Georgia Governor's Race Roiled By Election Security Charges - NBC10 Boston
Decision 2018

Decision 2018

The latest news on local, state and national midterm elections

Georgia Governor's Race Roiled By Election Security Charges

Independent computer scientists told The Associated Press that a database used to check in voters at the polls enables anyone with access to an individual voter's personal information to alter that voter's record

    processing...

    NEWSLETTERS

    Georgia Governor's Race Roiled By Election Security Charges
    AP, File
    This Wednesday, May 9, 2018, file photo, shows a touch screen of a voting machine during early voting in Sandy Springs, Ga.

    The bruising race for governor of Georgia has been roiled by unsupported, eleventh-hour allegations from Republican candidate Brian Kemp, who is also the state's chief election official, that Democrats sought to hack the voter registration system.

    His Democratic opponent, Stacey Abrams, said he is making a baseless accusation to deflect attention from an apparently severe security flaw in the system Kemp is responsible for overseeing.

    Here's a look at the dispute, how it unfolded and what's at stake.

    THE ALLEGATION
    Kemp asked the FBI on Sunday to investigate the Democratic Party, accusing it of trying to hack the system he controls as secretary of state. He offered no evidence in support of his request for a probe of the opposition.

    Trump Supporter Storms Media Pen at Texas Rally

    [NATL] Trump Supporter Storms Media Pen at Texas Rally

    A Trump supporter stormed the media pen and attacked a BBC cameraman during Trump's first rally for 2019 in El Paso, Texas, shortly after the president criticized the media.

    (Published Tuesday, Feb. 12, 2019)

    The FBI declined to comment.

    Kemp leveled the allegation after an attorney for election-security advocates notified the FBI and Kemp's office on Saturday that a private citizen alerted him to what appeared to be a major flaw in the database used to check in voters at the polls.

    Independent computer scientists told The Associated Press that the flaw would enable anyone with access to an individual voter's personal information to log on to Georgia's MyVoter registration portal and alter or delete any voter's record, potentially causing havoc.

    THE DEMOCRATS' RESPONSE
    Abrams on Monday called him a "bald-faced liar" who cooked up the allegation to deflect attention from his record of incompetence as secretary of state presiding over an antiquated, vulnerability-laced elections system.

    "There was never a hack," she told a gathering at a Savannah union hall. "What was wrong is that he failed to do his job. He is abusing his power."

    THE BACKGROUND
    The finger-pointing is the latest turn in a campaign whose final weeks have been dominated by charges of voter suppression and countercharges of attempted voter fraud.

    Polls suggest Kemp and Abrams are locked in a tight race in a contest that has taken on historic significance because Abrams could become the nation's first black female governor.

    She has accused Kemp of using his post as secretary of state to make it harder for certain voters to cast ballots. Kemp has countered that he is following the law and that Abrams and advocacy groups are trying to help noncitizens and others cast ballots illegally.

    Last month, a federal judge endorsed plaintiffs' arguments that Kemp has been derelict in his management of the state election system and that the setup is lacking in reliability.

    The atmosphere has left partisans and good-government advocates alike worrying that the losing side will not accept Tuesday's results.

    HOW THE LATEST ALLEGATION UNFOLDED
    According to AP interviews and records released by the Georgia Democratic Party, a lawyer for election-security advocates, David Cross, notified both the FBI and Kemp's counsel Saturday that a citizen had alerted him to the flaw.

    The citizen also separately informed the Georgia Democratic Party, whose voter protection director then sent an email to two Georgia Tech computer security experts, one of whom sits on a commission created by Kemp.

    "If this report is accurate, it is a massive vulnerability," wrote the director, Sara Tindall Ghazal.

    The online news outlet WhoWhatWhy obtained copies of some of the correspondence and published a story about the system flaw on Sunday — just as Kemp's office issued the first of two statements accusing Democrats of a "failed cyberattack."

    That statement — bereft of specifics — remained prominent on his office's main web page late Monday afternoon.

    THE FLAW
    Four security experts independently confirmed to the AP that the voter registration site is highly vulnerable to hacking.

    They said they could not duplicate the worst vulnerability identified by the "private citizen" because that would require illegal tampering. But they said the flaw would let any user logging onto the system to access and alter the records of anyone in the system.

    The experts were also able to identify additional flaws. One would allow an attacker to inject malicious code into the voter registration site that could spy on visitors or steal or alter data. Another flaw: The site lacks "URL sanitizing," standard code for preventing infections from visitors.

    Shutdown Deal Offers No Money for Concrete Wall

    [NATL] Shutdown Deal Offers No Money for Concrete Wall

    The deal includes: $1.3 billion for 55 miles of "steel slats" and other fencing, plus $1.7 billion for other security measures like technology and more border agents. The deal does not include funding for a concrete wall at the border. 

    (Published Tuesday, Feb. 12, 2019)

    "This is the easiest part of an assignment that we give to undergrad students in a security class. It's unbelievable how they didn't do this," University of Michigan computer scientist Matthew Bernhard told the AP.

    Another computer expert who reviewed the vulnerability, Kris Constable of PrivaSecTech in Vancouver, Canada, said the system "clearly has never been audited by any computer security professional."

    During a campaign stop Monday, Kemp acknowledged "a potential vulnerability that we found about" but insisted without offering details that the state's election systems are secure.

    GEORGIA'S PAST PROBLEMS
    The state is one of just five that continue to rely exclusively on aged electronic voting machines that computer scientists have long criticized as untrustworthy because they are easily hacked and don't leave a paper trail that can be audited in case of problems.

    In 2015, Kemp's office inadvertently released the Social Security numbers and other identifying information of millions of Georgia voters. His office blamed a clerical error.

    His office made headlines again last year after security experts disclosed a gaping security hole that wasn't fixed until six months after it was first reported to election authorities. Personal data was again exposed for Georgia voters — 6.7 million at the time — as were passwords used by county officials to access files.

    Border Fund Negotiations Stall Days to Second Deadline

    [NATL] Border Fund Negotiations Stall Days to Shutdown Deadline

    The effort to negotiate border security and avoid another government shutdown hit a snag over the weekend. The White House says we could see a shutdown Friday and President Trump may still declare a national emergency to pay for the border wall.

    (Published Monday, Feb. 11, 2019)

    Kemp's office blamed that breach on Kennesaw State University, which managed the system on Kemp's behalf.

    Associated Press writers Michael Balsamo, Colleen Long, Jill Colvin, Russ Bynum and Ben Nadler contributed to this report.