By BILL BARROW and FRANK BAJAK, Associated Press
ATLANTA (AP) — The bruising race for governor of Georgia has been roiled by unsupported, eleventh-hour allegations from the Republican candidate, who is also the state’s chief election official, that Democrats sought to hack the voter registration system.
His Democratic opponent said he is making a baseless accusation to deflect attention from an apparently severe new security flaw in the system he is responsible for overseeing.
Here’s a look at the dispute, how it unfolded and what’s at stake.
GOP nominee Brian Kemp asked the FBI to investigate the Democratic Party, accusing it of trying to hack the system he controls as secretary of state.
Kemp’s office did not detail any Democratic acts, offering no evidence for opening a probe of his opposition just days before Election Day.
The FBI declined to comment.
Kemp leveled the allegation after an attorney for election-security advocates notified the FBI and Kemp’s office on Saturday that a private citizen alerted him to what appeared to be a major flaw in the database used to check in voters at the polls.
Independent computer scientists told The Associated Press that the flaw enables anyone with access to an individual voter’s personal information to log on to Georgia’s MyVoter registration portal and alter or delete any voter’s record, potentially causing havoc.
The leading candidates for governor Georgia are pushing hard for votes, ahead of what's expected to be a very close election on Tuesday. Democrat Stacey Abrams campaigned in Augusta. Republican Brian Kemp rallied with President Trump in Macon. (Nov. 5)
THE DEMOCRATS’ RESPONSE
Kemp’s Democratic opponent, Stacey Abrams, on Monday called him a “bald-faced liar” who cooked up the allegation to deflect attention from his record of incompetence as secretary of state presiding over an antiquated, vulnerability-laced elections system.
“There was never a hack,” she told a gathering at a Savannah union hall. “What was wrong is that he failed to do his job. He is abusing his power.”
The finger-pointing is the latest turn in a campaign whose final weeks have been dominated by charges of voter suppression and countercharges of attempted voter fraud.
Polls suggest Kemp and Abrams are locked in a tight race in a contest that has taken on historic significance because Abrams could become the nation’s first black female governor.
She has accused Kemp of using his post as secretary of state to make it harder for certain voters to cast ballots. Kemp has countered that he is following the law and that Abrams and advocacy groups are trying to help noncitizens and others cast ballots illegally.
Last month, a federal judge endorsed plaintiffs’ arguments that Kemp has been derelict in his management of the state election system and that the setup is lacking in reliability.
The atmosphere has left partisans and good-government advocates alike worrying about the possibility that the losing side will not accept Tuesday’s results.
HOW THE LATEST ALLEGATION UNFOLDED
According to AP interviews and records released by the Georgia Democratic Party, a lawyer for election-security advocates, David Cross, notified both the FBI and Kemp’s counsel Saturday that a citizen had alerted him to the flaw.
The citizen also separately informed the Georgia Democratic Party, whose voter protection director then sent an email to two Georgia Tech computer security experts, one of whom sits on a commission created by Kemp.
“If this report is accurate, it is a massive vulnerability,” wrote the director, Sara Tindall Ghazal.
The online news outlet WhoWhatWhy obtained copies of some of the correspondence and published a story about the system flaw on Sunday — just as Kemp’s office issued its statement accusing Democrats of attempted hacking.
“While we cannot comment on the specifics of an ongoing investigation, I can confirm that the Democratic Party of Georgia is under investigation for possible cybercrimes,” said Candice Broce, who works for Kemp.
WhoWhatWhy’s story said five security experts independently confirmed that the database is vulnerable to hacking.
One of those experts, University of Michigan computer scientist Matthew Bernhard, told the AP that any user logging onto the system — all that’s needed is the personal information of a single voter — could access and alter the records of anyone in the system.
Another computer expert who reviewed the vulnerability, Kris Constable of PrivaSecTech in Vancouver, Canada, said: “Anyone with security chops would have detected this problem.” The system, he said, “clearly has never been audited by any computer security professional.”
GEORGIA’S PAST PROBLEMS
The state is one of just five that continue to rely exclusively on aged electronic voting machines that computer scientists have long criticized as untrustworthy because they are easily hacked and don’t leave a paper trail that can be audited in case of problems.
In 2015, Kemp’s office inadvertently released the Social Security numbers and other identifying information of millions of Georgia voters. His office blamed a clerical error.
His office made headlines again last year after security experts disclosed a gaping security hole that wasn’t fixed until six months after it was first reported to election authorities. Personal data was again exposed for Georgia voters — 6.7 million at the time — as were passwords used by county officials to access files.
Kemp’s office blamed that breach on Kennesaw State University, which managed the system on Kemp’s behalf.