However Raffensperger’s dismissive response to the unsparing audit carried out by safety professional Alex Halderman has turned him into an object of intense criticism from cybersecurity specialists, who say he's portray reputable analysis with the comb of far-right conspiracy theories — and imperiling the 2024 elections within the course of.
“Raffensperger has lumped us with the election deniers,” mentioned David Jefferson, a pc scientist at Lawrence Livermore Nationwide Laboratory and an professional on election know-how. “However we can not, out of worry of that confusion, cease speaking about these vulnerabilities. They're actual, they're there, they usually should be addressed.”
Earlier than its launch final week, the evaluation of Dominion Voting Techniques’ ImageCastX ballot-marking units was stored beneath seal for roughly two years as a part of a long-running authorized dispute between Raffensperger and native voting rights activists arguing the machines should be changed by hand-marked paper ballots.
Georgia is considered one of simply two states within the nation to use these ballot-marking devices as the primary form of voting across every precinct, and the plaintiffs — a Georgia-based non-profit group known as the Coalition for Good Governance — have alleged its dependence on them is unacceptably dangerous due to the best way the ImageCastX information voter’s selections: by way of machine-printed barcodes voters can’t corroborate with their very own eyes.
The state has maintained all through the court docket problem that it has enough controls to forestall fraud, however Raffensperger’s letter to legislators ramps up the rhetoric and exhibits that the battle for the legitimacy of the 2024 vote in Georgia is already properly beneath method.
“The paranoiacs and conspiracists of the world have their beliefs bolstered once they learn experiences of theoretical ‘vulnerabilities’ that fail to say the real-world safety measures already in place,” mentioned Mike Hassinger, spokesperson for the secretary of state’s workplace. “If the PhDs don’t like being put in the identical class because the Pillow salesman, powerful noogies. They need to cease saying related issues.”
The secretary of state says within the letter that Georgia has efficient controls in place — simply because it did in 2020, when a number of audits, investigations and a state-wide recount disproved baseless allegations of widespread fraud. And Hassinger argued that it might be riskier to hurry out the accessible fixes by 2024 as a result of they're substantial and haven't but been examined in a significant election.
However a refrain of cybersecurity analysts and election-security specialists argue that there’s sufficient lead time proper now to make modifications and that fixing a documented difficulty with the machines is one of the best ways to forestall vote-tampering or disinformation in 2024.
Raffensperger’s choice to not repair these programs represents “the peak of irresponsibility,” Halderman mentioned in an interview. “Even when there’s no precise assault, you higher imagine that there are people who find themselves going to make use of the existence of those issues to name into query the outcomes of elections.”
Following the 2020 elections, then-president Donald Trump alleged Dominion Voting Techniques had conspired with a weird forged of characters to steal the election from him. Fox Information, which fueled these baseless allegations in its information protection, ultimately paid Dominion practically $800 million to resolve a defamation go well with the corporate had filed in opposition to it.
A recording of a phone call revealed Trump additionally pressured Brad Raffensperger to “discover” sufficient votes to overturn Joe Biden’s victory in Georgia. Raffensperger’s refusal made him an icon of election integrity on the time. However he’s discovering himself in a special place now.
Whereas the coalition has been arguing because it first filed its case in 2017 that Georgia’s voting machines aren’t safe sufficient, Halderman’s audit — authorised by a federal court docket in Georgia in 2021 — confirmed a lot of easy-to-hack safety holes.
In a matter of weeks, he concluded that even reasonably expert hackers may set up malware on an ImageCastX or a related printer to flip votes at particular person polling stations and even throughout the state.
Total, Halderman’s audit uncovered 9 vulnerabilities in Dominion’s software program, the U.S. authorities’s Cybersecurity and Infrastructure Safety Company, or CISA, has confirmed. The company first reviewed the report beneath seal after which warned publicly in regards to the 9 flaws in June of final yr.
However CISA by no means commented on how simple it might be to truly undermine an election. And that component of Halderman’s work stays a matter of dispute.
Every of his assaults requires some extent of bodily entry to election programs to execute. Dangerous actors would additionally want a duplicate of the corporate’s proprietary software program, which the court docket gave Halderman, to grasp exploit it.
Requested in regards to the assaults recognized within the Halderman report, a Dominion spokesperson mentioned that “our clients’ licensed programs stay safe thanks partly to the numerous strong operational and procedural safeguards that exist to guard elections.”
And by “diligently making use of” a spread of bodily and operational controls which can be already widespread for elections directors, CISA mentioned in its advisory, states may restrict these dangers.
These are key explanation why Raffensperger believes Halderman’s warnings are overblown.
“The Halderman report was the results of a pc scientist having full entry to the Dominion gear and software program for 3 months in a laboratory setting,” he writes within the letter. “We now have to run elections within the real-world, not simply create conspiracies or hypothetical potentialities.”
A competing overview of Dominion’s software program carried out by the nonprofit MITRE company, Raffensperger writes, helps his level: It concluded that Halderman’s assaults have been “operationally infeasible” as a result of bodily controls in place within the state and the low probability of flipping sufficient votes to make an affect.
However the unsigned examine — which was commissioned by Dominion — relies on a shaky assumption buried in one of many footnotes: the enforcement of “strict and efficient managed entry to Dominion’s system.”
Harri Hursti, a hacker who scours election programs to assist corporations discover holes in them, once bought an ImageCastX off of eBay. And amid their efforts to undermine the outcomes of the 2020 elections, pro-Trump allies have gotten their palms on Dominion’s programs in a number of situations.
Republican lawmakers in Maricopa County, Ariz, granted a far-right auditing firm, Cyber Ninjas, entry to Dominion machines. And in Mesa County, Colo. and Coffee County, Ga. activists helped outsiders looking for to sow doubt in regards to the 2020 outcomes entry to the corporate’s software program.
The MITRE overview “is fantasy,” mentioned Philip Stark, a professor at UC Berkeley who conducts analysis on election integrity. Final week, Stark organized a gaggle of greater than 20 election safety specialists to ship a letter demanding that MITRE retract the examine.
Hassinger, the Raffensperger spokesperson, argued that the incident in Espresso County represented an distinctive case of felony wrongdoing. He additionally mentioned that the secretary of state can not make hand-marked paper ballots extra accessible than they already are with out assist from state legislators, however that the state does plan to examine for indicators of software program tampering forward of the 2024 election.
Raffensperger’s letter additionally doesn't tackle considered one of Halderman’s largest issues: That by altering each the barcode and the textual content that lists a voter’s alternative, hackers may undermine confidence in efforts to confirm election outcomes.
And even when voters catch any errors — and repeated research have proven that many citizens don't rigorously overview their ballots — such makes an attempt would trigger widespread confusion on election day.
“The basic drawback right here is that Georgia determined (in opposition to professional recommendation) to make use of QR codes for ballots,” mentioned Rob Graham, an election safety professional who has studied false claims of election interference in 2020. “Which means there’s no method for voters to confirm their votes haven’t been altered by the ballot-marking units.”
Poking holes in programs — or speaking about them — can in fact gas the exact same conspiracies election safety specialists say they’re making an attempt to cease.
“THE ELECTION WAS RIGGED,” Donald Trump wrote Tuesday on his social media website Reality Social, in a post where he linked to a information article on the Halderman report.
However the specialists who spoke with POLITICO argued that it's important to arm states and election employees with the data they should act. And, they are saying, the rising attraction of digital voting programs means different states and localities are prone to following in Georgia’s footsteps — and deploying a know-how with dangers they don’t absolutely perceive.
“Any a part of any voting system that’s ever been subjected to actually unbiased overview has been discovered to have vital safety points,” mentioned John Sebes, chief know-how officer of the TrustTheVote Mission and a co-director of the OSET Institute.
“We’ve received to have the ability to have a dialog about that with out being wrapped up across the flag of MAGA conspiracy theorists,” he added.
Kyle Cheney has contributed to this report.