judge Totenberg’s decision is broadly consistent with the positions that the Coalition is taking in the case — particularly the urgent need for Georgia, as soon as feasible, to switch to paper ballots.”

Morrison & Foerster partner David Cross, attorney for the citizens of Georgia among the plaintiffs, agrees. “We read the decision as essentially saying it’s too late for something at this point, but for the 2020 elections, there will be a change.”

Cross told SecurityWeek, “Although the court denied the preliminary injunction, it finds that the current system is critically unsecure and that those entrusted with securing the election are remarkably unqualified and ill-informed about election security. The court emphasizes that our case will proceed expeditiously and finds that we ultimately are likely to win on the merits, which means the state will have to adopt a new, secure system before the 2020 elections. Ironically, it seems the court had little confidence in the state’s ability to implement paper ballots now because of the ineptitude that certain election officials exhibited in this case.”

Marilyn Marks, the Executive Director of Coalition for Good Governance, said, “The Secretary of State Kemp, the State Election Board, and the bi-partisan Fulton County Election Board refused to act in response to serious and repeated warnings from Congress, federal agencies, National Academy of Science and scores of expert voting system computer scientists that the paperless system is unfit for conducting public elections.”

In ‘Securing the Vote: Protecting American Democracy’, compiled in January 2017 and recently published as a paperback and online, The National Academies warn “According to assessments by members of the U.S. Intelligence Community, actors sponsored by the Russian government ‘obtained and maintained access to elements of multiple US state or local electoral boards.’ While the full extent and impact of these activities is not known and our understanding of these events is evolving, there is little doubt that these efforts represented an assault on the American system of representative democracy.”

One of the recommendations from the Academies is that “Voting machines that do not provide the capacity for independent auditing (e.g., machines that do not produce a voter-verifiable paper audit trail) should be removed from service as soon as possible.” Georgia’s Diebold AccuVote systems fall within this category.

Related: Will Russian Hackers Affect This Year’s US Election? 

Related: Putin: Patriotic Russians Could Be Behind Election Hacks 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...