Stunning reporting by Kim Zetter for Politico Magazine:
As Georgia prepares for a special runoff election this month in one of the country’s most closely watched congressional races, and as new reports emerge about Russian attempts to breach American election systems, serious questions are being raised about the state’s ability to safeguard the vote. Lamb’s discovery, which he shared out of concern that state officials and the center ignored or brushed off serious problems highlighted by his breach, is at the heart of voting activists’ fears that there’s no way to be sure the upcoming race—which pits Democratic neophyte Jon Ossoff against Republican former Secretary of State Karen Handel—will be secure. The special election has already become the most expensive House race in U.S. history and has drawn the attention of President Donald Trump, who has tweeted his support of Handel and ridiculed Ossoff, whose campaign is seen as a litmus test for the Trump resistance movement.
Marilyn Marks, executive director of the Rocky Mountain Foundation, which sued the state last month to prevent it from using the voting machines in the upcoming runoff, says Americans have reason to be concerned about the integrity of Georgia’s election system—and the state’s puzzling lack of interest in addressing its vulnerabilities. “The security weaknesses recently exposed would be a welcome mat for bad actors.”
Within the mother lode Lamb found on the center’s website was a database containing registration records for the state’s 6.7 million voters; multiple PDFs with instructions and passwords for election workers to sign in to a central server on Election Day; and software files for the state’s ExpressPoll pollbooks — electronic devices used by pollworkers to verify that a voter is registered before allowing them to cast a ballot. There also appeared to be databases for the so-called GEMS servers. These Global Election Management Systems are used to prepare paper and electronic ballots, tabulate votes and produce summaries of vote totals.
The files were supposed to be behind a password-protected firewall, but the center had misconfigured its server so they were accessible to anyone, according to Lamb. “You could just go to the root of where they were hosting all the files and just download everything without logging in,” Lamb says.
It’s the incompetence that’s going to get us.