Critics blast Georgia’s plan to delay software updates on its voting machines

Jun 15, 2023, 12:36 PM

FILE - Voting machines fill the floor for early voting at State Farm Arena, Oct. 12, 2020, in Atlan...

FILE - Voting machines fill the floor for early voting at State Farm Arena, Oct. 12, 2020, in Atlanta. Critics of the voting equipment used in Georgia say the state's plan to wait until after 2024 presidential election to install a software update meant to address flaws that an expert says leave the machines open to attack is irresponsible. (AP Photo/Brynn Anderson, File)

(AP Photo/Brynn Anderson, File)

ATLANTA (AP) — Critics of Georgia’s plan to wait until after next year’s presidential election to install a software update to address security flaws on the state’s voting equipment called that irresponsible, saying the machines would be left open to attack.

The vulnerabilities in the Dominion Voting Systems equipment were identified by an expert witness in a published an advisory based on those findings that urges election officials to take steps to mitigate the risks “as soon as possible.”

Georgia election officials say they’re doing just that. But the time and labor required to install the latest Dominion software makes it unrealistic to do it before the 2024 election cycle, they say. They insist the state’s elections are secure.

University of Michigan computer scientist J. Alex Halderman spent 12 weeks examining the ImageCast X voting machines used statewide in Georgia and by at least some voters in more than a dozen other states. His report was filed with the court and kept under seal for nearly two years. A redacted version was made public Wednesday.

“No grand conspiracies would be necessary to commit large-scale fraud, but rather only moderate technical skills of the kind that attackers who are likely to target Georgia’s elections already possess,” the report says. Even if no attack happens, Halderman wrote, the existence of vulnerabilities “is all but certain to be exploited by partisan actors to suppress voter participation and cast doubt on the legitimacy of election results.”

Gabriel Sterling, chief operating officer for the Georgia secretary of state’s office, dismissed Halderman’s claims as “theoretical in many ways.”

“We have to operate in the real world, and that’s what we’re doing,” he said. “We continue to act as responsibly as possible. We’re protecting our systems, protecting the voters.”

Nearly all in-person voters in Georgia use the voting machines, making it a more attractive target for an attack than many other places where the machines are used only for people who can’t physically complete a ballot by hand, Halderman wrote. Georgia also has become a pivotal swing state in recent elections.

Dominion has filed numerous lawsuits over false claims about its machines by supporters of former President Donald Trump who allege that the 2020 election was stolen. The company maintains that its equipment is secure.

“While we are constantly working to offer the latest security features and innovations to our customers, the CISA advisory clearly states that exploitation of any of the issues raised can be mitigated by following standard procedural and operational security processes for administering elections,” the company said in an emailed statement.

Halderman called the revelation that Georgia wouldn’t install the software upgrade until 2025 “stunning.” That gives potential attackers time to plan and execute attacks in 2024 elections, he said.

Georgia’s touchscreen voting machines print a paper ballot with a QR code and a human-readable list reflecting the voter’s selections, and votes are tallied by a scanner that reads the QR code. Halderman wrote that in examining a Dominion ImageCast X voting machine and associated equipment, he “played the role of an attacker and attempted to discover ways to compromise the system and change votes.”

A longtime critic of electronic voting machines, Halderman advocates using hand-marked paper ballots read by scanners along with robust post-election audits. His findings mean Georgia voters cannot be confident their votes are secured and correctly counted or that future elections using the current system will be safe from attack and produce the correct result, the report says.

Malware could be installed on individual voting machines by people with temporary physical access, such election workers or voters, the report says. Halderman also said that by modifying certain files that election workers copy to voting machines before each election an attacker could spread malware to every voting machine in a county, or the whole state, without physical access to individual machines. The attacks would likely not be detected by Georgia’s current practices and protocols, the report says.

Last year, Dominion commissioned a report by the Mitre Corporation’s National Election Security Lab to assess the risks Halderman identified. In that report, which was also made public Wednesday, Mitre deemed the potential attacks “operationally infeasible.”

Mitre said it based its analysis on the difficulty and the technical skill and time required for the proposed attacks. Most would affect “a statistically insignificant number of votes on a single device at a time,” and the attack that could spread malware to many machines requires unrealistic access to Dominion software and machines, the Mitre report says.

Georgia Secretary of State Brad Raffensperger touted the Mitre report as proof that the state’s voting system is secure.

“Secretary Raffensperger’s claim that Mitre found no meaningful risk to voters is highly misleading,” said David Cross, a lawyer who represents some of the voters in the lawsuit challenging Georgia’s election system and who engaged Halderman to examine the machines. “Mitre didn’t even examine the voting equipment or software and was told to assume that bad actors can’t access Georgia’s voting system.”

Cross said that assumption was invalidated when a computer forensics team hired by Trump allies traveled to Coffee County in south Georgia in January 2021, was allowed to access voting equipment and copied software and data. Evidence shows that material was uploaded to a server and accessed by an unknown number of people.

The lawsuit that spawned Halderman’s report was initially filed in 2017 by individual voters and the Coalition for Good Governance, which advocates for election security. They originally challenged the outdated paperless voting machines Georgia used at the time but shifted to target the new system purchased in 2019, saying it is also vulnerable to attack.

U.S. District Judge Amy Totenberg, who’s overseeing the lawsuit, had resisted making Halderman’s report public, saying she was concerned it could be exploited by bad actors. But in an order last week instructing that it be made public, she noted that the parties and CISA had all agreed that proposed redactions provided appropriate safeguards against election security concerns.

National News

Associated Press

Arizona’s biggest city has driest monsoon season since weather service began record-keeping in 1895

PHOENIX (AP) — After a summer of extreme heat, Arizona’s most populous city is in the record books again. This time Phoenix is notching a record for dry heat. The National Weather Service said the monsoon season this year in the arid Southwest dropped only 0.15 inches (.38 centimeters) of rainfall from June 15 to […]

57 minutes ago

Associated Press

A woman who fled the Maui wildfire on foot has died after weeks in a hospital burn unit

HONOLULU (AP) — A woman who escaped a wildfire that destroyed Hawaii community by running through a burning field has died after spending more than seven weeks in a hospital burn unit. Laurie Allen died Friday at Straub Medical Center in Honolulu, according to a gofundme page set up for her and her husband, Perry […]

1 hour ago

Associated Press

Inmate accused of killing corrections officer at Georgia prison

GLENNVILLE, Ga. (AP) — A Georgia prison guard died Sunday after he was attacked by an inmate, state officials said. Correctional officer Robert Clark, 42, died at a hospital after an inmate assaulted him with a homemade weapon at Smith State Prison in rural Glennville, the Georgia Department of Corrections said in a news release. […]

2 hours ago

Associated Press

Video shows bloodied Black man surrounded by officers during Florida traffic stop

JACKSONVILLE, Fla. (AP) — A traffic stop captured on video by a bystander shows a handcuffed Black man with swollen eyes and a bloody face sitting on the ground surrounded by officers outside a vehicle in northeast Florida, and the officers’ law enforcement agency says it has launched an internal review. Force was used while […]

3 hours ago

Associated Press

Airbnb guest who rented a room tied up, robbed Georgia homeowner at gunpoint, police say

BUFORD, Ga. (AP) — Police say a man who used Airbnb to rent a room in Georgia ended up robbing the home’s owner at gunpoint. A homeowner in the metro Atlanta suburb of Buford called Gwinnett County police saying an armed man who had rented his basement through the room-sharing app had fled after stealing […]

3 hours ago

Associated Press

More than 100 search for 9-year-old girl who was camping with family in upstate New York

MOREAU, N.Y. (AP) — Drones, bloodhounds and an airboat were used in the search for a missing 9-year-old girl who had been camping with her family in upstate New York, officials said Sunday. Charlotte Sena was last seen bicycling on Saturday evening in Moreau Lake State Park, about 35 miles (60 kilometers) north of Albany, […]

4 hours ago

Sponsored Articles

Swedish Cyberknife...

September is Prostate Cancer Awareness Month

September is a busy month on the sports calendar and also holds a very special designation: Prostate Cancer Awareness Month.

Ziply Fiber...

Dan Miller

The truth about Gigs, Gs and other internet marketing jargon

If you’re confused by internet technologies and marketing jargon, you’re not alone. Here's how you can make an informed decision.

Education families...

Education that meets the needs of students, families

Washington Virtual Academies (WAVA) is a program of Omak School District that is a full-time online public school for students in grades K-12.

Emergency preparedness...

Emergency planning for the worst-case scenario

What would you do if you woke up in the middle of the night and heard an intruder in your kitchen? West Coast Armory North can help.

Innovative Education...

The Power of an Innovative Education

Parents and students in Washington state have the power to reimagine the K-12 educational experience through Insight School of Washington.

Medicare fraud...

If you’re on Medicare, you can help stop fraud!

Fraud costs Medicare an estimated $60 billion each year and ultimately raises the cost of health care for everyone.

Critics blast Georgia’s plan to delay software updates on its voting machines