Georgia Election Server Mysteriously Wiped Clean After Lawsuit Highlights Major Vulnerabilities
from the yeah-whoops-a-daisy dept
For as long as Techdirt has existed, we've highlighted how most implementations of electronic voting simply aren't safe or secure. The Diebold disaster in 2006, Sequoia's security scandal in 2008, and a rotating flood of similar stories since, have driven this point home time, and time, and time again. And despite these warnings neither the companies that make these machines, nor the election commissions or local governments tasked with overseeing them, have done enough (or, in many cases, much of anything) to ensure that our Democratic process is secure.
The latest example of just how not under control this problem is comes out of Georgia, where reports indicate that somebody managed to completely wipe a server integral to a lawsuit against Georgia election officials. The lawsuit, filed by a coalition of election reform advocates, is attempting to force Georgia to retire antiquated and heavily-criticized election technology that has been under fire in the media since June, after security researchers indicated that the touch-screen machines could be easily tampered with without leaving much of a trace:
A misconfigured server, Logan Lamb discovered last August, had left Georgia’s 6.7 million voter records and other sensitive files exposed to hackers. And it may have been left unfixed for seven months. The vulnerability might have allowed attackers to plant malware and possibly rig votes or wreak chaos with voter rolls by deleting or altering records — a major concern amid heightened sensitivity to state-sponsored Russian election hacking.
Shortly after the lawsuit was filed, the servers of interest in the case were mysteriously wiped by technicians at the Center for Elections Systems at Kennesaw State University, which oversees the state’s election system. The Associated Press only discovered the wipe after obtaining an email from an assistant state attorney general to plaintiffs in the case. Efforts to determine who requested that the server be wiped clean have so far gone nowhere:
The Kennesaw election center answers to Georgia’s secretary of state, Brian Kemp, a Republican who is running for governor in 2018 and is the main defendant in the suit. A spokeswoman for the secretary of state’s office said Wednesday that “we did not have anything to do with this decision,” adding that the office also had no advance warning of the move. The center’s director, Michael Barnes, referred questions to the university’s press office, which declined comment.
Plaintiffs in the case have argued that data from last November’s election and a special June 20th congressional runoff cannot be trusted due to the unresolved flaws in the machines. And while the election server would have gone a long way toward answering that concern, it was wiped clean on July 7 -- just four days after the lawsuit was filed. Two backup servers were subsequently wiped clean on August 9, just as the case was moving to federal court.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: e-voting, elections, evidence, georgia, servers, spoliation, voting integrity, wiped
Reader Comments
Subscribe: RSS
View by: Time | Thread
Yes, so mysterious
[ link to this | view in chronology ]
Re: Yes, so mysterious
[ link to this | view in chronology ]
Re: Re: Yes, so mysterious
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
So all of Georgia's politicians weren't elected and have to go home?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Except it doesn't. The final sentence says "Two backup servers were subsequently wiped clean". To me, a backup server is an alternate that could be used instead of the primary, whether for hot failover, quick disaster recovery, etc. Grandparent is asking about backups, in particular off-site backup archives, which are not whole servers on their own, but could reasonably be used for forensics if the master server from which the backup was created was unavailable. Organizations should have backup archives for everything they might need to replace, and should have backup servers for things that need to be replaced quickly. Backup servers provide quick recovery; backup archives for slower, cheaper, and deeper recovery. Storing a spare backup server once a week, with backups going back a year (or more) becomes expensive quickly. Storing backup archives once a week is comparatively cheap - it's just disk space, not all the incidental computer components. It gets cheaper still with some basic use of incrementals, such that each backup is just a delta recording changes since the last full backup.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Paper Ballots
Georgia Election Server Mysteriously Wiped Clean After Lawsuit Highlights Major Vulnerabilities
A two part paper ballot system can provide an auditable paper trail for every vote cast that can not be wiped clean. Each voter would keep the 1st part of the ballot in their personal possession with the second part of the ballot stored by the local election commission.
Ensuring the sanctity of the democratic process is worth the added time and inconvenience of using paper ballots.
[ link to this | view in chronology ]
Re: Paper Ballots
So, who stands to gain from this? Hmm... Are they about to be charged with destruction of evidence? Hmm...
[ link to this | view in chronology ]
Re: Re: Paper Ballots
Re: Paper Ballots At least until the warehouse they are stored in gets up close and personal with a lit match. Maybe even both warehouses if they are smart and store them separately.
The beauty of a two part paper ballot is the voter gets to retain the first part of the ballot as a receipt for their vote while the local election commission retains the second part of the ballot.
There is no chance of both ballots burning up in a warehouse as the ballots are kept separately.
[ link to this | view in chronology ]
Re: Re: Re: Paper Ballots
Allowing the voter to take a copy of his ballot outside would make vote-buying (and vote-coercing) enforceable.
[ link to this | view in chronology ]
Re: Paper Ballots
cAN i, cAN i cAN i ASK????
HOW do you verify a 2 part when I have 1/2 of it, and NEVER USE IT???
WHEN in HELL do they ever ASK for that second part???
HAVE you ever seen them CALL IN the second parts to verify, and WHO would be independent to EVALUATE IT..
[ link to this | view in chronology ]
Re: Re: Paper Ballots
cAN i ? cAN i, cAN i cAN i ASK????
You can, you can, you can.
HOW do you verify a 2 part when I have 1/2 of it, and NEVER USE IT???
Have you ever voted?
In my local home town there is a voter registration log all voters sign into before casting their vote.
Each voters two part paper ballot would have a identification number that ties the voter to the ballot and the ballot to the election at hand.
WHEN in HELL do they ever ASK for that second part???
The second part of the paper ballot could be used if the first part of the paper ballot were destroyed or to confirm the results of a tightly contested election.
HAVE you ever seen them CALL IN the second parts to verify, and WHO would be independent to EVALUATE IT..
Yes. Do the terms hanging and dimpled chads ring a bell?
https://cseweb.ucsd.edu/~goguen/courses/275f00/abc-chads.html
There are no fool-proof silver bullet solutions but a two part paper ballot that can be audited beats bits and bytes that can be easily exploited/erased.
[ link to this | view in chronology ]
Re: Re: Paper Ballots
Submit BOTH PARTS
1 tot he election bureau..
1 to an INDEPENDENT group..Even your church..
If they are NOT CLOSE, its a reelection..
[ link to this | view in chronology ]
Re: Paper Ballots
[ link to this | view in chronology ]
Re: Re: Paper Ballots
How does this improve the war on voting fraud (stipulating this is a real issue)? After an alleged fraud, everybody gonna show up some-damn-where and show their "receipt" to some-damn-body? 'Cuz we know how good people are about showin' up at the polls in the first place. Just imagine how reliable the keeping of "receipts" will be and how faithfully voters will take the extra time to taxi their "receipts" for a second pseudo-polling event and how much more trustworthy the tally of those "receipts" will be than the original "vote"?
This is a problem that is inherent to all votes as it really isn't the voter that matters so much as the person(s) counting the votes.
"As long as I count the votes, what are you going to do about it?" ~ William Magear Boss Tweed (aka Boss Tweed)
https://en.wikipedia.org/wiki/William_M._Tweed
[ link to this | view in chronology ]
Re: Paper Ballots
[ link to this | view in chronology ]
is it can be adverse inference tiem pls?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Wiped Clean
[ link to this | view in chronology ]
IM SORRY, but..
Databreaches.net
ANd I have to say this...
1. ANY ADMIN/operator in CHARGE of a server WILL UPDATE IT..
SHOULD HAVE UP DATED IT..
CHANGED THE SOFTWARE..
in the last few years..
2. ANY person responsible for DELICATE/IMPORTANT DATA DOES NOT ALLOW DIRECT ACCESS TO THE DATA...He is responsible for..
3. ANYONE with a Good amount of Software and Hardware SHOULD be able to make an UNHACKABLE SYSTEM, from hardware..that Would NEED to be taken and HACKED other places then ON SITE..
4. BACKUPS...require 3 copies, 1 internal, 1 away from system and 1 REMOTE...AND USE CURRENT BACKUP TECH...NOT FLOPPY DRIVES..magnetic data is VERY EASY to damage.. DVD, CD, BR should allow a HARD BACKUP...
5. HOW IMPORTANT...1 backup per year? per month? PER WEEK?? DAY??
Im sorry.
I have to say this, and its relivent..
1. HOW STUPID ARE WE??
2. HOW STUPID ARE THEY??
3. this is as bad as FORGETTING what pollution is, and removing ALL THE LAWS/REGULATIONS..
4. Something is happening and its TRYING TO COVER ITSELF UP.. Something thats been here ALONG time and its trying to SURVIVE..
5. HOW corrupt is this system?
[ link to this | view in chronology ]
I noticed they skipped the use of hammers to insure transparency, but you know, baby steps.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Or is this an "ok for me but not for thee" kind of thing? Selective enforcement makes a mockery of the rule of law, but you'd have to be stupid not to use the "Clinton defense" nowadays if you can get away with it.
[ link to this | view in chronology ]
Re: Re: Re:
Or is this an "ok for me but not for thee" kind of thing?
I thought the big orange retard was going to lock her up?
Yet another unfulfilled promise?
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
poor story
I also suggest that the state AG send those machines off to a forensics company to have the disks recovered, since if they didn't prove the accusation, they would have been kept in a lockbox until the trial was over.
Georgia, its like living in a trying-to-be-3rd-world country.
[ link to this | view in chronology ]
"I am shocked, shocked I say!"
Primary server wiped clean four days after the lawsuit is filed.
Two backup servers wiped clean just over a month later.
If the judge isn't readying destruction of evidence charges against everyone involved then they might as well resign on the spot and officially get a job working for the ones being sued. At the very least the entire election results should be thrown out as useless, and a new election required, with the contract for running it handed to someone who isn't so 'accident' prone.
I can't think of a better way to loudly proclaim, 'As bad as you think our actions were, they were so much worse' than to wipe three servers, so I can only imagine how damning the contents of those servers were, and hope the judge assumes the worst and acts accordingly.
[ link to this | view in chronology ]
Re: "I am shocked, shocked I say!"
Of course, the people responsible won't be charged with destruction of evidence concerning potential election fraud, oh no.
What I suspect will happen instead, will be "the wiping of the servers was part of routine maintenance, and we had no reason to suspect that we should retain the information on the servers. Don't worry though, we have a backup backup! Just tell us what signs you use to identify election fraud and give us a couple of months, and we'll have the 'original' data for you, free of any evidence of corruption."
[ link to this | view in chronology ]
This is not news to us at KSU.
[ link to this | view in chronology ]
Hand-recountable OCR cards are best approach
Even if no race is close enough for a recount, a small number of randomly generated precincts should be asked to conduct hand recounts, for auditing purposes.
[ link to this | view in chronology ]
Re: Hand-recountable OCR cards are best approach
That's Michigan. We use paper ballots that are read by an optical scanner at the poll and, normally, just the data from the scanner is used. In November 2016 some of the Wayne County (Detroit) precincts had failing scanners so, those votes were hand countable and also, due to how close the Presidential election was, nearly all the votes ended up being hand counted.
There are better ways to set up a voting system (cryptographic verification methods come to mind here) but, I like my state's voting method.
[ link to this | view in chronology ]
hOW BAD..
Corps dont care about us, the Gov is WRECKED..and not letting the CHECKS AND BALANCE WORK..
OVER PAID IDIOTS RUNNING THIS COUNTRY..
EVERYONE REMEMBER THEY ARE EMPLOYEESS
And 90% of this stuff is NOT in the newspapers..TV, ANyplace for the public View..
[ link to this | view in chronology ]
Well, I guess we have to start paying attention to these security problems some time, I just hate what it takes these days to get people to care. Bush went to war under false pretenses. Trump said some mean things on Twitter. Both were elected during and with the use of breakable EVMs.
Also, why do we have to keep bringing up Russia? Trump won by electoral vote. Russia is accused of hacking the popular vote. You know, the vote Clinton actually won. Why is this always glossed over whenever Russian "election hacking" is brought up? Did I just happen to miss the article where they stand accused of hacking the electoral college?
[ link to this | view in chronology ]
Spoilation
[ link to this | view in chronology ]
Re: Spoilation
[ link to this | view in chronology ]
Re: Re: Spoilation
[ link to this | view in chronology ]
Re: Re: Re: Spoilation
Yeah, let me know when that one's filed.
[ link to this | view in chronology ]
Electronic voting is a really bad idea.
[ link to this | view in chronology ]
From georgia voting, to trump collusion with russia, to the clintons and obama colluding with the russians.
We need a new bogeyman to blame stuff on. How about North Korea instead?
[ link to this | view in chronology ]
Judge: "M'kay."
[ link to this | view in chronology ]
Misuse of term 'hacker'
See https://stallman.org/articles/on-hacking.html.
[ link to this | view in chronology ]
Re: Misuse of term 'hacker'
IMO editing the quote to correct the usage would be more egregious an offense than the one being fixed thereby. (Although commenting in the article on the incorrect usage could also address the problem without going to that same extreme.)
[ link to this | view in chronology ]
Re: Re: Misuse of term 'hacker'
That's fine; never mind me, carry on.
[ link to this | view in chronology ]
Re: Misuse of term 'hacker'
That's the thing with ignorance. It is of no use if you cannot show it off. So, congratulations on getting full value.
The term cracker'' typically refers to people from a certain part of the south-eastern US. The term comes from the sounds of the whips used in driving the cattle across the state. Many counties still havecracker day'' festivals celebrating this part of their heritage.
[ link to this | view in chronology ]