(Editor’s note: This is the second edition of a series examining the ongoing case related to elections security and voting systems. The Secretary of State’s office has been asked to respond)
Over the last two years, the State of Georgia has willfully destroyed important electronic election records needed as evidence in the electronic voting lawsuit in federal court. Allegations of destruction of evidence have been presented to the Court and are being considered by Judge Amy Totenberg.
The Coalition for Good Governance initiated litigation over electronic voting in Georgia in 2017. Within four days of the filing of the suit, government officials working for then Secretary of State Kemp’s Center for Election Services (“CES”) at KSU wiped the central election server, destroying all the data and evidence on it. That server was “ground zero” for evidence establishing hacking, unauthorized access, and potential manipulation of election results. A month later, Judge Totenberg was assigned the federal court case and within hours, the State destroyed all the data on a second election server.
The employees responsible for wiping the servers proudly emailed their bosses that they had “degaussed” the server data three times after running software to wipe all traces of data. (Degaussing uses powerful magnet on the hard drive to destroy all data.) They now claim that they were merely conducting routine maintenance for “repurposing” the hard drives. Since then, in defiance of the law, Court orders, and numerous warnings, the State has continued to destroy evidence, deleting and overwriting data previously preserved on electronic voting machines, known as DREs, and on memory cards.
The now familiar events began to unfold in August 2016 when Logan Lamb, a cybersecurity professional, visited the CES web site to prepare for a potential meeting at CES. Shockingly he found, among other things, voting system passwords, voter registration data with voters’ personally identifiable information, and databases used to build ballots, program voting machines and tabulate election results. Lamb also discovered that the CES servers were vulnerable to unauthorized users executing, modifying, and deleting any data they chose to tamper with. When Lamb advised CES of those vulnerabilities. he was told that the issues would be remediated, but that he should keep quiet or be “crushed” by the “folks downtown.”
In late February 2017, Lamb told a colleague, Chris Grayson, about the CES vulnerabilities. Grayson then discovered that the vulnerabilities reported six months earlier remained unresolved, exposing the high-value election management files.
Destruction of the Election Servers
On March 1, 2017, Grayson notified KSU of the issue, and within days the servers were taken off line. Soon thereafter, the FBI took possession of the main server for analysis, after which, it was returned to KSU’s control.
The destruction of the servers likely destroyed any evidence regarding access to the servers and whether malevolent actors removed or modified files or code that controlled the machines. For at least six months prior to the destruction of the servers, critical election infrastructure impacting every county’s voting machines was easily accessible to any bad actor with an internet connection.
Once it had notice of potential litigation, the State had a duty to preserve all relevant evidence. Because it appeared that officials were not taking their preservation duties seriously, the Plaintiffs and the Court reminded the State repeatedly not to destroy evidence. Indeed, the Plaintiffs made at least ten such warnings beginning immediately after the lawsuit was filed. Michael Barnes, the Director of CES, acknowledged in his testimony that he received those warnings and was aware of plans for server destruction.
More Spoliation: Memory Cards and Voting Machines
Memory cards contain both voting machine programming and the record of votes cast on the voting machines. A corrupted memory card can change the content or tallies of electronic ballots. Accordingly, memory cards are critical pieces of evidence in connection with uncovering election tampering.
Plaintiffs have demanded that the State preserve or make copies of memory cards but instead, the State has reused memory cards from recent elections, overwriting and altering the data stored on those cards containing critical evidence.
Additionally, preservation of the DRE’s internal memory requires physical security of the machine and no further use after Election Day, unless a copy of the hard drive is made. Officials have blithely deployed DREs for re-use, causing destruction of evidence that occurs when memory is over-written. Assertions by Secretary Raffensperger’s office that such re-use does not affect stored data have been described by cyber-security experts as “utter nonsense.” To this day, officials continue to willfully destroy critical evidence.
Prejudice
The destroyed servers were records that go to critical issues: logging records reflecting unauthorized access of the servers; deleted or manipulated files; implanted or vote changing malware. This type of evidence is not merely relevant, it is fundamental, and likely forever gone. A more crass, callous and contumacious disregard of the law is difficult to imagine. Such conspicuously outrageous conduct can only raise the question: What are State officials hiding? We aim to find out.
Marilyn Marks is executive director of the Coalition for Good Governance and Cary Ichter is an Atlanta attorney assisting the group.
