U.S. District Judge Amy Totenberg said Georgians could be “sitting ducks” because of hacking vulnerabilities in the state’s electronic voting system.
But Totenberg appeared reluctant to throw out the state’s 17-year-old voting machines this close to November’s elections.
She said “it might be extra challenging” to change to hand-marked paper ballots, then go through another transition to the state’s new voting system before the presidential primary election March 24, 2020. Georgia’s upcoming voting system combines touchscreen voting machines that print out paper ballots.
Totenberg is considering whether Georgia’s existing touchscreen voting system is too insecure to continue using, a decision that could affect 310 elections planned in cities and counties this fall. She didn’t immediately issue a ruling Friday after two days of testimony from voters, election officials, computer science experts and cyber-security contractors.
“These are very difficult issues,” Totenberg said at the close of Friday’s hearing. “I’ll wrestle with them the best that I can, but these are not simple issues.”
The stories from people who attended the hearing are just wild. (Remember, the current governor who "won" against Stacey Abrams is Brian Kemp, who served as Georgia's secretary of state during his election.) Among the points brought up in the courtroom:
Kemp hired Fortilice Solutions to do a cyber risk assessment in October 2017. Kemp’s DOS got a 53.98 on a scale of 0-100 by CEO Theresa Payton, CEO of Fortalice. Fortilise gave Kemp a list of 22 major risk factors that needed to be remediated in Feb 2018. Kemp’s officer remediated only three before the Governors Election in November 2018. 19 issues remain unresolved.
Fortilice Solutions was also paid by Kemp to conduct “penetration testing” to see if they could hack into Georgia SOS website. Kemp’s office bragged about their diligence in Totenberg's courtroom in September 2018, but neglected to mention Fortilice successfully penetrated/ took over the domain and obtained encrypted passwords, admin rights, had access to files including absentee ballot batch files in mid-2018.
But the number one risk factor? Every single election official in Georgia had admin rights on their desktop computers -- as did every other employee. Whoa!