Headed into one of the most consequential elections in the state’s history, Georgia’s new electronic voting system is vulnerable to cyberattacks that could undermine public confidence, create chaos at the polls or even manipulate the results on Election Day.
Computer scientists, voting-rights activists, U.S. intelligence agencies and a federal judge have repeatedly warned of security deficiencies in Georgia’s system and in electronic voting in general. But state officials have dismissed their concerns as merely “opining on potential risks.”
Instead, an investigation by The Atlanta Journal-Constitution shows, Secretary of State Brad Raffensperger’s office weakened the system’s defenses, disabling password protections on a key component that controls who is allowed to vote.
In addition, days before early voting began on Oct. 12, Raffensperger’s office pushed out new software to each of the state’s 30,000 voting machines through hundreds of thumb drives that experts say are prone to infection with malware.
And what state officials describe as a feature of the new system actually masks a vulnerability.
Officials tell voters to verify their selections on a paper ballot before feeding it into an optical scanner. But the scanner doesn’t record the text that voters see; rather, it reads an unencrypted quick response, or QR, barcode that is indecipherable to the human eye. Either by tampering with individual voting machines or by infiltrating the state’s central elections server, hackers could systematically alter the barcodes to change votes.
Georgia’s Secretary of State is not happy with the story.