Cybersecurity Expert Finds Another Flaw in Georgia’s Voter Portal

A Troubling Pattern of Vulnerabilities

In a concerning development, a cybersecurity researcher has uncovered yet another security flaw in Georgia’s newly launched voter registration cancellation portal. This marks the third major vulnerability discovered in the system within a span of just a few weeks, raising serious questions about the reliability and safety of this critical election infrastructure.

The latest issue, identified by researcher Jason Parker, would have allowed anyone to bypass the portal’s mandatory driver’s license or ID number requirement and submit a voter cancellation request with just a name, date of birth, and county of residence – information that is often easily accessible online. This means malicious actors could have potentially flooded the system with fraudulent cancellation requests, putting the integrity of Georgia’s voter rolls at risk.

“It’s a terrible vulnerability to leave open, and it’s essential to be fixed,” Parker said after discovering the flaw. Zach Edwards, a senior threat researcher at cybersecurity firm Silent Push, echoed the sentiment, calling the issue “as bad as any voter cancellation bug could be” and describing the underlying code as “incredibly sloppy.”

A Troubling History of Security Lapses

This is not the first time the Georgia Secretary of State’s voter portal has been plagued by significant security vulnerabilities. In the days following the portal’s launch, separate reports surfaced about flaws that exposed sensitive personal information, including the last four digits of voters’ Social Security numbers and their full driver’s license numbers.

These recurring issues have understandably shaken public confidence in the state’s ability to safeguard the electoral process. As Jake Braun, a cybersecurity expert and lecturer at the University of Chicago, pointed out, there is a long history of election-related websites suffering from easily exploitable security failures, including the hacking of election infrastructure by Russian actors during the 2016 U.S. presidential election.

“Online elections infrastructure needs more standards and better standards,” Braun said, emphasizing the critical importance of robust security measures to protect the integrity of the democratic process.

The Need for Comprehensive Security Audits

The series of vulnerabilities discovered in Georgia’s voter portal underscores the urgent need for comprehensive security audits of any technology systems involved in elections. Zach Edwards, the cybersecurity researcher, argued that the state should pass a law requiring all new government websites that interact with public data to undergo external security reviews before launch.

“Georgia should step up and pass a law saying all new websites in which the public interacts with government documents should have an outside review,” Edwards said. “The public should expect” officials “did some due diligence.”

Restoring Trust in the Electoral Process

The repeated security issues with Georgia’s voter portal have fueled concerns among voting rights advocates and Democrats, who fear the system could be abused by conspiracy theorists and bad actors to wrongly disenfranchise voters. In a state where the margins in statewide elections can be as narrow as 12,000 votes, even small-scale voter cancellations could have a significant impact.

Marisa Pyle, the senior democracy defense manager for Georgia with the voting rights organization All Voting is Local, emphasized the importance of the state being “really intentional about how it rolls out these things” and ensuring they are secure.

“The state needs to be really intentional about how it rolls out these things. It needs to make sure they’re secure and provide their rationale for making them,” Pyle said.

As the 2024 election cycle approaches, it is crucial that Georgia and other states with online voter registration and management systems prioritize comprehensive security measures to restore public confidence in the electoral process. Robust testing, transparency, and a commitment to protecting the rights of all eligible voters must be at the forefront of any efforts to modernize election infrastructure.

Strengthening Cybersecurity Safeguards

The vulnerabilities discovered in Georgia’s voter portal underscore the broader challenges facing election cybersecurity in the digital age. While advancements in technology have made voting more accessible, they have also introduced new avenues for potential interference and manipulation.

To address these threats, state and federal governments must take a proactive approach to strengthening cybersecurity safeguards. This should include:

1. Mandatory Security Audits: Passing legislation that requires all election-related websites and systems to undergo comprehensive security audits by independent, accredited cybersecurity firms before deployment.

2. Continuous Monitoring and Incident Response: Implementing robust monitoring and incident response protocols to quickly detect and mitigate any security breaches or attempts to compromise election infrastructure.

3. Increased Funding and Resources: Allocating sufficient funding and resources to state and local election authorities to ensure they have the necessary tools, personnel, and expertise to defend against evolving cyber threats.

4. Improved Voter Education: Launching public awareness campaigns to educate voters on the importance of cybersecurity in elections and how to identify and report any suspicious activities or potential vulnerabilities.

5. Collaboration and Information Sharing: Fostering stronger collaboration between federal, state, and local election officials, as well as the private sector and cybersecurity experts, to share best practices and intelligence on emerging threats.

By taking these critical steps, policymakers and election administrators can work to rebuild public trust in the integrity of the electoral process and safeguard the foundation of our democracy.

Conclusion: Securing the Future of Elections

The repeated security flaws discovered in Georgia’s voter portal serve as a stark reminder that the protection of election systems must be a top priority for policymakers and election officials. As technology continues to play an increasingly central role in the electoral process, the stakes for effective cybersecurity have never been higher.

By implementing robust security measures, conducting thorough audits, and fostering a culture of transparency and accountability, states can work to ensure that the digital infrastructure underpinning our elections remains secure and resilient in the face of evolving threats. Failure to do so risks undermining the very foundations of our democratic system.

As we approach the 2024 election cycle, it is incumbent upon all stakeholders – from government leaders to cybersecurity experts to engaged citizens – to come together and prioritize the protection of our electoral process. Only then can we truly safeguard the right of all eligible voters to participate in free and fair elections, the cornerstone of a healthy democracy.