Four days after the website launched, the Georgia Secretary of State’s Office confirmed to me that there were unsuccessful attempts to cancel the voter registrations of prominent GOP officials, including Secretary of State Brad Raffensperger and Rep. Marjorie Taylor Greene. After publishing that story, I was sent a video in which a cybersecurity researcher demonstrated how to easily circumvent the web portal’s security feature that required secure identifying information to submit a cancellation request. When I shared the vulnerability with experts, who verified it, one said it was “as bad as any voter cancellation bug could be” and “it’s shocking to have one of these bugs occur on a serious website.”
The vulnerability was bad enough that a reporter from Atlanta News First, who’d also obtained the video, and I knew that we couldn’t just publish information that could put any Georgian’s ability to vote at risk. On Monday morning, we told the Secretary of State’s Office what we’d found and waited to publish until the flaw had been fixed. The state’s elections director issued a statement saying “incomplete paper and online applications will not be accepted,” as the bug had submitted the cancellation request without some information, but largely declined to answer detailed questions about how the vulnerability had gone undetected and how they would ensure the web portal was secure.
Seeing the state address the issue with the help of our reporting was gratifying, but there’s a larger unanswered question: Just how secure is the election infrastructure of the nation’s battleground states? I’m going to keep trying to find out.
