Cyber-Vulnerabilities In America’s Election Systems Take Center Stage As Hacking Accusations Fly In Georgia Governor Race
Georgia Secretary of State and Republican candidate for Governor, Brian Kemp, announced on Sunday that his office has opened an investigation into alleged hacking attempts of the state’s voter registration system by the local division of the Democratic Party – the result of on an incident that allegedly took place the night before.
While noting that the alleged hacking attempt failed to breach any sensitive systems or data, Candice Broce, Kemp’s official Press Secretary in his capacity as Georgia’s Secretary of State, noted that “While we cannot comment on the specifics of an ongoing investigation, I can confirm that the Democratic Party of Georgia is under investigation for possible cyber crimes.”
Democrats were quick to respond with allegations of their own, accusing Kemp of political maneuvering just two days before Election Day.
Outside experts have chimed in as well. Last night on MSNBC’s pre-election special The Vote: America’s Future, MSNBC cybersecurity analyst and former Facebook head of security, Alex Stamos, called the claims by Kemp “reckless” and not based in evidence, which, Stamos stated, could not be gathered and analyzed in such a short timeframe.
I disagree.
It is true that any politically-charged announcement made days before an election of is suspect, that Kemp has an obvious conflict of interest vis-à-vis this matter, and that a proper forensics analysis normally takes more than just a few hours. Yet, at the same time, it is possible that the accusations are the real deal – insiders do not normally disclose early on in an investigation the details as to what evidence they may or may not possess, and, as such, it is simply impossible for outsiders to know one way or the other; we should not jump to conclusions prematurely. Furthermore, we also do not know if the current investigation, which apparently began Saturday night, is the first such incident being investigated as potentially tied to Democratic operatives, or if forensics experts have matched evidence from earlier hacking attempts to the most recent incident.
The bottom line is that, while we certainly should be skeptical, the objective reality remains that the accusations may be entirely false, entirely true, or anywhere in between.
In any case, however, the current situation highlights an important point that should be of concern to all Americans: As I noted before the 2016 Presidential election, our inadequately-protected, decentralized voter registration systems are one of several Achilles Heels still present in our democracy. Strategically modifying vulnerable voter registration databases by removing just a few hundred legitimate voters, or by adding just a few hundred unauthorized or bogus people who then vote either remotely or in person, can alter election results and change the course of history. If he had gained 538 more votes in Florida, for example, Al Gore would have won the 2000 Presidential election. How hard is it for a couple hundred people fraudulently registered using multiple names to vote multiple times in several polling stations hundreds of miles apart from one another?
As each State is responsible for its own election-related infrastructure, the Federal government, while working to ensure that voters rights are respected, has traditionally avoided providing oversight of the security of voter registration databases and the like. Modern threats, however, have made some degree of oversight necessary – we must ensure that every citizen’s vote is properly counted, and that fraudulent ballots are not cast. Perhaps it is time to expand the Voting Rights Act of 1965 to include a minimum set of cyber-requirements needed to protect against today’s threats to voters.