Opinion | Georgia’s Shaky Voting System

The governor’s race in Georgia between Stacey Abrams and Brian Kemp has turned into an ugly, drawn-out affair, and we won’t know the final results for a while. Mr. Kemp, the Republican, declared victory and resigned as Georgia’s secretary of state so he wouldn’t be responsible for overseeing the counting of votes in the race — though before he resigned he did make an unsubstantiated claim that Democrats were hacking the election.

There is a silver lining in this mess: The new secretary of state could finally fix Georgia’s astoundingly insecure voting system, one of the most poorly protected in the country.

This has been a rough election for Georgians. Accusations of racism and voter suppression have abounded. An outside investigation found that more than 340,000 voter registrations had been improperly canceled by Mr. Kemp’s office. A significant number were reinstated by court order, but there is no way of knowing if voter turnout would have been even higher if the Kemp purge hadn’t happened.

On top of this, an indictment of 12 Russian intelligence officers as part of Robert Mueller's inquiry into election interference suggests that the election system in counties in Georgia were targeted for hacking in 2016.

That’s not all. Earlier in the campaign cycle, a cybersecurity researcher discovered that Georgia’s entire voter database (housed at Kennesaw State University), which contains the records of 6.7 million voters, was at risk. And when the Department of Homeland Security told Mr. Kemp that Georgia had been one of 21 states targeted by Russian hackers in 2016, he waved off the threat and declined help from Washington for the midterms, saying that the state had everything under control.

It gets worse. Georgia is one of five states that rely solely on direct-recording electronic voting machines. These machines don’t have a paper trail, which makes it hard to detect manipulation of the vote.

The whole point of securing an election is so voters feel confident that their vote will be counted properly. News of a hack was already a significant problem before Election Day because it jeopardized the integrity of the election.

Democracy needs high voter confidence to work. According to Carbon Black, a cybersecurity company, one out of four people it surveyed considered skipping the midterm elections out of a concern about hacking.

The potential exposure of Georgia’s voter data at Kennesaw State, the refusal of help from the Department of Homeland Security and the state’s inclusion in the Mueller indictment as a target of Russian hacking and Mr. Kemp’s apparent lack of interest in new vulnerabilities probably places Georgia near the bottom of the list of states that are prepared to withstand an attack on their election system.

Mr. Kemp’s permament successor will be decided in a runoff on Dec. 4. How can the winner fix Georgia’s problems? Register new voters, encourage maximum participation in elections and use best practices to ensure the integrity of Georgia’s voter database. The new secretary should not emulate Mr. Kemp, who seemed to reject voter registration applications or declare previously registered voters ineligible every chance he got.

The secretary of state should identify vulnerabilities in Georgia’s election systems before the Russians, a cybersecurity researcher or anyone else does. When informed of a problem, the secretary must promptly fix it. The Department of Homeland Security and private election security firms should participate in this process. Protecting election security requires collaboration.

It’s crucial that the secretary stays abreast of the known vulnerabilities in voting machines used at polling stations and other devices connected to elections. The new secretary needs to collaborate with fellow secretaries of state to share threat assessments and solutions.

Another task is to develop a method to detect fraud (like risk-limiting audits that many states use) that will identify unusual results as soon as possible after they are recorded. Aggressive testing is critically important to determine whether any change or patch to a system has introduced a new vulnerability. This is something that did not happen when Georgia quietly patched that reported hack that Mr. Kemp had blamed on the Democrats.

A big part of the solution is for all state, county and local election officials to inculcate a culture of privacy and security. This requires continuous education and comprehensive training in threat identification and r best practices.

There is a reason we’ve heard so much about election security since 2016: Democracy demands confidence in the vote. We don’t have that yet.

Adam Levin is the founder and chairman of CyberScout, the author of “Swiped: How to Protect Yourself in a World Full of Scammers, Phishers and Identity Thieves.” Beau Friedlander writes about cybersecurity.

Source: Read Full Article