Malicious Life Podcast: Election Hacking Part 2

Georgia's elections infrastructure had been hacked multiple times since 2014, both by Russian Intelligence and local White Hat hackers. The upcoming elections are plagued with uncertainty - and uncertainty and democracy go together like wet hands and electrical outlets - check it out...

About the Guest

Maggie MacAlpine

Co-founder, Nordic Innovation Labs

Cybersecurity serial entrepreneur, election security specialist, and jack-of-all-trades startup developer. World-recognized expert and speaker on the topic of election cybersecurity with a focus in piloting revolutionary auditing methods. Featured in HBO's election security documentary "Kill Chain" and speaker at DEF CON, Shmoocon, Diana Initiative, Pac Sec, Verizon, and in presentations to Capitol Hill.

About the Host

Ran Levi

Born in Israel in 1975, Malicious Life Podcast host Ran studied Electrical Engineering at the Technion Institute of Technology, and worked as an electronics engineer and programmer for several High Tech companies in Israel.

In 2007, created the popular Israeli podcast Making History. He is author of three books (all in Hebrew): Perpetuum Mobile: About the history of Perpetual Motion Machines; The Little University of Science: A book about all of Science (well, the important bits, anyway) in bite-sized chunks; Battle of Minds: About the history of computer malware.

About The Malicious Life Podcast

Malicious Life by Cybereason exposes the human and financial powers operating under the surface that make cybercrime what it is today. Malicious Life explores the people and the stories behind the cybersecurity industry and its evolution. Host Ran Levi interviews hackers and industry experts, discussing the hacking culture of the 1970s and 80s, the subsequent rise of viruses in the 1990s and today’s advanced cyber threats.

Malicious Life theme music: ‘Circuits’ by TKMusic, licensed under Creative Commons License. Malicious Life podcast is sponsored and produced by Cybereason. Subscribe and listen on your favorite platform:

All Posts by Malicious Life Podcast

Could the 2020 Election Be Hacked? (Pt. 2) Transcript

[Nate] We’ve all heard about Russian meddling and we’ve heard about cases where even voting machines have for reasons of glitches or what not shut down and caused long lines. Has a computer hack ever occurred against an election of any import in your knowledge?

[Maggie MacAlpine]: Well, has a computer hack occurred?

[Ran] We’re listening to Maggie MacAlpine–co-founder of Nordic Innovation Labs.

“[Maggie ] Now, until quite recently, I would usually have to say that there’s a really endemic problem to election security which is that because it’s so wrapped up in politics, generally speaking experts have really had to fight – have been denied over and over again to be allowed to do a forensic check of things like touchscreen voting machines. So they would have to say no, there’s no evidence of it. But that’s only because we haven’t been allowed to look.”

[Nate] Ran, have you ever heard of the votes in a major country’s election being changed by a malicious computer hacker?

[Ran] Not off the top of my head. Plenty of manipulated elections, but never from a data breach specifically. Maybe one of our listeners will correct me on Twitter.

[Nate] I can’t think of any right now, either. But that’s not to say it couldn’t have ever happened.

“[Maggie ] It’s kind of like saying there might not have been a murder. But I would like to check out the crime scene to see if there’s a body in there. But them saying, well, because you can’t be certain if there’s a body in there, you’re not allowed to go look at the crime scene.”

[Nate] For years, cyber researchers have been denied access to this proverbial crime scene. But, last year, at least in one state, that changed.

“[Maggie ] I can actually say that there is a very strong case going on in Georgia right now.”

[Nate] Ever since we left our story, in 2017, the lawyers in Curling v. Kemp had battled over whether Georgia’s election systems needed an entire overhaul. The prosecution, you’ll remember, originally wanted a congressional race between Jon Ossoff and Karen Handel completely reversed, on the basis that it could have been tampered with. But then the stewards of Georgia’s elections–the Election Center at Kennesaw State University–wiped their servers clean. The most important evidence in the case was now gone.

Or was it?

It turns out that, while KSU was destroying primary evidence in their lawsuit, somebody else had a copy of that same data: the FBI.

[Ran] And so, about one year ago, the prosecution finally got to see what had been so elusive for so long. They put Logan Lamb on the case.

“[Maggie ] I’ve met Logan Lamb and I trust him. So if Logan Lamb says he saw evidence that the server was accessed and tampered with, I believe him.”

[Ran] In an affidavit, Lamb revealed that on December 12th, 2014, KSU had, in fact, been hacked–and with it, the entire electoral system of Georgia.

It was entirely preventable, too. The attacker had used an exploit called “Shellshock.” Shellshock had been originally disclosed to the public on September 24th, 2014, along with its patch.

“[Maggie ] he found evidence that it was compromised in December, 2014 and then not patched, basically.”

As a result, the attacker was able to gain access to their server, its files, and execute remote commands as they pleased.

Notably, once inside the server, the hacker was smart enough to hide their footprints. In fact, they even patched the Shellshock exploit, keeping the spoils from any other possible hackers. Though Logan Lamb eventually discovered what happened, there’s no telling how long the hacker maintained access to that server afterward. By all accounts, no KSU employees ever caught on.

[Nate] In addition to the Shellshock discovery, Lamb recovered some other interesting data. Like a suite of election-related files, which somebody had attempted to erase on March 2nd, 2017. The significance of that date? It was the day after one of Lamb’s colleagues notified KSU that he’d breached their servers.

[Ran] You don’t need to be a conspiracy theorist to find that timing interesting. Lamb couldn’t help but say something. Quote:

“I can think of no legitimate reason why records from that critical period of time should have been deleted.”

[Ran] Now we know that Georgia’s elections infrastructure had been hacked multiple times since 2014: once by the Shellshock hacker, once by Logan Lamb, once by Logan’s colleague, and possibly even more times that we don’t know about due to deleted and covered-up information.

But we haven’t even gotten to the worst stuff.

In 2016, Fancy Bear and Cozy Bear–two hacker divisions of Russia’s intelligence apparatus–hacked the Democratic National Committee. It was the culmination of a monthslong trend, where Russia was increasingly using social media, hackers, and whatever other means they could to influence America’s elections.

[Nate] In response to the growing threat from Russia, the U.S. Department of Homeland Security offered to help individual states with their security postures. 48 states invited the help, 2 rejected it.

[Ran] I Think I can guess at least one of the two…

[Nate] I bet you can… After rejecting DHS assistance for his state’s election security, Brian Kemp explained to reporters that, quote:

“Because of the DNC getting hacked—they now think our whole system is on the verge of disaster because some Russian’s going to tap into the voting system. And that’s just not—I mean, anything is possible, but it is not probable at all, the way our systems are set up.”

Brian Kemp was right about one thing: anything was possible.

According to the Department of Justice, a couple of months after Kemp shrugged off the possibility of a Russian election hack, Russian military officers colluded to break into his state’s election systems. In the lead up to the 2016 election, officers of Unit 74455 had scoped out election infrastructure in Florida, Iowa, and Georgia, looking for vulnerabilities they could exploit. According to their indictments, quote:

“Vladimirovich Osadchuk and Anatoliy Sergeyevich Kovalev, are charged with a [. . .] conspiracy to commit computer crimes, relating to hacking into the computers of U.S. persons and entities responsible for the administration of 2016 U.S. elections, such as state boards of elections, secretaries of state, and U.S. companies that supplied software and other technology related to the administration of U.S. elections. It’s unclear what the Russians were able to accomplish–that information remains classified.”

[Ran] But let’s remember: that summer, a 29-year-old researcher named Logan Lamb had completely dismantled the same target, all on his own. How much money would you be willing to bet that a few Russian military officials could’ve done the same job?

So for those of you counting, we now have the Shellshock hacker, Logan and his colleague, the Russians, and possibly more we don’t know about. All playing around with Georgia’s election systems, in the lead-up to the main story of our episode today.

[Nate] According to estimates, more than twice as many people will vote by mail in this year’s U.S. presidential election than they did in 2016. I, for one, voted in-person last time, and by mail this time around. Some key swing states, like Pennsylvania and Wisconsin, don’t start counting mail-in ballots until Election Day. And due to COVID, many polling stations will already be understaffed. If the race is close, we could be waiting on a final outcome for days, or longer. President Trump has indicated that he may not accept that result, for any number of reasons. What happens then? We don’t know. Both campaigns have already hired teams of lawyers to fight the final result.

This election is plagued with uncertainty. And uncertainty and democracy go together like wet hands and electrical outlets.

[Ran] Yeah. Or like Nate Nelson and Falafel. Remember that time you were so sick you…

[Nate] Ah-…no need to remind me of that, thank you!

Take, as an example, a relatively minor incident that occurred in the state of Georgia in 2014.

Here’s what happened. The state was set to vote on a number of government appointments, including Governor, Attorney General, and Secretary of State–the position held by Brian Kemp. To help get out the vote, a grassroots political organization called the New Georgia Project collected and submitted 81,000 voter registrations on behalf of previously unregistered Georgia citizens. They beat the state’s deadline–October 6th–for the election coming up that November.

But as the election drew closer, representatives of the New Georgia Project found that only around half of their applications had gone through. So they sued the state.

[Ran] Brian Kemp was forced to step in. He called the allegation that there were 40,000 missing registrations, quote, “absolutely false. [. . .] The applicants on these forms have either been added to the rolls or they are in pending status,” end quote.

Confusion ensued. On one hand, here were tens of thousands of citizens who didn’t know if they could vote or not. As new voters, they were especially vulnerable. But there was no specific time limit on when the state had to add these voters to the statewide qualified electors list. In other words: there was nothing illegal or even really wrong with taking the time to process these applications, so long as they were done by election day.

[Nate] Amid all the bureaucratic red tape, neither side had complete information about what had happened. Therefore, each was able to spin a narrative that fit their own political ends.

To the Republicans controlling the state house, these Democrats were grasping at straws in order to rally their base. Whether registrations were missing or not, the narrative of big, mean Brian Kemp was the only part that mattered to them.

For the liberal activists, this felt like discrimination of the old days. The New Georgia Project focused their efforts around communities of color, in cities–demographics which tend to vote overwhelmingly Democrat. Maybe, they deduced, the Republicans controlling the state were intentionally dragging their feet, to prevent more black people from voting. It wouldn’t have been the first time.

That’s why one state representative, and leader of the project, decided to make some noise. That representative was a woman named Stacey Abrams.

Stacey Abrams was a rising star for the Democratic party, and it’s no wonder–she’s young, female, African-American, and ideologically center-left. Personality-wise, she has an air of that kid who sits at the front of the class, and reminds the teacher that they forgot to assign homework.

Abrams’ brand is all about voter rights. So when 40,000 new voter registrations went missing, she went to the media. She denounced Brian Kemp’s voter suppression, and the New Georgia Project staged a sit-in of his office in the capital.

[Ran] Eventually, Georgia’s 2014 election passed without too much fanfare. That’s because the Republicans won just about everything, by margins that made even 40,000 votes largely irrelevant.

But that’s not actually the important part. What’s important is how that episode previewed what was to come four years later, when the governor of Georgia prepared to vacate their position. It was now 2018, and two candidates emerged as the likely replacement.

One of those candidates, representing the Republican party, was Brian Kemp.

[Nate] And the other candidate, for the Democrats, was Stacey Abrams.

Now, if you recall our last episode, we talked about the race for Georgia’s 6th district, between Jon Ossoff and Karen Handel. It was a contentious election that made national headlines.

You can think of the race between Brian Kemp and Stacey Abrams like that, but on horse steroids.

There are a few reasons why. Governors are more powerful than congresspeople. Kemp, like Handel, was very conservative, and aligned with Donald Trump, where Abrams, like Ossoff, represented a new generation of Democrats.

But the way people like me, many states away, first heard about this race was through a commercial–one of Kemp’s campaign ads, titled “So Conservative.” It was, undeniably, one of the most memorable ads you’ll ever see. We don’t have the rights to air it on this show, but it’s important for understanding the context of our story, so we’re going to reenact it for your entertainment.

Lucky enough, Ran Levi does a perfect southern accent. Isn’t that right, Ran?

[Ran] You’re darn tootin’, partner!

[Nate] Isn’t that amazing? It’s like Brian Kemp is sitting in your living room right now.

So here’s how the ad goes. It opens with Kemp wearing a button-down shirt, standing in an open field.

[Ran] I’m Brian Kemp. I’m so conservative, I blow up government spending.

[Nate] We cut to Kemp holding a pump-action shotgun, in front of a display of about a dozen pistols and rifles.

[Ran] I own guns that no one’s taking away.

[Nate] Now he’s standing in his yard, holding a chainsaw.

[Ran] My chainsaw’s ready to rip up some regulations.

[Nate] We cut to Kemp sitting in a Ford F-350 pickup truck. He’s about to deliver the line that’ll be replayed on news channels for months thereafter.

[Ran] I got a big truck just in case I need to round up criminal illegals and take ‘em home myself. Yep, I just said that!

[Nate] He can hardly contain the smirk on his face.

[Ran] I’m Brian Kemp. If you want a politically incorrect conservative, that’s me.

[Nate] The race for governor of Georgia meant something to the whole country: it was a clash of two, opposite cultures. Not just Democrats versus Republicans, but progressivism versus Trumpism. America versus ‘murica. People who never visited Georgia in their life became invested in this race.

[Ran] Most people didn’t know that, in court, a separate battle was being fought over whether the state was even prepared to host a reliable election–whether their voting systems were so very broken that any possible outcome couldn’t be trusted.

“[Maggie] this is a three-year long running, extremely complicated lawsuit with a lot of moving parts.”

[Ran] The problem with Georgia’s voting systems dates back to 2002.

[Nate] Following the disastrous Florida recount in 2000, Washington passed the Help America Vote Act. It was designed to help U.S. states modernize their increasingly outdated voting systems.

Some states handled the responsibility quite well. Consider, for example, New Hampshire.

“[Maggie] So I’m from New Hampshire where we have optical scan and hand marked paper ballots. What that allows you to do is once you’ve checked in the voter, you can just give them a paper ballot and you can set up hundreds of hundreds of, if you need to, privacy screened in areas where they can fill out their ballot with a normal black pen and then drop it off at the voting machine at the end.

And if, God forbid, the voting machine should suffer a power outage or go out, there’s a special box within the machine to store them insecurely so that you could count them up later, if need be. So there’s a lot of redundancies and cost things in place that make hand marked paper ballots better across the board, especially for moving long lines.”

Plenty of states, like New Hampshire, were able to utilize digital computers to make their voting systems more robust and reliable.

And then there were states like Georgia.

“[Maggie] I had once lived in Georgia for a brief time. And yes, they were one of the last holdouts on these purely touchscreen machines that were rife with problems.”

[Ran] In 2002, the state of Georgia founded an election center at Kennesaw State University. At around the same time, they invested in a trove of fancy, new touch screen-based voting machines. It must have been very exciting.

“[Maggie] They’re just terrible.”

[Ran] The problem with touch screen voting machines is, well, basically everything.

“[Maggie] Whenever you have a computer screen that people need to use to cast their vote, it slows things down. It sounds like it would be faster. It sounds like it would be very technological and a lot better, but actually it means that no one else can even begin to start voting until that person is done. And each one of these machines can cost tens of thousands of dollars. And they’re already oftentimes filled with junk technology and they’re already pretty much obsolete from the minute they’re bought.”

[Ran] Touch screen machines cost a lot, cause long lines, and usually aren’t well-engineered. But if those were their only problems, they might still be acceptable. Unfortunately, the problems get far worse.

“[Maggie] They’ve been just rife with problems of sensitivity.”

[Ran] Sometimes, the screens improperly read where the voter placed their finger. It’s sometimes referred to as “sliding”–a phenomenon where the screen itself shifts out of place, such that a voter might press on one candidate and the press is interpreted, instead, as a vote for the next candidate over.

“[Maggie] The Simpsons made a great joke about it. Press the button here and it gave it to the Republican candidate.”

[Ran] The very worst problem with touch screen machines, though, is that they don’t necessarily come equipped with any kind of backup system.

“[Maggie] they’re unauditable. You can’t really do a recount. If something goes wrong within the machine, you’d need a full-blown forensic investigation to get into it.”

[Nate] When Georgia invested in touch screen voting machines, they didn’t pair it with a system of paper printouts. So when Karen Handel beat Jon Ossoff for Georgia’s 6th district congressional seat in 2017, there was no backup data to determine whether that result was actually accurate.

Really, there’s no way to tell whether any Georgia election of the past two decades has ever been accurate. We can basically assume they were, but that’s as far as we can go.

[Ran] To the defense in Curling v. Kemp, these kinds of arguments were hypothetical and unfounded.

“[Maggie] anytime they get challenged about it, being incredibly defensive and saying that they’re in the right. For example, one of the defense’s [. . .] gave for why, for their issues with this ongoing suit about the paper ballots and the improvements to election infrastructure and security are, that this is just a constant distraction by activists determined to undermine the credibility of our elections. [. . .] For years and years, anytime activists or experts have tried to bring up, “Hey, maybe we should do some things to patch or secure or make sure that these machines are trustworthy,” you’d always get somebody being like, “Oh, you’re just casting doubt on the election. How dare you?”

[Ran] Were the prosecution right to be concerned about Georgia’s election security? Or were they crying wolf?

[Nate] Where you come down on this question largely depends on what you think of Brian Kemp.

Brian Kemp, after all, was the one in charge of those machines. After shutting down the Election Center at KSU in 2017, he moved the state’s elections oversight and management into his building in the state capital. So of course the defense thought the machines were secure–their client was the one securing them!

[Ran] The prosecution had less confidence in their Secretary of State. His history with cybersecurity, to that point, had been less than stellar.

We can start with October, 2015, and a set of discs which contained the names, birthdays, social security numbers and drivers license numbers of 6 million Georgia voters. Those discs were “inadvertently” sent to a dozen news organizations and political parties in the state. A data breach, but with no hacker. Kemp later apologized, and claimed all the discs were either recovered or destroyed. He also fired one employee, maybe because they were responsible, or maybe because that’s what people do when they need a scapegoat.

The next incident came the following year. After the DNC hack, the DHS offered cybersecurity assistance to all U.S. states. Kemp said no thanks. Mere days later, a young researcher hacked his state’s election systems. Months later, Russians probed those same systems for potential vulnerabilities.

[Nate] Kemp’s poor handling of cybersecurity continued when a lawsuit was filed against him…for his poor handling of cybersecurity.

When the Curling v. Kemp case began, the judge ordered that all evidence in the case–most importantly, the server at KSU–be preserved. So state officials representing the defense–Brian Kemp–told the judge they’d subpoena the KSU server data from the FBI. The prosecution fought for years to see that server data–presumably, the evidence they needed to prove their case.

“[Maggie] when they asked to look at it, Georgia dragged its legs the whole time.”

[Nate] A full two years later, it turned out: Kemp’s team never made the subpoena. The evidence, for all anyone knew, might not even still exist.

“[Maggie] It was basically this whole thing that cast a very bad light over Georgia, that they were, (a) hiding this, and (b) that this had happened, and (c) that it happened on their watch in a way that might’ve even been internal.”

[Ran] Was Brian Kemp hiding something? It doesn’t take a conspiracy theorist to see a problem here. He and his team were being sued over their election systems. He was a candidate in the upcoming election for governor. Anything he knew that others didn’t could, presumably, be used to his own advantage.

“[Maggie] I think in any other race which would be perhaps valid, goes out the window when the Secretary of State himself is a candidate. It certainly doesn’t look good. It’s not a good look.”

[Ran] Would you trust a poker game if the dealer were playing? Would you trust a basketball referee if they were also a coach for one of the teams? Local organizations called on Brian Kemp to resign as Secretary of State–to hand over election oversight to a neutral third party. Even former President Jimmy Carter stepped in, personally writing a letter to Mr. Kemp. Quote:

“To Secretary of State Brian Kemp:

I have officially observed scores of doubtful elections in many countries, and one of the key requirements for a fair and trusted process is that there be nonbiased supervision of the electoral process. [. . .] you are now overseeing the election in which you are a candidate. This runs counter to the most fundamental principle of democratic elections — that the electoral process be managed by an independent and impartial election authority. In order to foster voter confidence in the upcoming election, which will be especially important if the race ends up very close, I urge you to step aside [. . .]”

[Ran] Brian Kemp held the power to hack his own election. Even if it was unlikely, nobody knew that he wouldn’t do that.

So the prosecution in Curling v. Kemp made a very simple request to the judge: instead of using the insecure, unverifiable touch screen machines, voters in the upcoming election should be given paper ballots. Ballots which, unlike machines, could be easily tracked and verified.

“[Maggie] even this little common sense measure, like let’s have a paper backup in the polling place, is being appealed by the Secretary of State’s Office, which I consider to be silly. [. . .] Other states have no problem with paper ballots, which are cheaper. Other states are better run.”

[Ran] On September 17th, 2018, Amy Totenberg–the judge presiding over Curling v. Kemp–came to a decision. She criticized those state officials who had their, quote, “head in the sand” about cybersecurity. But election day, now mere weeks away, was simply too soon to make any significant changes. The state would proceed with its existing touch screen voting machines. No paper backups.

Georgia’s voters would simply have to trust that everything was going to be okay.

[Nate] It was cloudy over much of Georgia on the morning of November 6th, 2018. At local schools, rec centers and town halls across the state, poll workers began setting up their decades-old, touch screen voting machines. Some of those poll workers would be in for a tough day.

“[Maggie] We have flawed e-poll books which is a new technology. Basically an iPad that helps you check into voters [. . .] shutting down in the middle of Election Day. [. . .] in every single election that they’d been used in, there’s been some glitch with them that’s caused enormous problems.”

[Nate] In major precincts, voters were bounced between polling places, held up due to technicalities, or told outright that they couldn’t vote due to discrepancies in registration data. The Atlanta Journal-Constitution documented some of the scenes. Quote:

“A poll worker in Atlanta hoarded the last of his precinct’s provisional ballots, doling them out to select voters while turning others away. Cobb County wouldn’t let a new resident cast a ballot even though both her driver’s license and her voter registration card displayed her new address. Fulton County still can’t verify that it received an Atlanta woman’s ballot in October. When the woman asked an election official over the telephone whether her vote had counted, she said the official “just kind of snorted.” Stories like these were unfortunate. But they paled in comparison to what some voters were facing, in the biggest cities in the state.”

“[Maggie] there were many flawed voting machines that broke down on election night.”

[Ran] Remember those expensive touch screen voting machines? They began breaking down. Take, for example, what happened to a fella’ by the name of Brian Kemp.

[Nate] When the Secretary of State went to cast his own ballot, he used one of those touch screen machines, which recorded his vote onto an insertable card. But in the middle of the process, he stepped away from his machine and walked over to the poll workers’ table. He told them, quote, “it said this was in invalid card.”

He had to try all over again.

[Ran] If the Secretary of State was having trouble voting for himself, it didn’t bode well for other Georgians. In some of the most busy counties in the state–like Gwinnett County, home to over 300,000 voters–machines broke down in numbers. So lines formed–through long school hallways, around city blocks.

“[Maggie] The lines for the Georgia primary this year were hours, hours and hours. They were wrapping around the block, in affluent areas!”

[Nate] Many voters waited over three hours just to cast their ballot. According to some reports, a few voters had to wait up to six hours. Now, if that were me? I’d have probably just gone home. I imagine many people did just that.

“[Maggie] Everyone didn’t have enough voting machines. And then they found an entire warehouse full of voting machines that weren’t being used. Georgia’s argument was, “Oh, well, those ones, don’t look at those. Those were busted,” or something and it was just not true.”

[Nate] By the end of the day most Georgians got to vote, and most of their votes counted.

[Ran] As midnight approached, the race just seemed to be too close to call. The candidates were hovering within one percentage point of one another. Georgia voters went to sleep not knowing who their next governor would be.

[Nate] The following day, one candidate was ready to make an announcement. After an election day full of broken machines, invalid ballots, incorrect registrations, and six-hour-long lines, 99% of precincts were reporting. The next governor of Georgia would be…

[Ran] Brian Kemp. He won by a little over one percent.

[Ran] Even though Brian Kemp had announced his victory, Stacey Abrams had not conceded her defeat. Her campaign told reporters that they believed some votes hadn’t been counted, and that the Secretary of State’s office wasn’t being forthright about it. They said they would be seeking litigation.

[Nate] The problem with their argument, of course, is that Georgia has no system for tracking lost votes. As the Atlanta Journal-Constitution reported, quote:

“no evidence emerged of systematic malfeasance – or of enough tainted votes.”

That statement can be read two ways: either the vote total was correct, or there wasn’t a way to tell that it wasn’t.

[Ran] At the beginning of this episode, we talked about all the people that have hacked Georgia’s election systems in the past few years. We said that Brian Kemp, managing his own elections, had the power to manipulate them to his advantage. Did Kemp, or any of those hackers–or any hackers we don’t know about–have any impact on the final result? There’s precious little data for which we could even begin to answer these questions.

But there was one piece of information that researchers took extra note of after election day.

[Nate] It came from one of Georgia’s urban, heavily Democratic precincts.

There were seven machines servicing this particular precinct. By the end of the day, six of those machines counted votes heavily in favor of the Democrat, Stacey Abrams. But in one case…

“[Maggie] voting machine number three shall we say, had a statistically impossible surge of republican voters compared to all of the others.”

[Nate] The precinct went heavily for Stacey Abrams. Machine 3 went heavily for Brian Kemp.

“[Maggie] basically unless they send every person who was a republican to this one machine, exclusively there’s just no way that the numbers match what would happen in the real world.”

[Ran] A team at the statistics department at UC Berkeley later crunched the numbers. They took all the data from that one precinct–how many Republican voters there were, and how many Democrats–and ran a series of around 10,000 simulations. In those simulations, voters were assigned randomly to one of the seven machines–as occurs in any given election. The question was: what was the likelihood that Machine 3 could have yielded a majority for Brian Kemp, of the margin it did? The answer?

[Nate] Less than one in a million.

[Nate] To this day, Stacey Abrams has not conceded the 2018 gubernatorial election. Six months after it was over, she told a crowd of supporters that the Republicans “stole” the election from the voters of Georgia. Quote:

“Despite the final tally and the inauguration and the situation we find ourselves in, I do have a very affirmative statement to make. We won.”

Curling v. Kemp–now Curling v. Raffensperger–continues to be litigated in court today. As a result of the prosecution’s efforts, Georgia has been gradually moving towards improving their faulty systems.

[Ran] On September 29th, the judge ordered that voter information systems be paired with backups–to avoid the kind of confusion that occurred in 2018. The state has also replaced those faulty voting machines they used in 2017 and 2018–the ones that broke down on election day and, in at least one case, yielded outright incorrect results.

“[Maggie] they’ve gotten a new model from Dominion, which is a ballot marking device, which is the new issue that voting machine people, hey make things worse in many ways. What they do is you mark your choices on a touchscreen, but this is supposed to be better than the old touchscreen machines because it’ll print out a ballot and then it’ll deposit that in the box directly. [. . .] But the issue is that there was a study from the University of Michigan, (a) that found people don’t actually check their ballot. So not only does it invalidate a lot of security measures that election security activists were working on, which was, for example, risk limiting audits when we go back to the paper ballot and make sure that the intent of the voter matches the results that were told by the machine with the paper. So again, the machine is now marking it. So if the machine messes it up and you don’t check, suddenly we’re right back where we started as far as not being able to go to the paper.

But second of all, these ones in Georgia are particularly heinous and particularly the part of an ongoing concern, which is that they don’t just print out a paper ballot with little ovals and names and just the usual. They put a barcode on it, which is what the computer reads. And this is just so incomprehensibly more complicated and silly to add, because the barcode is not human readable. So it lowers, first of all, voter trust, because now you’ve got a barcode on your ballot that might not say what you said. It might be anything.”

[Nate] As of this writing, Georgia is about as close in the polls as you can get. So let’s hope that everything goes smoothly over the next few days. It’ll probably turn out fine. But it’s tough to imagine what happens if we see the same voter registration issues, uncounted ballots, cyber vulnerabilities and broken-down voting machines this time around…