Georgia Election Server Mysteriously Wiped Clean After Lawsuit Highlights Major Vulnerabilities
from the yeah-whoops-a-daisy dept
For as long as Techdirt has existed, we’ve highlighted how most implementations of electronic voting simply aren’t safe or secure. The Diebold disaster in 2006, Sequoia’s security scandal in 2008, and a rotating flood of similar stories since, have driven this point home time, and time, and time again. And despite these warnings neither the companies that make these machines, nor the election commissions or local governments tasked with overseeing them, have done enough (or, in many cases, much of anything) to ensure that our Democratic process is secure.
The latest example of just how not under control this problem is comes out of Georgia, where reports indicate that somebody managed to completely wipe a server integral to a lawsuit against Georgia election officials. The lawsuit, filed by a coalition of election reform advocates, is attempting to force Georgia to retire antiquated and heavily-criticized election technology that has been under fire in the media since June, after security researchers indicated that the touch-screen machines could be easily tampered with without leaving much of a trace:
A misconfigured server, Logan Lamb discovered last August, had left Georgia?s 6.7 million voter records and other sensitive files exposed to hackers. And it may have been left unfixed for seven months. The vulnerability might have allowed attackers to plant malware and possibly rig votes or wreak chaos with voter rolls by deleting or altering records ? a major concern amid heightened sensitivity to state-sponsored Russian election hacking.
Shortly after the lawsuit was filed, the servers of interest in the case were mysteriously wiped by technicians at the Center for Elections Systems at Kennesaw State University, which oversees the state?s election system. The Associated Press only discovered the wipe after obtaining an email from an assistant state attorney general to plaintiffs in the case. Efforts to determine who requested that the server be wiped clean have so far gone nowhere:
The Kennesaw election center answers to Georgia?s secretary of state, Brian Kemp, a Republican who is running for governor in 2018 and is the main defendant in the suit. A spokeswoman for the secretary of state?s office said Wednesday that ?we did not have anything to do with this decision,? adding that the office also had no advance warning of the move. The center?s director, Michael Barnes, referred questions to the university?s press office, which declined comment.
Plaintiffs in the case have argued that data from last November?s election and a special June 20th congressional runoff cannot be trusted due to the unresolved flaws in the machines. And while the election server would have gone a long way toward answering that concern, it was wiped clean on July 7 — just four days after the lawsuit was filed. Two backup servers were subsequently wiped clean on August 9, just as the case was moving to federal court.
Filed Under: e-voting, elections, evidence, georgia, servers, spoliation, voting integrity, wiped
Comments on “Georgia Election Server Mysteriously Wiped Clean After Lawsuit Highlights Major Vulnerabilities”
Yes, so mysterious
What could have happened, I wonder? Perhaps the neighbor’s dog ate the server?
Re: Yes, so mysterious
No, no, no, it was wiped, like with a rag.
Re: Re: Yes, so mysterious
NAA, like with a vhs bulk tape wiper……:P
But, but Russians
Re: Re:
Well, you tried…
So all of Georgia's politicians weren't elected and have to go home?
That’s the best news I’ve heard all day.
What about the backups? Why are there never backups?
Re: Re:
Try reading all the way to the end of the article – the final sentence answers your question.
Re: Re: Re:
Except it doesn’t. The final sentence says "Two backup servers were subsequently wiped clean". To me, a backup server is an alternate that could be used instead of the primary, whether for hot failover, quick disaster recovery, etc. Grandparent is asking about backups, in particular off-site backup archives, which are not whole servers on their own, but could reasonably be used for forensics if the master server from which the backup was created was unavailable. Organizations should have backup archives for everything they might need to replace, and should have backup servers for things that need to be replaced quickly. Backup servers provide quick recovery; backup archives for slower, cheaper, and deeper recovery. Storing a spare backup server once a week, with backups going back a year (or more) becomes expensive quickly. Storing backup archives once a week is comparatively cheap – it’s just disk space, not all the incidental computer components. It gets cheaper still with some basic use of incrementals, such that each backup is just a delta recording changes since the last full backup.
Re: Re: Re: Re:
“Backup server” can also mean a server which initiates, receives, etc, backups.
Re: Re: Re: Re:
Off-site backup storage. If there isn’t some sort of off-site storage, then it’s not truly backed up.
Re: Re: Re: Re:
But nobody expects MegaUpload data to be available in Georgia
Paper Ballots
Georgia Election Server Mysteriously Wiped Clean After Lawsuit Highlights Major Vulnerabilities
A two part paper ballot system can provide an auditable paper trail for every vote cast that can not be wiped clean. Each voter would keep the 1st part of the ballot in their personal possession with the second part of the ballot stored by the local election commission.
Ensuring the sanctity of the democratic process is worth the added time and inconvenience of using paper ballots.
Re: Paper Ballots
At least until the warehouse they are stored in gets up close and personal with a lit match. Maybe even both warehouses if they are smart and store them separately.
So, who stands to gain from this? Hmm… Are they about to be charged with destruction of evidence? Hmm…
Re: Re: Paper Ballots
Re: Paper Ballots
At least until the warehouse they are stored in gets up close and personal with a lit match. Maybe even both warehouses if they are smart and store them separately.
The beauty of a two part paper ballot is the voter gets to retain the first part of the ballot as a receipt for their vote while the local election commission retains the second part of the ballot.
There is no chance of both ballots burning up in a warehouse as the ballots are kept separately.
Re: Re: Re: Paper Ballots
Re: Paper Ballots
cAN i ?
cAN i, cAN i cAN i ASK????
HOW do you verify a 2 part when I have 1/2 of it, and NEVER USE IT???
WHEN in HELL do they ever ASK for that second part???
HAVE you ever seen them CALL IN the second parts to verify, and WHO would be independent to EVALUATE IT..
Re: Re: Paper Ballots
cAN i ?
cAN i, cAN i cAN i ASK????
You can, you can, you can.
HOW do you verify a 2 part when I have 1/2 of it, and NEVER USE IT???
Have you ever voted?
In my local home town there is a voter registration log all voters sign into before casting their vote.
Each voters two part paper ballot would have a identification number that ties the voter to the ballot and the ballot to the election at hand.
WHEN in HELL do they ever ASK for that second part???
The second part of the paper ballot could be used if the first part of the paper ballot were destroyed or to confirm the results of a tightly contested election.
HAVE you ever seen them CALL IN the second parts to verify, and WHO would be independent to EVALUATE IT..
Yes. Do the terms hanging and dimpled chads ring a bell?
https://cseweb.ucsd.edu/~goguen/courses/275f00/abc-chads.html
There are no fool-proof silver bullet solutions but a two part paper ballot that can be audited beats bits and bytes that can be easily exploited/erased.
Re: Re: Paper Ballots
THERE IS A WAY,,,
Submit BOTH PARTS
1 tot he election bureau..
1 to an INDEPENDENT group..Even your church..
If they are NOT CLOSE, its a reelection..
Re: Paper Ballots
How does this improve the war on voting fraud (stipulating this is a real issue)? After an alleged fraud, everybody gonna show up some-damn-where and show their “receipt” to some-damn-body? ‘Cuz we know how good people are about showin’ up at the polls in the first place. Just imagine how reliable the keeping of “receipts” will be and how faithfully voters will take the extra time to taxi their “receipts” for a second pseudo-polling event and how much more trustworthy the tally of those “receipts” will be than the original “vote”?
Re: Re: Paper Ballots
How does this improve the war on voting fraud (stipulating this is a real issue)? After an alleged fraud, everybody gonna show up some-damn-where and show their "receipt" to some-damn-body? ‘Cuz we know how good people are about showin’ up at the polls in the first place. Just imagine how reliable the keeping of "receipts" will be and how faithfully voters will take the extra time to taxi their "receipts" for a second pseudo-polling event and how much more trustworthy the tally of those "receipts" will be than the original "vote"?
This is a problem that is inherent to all votes as it really isn’t the voter that matters so much as the person(s) counting the votes.
"As long as I count the votes, what are you going to do about it?" ~ William Magear Boss Tweed (aka Boss Tweed)
https://en.wikipedia.org/wiki/William_M._Tweed
Re: Paper Ballots
Doesn’t need to be paper, and paper would make it untenable. Just use a database, and issue a number that each voter can use to check their vote in the database. Use whatever encryption you like and maybe hash the vote number with the voter’s name or something to make it very difficult to check someone else’s vote without the issued number and knowing who it was issued to.
is it can be adverse inference tiem pls?
https://en.wikipedia.org/wiki/Adverse_inference
But her emails!
Wiped Clean
Like with a cloth?
IM SORRY, but..
Iv been watching TONS of server violations in the last year…
Databreaches.net
ANd I have to say this…
1. ANY ADMIN/operator in CHARGE of a server WILL UPDATE IT..
SHOULD HAVE UP DATED IT..
CHANGED THE SOFTWARE..
in the last few years..
2. ANY person responsible for DELICATE/IMPORTANT DATA DOES NOT ALLOW DIRECT ACCESS TO THE DATA…He is responsible for..
3. ANYONE with a Good amount of Software and Hardware SHOULD be able to make an UNHACKABLE SYSTEM, from hardware..that Would NEED to be taken and HACKED other places then ON SITE..
4. BACKUPS…require 3 copies, 1 internal, 1 away from system and 1 REMOTE…AND USE CURRENT BACKUP TECH…NOT FLOPPY DRIVES..magnetic data is VERY EASY to damage.. DVD, CD, BR should allow a HARD BACKUP…
5. HOW IMPORTANT…1 backup per year? per month? PER WEEK?? DAY??
Im sorry.
I have to say this, and its relivent..
1. HOW STUPID ARE WE??
2. HOW STUPID ARE THEY??
3. this is as bad as FORGETTING what pollution is, and removing ALL THE LAWS/REGULATIONS..
4. Something is happening and its TRYING TO COVER ITSELF UP.. Something thats been here ALONG time and its trying to SURVIVE..
5. HOW corrupt is this system?
Well, it worked for Hillary, so… it’s good practice for everyone else too, right? If it’s ok for politicians to do it, we can too!
I noticed they skipped the use of hammers to insure transparency, but you know, baby steps.
Re: Re:
Now if only she was on an election commision that might have some relavence.
Re: Re: Re:
Wiping servers with potentially incriminating evidence before a legal proceeding not relevant? I mean, really? You don’t see any similarities at all?
Or is this an “ok for me but not for thee” kind of thing? Selective enforcement makes a mockery of the rule of law, but you’d have to be stupid not to use the “Clinton defense” nowadays if you can get away with it.
Re: Re: Re: Re:
Or is this an "ok for me but not for thee" kind of thing?
I thought the big orange retard was going to lock her up?
Yet another unfulfilled promise?
Re: Re: Re:2 Re:
It would have been quite the show had he really attempted to do so.
poor story
How could you miss the fact that Sam Olens is president of KSU (Kennesaw State U)? Go back and contact them again, and this time FOI the emails between the him and the current governor and between him and the Republican party officials.
I also suggest that the state AG send those machines off to a forensics company to have the disks recovered, since if they didn’t prove the accusation, they would have been kept in a lockbox until the trial was over.
Georgia, its like living in a trying-to-be-3rd-world country.
"I am shocked, shocked I say!"
Primary server wiped clean four days after the lawsuit is filed.
Two backup servers wiped clean just over a month later.
If the judge isn’t readying destruction of evidence charges against everyone involved then they might as well resign on the spot and officially get a job working for the ones being sued. At the very least the entire election results should be thrown out as useless, and a new election required, with the contract for running it handed to someone who isn’t so ‘accident’ prone.
I can’t think of a better way to loudly proclaim, ‘As bad as you think our actions were, they were so much worse’ than to wipe three servers, so I can only imagine how damning the contents of those servers were, and hope the judge assumes the worst and acts accordingly.
Re: "I am shocked, shocked I say!"
Eyup.
Of course, the people responsible won’t be charged with destruction of evidence concerning potential election fraud, oh no.
What I suspect will happen instead, will be “the wiping of the servers was part of routine maintenance, and we had no reason to suspect that we should retain the information on the servers. Don’t worry though, we have a backup backup! Just tell us what signs you use to identify election fraud and give us a couple of months, and we’ll have the ‘original’ data for you, free of any evidence of corruption.”
I teach at Kennesaw State University where this server is housed. A republican DA with no university experience was secretly appointed as president last year. The last president “retired” after extensive fraud was discovered at KSU. The current president ex-DA would have been the one to prosecute this fraud but, of course, he is no longer in the position to do so. Go figure.
This is not news to us at KSU.
Hand-recountable OCR cards are best approach
OCR cards can be machine-read and reported immediately, and then held in case a hand-recount is required. Standard protocols should set secure storage requirements (eg for how long?), and method for hand-recounting.
Even if no race is close enough for a recount, a small number of randomly generated precincts should be asked to conduct hand recounts, for auditing purposes.
Re: Hand-recountable OCR cards are best approach
That’s Michigan. We use paper ballots that are read by an optical scanner at the poll and, normally, just the data from the scanner is used. In November 2016 some of the Wayne County (Detroit) precincts had failing scanners so, those votes were hand countable and also, due to how close the Presidential election was, nearly all the votes ended up being hand counted.
There are better ways to set up a voting system (cryptographic verification methods come to mind here) but, I like my state’s voting method.
hOW BAD..
How bad does it need to be, to GET THINGS FIXED IN THIS NATION??
Corps dont care about us, the Gov is WRECKED..and not letting the CHECKS AND BALANCE WORK..
OVER PAID IDIOTS RUNNING THIS COUNTRY..
EVERYONE REMEMBER THEY ARE EMPLOYEESS
And 90% of this stuff is NOT in the newspapers..TV, ANyplace for the public View..
So we’re going to start paying attention to a problem we’ve been ignoring since Bush and Afghanistan, because Trump and Russia piss us off more?
Well, I guess we have to start paying attention to these security problems some time, I just hate what it takes these days to get people to care. Bush went to war under false pretenses. Trump said some mean things on Twitter. Both were elected during and with the use of breakable EVMs.
Also, why do we have to keep bringing up Russia? Trump won by electoral vote. Russia is accused of hacking the popular vote. You know, the vote Clinton actually won. Why is this always glossed over whenever Russian “election hacking” is brought up? Did I just happen to miss the article where they stand accused of hacking the electoral college?
Spoilation
Georgia does in fact have a spoilation statute, so someone should have their toes held to the fire, so too speak, for this action.
Re: Spoilation
Governments tend not to prosecute themselves.
Re: Re: Spoilation
Its gonna be forced on them. Elections are serious business.
Re: Re: Re: Spoilation
State of Georgia v. State of Georgia.
Yeah, let me know when that one’s filed.
https://www.youtube.com/watch?v=w3_0x6oaDmI
Electronic voting is a really bad idea.
The russians seem to be a scapegoat for everything these days.
From georgia voting, to trump collusion with russia, to the clintons and obama colluding with the russians.
We need a new bogeyman to blame stuff on. How about North Korea instead?
Technicians and Brian Kemp: “We didn’t do it. It was the computer.”
Judge: “M’kay.”
Misuse of term 'hacker'
Please don’t use the word “hackers” to mean people that maliciously break security. That’s insulting to us hackers. For most of us, our hacking has nothing to do with security in any fashion. Please use the term “crackers” for people that break security.
See https://stallman.org/articles/on-hacking.html.
Re: Misuse of term 'hacker'
While I agree with you, RMS, I’d also like to note that in this case, the term was used only in an excerpt quoted from another article; this article’s author did not use the word incorrectly himself.
IMO editing the quote to correct the usage would be more egregious an offense than the one being fixed thereby. (Although commenting in the article on the incorrect usage could also address the problem without going to that same extreme.)
Re: Re: Misuse of term 'hacker'
…and after posting, it occurs to me that you may also have been addressing the commenters, some of whom have used related terms in the discussion.
That’s fine; never mind me, carry on.
Re: Misuse of term 'hacker'
That’s the thing with ignorance. It is of no use if you cannot show it off. So, congratulations on getting full value.
The term cracker” typically refers to people from a certain part of the south-eastern US. The term comes from the sounds of the whips used in driving the cattle across the state. Many counties still havecracker day” festivals celebrating this part of their heritage.