Instead Of More Hysteria, We Need Good Faith Discussions About Election Security.

Scot and I talked last night on Peach Pundit The Podcast about the Halderman Report AND the MITRE Report, both of which were recently made public. These are reports generated as part of a lawsuit against the Secretary of State. The reports examine the security of Georgia’s ImageCast X ballot marking devices, and other security procedures in place to secure our votes. If you’re out there calling for heads to roll because of the Halderman Report, you need to pipe down and read the MITRE Report before commenting further.

Scot asked yesterday if we should treat the Halderman Report seriously. Of course we should. Professor Halderman identified vulnerabilities in Georgia’s voting machines. But, the MITRE Report then examined those vulnerabilities and concluded:

MITRE NESL observed six total attack scenarios hypothesized by the researcher and assessed each one to be operationally infeasible given two parameters: the normal operating procedures of a voting precinct and associated officials, and scale considerations. Five of the proposed attacks were detectable through RLAs, as they only modified a printed ballot’s QR code—a nonauthoritative component of a ballot—and the sixth proposed attack was detectable during normal post-election result tabulation procedures. Five of six attacks were deemed non-scalable, impacting a statistically insignificant number of votes on a single device at a time. One attack was technically scalable but also was assessed to be infeasible due to access controls in place in operational election environments, access required to Dominion election software, and access required to Dominion election hardware.

Should elections officials dismiss the Halderman Report? No, and in fact they are piloting a software fix that improves the security of the machines, as explained in an email sent to Legislators and obtained by Peach Pundit:

Georgia’s election system is secure. It’s been battle-tested through two general elections, subjected to repeated audits and intense public scrutiny, and come through with flying colors. Georgia’s election officials are proceeding judiciously and responsibly to ensure that our elections are secure, accurate and accessible to the voters. Every single piece of voting equipment across Georgia will undergo security health checks ahead of the 2024 presidential elections, including verification no software has been tampered with.

The current proposed software upgrade has never been deployed for a major election anywhere in the nation. There are pilot tests of the upgrade that will take place in some local jurisdictions in Ohio, and Georgia will test it in some municipal elections this fall. In an initial evaluation by our election officials, the upgraded software was found to be incompatible with our poll pads. Discovering that problem during an election would have caused chaos. Discovering it ahead of time allows us to develop a patch that addresses the issue -without risking any election or public trust in the results. 

When I ran for Secretary of State in 2018, I learned that the election machine manufacturing industry is a small one. No offense to the various manufacturers, but I’m not sure we’re getting the needed research dollars devoted to the development of this very important equipment. We as a state and a nation need to think long and hard about this problem. Perhaps a public/private partnership is in order, or a partnership with a research university. I know there are professors at Georgia Tech who devote time and energy to this subject. Additionally, the hacker conference DefCon has for the past six years held a hackathon for voting machines. The election machine industry should cooperate fully with the folks at DefCon and other white hat hackers to improve security.

Like it or not, voting machines are here to stay. We’re not going back to the days of paper and pen voting or the days of hanging chads – guess what, those systems had plenty of vulnerabilities too. I’d argue it’s a heck of a lot harder to steal votes now that in was in the halcyon days of punchcards, lever machines, and paper ballots.

Georgia voters have endured seven long years of election conspiracies, lawsuits, an plenty of hysteria. In 2016 the claim was made that Russians hacked voting machines to steal votes for Donald Trump or otherwise tricked people into voting for Trump using clever internet memes. In 2018 claims and lawsuits flowed forth that Brian Kemp suppressed the vote to get himself elected. Since 2020 we’ve endured a constant stream of accusation and theories claiming Republicans in Georgia stole the election from Donald Trump…and only Donald Trump. Enough is enough.

The rhetoric around election procedures and security needs to be dialed down, a lot. Let’s set aside the heated rhetoric and calls for people to be excommunicated from the Republican Party and have good faith conversation about how to maximize voter participation while insuring all votes cast are counted securely and accurately.