Georgia's Voting System: A Recipe for Disaster

For over a decade, Georgia's voting machines were plagued by egregious security issues, making it an ideal target for hackers to manipulate election results. The state finally replaced these antiquated systems in 2019 with more modern equipment, but recent research has revealed that the new Dominion ICX touchscreen ballot-marking device and election-management software are equally insecure. In this article, we'll delve into the shocking details of Georgia's voting system vulnerabilities and explore the potential consequences for democracy.

The Georgia legislature's decision to adopt the Dominion ICX system in 2019 was hailed as a major improvement over the outdated machines that preceded it. However, an expert witness presented a damning report on the security of this new system at Federal Court in 2021, warning that the touchscreen device was susceptible to various attacks. Despite this, Georgia's Secretary of State chose to ignore these concerns and failed to apply security patches.

A more recent analysis by Phillip Davis, Marilyn Marks, and Professor Drew Springall has shed light on the remarkable insecurity of Dominion's entire system, including the election-management software, ballot databases, pollworker cards, scanners, and touchscreens. The researchers presented their findings at DEFCON Voting Village 2025, a cybersecurity convention focused on election security.

One of the most alarming issues with Dominion's system is its reliance on symmetric-key cryptography, which has been obsolete since the 1970s. The same key is used for encryption and decryption across all voting machines in a county, making it easy to extract the key from pollworker cards. This type of cryptography was widely considered insecure long ago, and it's surprising that Dominion still uses it today.

The researchers also discovered that authentication of election definitions is done using an outdated single-key method, which has been widely recognized as insecure for decades. Copies of this key appear on every election database, including files posted online from five Georgia counties. This means that anyone with access to these keys can manipulate the voting system.

So, what are the potential consequences of these vulnerabilities? The researchers identified several simple hacks that could be accomplished without advanced technical sophistication. These attacks include modifying the election-definition file given to the Dominion ICX touchscreen, which allows hackers to choose any of four tricks:

1. Altering vote counts for a specific candidate 2. Forcing voters to select only one option when they intended to mark more than one 3. Removing or adding candidates from the ballot 4. Modifying the voting system's settings

These hacks are scalable, meaning that they can be performed individually with physical presence or remotely by accessing the county election management system.

To mitigate these risks, experts recommend using hand-marked paper ballots, which can be counted manually to prevent hacking. Many Georgia counties already own optical scanners that can count hand-marked ballots, and Dominion has a new owner who is working to improve their security measures.

In conclusion, Georgia's voting system is still woefully insecure, with vulnerabilities that could compromise the integrity of elections nationwide. The recent research by Davis et al. highlights the need for immediate action to address these issues. It's time for real fixes, including hand-marked paper ballots, and a commitment to securing our democracy.

Key Takeaways:

* Georgia's voting system has been plagued by egregious security issues since 2004 * The state replaced its antiquated systems with more modern equipment in 2019 * Recent research has revealed that the new Dominion ICX touchscreen ballot-marking device and election-management software are equally insecure * Symmetric-key cryptography, which has been obsolete for decades, is used to encrypt votes across all voting machines in a county * Authentication of election definitions uses an outdated single-key method * Simple hacks can be accomplished without advanced technical sophistication