The American public will head back to the polls on November 6, 2018, to vote for our next round of politicians. In Georgia, many voters will turn out to cast their vote at polling stations that are ill-equipped to deal with potential hacking attempts.
US District Judge Amy Totenberg is worried that a lack of focus on proper security standards is leaving voting machines in Georgia open for attack. While Totenberg ruled that the state will rely on electronic voting and not switch to paper ballots, she also issued a stern warning.
“The Court advises the Defendants that further delay is not tolerable in their confronting and tackling the challenges before the State’s election balloting system,” she wrote.
“The State’s posture in this litigation—and some of the testimony and evidence presented—indicated that the Defendants and State election officials had buried their heads in the sand.”
Totenberg was ruling on Curling v. Kemp in which Georgia voters claimed that digital security measures being enacted at the state level are violating their right to a fair voting system. The state, despite its emphasis on a purely digital voting system, has fallen behind in protecting those systems from intrusion.
During the trial, University of Michigan professor J. Alex Halderman showed how malware can be easily used to attack Georgia’s voting machines.
“Professor Halderman explained in his testimony in detail the reasons why the DRE auditing and confirmation of results process used by state officials on a sample basis is generally of limited value,” Judge Totenberg explained in her decision. “This process is keyed to matching the total ballots cast, without any independent source of individual ballot validation, and it can be defeated by malware similar to that used by the Volkswagen emissions software that concealed a car’s actual emissions data during testing.”
As Ars Technica points out Georgia failed to provide any witnesses or computer science engineers who could explain the complete lack of proper security protocols.
“Advanced persistent threats in this data-driven world and ordinary hacking are unfortunately here to stay,” she concluded. “Defendants will fail to address that reality if they demean as paranoia the research-based findings of national cybersecurity engineers and experts in the field of elections.”
Even more troubling, POLITICO points out that in 2016, a serious vulnerability existed in Georgia’s electronic voting system. Security researcher Logan Lamb discovered a vulnerability that would have allowed him to “download the state’s entire database of 6.7 registered voters and would have allowed him or any other intruder to alter versions of the database distributed to counties prior to the election.”
As the 2018 mid-term elections approach, it’s still unclear if officials in Georgia are making any real attempts to fend off attacks from Russian and other U.S. adversaries.