It’s election season. Incumbent Democratic President Joe Biden has not secured re-election. So, that means one thing: It’s “safe” for Americans to discuss voting machine vulnerabilities again.
Such is the case with a new CNN report that reveals the breathtaking development that Georgia will not be updating its Dominion software before the 2024 election.
Newly unsealed court documents reveal that Georgia election officials have been aware of vulnerabilities in the state’s voting software for over two years but have decided not to update the system until after the 2024 election. The vulnerabilities pertain to certain Dominion Voting machines, and their existence has been confirmed by federal cybersecurity officials who have advised election officials nationwide to update their systems.
Lawyers representing Georgia’s Secretary of State, Brad Raffensperger, stated in a recent federal court hearing that they would forego installing Dominion’s security patches until after the next presidential election. Election officials in Georgia maintain that the vulnerabilities are unlikely to be exploited in real attacks and claim to have implemented several security recommendations without the need for software updates.
According to Mike Hassinger, a spokesperson for the Georgia Secretary of State’s office, upgrading the system would be a massive undertaking, and officials are currently assessing the project’s scope and timeframe.
“Upgrading the system will be a massive undertaking, and our election officials are evaluating the scope of, and time required for the project,” Mike Hassinger, a spokesperson for the Georgia secretary of state’s office, told CNN.
However, concerns have been raised about Georgia’s heavy reliance on Dominion software compared to other states, potentially eroding confidence in the state’s ability to conduct secure elections.
While state and federal officials downplay the possibility of these vulnerabilities being exploited, the recently released report highlights Georgia’s unique dependence on this specific Dominion software, thereby raising concerns about the state’s election security.
Gabriel Sterling, a senior election official in the Georgia Secretary of State’s office, released a statement earlier this month, dismissing the likelihood of any bad actors successfully exploiting the voting systems. He emphasized the presence of safeguards in place to prevent the hypothetical attack scenarios described in the report.
J. Alex Halderman, the author of the report and a computer scientist from the University of Michigan, acknowledged that Dominion Voting Systems updated its software in response to the attack scenarios he outlined. However, Georgia has chosen not to implement the recommended security patch and intends to do so only after the 2024 election.
Halderman warned that delaying the security patches until 2025 would be worse than taking no action, as it would provide potential adversaries ample time to prepare and deploy attacks, knowing the state will use a software version with known vulnerabilities for the presidential election.
The Georgia Secretary of State’s office maintains that Halderman’s attack scenarios are unrealistic, citing the extensive access he was granted to the voting equipment and the security controls in place at voting locations on Election Day.
The report, which was released this week after being sealed for two years, was commissioned by a coalition of election integrity advocates involved in a long-standing lawsuit against the Georgia Secretary of State’s office regarding concerns related to Dominion’s electronic voting systems.
Another report commissioned by Dominion and conducted by Mitre Corp., a nonprofit research lab, concluded that five of Halderman’s attack scenarios were “non-scalable” and would only affect an insignificant number of votes on a single device at a time. The sixth scenario was reportedly mitigated by access controls at voting locations.
Dominion referred CNN to the Mitre report, which claims that Halderman’s attacks are “operationally infeasible.”