Category: Internet Security Issues

No, its not the time for more electronics in Connecticut’s voting

An Op-Ed in the CT Mirror: It’s time to modernize the way Connecticut votes.

The main trust is that we should do more electronic automation of the election process in Connecticut such as electronic transmission of results and electronic pollbooks, and alluding to less pens and paper in voting.

Perhaps we can forgive the author for accepting at face value the claims of vendors and their customers that have sunk unnecessary millions into questionable technology. Sometimes it works well and saves time and effort, sometimes it doesn’t!

  • Lets start with electronic submission of results. That idea has a couple of basic flaws…

Our bottom line: Never change from Voter Marked Paper Ballots unless there is some dramatic technological breakthrough. Avoid connectivity for voting machines. Cautiously consider electronic pollbooks, with mandatory paper backup systems. Keep using our current AccuVoteOS until they really need replacing – perhaps better more economical alternatives will become available, perhaps they will comply with the new Federal standards expected soon.

 

An Op-Ed in the CT Mirror: It’s time to modernize the way Connecticut votes <read>We disagree.

The main trust is that we should do more electronic automation of the election process in Connecticut such as electronic transmission of results and electronic pollbooks, and alluding to less pens and paper in voting.

Perhaps we can forgive the author for accepting at face value the claims of vendors and their customers that have sunk unnecessary millions into questionable technology. Sometimes it works well and saves time and effort, sometimes it doesn’t!

  • Lets start with electronic submission of results. That idea has a couple of basic flaws.
    • First its risky. No voting system should ever be connected to the Internet, have wireless connectivity, or be connected to phone lines. All that risks hacking of the voting machine itself. Experts have cautioned election officials against any such capabilities. The leading voting system vendor, ES&S has been caught lying to officials, a government agency, and the public trying to hide that they had that capability.  CT helped develop and uses a data collection system where tapes of results from machines are data entered into a system not connected to our voting machines – it may seem like a lot of work to Head Moderator’s like the author. Yet overall its not that big a deal e.g.  it my town it takes a few hours work by two officials, not that much in comparison to the 60 or so that work 17+ hours on election day.
    • Second, many CT votes are not counted electronically.  Votes on hand counted ballots and write-in votes are not counted by machines but the data must in any case be entered and reported. In other states some of this data is counted electronically by copying unscannable ballots onto other ballots for scanning – this is a labor intensive, slow, and error-prone process.
  • On to electronic poll books. Once again, risky, expensive and not all they are claimed to be.
    • The University of Connecticut tested them and found all those offered by vendors to be lacking in security. The analysis is confidential due to (unfortunate, undemocratic) agreements with the vendors that allowed the testing.
    • They are not as fast as and they are as error prone as manual lookup and voter checkoff on paper lists.
    • Many tout the advantages of not having to print all that paper, yet every expert warns that a paper backup is necessary to keep voting going in the face of power outages, Internet outages, and software or hardware failures.
    • Like everything connected to the Internet they are vulnerable to hacking. In 2016 there was a huge failure in an entire county in NC. There is no evidence of hacking, yet that is only because there was no credible investigation of a trail that my well have lead to Russia.
    • Once again, a little time on the part of election officials doing data entry saves millions in hardware and software acquisition and maintenance – and could provide jobs to Connecticut residents.
  • Several years ago the Secretary of the State got bonding of $6,000,000 to buy electronic pollbooks and a scheme for wireless transmission of results. She wisely turned it back to the State.
  • When it comes less paper and pens, we agree with the author that our current system is secure and accurate. The alternative, pictured with the Op-Ed seems to be and electronic Ballot Marking Devise (BMD). They are risky and expensive.
    • Life time costs for acquisition and programming are at least double, perhaps triple that of optically scanners and paper ballots. One of our current scanners handles the volume of ballots in all but a couple of polling places in the State. A couple handle most central count absentee ballot locations. We originally bought two per polling place, with consolidation there are a number of extras around, they can be purchased very reasonably used online. In fact, the Secretary of the State purchase a number of spares a couple of years ago.
    • BMDs cost lots more because you need many more per polling place. Each must be acquired initially, maintained, programmed, and tested for each election.
    • BMDs and their more risky predecessor technology, DREs, are the cause of lines and polling places. Not scanners in Connecticut and in most jurisdictions.
    • BMDs are subject to hardware and power failures. To continue in spite of power failures there needs to be a sufficient supply of paper ballots in every polling place (that would presumably need to be counted by hand).
    • Finally, BMDs are risky. Research shows that voters do not and cannot reliably check the paper “ballot” they produce, and have a hard time convincing officials the BMD made errors, not the voter.
  • We agree that our scanners are old.
    • Unlike the author, the CTEletionAudit.org surveys of registrars after every election have not indicated any rise in scanner failures.
    • Newer technology scanners available today are marginally better then the AccuVoteOS scanners we have now. The create ballot images and files containing Cast Vote Records, both of which support more comprehensive, less  expensive audits.
    • Yet, the new systems are each more expensive and slower. Many more polling places would need multiple machines to process the volumes of votes we have in Connecticut. They are just as vulnerable to hacking and thus should never be connected to the Internet, phone lines, or wireless for electronic communication of results. And still those hand counted and write-in votes need to be reported manually.
    • Many more will be required for more central count absentee locations. ES&S provides high speed scanners. Two count all the absentee ballots in Rhode Island. But Rhode Island is not Connecticut. They count all there absentees centrally and also program and warehouse all their scanners centrally in one place in Providence. We count and manage everything in each of 169 towns. Those high-speed scanners are too expensive to deploy for local AB counting.

Our bottom line: Never change from Voter Marked Paper Ballots unless there is some dramatic technological breakthrough. Avoid connectivity for voting machines. Cautiously consider electronic pollbooks, with mandatory paper backup systems. Keep using our current AccuVoteOS until they really need replacing – perhaps better more economical alternatives will become available, perhaps they will comply with the new Federal standards expected soon.

 

Kim Zetter investigates NC pollbook for Russian hack — And additional FL incidents!

From Politico: How Close Did Russia Really Come to Hacking the 2016 Election?

Why does what happened to a small Florida company and a few electronic poll books in a single North Carolina county matter to the integrity of the national election? The story of Election Day in Durham—and what we still don’t know about it—is a window into the complex, and often fragile, infrastructure that governs American voting…

The fact that so many significant questions about VR Systems remain unanswered three years after the 2016 election undermines the government’s assertions that it’s committed to providing election officials with all of the timely information they need to secure their systems in 2020. It also raises concerns that the public may never really know what occurred in 2016.

From Politico: How Close Did Russia Really Come to Hacking the 2016 Election? <read>

Why does what happened to a small Florida company and a few electronic poll books in a single North Carolina county matter to the integrity of the national election? The story of Election Day in Durham—and what we still don’t know about it—is a window into the complex, and often fragile, infrastructure that governs American voting…The infrastructures around voting itself—from the voter registration databases and electronic poll books that serve as gatekeepers for determining who gets to cast a ballot to the back-end county systems that tally and communicate election results—are provided by a patchwork of firms selling proprietary systems, many of them small private companies like VR Systems. But there are no federal laws, and in most cases no state laws either, requiring these companies to be transparent or publicly accountable about their security measures or to report when they’ve been breached. They’re not even required to conduct a forensic investigation when they’ve experienced anomalies that suggest they might have been breached or targeted in an attack.

And yet a successful hack of any of these companies—even a small firm—could have far-flung implications.

But VR Systems doesn’t just make poll book software. It also makes voter-registration software, which, in addition to processing and managing new and existing voter records, helps direct voters to their proper precinct and do other tasks. And it hosts websites for counties to post their election results. VR Systems software is so instrumental to elections in some counties that a former Florida election official said that 90 percent of what his staff did on a daily basis to manage voters and voter data was done through VR Systems software…

The company’s expansive reach into so many aspects of election administration and into so many states—and its use of remote access to gain entry into customer computers for troubleshooting—raises a number of troubling questions about the potential for damage if the Russians (or any other hackers) got into VR Systems’ network The company’s expansive reach into so many aspects of election administration and into so many states—and its use of remote access to gain entry into customer computers for troubleshooting—raises a number of troubling questions about the potential for damage if the Russians (or any other hackers) got into VR Systems’ network —either in 2016, or at any other time. Could they, for example, alter the company’s poll book software to cause the devices to malfunction and create long delays at the polls? Or tamper with the voter records downloaded to poll books to make it difficult for voters to cast ballots—by erroneously indicating, for example, that a voter had already cast a ballot, as voters in Durham experienced? Could they change results posted to county websites to cause the media to miscall election outcomes and create confusion? Cybersecurity experts say yes. In the case of the latter scenario, Russian hackers proved their ability to do precisely this in Ukraine’s results system in 2014.

Apparently NC is not the only suspicious incident related to VR Systems, and perfect for one Russian M.O.:

An incident in Florida in 2016 shows what this kind of Election Day confusion might look like in the U.S. During the Florida state primary in August 2016—just six days after the Russians targeted VR Systems in their phishing operation—the results webpage VR Systems hosted for Broward County, a Democratic stronghold, began displaying election results a half hour before the polls closed, in violation of state law. This triggered a cascade of problems that prevented several other Florida counties from displaying their results in a timely manner once the election ended…

If an attacker is inside VR Systems’ network or otherwise obtains the VPN credentials for a VR Systems employee, he can potentially remotely connect to customer systems just as if he were a VR Systems employee. When it comes to Russian hacking, this threat is not theoretical: It is precisely how Russian state hackers tunneled into Ukrainian electric distribution plants in 2015 to cause a power outage to more than 200,000 customers in the middle of winter.

VR systems was likely successfully hacked:

The Mueller report goes a step further. It says that not only did Russian hackers send phishing emails in August 2016 to employees of “a voting technology company that developed software used by numerous U.S. counties to manage voter rolls,” but the hackers succeeded in installing malware on the unidentified company’s network. The Mueller investigators write: “We understand the FBI believes that this operation enabled the GRU [Russia’s military intelligence service] to gain access to the network of at least one Florida county government.”… Since the Mueller report was published earlier this year, it has been confirmed that two Florida counties were hacked by the Russians after receiving phishing emails…

It is possible that the reports from Mueller and the NSA are wrong, and that their authors—with no firsthand knowledge of events and with limited details about what occurred—mistakenly concluded that the phishing campaign against VR Systems was successful…

The fact that so many significant questions about VR Systems remain unanswered three years after the 2016 election undermines the government’s assertions that it’s committed to providing election officials with all of the timely information they need to secure their systems in 2020. It also raises concerns that the public may never really know what occurred in 2016.

Its a long article, well worth reading. There are many details supporting and going  beyond what we have highlighted here.

*****Update from Kim Zetter 1/02/2020 Election probe finds security flaws in key North Carolina county but no signs of Russian hacking  <read>

“Absence of evidence shouldn’t be mistaken for evidence of absence,” said Susan Greenhalgh, vice president of policy and programs for National Election Defense Coalition. “I would hope the lesson learned here is that we need to be vigilant about irregularities from their onset … and promptly initiate investigations to rule out malicious cyber events.”

 

Jimmy Carter says a full investigation would show Trump lost in 2016, we are not so sure.

Former President Jimmy Carter questioned the legitimacy of Donald Trump’s presidency on Thursday, saying he would likely not be in the White House if the Russians did not interfere in the 2016 presidential election.

“I think a full investigation would show that Trump didn’t actually win the election in 2016. He lost the election, and he was put into office because the Russians interfered on his behalf,”

I have the greatest respect for President Carter, especially after his presidency, including his work for election integrity across the Globe. Yet we need actual actions not speculation.

From Politico <read>

Former President Jimmy Carter questioned the legitimacy of Donald Trump’s presidency on Thursday, saying he would likely not be in the White House if the Russians did not interfere in the 2016 presidential election.

“I think a full investigation would show that Trump didn’t actually win the election in 2016. He lost the election, and he was put into office because the Russians interfered on his behalf,”

I am not sure what such an investigation would show. All we know for sure is that there wasn’t a sufficient investigation, before or after the election, thru two administrations. Lots more to investigate in addition to foreign interference.

While its quite possible a though investigation would prove that. There is a lot of question if anything close to enough votes were changed in states that mattered. It might be too late for an investigation to prove anything like that.

More important would have been credible recounts in MI, PA, and WI which were thwarted by election officials and archaic laws intended to protect those same officials. More useful at this point and then would have been a call for investigation and for voter marked paper ballots everywhere.

I am one who believes it is likely that voter suppression small, large, legal and not clearly would have changed the result for Hillary as they would have for Kerry in 2004 and Gore in 2000.

I have the greatest respect for President Carter, especially after his presidency, including his work for election integrity across the Globe. Yet we need actual actions not speculation.

The Cyber War? We will all be victims.

NYTimes, David Sanger: U.S. Escalates Online Attacks on Russia’s Power Grid

To me, the basic story is a ho hum. Russia and China are lurking in our power grid and its been known for sometime we are in Russia’s. I would be concerned if we weren’t attempting to match them. All of that is covered in Sanger’s book, The Perfect Weapon, which I am reading right now.

There are two things that are scary in all this:

NYTimes, David Sanger: U.S. Escalates Online Attacks on Russia’s Power Grid <read>

Not sure the headline is accurate, to use the word ‘attacks’. The article points to our increasing cyber presence in the Russian grid, but no claims of actual attack. This in the same week as large, as yet, unattributed outages in South America. And yesterday’s rumors that the Trump Administration may be planning on bombing Iran.

To me, the basic story is a ho hum. Russia and China are lurking in our power grid and its been known for sometime we are in Russia’s. I would be concerned if we weren’t attempting to match them. All of that is covered in Sanger’s book, The Perfect Weapon, which I am reading right now. If you buy it, get the recently released paperback update.

There are two things that are scary in all this:

First, there is lots apparently withheld from our President, from the article:

Two administration officials said they believed Mr. Trump had not been briefed in any detail about the steps to place “implants” — software code that can be used for surveillance or attack — inside the Russian grid.

Pentagon and intelligence officials described broad hesitation to go into detail with Mr. Trump about operations against Russia for concern over his reaction — and the possibility that he might countermand it or discuss it with foreign officials, as he did in 2017 when he mentioned a sensitive operation in Syria to the Russian foreign minister.

There are indications that the plans to bomb Iran are also being created without telling the President. While I am worried about John Bolton and the risk of him starting a war, I am just as concerned with the risks inherent in our President and understand why some keep things from him. Itt is all scary.

Second,  the next war will be a cyber war. If we start by bombing a specific facility in Iran, we will likely attempt to kill their power and communications grids. If not, its likely Russia will go after ours. In a couple escalations the World will likely be powered down.

In an all-out cyber war, we will be likely victims. If our power grid is successfully attacked it will be out for months, with transformers, power plants, etc. destroyed. In short, no power, no communications, no transportation, no food, and most of us without water, medicine and healthcare. It would make what happened and continues in Puerto Rico seem minor.

PS: Our election infrastructure is much less protected than our power grid. Worse, the goal of Russia is likely to disrupt our elections, bring our elections and thus our democracy into question.

Four pieces of testimony on five bills, including Blockchain and RCV

On Wednesday the GAE Committee held testimony on another raft if bills.

The bills, and links to my testimony, in priority order: (Take a look at all the testimony <here>, best to look by bill number than date)

H.B.5417 A proposed study to use blockchain to solve some undefined problem in voter registration. I opposed, perhaps the only one in the room who is a computer scientist. In summary, if someone wants to sell you or asks you to invest in blockchain – Run. Run fast and keep your eye on your wallet and passwords! …

On Wednesday the GAE Committee held testimony on another raft if bills.

The bills, and links to my testimony, in priority order: (Take a look at all the testimony  <here>, best to look by bill number than date)

H.B.5417 A proposed study to use blockchain to solve some undefined problem in voter registration.  I opposed, perhaps the only one in the room who is a computer scientist.  In summary, if someone wants to sell you or asks you to invest in blockchain – Run. Run fast and keep your eye on your wallet and passwords!  In addition to my own testimony on how to solve problems (i.e. define the problem then look at all cures), I provided an article by a true expert.

H.B.5820 A proposed study to evaluate Ranked Choice Voting. I opposed unless the bill is corrected and the study is broadened. I provided a laundry list of items that should be considered by a Task Force.

S.B.156 and S.B.195  Two proposals to no linger require signatures on absentee ballot applications.  Opposed based on Connecticut’s history of absentee ballot votING fraud, by political operatives and insiders. Those signatures are a key component of proving fraud.

H.B.6876 To cut the onerous cost of scanning public records by cell phones and other meetings. Supported, along with every other person supporting Freedom of Information. Opposed by officials who gain revenue from the fees. copying a single document costs $20.

 

Merrill: “likely to increase audits”

Merrill said her office will likely also increase its audits. Currently it randomly selects voting precincts to have primary results audited following elections; five percent of polling places that use optical scan machines are subject to the audit, as prescribed by Connecticut General Statutes 9-320f. Those counts are then matched against vote totals from optical scan machines.

 

From Westfair an extensive interview with Secretary of the State Denise Merrill on security improvements  CT ramping up cybersecurity efforts ahead of election – but will it be enough? <read>

Merrill said her office will likely also increase its audits. Currently it randomly selects voting precincts to have primary results audited following elections; five percent of polling places that use optical scan machines are subject to the audit, as prescribed by Connecticut General Statutes 9-320f. Those counts are then matched against vote totals from optical scan machines.

We will applaud any substantial changes to improve the audits.  There are many weaknesses in the current law and in its execution. <Citizen Audit’s latest report>

the Myth of “Secure” Blockchain Voting

From David Jefferson at Verified Voting: Verified Voting Blog: The Myth of “Secure” Blockchain Voting <read>

Internet voting has been studied by computer security researchers for over twenty years. Cyber security experts universally agree that no technology, including blockchains, can adequately secure an online public election. Elections have unique security and privacy requirements fundamentally different from and much more stringent than those in other applications, such as e-commerce. They are uniquely vulnerable because anyone on Earth can attack them, and a successful cyberattack might go completely undetected, resulting in the wrong people elected with no evidence that anything was amiss….

Election security is a matter of national security. Blockchains, despite all the hype surrounding them, offer no defense against any of these well-known threats to which all online elections are vulnerable.

From David Jefferson at Verified Voting: Verified Voting Blog: The Myth of “Secure” Blockchain Voting <read>

Several startup companies have recently begun to promote Internet voting systems, but with a new twist – using a blockchain as the container for voted ballots transmitted over the Internet from the voter’s private device. Blockchains are a relatively new system category a little akin to a distributed database. Proponents of blockchain voting promote it as a revolutionary innovation providing strong security guarantees that enable truly secure online elections. Unfortunately, these claims are false. Blockchains do not offer any real election security at all.

Internet voting has been studied by computer security researchers for over twenty years. Cyber security experts universally agree that no technology, including blockchains, can adequately secure an online public election. Elections have unique security and privacy requirements fundamentally different from and much more stringent than those in other applications, such as e-commerce. They are uniquely vulnerable because anyone on Earth can attack them, and a successful cyberattack might go completely undetected, resulting in the wrong people elected with no evidence that anything was amiss.

There are many foundational computer security problems that must be solved before we can safely conduct elections online, and we are not close to solving any of them. The use of blockchains does not even address these problems. Here are just a few:

  • No reliable voter identification: There is no foolproof way of determining exactly who is trying to vote remotely through the Internet. All known and proposed methods have grave weaknesses, and blockchains do not address the issue at all.
  • Malware: The voter’s device may be infected by a virus or counterfeit app that could change votes even before they are even transmitted, or it may silently discard the ballot, or send the voter’s name and vote choices to a third party, thereby enabling coercion, retaliation, vote buying and selling, or pre-counting of votes, all undetectably. Blockchains cannot address malware.
  • Denial of service attacks: A server can be overwhelmed with fake traffic from a botnet so that real ballots cannot get through. Blockchains as proposed for elections use multiple redundant servers, but they offer no additional protection against denial of service attacks beyond what is achievable with a conventional system having the same aggregate communication capacity.
  • Penetration attacks: No servers, including blockchain servers, are immune to remote penetration and surreptitious takeover by determined sophisticated attackers. Even though blockchains use multiple servers, if attackers can disable or gain control of more than 1/3 of them they can totally disrupt or control the outcome of the election.
  • Nonauditability: Online voting systems, including blockchain systems, do not allow for the kind of true, voter-verified paper ballot backup that is necessary for a meaningful recount, audit, or statistical spot check. Thus, the most powerful and common-sense tools we have for protection against cyberattack are unavailable.

Election security is a matter of national security. Blockchains, despite all the hype surrounding them, offer no defense against any of these well-known threats to which all online elections are vulnerable. National rivals like Russia have demonstrated a capacity and willingness to interfere with our electoral processes and would have no difficulty disrupting or undermining a blockchain election. In this era of ubiquitous cyber threats, it is reckless and irresponsible to introduce any kind of online voting in the U.S.

We emphasize that these are just a few of the problems. We especially note that any online voting system must be subject to a comprehensive, truly independent security review followed by sufficient open public testing. The current proposed system in West Virginia is touted publicly, yet its details and alleged security review are secret. Unlike Bitcoin that itself has proven vulnerable, the West Virginia system is apparently not open to the public to participate in holding the blockchain.

Israeli Firm Proves Our Point: Fax is as risky as Online Voting

As we have been saying for years, Online/Internet voting risks include email and fax voting.
<Since 2008>

Story today in the Washington Post:
Report: Hackers Target Fax Machines
Phone Line Connected To Computer Network Can Offer Access

As we have been saying for years, Online/Internet voting risks include email and fax voting.
<Since 2008>

Story today in the Washington Post:

Report: Hackers Target Fax Machines

Phone Line Connected To Computer Network Can Offer Access
By MIRANDA MOORE Washington Post

The fax machine is widely considered to be a dinosaur of inter-office communications, but it may also present a vulnerable point where hackers can infiltrate an organization’s network, according to a new report from Israel-based software company Check Point. The company said that the vulnerability was identified as a result of research intended to discover potential security risks, and not as the result of any attack.

Hackers can gain access to a network using the phone line connected to a fax machine, which is often connected to the rest of an organization’s network. By sending an image file that contains malicious software over the phone line, hackers are able to take control of the device and access the rest of the network. The researchers were able to do this using only a fax number, which is often widely distributed by organizations on business cards and websites.
The report estimates that there are more that 17 million fax machines in use in the United States alone. The legal and medical fields both continue to rely heavily on fax machines to conduct business, since they are widely considered to be a more secure form of transmitting sensitive information and signatures compared to email. Banking and real estate also frequently transfer documents containing signatures via fax.

With the advent of all-in-one products that include fax functions as well as printing and scanning, fax machines may be more prevalent in homes and office than people realize. This particular vulnerability only applies if such a machine is connected to a telephone line, however.

The only machines tested were from HP’s line of all-in-one printers, but according to the report, these vulnerabilities are likely to be found in machines from any manufacturer that use similar technology. HP issued a patch for its products before the report was published, which is available for download from its support website.

The report advises that if a fax machine is too old to support a software update, or if the manufacturer has yet to issue a patch to fix the vulnerability, fax capabilities should be used only on a segmented part of the network without access to critical data. The report also advises that the phone line connected to an all-in-one type machine should be disconnected if a user or organization does not use the fax functions.

Georgia: New information enhance title as a Most Vulnerable State

article from McClatchy: Georgia election officials knew system had ‘critical vulnerabilities’ before 2016 vote

Georgia election officials got a friendly warning in August 2016 that their electronic voting system could be easily breached.

But less than a month before the November election, a state cybersecurity official fretted that “critical vulnerabilities” persisted, internal emails show.

The emails, obtained through a voting security group’s open records request, offer a glimpse into a Georgia election security team that appeared to be outmatched even as evidence grew that Russian operatives were seeking to penetrate state and county election systems across the country…

The disclosures add to alarms about the security of Georgia’s elections — not only in 2016, but also heading into this fall’s midterm elections.

Another article from McClatchy: Georgia election officials knew system had ‘critical vulnerabilities’ before 2016 vote <read>

Georgia election officials got a friendly warning in August 2016 that their electronic voting system could be easily breached.

But less than a month before the November election, a state cybersecurity official fretted that “critical vulnerabilities” persisted, internal emails show.

The emails, obtained through a voting security group’s open records request, offer a glimpse into a Georgia election security team that appeared to be outmatched even as evidence grew that Russian operatives were seeking to penetrate state and county election systems across the country…

The disclosures add to alarms about the security of Georgia’s elections — not only in 2016, but also heading into this fall’s midterm elections.

“I think these emails reveal that they recognized this system was catastrophically insecure,” said Robert McGuire, a Seattle lawyer representing citizen activists in a lawsuit that seeks to force Georgia to scrap its paperless electronic voting machines this fall and shift to paper ballots.

Secretary of State Brian Kemp, whose office oversees the state’s elections, says he was unaware of the system vulnerabilities at the time. Kemp, the Republican nominee for governor in this fall’s election, still maintains Georgia’s system is secure…

As a result, experts say, the system may be an inviting target for operatives from Russia and elsewhere to install software that manipulates votes without detection.

Georgia:  Are you sure you want this man to be your Governor. Are you sure you actually can participate in that choice?