Protecting Voter Data and Election Security
You would be hard pressed this week not to find election security stories from news and especially tech outlets. And for good reason. I don’t know if there has ever been a U.S. election where the security of the ballot was under greater scrutiny. For the most part, with the results already in, no more can be done regarding the integrity of these midterms, but that doesn’t mean the issue is over and done with.
Georgia’s voter database perhaps made the most headlines, and proves to be a continuing story as candidate Stacey Abrams refuses to concede the governor’s race to incumbent Brian Kemp. Unfortunately, in one of the more shameful instances of ballot security being exploited for personal, political gain, Kemp earlier this week made allegations of hacking by the state’s Democrats, after he was alerted of substantial flaws in the voter database. As Georgia’s secretary of state (and chief elections officer), responsibility for this falls to Kemp, which he took by asking the FBI to investigate his opposition. Whether or not there was any evidence for this remains to be seen.
Multiple security experts have examined the original vulnerability alert. All confirmed it. According to one, University of Michigan computer scientist Matthew Bernhard, anyone with access to a voter’s information could affect that person’s record in the system. This is indeed a massive flaw. But that’s the risk you run when you rely on outdated electronic voting machines without a verifiable paper trail (and that can be easily hacked). Georgia remains one of five states still using this antiquated method.
Furthermore, this is hardly the first time Kemp has faced criticism over his management of Georgia’s electoral process. The Coalition for Good Governance has objected to outsourcing the voter registration database and electronic check-in to a third party. Last month, a federal judge found the state’s election system poorly managed in violation of voters’ rights. In 2015, Kemp’s office accidentally exposed millions of Social Security numbers and other bits of Georgian voter information. And in 2017, further millions had their information released after a major security flaw persisted for months after discovery. All of this occurred under Kemp’s office, with the blame always redirected.
This is the exact type of repugnant situation that experts warn can result from shoddy, insufficient election security: embarrassing security failures, and officials scrambling to shift the blame and cover their errors.