State considers dropping election data center

Security lapses cast a pall over Kennesaw State University facility

The Kennesaw State University center that has helped run Georgia’s elections for the past 15 years may lose its contract in a matter of weeks because of concerns over security lapses that left 6.5 million voter records exposed.

The secretary of state’s office said Wednesday that it is “actively investigating alternative arrangements” to using Kennesaw State University’s Center for Election Systems, news that coincided with the unmasking by Politico Magazine of the security researchers behind a data scare involving the center that became public in March.

“All options are on the table,” said Candice Broce, a spokeswoman for Georgia Secretary of State Brian Kemp. The center’s annual $800,000 contract with the state ends June 30.

In the Politico report, Logan Lamb, an Atlanta-based internet security researcher, and Chris Grayson, a security colleague, for the first time detailed finding voter records, instructions and passwords for election workers, software files that could create electronic voter lists for poll workers, and what appeared to be databases for the state’s election management system.

It is not clear whether those files were current. The center, for example, does not maintain the state’s voter registration database — the files it collects are separate from the state’s main system, which is connected to the internet but housed on different servers in a different location using different security protocols.

Georgia’s more than 27,000 voting machines are self-contained and not connected to the internet, and neither are the in-house systems that create and maintain the electronic pollbooks or the election management system.

But none of the files the researchers found should have been accessible, they said, especially after Lamb initially notified the center before last year’s presidential election of the potential problem.

The danger is that they could be used as a blueprint for anyone looking to exploit the system’s vulnerabilities, a fear that has escalated with regular news reports about alleged attempts by Russian hackers to meddle in the 2016 presidential election.

It also comes as Georgia holds a nationally watched runoff Tuesday between Republican Karen Handel and Democrat Jon Ossoff, a race seen as an early referendum on President Donald Trump’s administration.

Cybersecurity experts as recently as last week said the state should run a technical review of its entire system to check for cyber penetration and add preventive measures to protect against both malicious attacks and unintended problems. Critics also sued the state to force it to use paper ballots during the runoff, citing similar concerns.

A Fulton County judge dismissed the lawsuit last week, saying there was an “absence of evidence” of widespread problems.

Experts have also said they knew of no examples of ongoing attacks on Georgia’s system and said there is no evidence it has been hacked.

The state has employed an ongoing, multilayered effort to secure the system’s safety and integrity, which includes working with private security vendors to scan the system and thwart any probing attempts — something state officials have said happens almost weekly.

Georgia officials reiterated Wednesday, however, that they do not believe Georgia was one of the 39 states reportedly targeted by Russian hackers ahead of the presidential election.

“Our elections systems have not been compromised,” Broce said. “We have been, and we will continue to be, hyper-vigilant in this environment. Secretary Kemp remains confident in Georgia’s elections systems and voting equipment.”

The Federal Bureau of Investigation earlier this year investigated the probing by Lamb and Grayson but did not file charges, saying they had not broken federal law.

A subsequent report prepared for the university after the breach cited concerns inside the center that included an unlocked IT closet and wires plugged into an internet port that had not been documented.

Center officials, who did not respond earlier this week to questions of whether it had addressed the security report, referred questions Wednesday to the university. A university spokeswoman declined comment.

The issue has also become fodder for the campaign trail, with one of the authors of an 11-year-old Georgia Tech report saying Handel — who at the time was secretary of state — didn’t follow up on recommendations then for stronger system security.

Rob Simms, a spokesman for Handel, on Wednesday told The Washington Post that asking “if we ever ‘responded’” to a report done more than 10 years ago didn’t “make sense.”

Reader Comments ...

Next Up in Georgia Politics

Paper ballots pass Election Day test in Georgia
Paper ballots pass Election Day test in Georgia

The results are in from this month’s test run of a voting system that could bring paper ballots back to Georgia: It was easy to use and fast, but it would come with a high cost to taxpayers. The trial of the touch screen-plus-paper ballot voting system “came off without a hitch” when it was tried during the Nov. 7 election...
Oxendine suit claims ethics charges are rooted in unconstitutional law
Oxendine suit claims ethics charges are rooted in unconstitutional law

Former Georgia Insurance Commissioner John Oxendine has filed a federal lawsuit against the state ethics commission saying its newest charges against him — that he illegally benefited personally from campaign funds raised for his unsuccessful 2010 gubernatorial run — stem from an unconstitutionally vague state law. Oxendine has been battling...
The Left is condemning the culture of harassment; calls for Conyers to go
The Left is condemning the culture of harassment; calls for Conyers to go

More people are calling for U.S. Rep. John Conyers to resign in the wake of the news of secret payments for congressional sexual harassment claims. A roundup of editorials Wednesday takes a look at the issue. From The Detroit Free Press: Voters in Michigan should have been told of the payoffs to women who claimed Conyers sexually harassed. From The...
The Right is calling for Congress to end secret payments for bad behavior
The Right is calling for Congress to end secret payments for bad behavior

It’s morals run amok in some corners of Congress. And, guess what? Taxpayers get to foot the bill to hush it up. A roundup of editorials Wednesday takes a look at the secret settlement fund. Opinions from the Right: From The Detroit News: Voters were cheated when they were kept in the dark about payments to silence women who accused Conyers of...
Trump promises Americans ‘huge tax cut’ for Christmas
Trump promises Americans ‘huge tax cut’ for Christmas

President Donald Trump on Monday promised a tax overhaul by Christmas, a day after the White House signaled its willingness to strike a health care provision from Senate tax legislation if it’s an impediment to passing the tax bill. Speaking before a Cabinet meeting, Trump said: “We’re going to give the American people a huge tax...
More Stories