In 2024, under Raffensperger’s purview, the Georgia Secretary of State’s Office launched an online portal where Georgia voters could submit a request to cancel their voter registration. However, the website had multiple security vulnerabilities due to what experts called “incredibly sloppy coding.” The portal exposed personal information of registered voters and allowed users to submit voter cancellation requests for any voter. When asked about these concerns, Raffensperger refused to provide information about his office’s testing and security procedures.
In 2023, Raffensperger dismissed concerns about the security of Georgia’s voting machines after an audit conducted by security experts found nine vulnerabilities in the software. Raffensperger claimed the findings of the audit were “overblown and no fixes are needed,” despite security experts warning that “even moderately skilled hackers” could interfere with Georgia’s elections.
August 2024: Raffensperger’s Office Launched A New Online Voter Cancellation Portal That Contained “A Serious Security Vulnerability,” Which Allowed Users To Submit A Cancellation Request For Any Georgia Voter. According to ProPublica, “Until Monday, a new online portal run by the Georgia Secretary of State’s Office contained what experts describe as a serious security vulnerability that would have allowed anyone to submit a voter cancellation request for any Georgian. All that was required was a name, date of birth and county of residence — information easily discoverable for many people online. […] This one would allow any user of the portal to bypass the screen that requires a driver’s license number and submit the cancellation request without it.” [ProPublica, 8/5/24]
Cybersecurity Threat Researcher Zach Edwards Called The Issue “As Bad As Any Voter Cancellation Bug Could Be,” And “Incredibly Sloppy Coding,” And Said “Even A Basic Penetration Test […] ‘Should Have Picked This Up.’” According to ProPublica, “The issue Parker exposed was ‘as bad as any voter cancellation bug could be’ and ‘incredibly sloppy coding,’ said Zach Edwards, a senior threat researcher at the cybersecurity firm Silent Push, who reviewed the flaw at the request of ProPublica. ‘It’s shocking to have one of these bugs occur on a serious website.’ Edwards said that even a basic penetration test, in which outside experts vet the security of a website before its launch, ‘should have picked this up.’” [ProPublica, 8/5/24]
The Secretary Of State’s Office Did Not Respond To Questions About The Voter Cancellation Portal’s Testing And Security Procedures. According to ProPublica, “The Secretary of State’s Office did not respond to individual questions about what testing the portal underwent before launch, the system’s security procedures, what happened to Parker’s cancellation request and how the public could be sure of the portal’s security given the recent disclosures of security flaws.” [ProPublica, 8/5/24]
July 2024: The Initial Rollout Of The Georgia Secretary Of State’s Voter Cancellation Portal Had A Glitch That Allowed Users To Access The Date Of Birth, Driver’s License Number, And Last Four Digits Of A Social Security Number Of Any Registered Voter In Georgia. According to the Associated Press, “Georgia election officials are encouraging people to use a state website to cancel voter registrations when someone moves out of state or dies, a nod to Republican concerns that there are invalid registrations on the rolls. But Monday’s rollout of the site by Republican Secretary of State Brad Raffensperger was marred by a glitch that allowed people to access a voter’s date of birth, driver’s license number and last four numbers of a Social Security number. That’s the same information needed to verify a person’s identity and allow a registration to be canceled.” [Associated Press, 7/30/24]
June 2023: Raffensperger Dismissed Concerns From Security Experts Who Conducted A 2021 Audit Of Georgia’s Election Systems About Vulnerabilities In Georgia Voting Machines, Saying The Research Findings Were “Overblown And No Fixes Are Needed.” According to Politico, “In a letter sent to state lawmakers last week, Raffensperger argues that a newly unsealed audit finding that there are dangerous vulnerabilities in Georgia’s widely used voting machine software is overblown and no fixes are needed. […] But Raffensperger’s dismissive reaction to the unsparing audit conducted by security expert Alex Halderman has turned him into an object of intense criticism from cybersecurity specialists, who say he is painting legitimate research with the brush of far-right conspiracy theories — and imperiling the 2024 elections in the process. ‘Raffensperger has lumped us with the election deniers,’ said David Jefferson, a computer scientist at Lawrence Livermore National Laboratory and an expert on election technology. ‘But we cannot, out of fear of that confusion, stop talking about these vulnerabilities. They are real, they are there, and they must be addressed.’” [Politico, 6/23/23]
2021: The Federal Government Approved An Audit Of Georgia’s Voting Machines, Which Found Nine Vulnerabilities In The Software And Determined “Even Moderately Skilled Hackers” Could Interfere With Election Results. According to Politico, “While the coalition has been arguing since it first filed its case in 2017 that Georgia’s voting machines aren’t secure enough, Halderman’s audit — approved by a federal court in Georgia in 2021 — confirmed a number of easy-to-hack security holes. In a matter of weeks, he concluded that even moderately skilled hackers could install malware on an ImageCastX or a connected printer to flip votes at individual polling stations or even across the state. Overall, Halderman’s audit uncovered nine vulnerabilities in Dominion’s software, the U.S. government’s Cybersecurity and Infrastructure Security Agency, or CISA, has confirmed. The agency first reviewed the report under seal and then warned publicly about the nine flaws in June of last year.” [Politico, 6/23/23]
Georgia’s Use Of QR Codes For Ballots Meant There Was “No Way For Voters To Verify Their Votes Haven’t Been Altered By The Ballot-Marking Devices.” According to Politico, “Raffensperger’s letter also does not address one of Halderman’s biggest concerns: That by altering both the barcode and the text that lists a voter’s choice, hackers could undermine confidence in efforts to verify election results. And even if voters catch any mistakes — and repeated studies have shown that many voters do not carefully review their ballots — such attempts would cause widespread confusion on election day. ‘The fundamental problem here is that Georgia decided (against expert advice) to use QR codes for ballots,’ said Rob Graham, an election security expert who has studied false claims of election interference in 2020. ‘That means there’s no way for voters to verify their votes haven’t been altered by the ballot-marking devices.’” [Politico, 6/23/23]
Security Experts Criticized Raffensperger For “Painting Legitimate Research With The Brush Of Far-Right Conspiracy Theories.” According to Politico, “But Raffensperger’s dismissive reaction to the unsparing audit conducted by security expert Alex Halderman has turned him into an object of intense criticism from cybersecurity specialists, who say he is painting legitimate research with the brush of far-right conspiracy theories — and imperiling the 2024 elections in the process. ‘Raffensperger has lumped us with the election deniers,’ said David Jefferson, a computer scientist at Lawrence Livermore National Laboratory and an expert on election technology. ‘But we cannot, out of fear of that confusion, stop talking about these vulnerabilities. They are real, they are there, and they must be addressed.’” [Politico, 6/23/23]
Raffensperger’s Spokesperson Told Concerned Security Experts “Tough Noogies” If They “Don’t Like Being Put In The Same Category As The Pillow Salesman.” According to Politico, “‘The paranoiacs and conspiracists of the world have their beliefs reinforced when they read reports of theoretical ‘vulnerabilities’ that fail to mention the real-world security measures already in place,’ said Mike Hassinger, spokesperson for the secretary of state’s office. ‘If the PhDs don’t like being put in the same category as the Pillow salesman, tough noogies. They should stop saying similar things.’” [Politico, 6/23/23]