Georgia’s election systems indicate “Vote Hacking” potential & need additional security

I have previously reported issues indicating “Vote Hacking” in the following states: Arizona, Alabama, Alaska, CaliforniaColorado, ConnecticutFlorida’s primary election, & Florida’s general election. There could potentially be other explanations for some of the circumstances offered, however, information provided may indicate characteristics of hacking. When combined with other states, this evidence substantially increases the likelihood of systems vulnerability and election hacking throughout the country.

Georgia’s Election & Voting Issues

Shortly after the election, the National Association of Voting Officials requested a copy of any errors or inconsistencies related to voting machine problems. The request was made using the Freedom of Information Act which was ultimately granted. Although many of the documents have extensive redaction marks, the fact is that there are numerous and significant complaints throughout the state and country which necessitate a full and open investigation. Many of these complaints have been cataloged by the Voting Section of the Department of Justice. While a FOIA request has been granted for contested states, the fact remains that there are other states with issues not yet obtained from the DOJ — and there are likely many in Georgia considering the issues detailed below.

Attempted Intrusions

On February 2, 2016, Georgia’s Secretary of State detected what it alleged was an attempt at intrusion of their election systems.

On February 28, 2016 – The Georgia Secretary of State’s office detected what it alleged was another attempted intrusion.

On May 23, 2016 – The Georgia Secretary of State’s office detected what it alleged was another attempted intrusion.

On August 25, 2016, Secretary of State Brian Kemp sent an email to Nextgov, an online blog regarding a discussion involving the federal designation voting systems as critical infrastructure. In the email, Kemp expressed his disapproval:

“The question remains whether the federal government will subvert the Constitution to achieve the goal of federalizing elections under the guise of security… Designating voting systems or any other election system as critical infrastructure would be a vast federal overreach, the cost of which would not equally improve the security of elections in the United States.”

On September 7, 2016, state media reported that Secretary Kemp had reluctantly agreed to work with the Department of Homeland Security on an election cybersecurity working group.

On September 12, 2016 – The Georgia Secretary of State’s office detected what it alleged was another attempted intrusion.

On September 28, 2016 – The Georgia Secretary of State’s office detected what it alleged was another attempted intrusion.

On October 3, 2016 – The Georgia Secretary of State’s office detected what it alleged was another attempted intrusion.

On October 6, 2016 – The Georgia Secretary of State’s office detected what it alleged was another attempted intrusion.

Early Voting Problems

On October 27, 2016, during early voting state media reported that in Bryan County there was allegedly a machine which had been “flipping” votes. Secretary Kemp’s office launched an investigation into the issue. The AJC, state media, reported that a person complained a machine refused to pick Hillary Clinton for president until the person tried a third time to select Clinton. David Dove, Chief of Staff and Legal Counsel for Kemp’s office explained that he had presumed there to be a problem with the logic and accuracy testing, but this was not part of an official report. Either way, the testing was required to be performed under state law, but had not been completed.

NAACP representatives reported similar issues affecting the following counties: DeKalb, Bulloch, Chatham, Dodge, Effingham and Macon-Bibb.

In Bryan County, a voter who experienced a problem while early voting contacted the AJC, saying it took three tries Tuesday on a machine at the county’s administration complex in Richmond Hill before it correctly recorded his choice of Democratic presidential nominee Hillary Clinton. According to the report:

He selected Clinton but the touch screen on the machine then changed to show his selection as Republican presidential nominee Donald Trump, which he canceled before trying again. He said his wife had a similar experience on the same machine.

The AJC received multiple reports regarding the same issue at that particular location.

Election Supervisor Cindy Reynolds of Bryan County explained that one machine in question with problems was taken down for the day after at least 20 people used the machine. With the exception of one person complaining, Reynolds received no other complaint about that particular machine. It appeared likely that there were problems related to the machine’s calibration.

On October 28, 2016, ABC subsequently reported the story, but it was pulled for undisclosed reasons. Fortunately, there is an archived copy available.

On the same day, October 28, 2016, media reported that seven states, including Georgia, had denied assistance from the Department of Homeland Security to secure their election systems.

Update — 4.30.2017

Secretary Kemp explained later that one of the reasons for his state’s denial was that DHS had been offering the states “out of the box corporate solutions that some states needed. [Georgia] did not because we were already using our own.”

End Update — Original Article Resumes

On November 7, 2016 – The Georgia Secretary of State’s office detected what it alleged was another attempted intrusion.

Election Day

On November 8 , 2016 – The Georgia Secretary of State’s office detected what it alleged was another attempted intrusion.

DeKalb County

On November 8, 2016, Election Day, there were numerous reports in DeKalb County citing broken machines. Election Protection Georgia reported the information on their Facebook Page.

At 2:33PM, a fire temporarily suspended voting in one polling place.

Gwinnett County

At 8:17AM, reports of half the machines being down were reported in one polling location in Gwinnett County.

At 8:42AM, Gwinnett County spokesman Joe Sorenson confirmed a problem with equipment which was fixed at Ferguson Elementary School. He did not detail the problem

At 10:35AM, regarding Peachtree Elementary School, Sorenson explained that there had been false reports made about the power going down in some polling locations, but he did confirm there were some “power problems” at Bogan Park Community Recreation and Acquatic Center. Sorenson also confirmed that machines were down for a few minutes at Bogan Park, but that they were back up. There was no explanation given for the reasons why the machines were down.

At 11:01AM Sorenson explained that machines were back online at Bogan Park, but did not unveil a reason at that point either.

Fulton County

At 9:24AM, Kelley Jackson, daughter-in-law of Atlanta Mayor Maynard Jackson reported that machines were down at Therrell High School in Atlanta. Despite the report, Fulton County spokesperson April Majors did not deny the problem, but stated:

“We don’t understand how that rumor has spread”

At 10:29AM, Fulton County Elections Director, Richard Barron addressed the problems with regard to voting machine malfunctions. He explained that the poll manager reset the polls twice and that they were going as quickly as possible, but that things did appear to be operating smoothly:

We don’t want to see anybody leave because of equipment malfunction. We do encourage them to go back.

Dougherty County

At 1:12PM, a machine stopped working. This was a device responsible for charging “yellow voting cards.”

Putnam County

Secretary Kemp’s office also received a complaint regarding a voting machine in Putnam County but an investigator was unable to see the issue reoccur when he went out to the site.

On November 15, 2016 – The Georgia Secretary of State’s office detected what it alleged was another attempted intrusion.

On December 8, 2016, WSBTV reported that The Georgia Secretary of State’s Office wanted answers from the Department of Homeland Security about breach attempts.

On December 13, 2016, Kemp sent a letter to the Donald Trump asking for an explanation as to why their servers had been intruded upon.

See this document also.

IP logs, according to Georgia officials, demonstrate that the scanning had been sent from Department of Homeland Security servers, which were later determined to originate from the Federal Law Enforcement Training Center in the state. The requests had come into Georgia’s Professional Licensing website. DHS has claimed in response that the probing was actually a search performed by an independent contractor, working at the Federal Law Enforcement Training Facility where that contractor was looking up licenses as part of his normal job duties, but he used a method of search called HTTP Options to find the information. HTTP Options can be used for both legitimate and hacking purposes.

The contractors uses of “archaic” HTTP Options techniques was likely done to obtain results, in a more rapid manner. While not illegal, this practice could have alerted the Georgia Secretary of State’s internet security systems.

On January 17, 2017, Secretary Kemp received a letter from the DHS officials asking Secretary Kemp to provide more information so that the Office could investigate further.

There has yet to be an update on the investigation and it appears that Secretary Kemp has ceased pursuing the matter, at least in the public eye. The House and Senate have on-going investigations on the Election Hacking and the foreign hacking/influence issue.

On February 10, 2017, the National Association for the Advancement of Colored People released a statement explaining that they had settled a lawsuit with the state of Georgia. Reporting indicated that the state kicked more than 34,000 people off the voter rolls when their voter information did not match Social Security databases or Department of Motor Vehicle databases.

Although not indicative of hacking, what’s important to note here is that the state of Georgia was relying on a federal database to make a determination related to the elections; something Secretary Kemp seemed to vehemently oppose when DHS made the request to help Georgia.

On March 3, 2017, the media reported that voter registration systems had been compromised at Kennesaw State University’s Center for Election Systems.

On March 16, 2017, Georgia Democrats sent a letter to KSU requesting transparency of the election process, the use of verifiable paper trail in the election process, as well as that the state accept assistance from the Federal government in the protection of their system.

After a thorough investigation by KSU as well as the FBI who had been called to assist, it was found that someone had indeed penetrated the system, but not the core. The intentions seem to have been noble, however, as the person hacking had called into the center at least two times to let them know about the vulnerability, however, the fact is that the person was still able to gain access to information in a highly concerning manner which could have been used by someone with malicious intent.

On April 17, 2017, media reported that four voting machines in Cobb County had been stolen out of the back of a precinct manager’s car while she shopped at a Kroger grocery story. Secretary Kemp expressed his disapproval and promised to launch an investigation. Social media reactions were immediate and critical.

April 20, 2017 Update

The NAACP filed suit against Georgia claiming a violation of the National Voter Registration Act because Georgia requires voters to register at least 90 days prior to an election and the NVRA require states permit registrations up to 30 days before the election. The concern appears to be that people attempting to register for the June runoff were ineligible according to state law on the day the case was filed.

Original Article Continues Below:


Scanning activity – Georgia presents a wide range of issues which need to be addressed. It is likely that the “scanning” activity attributed to DHS was, in fact, occurring by the FLETC contractor in a routine performance of his/her duties in order to more rapidly obtain data. As there has been no further public pursuit by Secretary Kemp nor another official report provided to the media, it is likely the DHS analysis of the result is accurate.

However, it also seems plausible that scanning activities could have taken place in an attempt to assess Georgia’s systems for weaknesses. Secretary Kemp seems to imply nefarious intentions, but again, there has been no further evidence related to back up the claim presented to the public.

Voting & Machine Security – The experience at the polls as well as the voter registration issues reported by the NAACP in their settled lawsuit and also occurring at Kennesaw State University demonstrate the necessity for ensuring machines are not vulnerable to compromise and that the election system is better secured. Vote flipping needs to be prevented at all costs. Vote flipping is an indication of vote count hacking. Government officials have claimed that vote flipping is merely a machine calibration issue. However, this result is also unacceptable because it directly disenfranchises voters. The investigative results here need to be given to the public and then used to correct the issue from happening again in the future. Technology which permits vote flipping needs to be patched if simply an error. However, there is still great concern for vote hacking in vote flipping situations.

Power outages, machine breakage and other issues need also to be properly reported to ensure voters have their votes counted and that there is accountability for elections systems snafus.

NAACP – It is important to note that voter registration hacking is equivalent to vote count hacking. While the NAACP settlement does not necessarily indicate hacking, the point that’s important to convey here is that people were easily removed if their voter information did not match up properly with information in other databases, both state and federal in a manner which highly discriminated against traditionally democratic voters. It also begs the question of why Georgia would authorize the matching of state voter information with the “Federal” Social Security Department in order to assess whether to kick a voter off the rolls. This seems in stark contrast to the insinuation that DHS was hacking Georgia’s election system. This should be looked into further.

KSU — While the intentions of the “security researcher” may not have been malicious, the fact remains that KSU’s system was vulnerable to information compromise. This is cause for concern because such information can be used in furtherance of changing the voter’s party affiliation, which was used in the 2016 Election to remove voters from the voter rolls. In order to secure the election systems, it is necessary for Georgia to take the appropriate steps to

Stolen Machines – There needs to be a chain of custody for voting machines. The simple fact that a machine was able to be stolen from an election official’s vehicle brings up several issues with regard to policy and procedure. Secretary Kemp was quick to place blame on the Cobb County election department which waited 2 days to report the information to the state office. We need to know: 1. What are the policies in place which prevent a machine from being stolen? – chain of custody. 2. What is the proper chain of custody for a voting machine? – It should not be permitted to be in the back of one person’s car. 3. Who is accountable for these issues?

Investigation Results – It seems to be a common thread across the country, that most investigation results, including critical issues, are not properly presented to the public. When an election official “looks into” or promises to investigate, the people need access to the information coming from the investigation. This information then needs to be used to improve the election system as well as to update the system.


In order to solve this great election crisis, we must avail ourselves of software which is poorly designed or poorly maintained with sloppy code that is easily hackable by just about anyone that can do a google search. We should reject voting software which is insecure or that is laden with secret coding which not even the government is permitted to review because it is considered proprietary.

General Public License version 3 is the best possible solution at this time. It is inexpensive, non-secret software and more secure than what we are currently using.

Prime III Demo from Wisconsin Elections Commission on Vimeo.

Deploying a system, such as that advocated by the National Association of Voting Officials, which contains both paper ballots and true open source coding (not secret) can help to prevent another national security crisis. We deserve better than to permit our systems to be insecure. It is critical that we act as soon as possible — as these problems will only continue to grow if not addressed immediately.


Leave a Reply

Your email address will not be published. Required fields are marked *