Something is rotten in the Secretary of State of Georgia
It's bad enough for a candidate to have the authority to essentially regulate his own election, and embarrassing enough to permit him to actually change the electoral system in ways that favour him. But this is a step too far even for an aspiring banana republic like Georgia:
News orgs report that Kemp's office has launched a probe into the Georgia Democratic Party after an attempt to hack the voter registration system:
https://www.reuters.com/article/us-u...-idUSKCN1N90MP
No evidence was released that would justify Kemp launching such an investigation against his political opponents in an election he's participating in.
But now it makes more sense:
https://whowhatwhy.org/2018/11/04/ex...ank-safe-door/
Obviously this is just from one source, and the story is still developing. However, there is some important context:Two days before the midterm elections, a series of security vulnerabilities have been discovered that would allow even a low-skilled hacker to compromise Georgia’s voter registration system and, in turn, the election itself. It is not known how long these vulnerabilities have been in place or whether they have already been exploited.
Just before noon on Saturday, a third party provided WhoWhatWhy with an email and document, sent from the Democratic Party of Georgia to election security experts, that highlights “massive” vulnerabilities within the state’s My Voter Page and its online voter registration system.
According to the document, it would not be difficult for almost anyone with minimal computer expertise to access millions of people’s private information and potentially make changes to their voter registration — including canceling it.
In this election and during the primaries, voters have reported not showing up in the poll books, being assigned to the wrong precinct, and being issued the wrong ballot.
All of that could be explained by a bad actor changing voter registration data — and at this point there may be no way of knowing if that happened.
[...]
WhoWhatWhy contacted five computer security and election systems experts to review the document.
None of these cyber security experts tested the vulnerabilities described, downloaded any files, or altered any data.
All five noted that testing these vulnerabilities without permission would be illegal.
Instead, several logged onto the My Voter Page to look at the code used to build the site — something any Georgian voter could do with a little instruction — and confirmed the voter registration system’s vulnerabilities.
They all agreed with the assessment that the data of voters could easily be accessed and changed.
“For such an easy and low hanging vulnerability to exist, it gives me zero confidence in the capabilities of the system administrator, software developer, and the data custodian,” Kris Constable, who runs a privacy law and data security consulting firm, told WhoWhatWhy. “They should not be trusted with personally identifiable information again. They have showed incompetence in proper privacy-protecting data custodian capabilities.”
As secretary of state, Kemp is the data custodian, meaning he is responsible for the security of voter information.
https://slate.com/technology/2017/10...ulnerable.html
There is something seriously wrong with Kemp himself, but something even more wrong with a system that lets this asshat regulate his own election and launch investigations attacking his opponents.On July 3, state voters and a good-government group filed a lawsuit alleging that Georgia officials ignored warnings that the state’s electoral system was extremely susceptible to hacking.
On July 4, Georgia Secretary of State Brian Kemp’s office was alerted about the lawsuit by the press and declined to comment. It received a copy of the suit on July 6.
And on July 7, Georgia officials deleted the state’s election data, which would have likely been critical evidence in that lawsuit, the Associated Press reported Thursday.
Two things could have happened here. Either it was an incredible act of incompetence on the part of Georgia’s election officials, or it was an attempted cover-up to try to hide from the public a major election security lapse. Lawmakers from both parties are calling for heads to roll.
According to the lawsuit in question, the vulnerabilities included a path via Google to uncover troves of information about the electorate, including passwords into the election systems themselves. Hackers could theoretically have used these holes to breach the system and make changes to voter registries, or even raw votes. Because the state has no paper trail for votes, such an attack would have been incredibly difficult to detect. (The FBI investigated Georgia’s system earlier this year but has not publicly revealed the results of that investigation.) The lawsuit argues that because of the weaknesses in Georgia’s system, the state’s 2016 election and its 2017 special congressional election were potentially compromised.
Reply With Quote