If you want to warn Georgia officials about election security problems, you better brace for retaliation.
If you point out that Georgia’s elections are neither democratic nor secure, high-ranking state officials might go after you.
Three prominent election integrity experts — Marilyn Marks, Dr. Richard DeMillo, and Rhonda Martin — observed this month’s state election at various polling places to identify flaws and vulnerabilities in Georgia’s voting process. And, because they did their job, the state filed a complaint against them.
Rather than acknowledging their findings and thanking them for their efforts to safeguard democracy, it looks as though state officials are trying to intimidate them.
These officials alleged that when the election integrity experts were monitoring the voting process in Paulding County, they “were all observed inside the enclosed space, without authorization,” for more than an hour and a half, according to the complaint.
Georgia state law, however, allows members of the public to observe any election in person.
“I think the investigation is meant to intimidate me,” DeMillo, a distinguished professor of computing and professor of management at the Georgia Institute of Technology, told WhoWhatWhy.
“It’s a pattern of the secretary of state’s office to try to shut down any kind of criticism like this,” he added.
Last year, WhoWhatWhy’s reporters on the ground in Georgia broke a story on a major vulnerability in the state’s “My Voter Page” that would have allowed malicious actors to alter voter registration information and wreak havoc on Election Day. Back then, election integrity experts had identified this vulnerability and sought to alert the secretary of state’s office about it.
Instead, two days before the election, then-Secretary of State Brian Kemp (R) accused the very people who had warned him about this problem of attempting to “hack” the election. If WhoWhatWhy had not published its story prior to Kemp’s accusations, the media might have covered his trumped-up charges in a completely different way.
Having won that election, which was marred by irregularities that WhoWhatWhy documented in a series of articles, Kemp moved on to become governor and was replaced as secretary of state by Brad Raffensperger (R). The change in personnel, however, doesn’t seem to have changed the state’s approach toward the very people trying to make Georgia’s elections fairer.
Richard DeMillo, distinguished professor of computing and professor of management at the Georgia Institute of Technology (left). Marilyn Marks, executive director of the Coalition for Good Governance. Photo credit: Georgia Tech College of Computing / Wikimedia (CC BY 2.5) and Kate Walker / WhoWhatWhy
Retaliating With ‘Investigations’
Every time there is criticism of the secretary of state’s office, DeMillo said, it is quickly followed by an attempt to marginalize the critics or shut them down.
Marks, executive director of the election integrity advocacy group Coalition for Good Governance (CGG), said that volunteers the group sent to observe polling places reported issues such as unreasonably long lines and broken machines. Marks said she worries about the implications of this investigation for other Georgia residents who want to observe future elections.
“It’s definitely intended to try to intimidate us,” Marks told WhoWhatWhy.
DeMillo took to Twitter to state that the investigator’s report was “baseless and its assertions are verifiably false.”
Raffensperger’s office did not respond to repeated requests for comment from WhoWhatWhy, but his spokesman, Walter Jones, told the Associated Press after announcing the investigation that he “takes voters’ reports that individuals are violating election law and undermining the integrity of our state and local elections seriously.”
Although Georgia law allows members of the public to observe polling places, it does not make clear where they are — and are not — allowed to position themselves. When voters use direct-recording electronic (DRE) voting machines, which include ballot-marking devices (BMDs), Georgia state law requires that the public be permitted to observe so long as they do not impede voters’ right to privacy when casting their ballots.
Marks, however, had no idea what led to the investigation, and told WhoWhatWhy that none of the three polling locations she visited gave clear instructions on where she could stand. There were no lines on the floor or posters on the wall designating restricted areas, she added.
“Those of us who studied these things have systematically been going through these issues,” DeMillo said. “And what they’re alleging that I did is show up at a polling place and conduct my research on whether these machines are as secure as the old system.”
High Failure Rates and Programming Concerns
Without a full-time IT staff to ensure the tens of thousands of new machines are working properly before the March elections, DeMillo said, state officials are putting Georgia’s election system at risk.
“There’s a high failure rate in large-scale IT conversions, even when it’s done by professional IT staff at multimillion-dollar corporations,” DeMillo said.
For example, if a person voted for candidate A and the machines had a programming issue or were hacked before voting commenced, the machines could have printed candidate B instead.
And, if that voter forgets to review a ballot before entering it into the ballot scanning machine that actually tallies the ballots, any recount would technically show an accurate vote tally — but would not be able to confirm whether the BMDs were tampered with.
“If the secretary of state believes that their system is invulnerable and secure, that they don’t have to worry about it, that sounds like the Titanic — the unsinkable ship,” DeMillo said.
A federal court decision by US District Judge Amy Totenberg this year agreed with election integrity experts that the new systems have the same flaws as the state’s old machines and must be replaced.
“It’s the kind of printer you would get at Best Buy,” DeMillo said. “So, they’ve taken these two things, both of which are insecure, put them together and [said], ‘Here is this magical, secure way of voting.’”
State election officials maintain that Georgia’s election system is secure and got “high marks for accuracy” after a recent audit of the state’s new voting machines. But nearly 2,000 voters raised concerns when Raffensperger certified the machines this year.
Voters claimed that he did not follow the minimum security requirements during the certification process, and that any audit would give voters a false sense of security ahead of the 2020 elections.
Georgians Demand Secretary of State Re-Examine Voting System
Will Georgia Double Down on Non-Transparent, Vulnerable Election Machines?
Five counties participated in a pilot program to test the new BMDs during the November 5 elections in Georgia, while one used hand-marked paper ballots. In Bartow County, where the BMDs were used, Raffensperger held a risk-limiting audit (RLA) on the state’s new touchscreen voting system after the elections. But Marks called it a “sham” because, among other things, it was announced just two minutes before it was scheduled to start and did not allow the public enough time to get to where the audit took place and observe.
Moreover, DeMillo and Marks said that because virtually no voters that they observed on Election Day reviewed their ballot after printing it and before scanning it to be counted, it would also be impossible to determine voters’ intent during an audit because touchscreen machines have been known to misprint ballots.
So, what do they want state officials to do? The same thing they’ve been asking for the past two years: Use hand-marked paper ballots in the polling places, count them on optical scanners, then audit–very thoroughly.
“[State officials] do not have time to implement the new [BMD voting] system, whether or not it has a touchscreen, by [the March presidential primary election]. It is way too much,” Marks said. “There are over 70,000 pieces of equipment to debug between now and March — it can’t be done.”
It’s confusing. BMDs don’t necessarily print what you see on the screen. Most voters don’t check. Some do & will request a fresh chance if the printout is wrong. The audit can only see what’s on the printout, not what the voter saw on the screen. So, it can “bless” wrong results
— Philip Stark (@philipbstark) November 13, 2019
Raffensperger’s office released a summary of operational issues encountered Monday and argued that the 45 incidents that were discovered — from poll pads that check voters being out of commission to the BMDs themselves breaking down — were “caused by human error or interaction which can be mitigated through training or identified through testing.”
In some cases, however, poll pads were fixed only because technicians from Dominion Voting Systems were present to address problems with the machines as they malfunctioned. Nearly every county that used Dominion’s poll pads encountered problems at the start of Election Day.
“What’s being presented to the public is that Georgia is doing risk-limiting audits. Nothing could be farther from the truth,” DeMillo said. “If the system were to be hacked, [RLAs] are designed to tell you that something has gone wrong, but we’re applying tools that simply won’t do that.”
A History of Intimidation
Determining the reliability of election equipment in Georgia had been a contentious issue leading up to the 2018 elections. Voters reported waiting for hours to vote, and had numerous problems with the state’s decades-old paperless voting machines — sparking Kemp’s office to invest $107 million in BMDs that Raffensperger certified.
Election security experts have raised the alarm about potentially catastrophic security flaws in Georgia’s election system in recent years, alleging that the secretary of state’s office is ill-equipped to overhaul the state’s voting system just months before the primary elections.
In Georgia’s case, files on the My Voter Page on the secretary of state’s website were so accessible before the 2018 midterm elections that a malicious actor could delete voters’ registration information and cause delays at polling places that could discourage voters from waiting in long lines to vote.
WhoWhatWhy decided against publishing a document that detailed the potential problems at the time because it provided a detailed road map to exploiting the vulnerabilities. Also, it would have been illegal for cybersecurity experts to test the security flaws without permission from Kemp’s office.
So, some of the experts decided to log into their own accounts on the My Voter Page, confirmed the vulnerabilities, and alerted CGG. When their lawyer contacted Kemp’s office, a statement was released just hours later to announce the investigation into the Georgia Democratic Party.
Said DeMillo: “Regardless of what you think of these machines, there is a real probability that there will be some major outages during the primaries — and [state officials] are not going to know how to deal with it.”
Related front page panorama photo credit: Adapted by WhoWhatWhy from Cliff / Flickr (CC BY 2.0) and Su Yin Khoo / Flickr (CC BY-NC-SA 2.0).
