On Thursday, August 15th, Federal District Court Judge Amy Totenberg ordered the state of Georgia to upgrade its election systems before the state holds its presidential primary election in March of 2020. The 151-page ruling describes Georgia’s election system as “antiquated, seriously flawed, and vulnerable to failure, breach, contamination, and attack.” Although she has previously ordered Georgia to upgrade its election systems, Thursday’s order marks the first time Judge Totenberg has set a specific deadline that Georgia officials must meet.

Georgia is one of a handful of states that relies exclusively on electronic voting systems that do not provide a paper record. Election security experts have roundly criticized such systems, noting that they are vulnerable to hackers and susceptible to logistical problems. Indeed, election security experts have identified a number of significant security breaches that occurred during the 2018 election.

Due to these concerns and previous orders from Judge Totenberg, Georgia had announced plans to upgrade its voting systems prior to Thursday’s ruling. In July, Georgia’s Secretary of State Brad Raffensperger publicly announced that the state would purchase new electronic voting machines from Dominion Voting Systems. The machines will print out a paper ballot and a QR code that  both voters and election officials can use to verify vote tallies. The Associated Press notes that while Judge Totenberg has praised the new machines as “an essential step forward out of the quagmire, even if just to terminate use of antiquated voting  system,” plaintiffs remain skeptical of the new machines, specifically questioning the extent to which voters will be allowed to verify their selections rather than relying on a printed QR code. Because of these concerns, plaintiffs have publicly announced their intention to bring separate litigation over the newly proposed machines.

Judge Totenberg’s ruling was prompted by a motion from plaintiff voters and election security advocates asking the court to force Georgia officials to use paper ballots during upcoming 2019 municipal elections. Citing logistical concerns, Judge Totenberg held that the state would not have enough time to implement a paper ballot system in time. However, she notes that use of the current system “past this 2019 cycle of elections is indefensible given the operational and constitutional issues at stake.”

The ultimate effect of Thursday’s ruling is to prevent Georgia from reverting to current election systems if newly proposed voting machines are not rolled out in time for 2020 elections. As a result, Georgia will have to resort to a paper balloting system in 2020 if new systems are not in place. In preparation for this contingency,  Judge Totenberg’s order requires the Secretary of State to “address errors and discrepancies in the voter registration database” and test the use of a paper balloting system in a handful of jurisdictions during the state’s upcoming municipal elections.

In the Mueller Report, Special Counsel Robert Mueller III concluded that the “Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.” [Mueller Report link] While exposing the details of these Russian efforts, the Mueller Report identified one state in particular—Florida—as a key target of the Russian hackers (at p. 51). In Volume I of the Mueller Report, the Special Counsel’s Office indicated that the FBI believed the Russian government had gained access to voting data possessed by “at least one Florida county government.” In recent days, however, Florida Governor Ron DeSantis and other top officials learned in a series of confidential briefings that the FBI and Department of Homeland Security believe two Florida counties were hacked prior to the 2016 election.

According to the Mueller Report, a Russian intelligence service, known as GRU, sent spearphishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election. The spearphishing emails contained an attached document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU to access the infected computer. In spite of the breaches, the FBI have not found any evidence that there was any manipulation of voter data, vote counts, or election results in 2016.

Following the confidential briefings, a bipartisan choir of both officials and constituents demanded the identity of the counties that fell victim to Russian interference. In response, Gov. DeSantis acknowledged that he was required to accept the terms a non-disclosure agreement prior to being briefed by the FBI. The terms of the NDA reportedly prohibit DeSantis from confirming or repeating the confidential information to unauthorized individuals. Since publicizing this agreement, DeSantis has received significant criticism from an array of officials who believe the Governor should have pushed back at the request to agree to the NDA. However, the terms of a 2003 executive order require the FBI to obtain an NDA before people without security clearances, such as DeSantis and his staff, are briefed on sensitive or classified information.

Many advocates of government transparency have questioned DeSantis’s legal standing to sign an NDA on the matter due to the broad nature of Florida’s public record laws. Barbara Petersen, president of the First Amendment Foundation, said that a long line of past court rulings makes it clear that Florida officials cannot agree to keep a document confidential if it is shared with them, even if the official does not retain possession of the documents. However, Petersen concedes that an NDA would may be appropriate to protect confidential information given to DeSantis verbally.

With the next election approaching quickly, many Floridians are less worried about what happened in 2016 and more worried about how to prevent this meddling in the 2020 elections. Last year, the Florida Department of State distributed more than $14.5 million in cybersecurity grants for federal elections to the state’s Supervisors of Elections. In addition, the Supervisors of Elections were given $1.9 million dollars in state funding to purchase and install Albert network monitoring sensors. These sensors are used by election organizations to detect cyber threats and quickly alert officials when data may be at risk. Albert sensors were developed as a supplemental form of the DHS’s Einstein project, which focuses on detecting and blocking cyberattacks within federal agencies.

[Sources: Politico, Palm Beach Post, My Sun Coast, GovTech.com, Orlando Sentinel, Learn.cisecurity.org]