Plaintiffs in a long-running legal case say the last-minute change could create new hacking vulnerabilities – and argue there’s not enough time to test for other bugs that will make the machines malfunction during voting. They’re asking a judge to order the state to replace the machines with hand-marked paper ballots, which experts say are the most secure option and dramatically lower the chance of technical foul-ups.
The pressure’s on with less than two weeks before early in-person voting begins in Georgia and just over a month until Election Day. “Having an election that, at the end of the day, everyone can say this was the safest, most reliable option — that should be what we all want,” David Cross, an attorney with Morrison & Foerster who’s representing the Georgia voters who brought the case, told me. “Not going into an election with entirely new software that was written over a weekend.”
The late-in-the-game software glitch may be the best opportunity for election integrity experts to fully switch to paper ballots.
There’s a long-standing conflict over the security of the type of machines used in Georgia, called ballot-marking devices. Georgia is one of the few states that has a statewide contract for the machines, with which people cast their votes on a touch screen that then produces a paper ballot. Proponents for the machines say they’re more efficient than hand-marked ballots, less prone to unintelligible votes and can be used by people with disabilities that prevent them from filling out paper ballots.
Critics say the machines are too complicated, are prone to malfunctioning and raise the chances hackers could change people’s votes without them noticing if they don’t review the printed-out ballot. And with an incredibly tight presidential race, it would just take problems with a few machines to sow doubts about the election’s integrity.
“That undermines the core of what voters need from an election system,” Alex Halderman, an election security expert and computer science professor at the University of Michigan and an expert witness for the plaintiffs, told me. “They need an assurance that votes are going to be counted correctly and that the outcome will be legitimate.”
Plaintiffs say the chance is higher that hackers could compromise some part of the updated software.
It also raises the likelihood that other dangerous software bugs could remain undetected before voting begins. And such breakdowns could be particularly damaging in Georgia, where there’s a history of poorly executed elections with long delays centered around polling locations with predominately Black residents.
“The fear is that it’s going to be June 9 on steroids,” Cross said. “You’re going to have machines that are not functioning across the state and you’re going to have much higher turnout than in the primaries.”
Georgia officials, meanwhile, say they’re just making minor software changes and that the plaintiffs are blowing things out of proportion.
A lawyer for the state, Bryan Tyson, called the update a “very minor issue,” the Associated Press reported. He said the plaintiffs “have jumped to conclusions not fully understanding what is happening” and are “trying to make a mountain out of what really is a mole hill.”
The state’s plan was to deliver thumb drives containing the updated software to counties this week, according to court documents.
The Georgia secretary of state’s office declined to comment, as did Dominion, the company that sold Georgia its new voting system for more than $100 million last year.
Shifting to hand-marked paper ballots this late could also cause problems of its own, straining state resources and confusing poll workers and voters.
“My worry when you’re making last-minute changes like this is does it do more harm than good?” Amber McReynolds, CEO of the National Vote at Home Institute and a former Colorado election official, told me. “Right now, it’s a very rough time to consider a massive change like that.”
Such late changes to election software are “not ideal,” McReynolds said, but can usually be done safely and effectively.
The error was discovered in two different counties during a slate of performance tests that are designed to spot such glitches.
Here’s more from McReynolds:
The glitch was caused by a special two-column design Georgia adopted that allowed all 21 Senate special election candidates to appear on a single page. Something about that design created problems with how the software communicated with the machine’s Android operating system, according to court testimony.
The Senate race is essentially a multiparty primary to fill the seat currently occupied by Sen. Kelly Loeffler (R-Ga.), who was appointed to temporarily fill the seat last year. If no candidate gets more than half the votes, the top two candidates will advance to a runoff in January.
The keys
Discarded ballots that Trump touted in the debate were not “intentional fraud,” an investigation found.
The nine ballots were mistakenly discarded by a Lucerne County, Pa., election office worker still training for how to handle mail-in ballots, Pennsylvania Secretary of State Kathy Boockvar (D.) said, the AP’s Mark Scolforo reported. Some of the envelopes didn’t clearly say they contained ballots, resulting in confusion. The FBI did not say if criminal charges are still possible.
President Trump has touted the discarded ballots — at least seven of which included votes cast for him — as supposed evidence that mail-in voting is prone to fraud. He referred to the investigation twice during Tuesday’s debate. Election experts and Trump’s own FBI director have said such fraud is exceedingly rare and would be extremely difficult to pull off.
White House press secretary Kayleigh McEnany failed to provide any evidence at a press briefing yesterday for another of Trump’s claims during the debate: that abandoned ballots had been found in a river.
Huawei failed to adequately fix security flaws in U.K. telecoms equipment, Britain’s top cybersecurity agency says.
The assessment found at least one vulnerability of “national significance” from 2019 that was fixed before it was exploited, Gordon Corera at BBC News reports. Huawei failed to address other concerns raised by British security officials, leaving officials unable to provide full assurance that all national security risks to the United Kingdom would be mitigated.
British security officials did not reach the conclusion that the flaws were a result of Chinese government interference. The United States has claimed that China could use Huawei equipment to spy on rivals.
The United Kingdom decided to phase out all Huawei equipment from its 5G networks this summer after the United States issued new sanctions against the company. It’s unclear if the U.K. report will sway other countries such as Germany, which is also evaluating Huawei for security concerns.
Paying off ransomware hackers could lead to prosecution, the Treasury Department warned.
Such prosecutions would take place only if the hackers were subject to U.S. sanctions, but victims and facilitators of payments could be charged even if they didn’t know about the sanctions, Raphael Satter at Reuters reports.
The changes could also lead to new regulations for a quickly growing industry of cybersecurity firms that serve as middlemen between ransomware hackers and businesses.
Ransomware attacks have been on the rise over the past year and have accelerated further during the coronavirus pandemic. The FBI advises victims to not pay hackers, but in some cases doing so can be less costly than rebuilding entire computer systems.
Securing the ballot
Conservative operatives Jack Burkman and Jacob Wohl are facing felony charges for a voter-suppression robocall scam.
Michigan’s attorney general filed four felony charges against the pair, including conspiracy to violate election law, according to a news release.
The robocalls, reported in August, targeted minority voters with warnings that voting by mail would add them to a special police database and that they would be tracked for mandatory vaccines. Attorneys general in New York, Pennsylvania, Ohio and Illinois reported similar calls, leading investigators to believe about 85,000 calls were made nationally.
Wohl denied any involvement in the scam, despite the calls claiming to be from their organization.
Hill happenings
A bipartisan group of senators is urging the FCC to fund virtual 5G equipment that could give the United States a security edge.
The group, led by acting Senate Intelligence Committee Chairman Marco Rubio (R-Fla.) and Vice Chairman Mark R. Warner (D-Va.), wants the Federal Communications Commission to include OpenRAN virtual communications equipment in its suggested replacements for other risky equipment. The replacements are part of recently passed legislation that helps smaller telecommunications providers with the cost of replacing equipment from companies such as Huawei and ZTE.
Cyber insecurity
A malicious email campaign is posing as the DNC to lure victims.
Researchers at the cybersecurity firm Proofpoint identified thousands of email messages with the popular banking malware Emotet that used text from the Democratic National Committee website, Joseph Menn at Reuters reports. The emails contained a malicious Word document that would have infected users’ computers.
Emotet hackers generally cast a wide net and are less interested in political targets, but they could still cause uncertainty and confusion as the election nears.
“We know that attackers will use themes and current events in the hopes of compromising people,” DNC spokesman Chris Meagher said. “The DNC takes cybersecurity seriously and encourages everyone to be vigilant when opening emails and attachments to protect themselves.”
Chat room
It’s been three days and we still don’t know: Where is this river full of ballots????
The New Yorker’s Susan Glasser:
Daybook
Secure log off
It’s Friday. Let’s enjoy some cyber sloths.
Wishing you all purple cyber sloth vibes this weekend. See you Monday!