A federal district court judge has decided that Georgia will not switch to paper ballots this year and will instead keep its electronic voting system. Judge Amy Totenberg took state election officials to task for a “head-in-the-sand” approach to election security, but said that it is too late in the game to switch from the vulnerable touch-screen machines to paper ballots before voters head to the polls on November 6. Early voting begins in less than a month.

A group of citizens who are suing Georgia Secretary of State Brian Kemp’s office for not addressing security weaknesses in the state’s electronic voting system asked the judge to block AccuVote TS and AccuVote TSX voting machines from being used in the November midterms. The touchscreen machines are proven to be easily hackable without a trace of evidence left behind, and they cannot issue a paper record to back up their results.

Georgia is one of just five states to use insecure electronic voting machines with no paper backup. However, the state uses a paper absentee ballot, which the plaintiffs' supported implementing for the November elections.

Delay Is "Not Tolerable"

Judge Totenberg warned in a 46-page opinion that the voting system must be switched by the next election and that “further delay is not tolerable” in implementing an un-hackable voting system for Georgia's 159 counties and 2,600 precincts. There is, however, not enough time to guarantee that a last-minute switch to paper ballots would not disrupt the election process for this year's midterms.

Judge Totenberg pointed out that while she decided against the plaintiff’s, they “shine a spotlight on the serious security flaws and vulnerabilities in the state’s DRE system — including unverifiable election results, outdated software susceptible to malware and viruses and a central server that was already hacked multiple times.” And that this information was "not rebutted by the defendants,“ except via characterizations of the issues raised as entirely hypothetical and baseless.”

The ‘Paper-Ballot Fairy’

In August, Kemp’s office likened the group’s idea of pinch-hitting with paper ballots in November to fairies and magic wands.

“There is no ‘paper-ballot fairy’ who, with a magic wand at the ready, can save plaintiffs’ half-baked ‘plans’ from devolving into a fiasco." And with this ruling now behind him, Kemp says that Georgia’s system is secure and that:

“...we will continue our preparations for a secure, orderly election in November and move forward with the bipartisan SAFE Commission’s work to responsibly upgrade Georgia’s secure - but aging - voting system. As I have said many times over, our state needs a verifiable paper trail, but we cannot make such a dramatic change this election cycle.”

David Cross, the attorney handling the case for the voters suing the state says:

“Ironically, the ineptitude demonstrated by certain state election officials in this case likely played a significant part in the decision that those officials could not manage a change now. We will continue the fight for all Georgia voters — and the Court makes clear that while we lost this initial battle, we are on track to win the war for safe, secure, transparent, honest elections in Georgia.”

A System In Dire Straits

Georgia has used its DRE electronic system since 2002. The secretary of state eschewed worry during the last presidential election, and yet Georgia’s name popped up on a list of targeted sites when the Justice Department recently unsealed an indictment against 12 Russian intelligence officers.

Around the same time that the Russians came snooping in the summer of 2016, a security researcher in Georgia named Logan Lamb breached the voter roll system and discovered voter information — at least 15 gigabytes worth — which included names, addresses, partial social security numbers, and much more available for download. After alerting state election authorities, he waited six months then went back in and found the same problem. Internal emails show that the election center’s technology staff talked about “40+ critical vulnerabilities” in October 2016.

The Senate Select Committee on Intelligence publicly concluded that Georgia is one of a handful of states where hackers can alter and delete voter data. In a statement of support for the plaintiff's lawsuit, J. Alex Halderman, professor of Computer Science and Engineering at the University of Michigan, wrote that in effect, “these voting machines are computers with reprogrammable software."

As part of a new congressional spending bill, states are allocated a total of around $380 million to tighten security on voting systems. States must provide 5 percent in matching funds, and they have a span of five years to spend the money. Georgia has said it will spend half of its allotted $10.3 million on new voting machines. And while estimates vary, some point to a price tag of around $120 million for new voting machines that spit out a paper record.