Despite widespread cybersecurity concerns surrounding Georgia's Dominion voting machines, officials in charge of the state's elections have announced that the machines will not be updated until after the 2024 presidential election. According to them, the complexity of the process is the primary reason for the delay.
A recent report, almost two years old, highlighted the significant vulnerabilities of these voting machines. This prompted the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) to issue a public advisory last year.
After three months of testing Dominion's ImageCast X Ballot Marking Devices, University of Michigan Professor of Computer Science and Engineering J. Alex Halderman and Auburn University Professor Drew Springall released a report in July 2021 highlighting vulnerabilities.
The U.S. District Court for the Northern District of Georgia, Atlanta Division released a redacted report June 14.
Curling v. Raffensperger plaintiffs' report found Dominion machines vulnerable to vote flipping.
Halderman said bad actors could change QR codes on printed ballots and install malware on individual machines "with only brief physical access" in minutes.
The report also found that bad actors with the same access as county-level election officials could attack the voting system.
Halderman said such vulnerabilities have not been exploited in past elections.
“My technical findings leave Georgia voters with greatly diminished grounds to be confident that the votes they cast on [the current Dominion ballot-marking devices] are secured, that their votes will be counted correctly, or that any future elections using Georgia’s will be reasonably secure from attack and produce correct results,” he wrote.
In response to Halderman's report last June, CISA advised election officials to mitigate Dominion machine vulnerabilities but said it "has no evidence that these vulnerabilities have been exploited in any elections."
Dominion hired the nonprofit MITRE Corp.'s National Election Security Lab to address the Halderman report. The Halderman report and the July 2022 report were released together.
The MITRE report called the Halderman report "operationally infeasible" due to strict security measures, normal voting practices, and scale.
"The MITRE report confirms that Georgia’s election infrastructure is secured by the toughest safeguards," said Georgia Secretary of State Brad Raffensperger.
"For years, election deniers have created a cottage industry of ever-shifting claims about conspiracies to change votes, steal elections and undermine voter confidence," he added. Voting machines do not flip votes. Voters' choices count. Georgia elections are safe.”
Dominion directed Just the News to its website for an MITRE report response on Wednesday.
The report found "none of the alleged vulnerabilities listed in [the] Plaintiff’s Expert Report would allow a bad actor to change the outcome of an election, particularly given scale considerations."
“As noted in the report’s conclusions, ‘The researcher’s proposed attacks were assessed by MITRE NESL to be operationally infeasible.’”
The secretary of state's chief operating officer, Gabriel Sterling, said Georgia will update its voting machines in 2025 because "legally, logistically and just risk-management wise, this was the safest wisest course."
To his knowledge, no election has used the new software.
"Like any new software, real-world deployment always finds things that may not work the way people intended it," Sterling said.
In a Twitter thread, Halderman wrote, “MITRE's analysis is wrong because it fails to account for how elections are operated in the real world. MITRE "assumes strict and effective controlled access to Dominion election hardware and software."
After the MITRE report, more than 20 cybersecurity and elections experts wrote a letter requesting its retraction.
“MITRE’s logic is that if procedural defences are perfectly implemented, then the system is immune from attack,” experts wrote. Since real-world risk depends on how well defences are implemented and operate, this is an inappropriate method for assessing risk.
“MITRE’s analysis isn’t just wrong—it’s dangerous, since it will surely lead states like Georgia to postpone installing Dominion’s software updates and other important mitigations."
The Coalition for Good Governance and individual voters sued Georgia over its paperless voting machines in 2017.
After Georgia bought the current system in 2019, the case shifted to those voting machines, claiming vulnerabilities.
The lawsuit's U.S. district judge initially resisted releasing Halderman's report out of concerns that bad actors would exploit it.
The judge's order making the report public stated that CISA and the lawsuit parties agreed that the proposed redactions adequately protected election security.
In April, Dominion settled with Fox News for $787 million over the news station's voting machine claims.
On Wednesday, Phill Kline, director of The Amistad Project, told Just the News that experts' disagreement on voting machine integrity is a problem.
He added that election officials must rely on machine manufacturers to ensure proper operation.
“Machines aren’t transparent,” Kline said. He added that the transparency issue is a "key reason Americans are losing faith in elections" and that they cannot get their questions about elections answered "in a manner that’s understandable."
After three months of testing Dominion's ImageCast X Ballot Marking Devices, University of Michigan Professor of Computer Science and Engineering J. Alex Halderman and Auburn University Professor Drew Springall released a report in July 2021 highlighting vulnerabilities.
The U.S. District Court for the Northern District of Georgia, Atlanta Division released a redacted report June 14.
Curling v. Raffensperger plaintiffs' report found Dominion machines vulnerable to vote flipping.
Halderman said bad actors could change QR codes on printed ballots and install malware on individual machines "with only brief physical access" in minutes.
The report also found that bad actors with the same access as county-level election officials could attack the voting system.
Halderman said such vulnerabilities have not been exploited in past elections.
“My technical findings leave Georgia voters with greatly diminished grounds to be confident that the votes they cast on [the current Dominion ballot-marking devices] are secured, that their votes will be counted correctly, or that any future elections using Georgia’s will be reasonably secure from attack and produce correct results,” he wrote.
In response to Halderman's report last June, CISA advised election officials to mitigate Dominion machine vulnerabilities but said it "has no evidence that these vulnerabilities have been exploited in any elections."
Dominion hired the nonprofit MITRE Corp.'s National Election Security Lab to address the Halderman report. The Halderman report and the July 2022 report were released together.
The MITRE report called the Halderman report "operationally infeasible" due to strict security measures, normal voting practices, and scale.
"The MITRE report confirms that Georgia’s election infrastructure is secured by the toughest safeguards," said Georgia Secretary of State Brad Raffensperger.
"For years, election deniers have created a cottage industry of ever-shifting claims about conspiracies to change votes, steal elections and undermine voter confidence," he added. Voting machines do not flip votes. Voters' choices count. Georgia elections are safe.”
Dominion directed Just the News to its website for an MITRE report response on Wednesday.
The report found "none of the alleged vulnerabilities listed in [the] Plaintiff’s Expert Report would allow a bad actor to change the outcome of an election, particularly given scale considerations."
“As noted in the report’s conclusions, ‘The researcher’s proposed attacks were assessed by MITRE NESL to be operationally infeasible.’”
The secretary of state's chief operating officer, Gabriel Sterling, said Georgia will update its voting machines in 2025 because "legally, logistically and just risk-management wise, this was the safest wisest course."
To his knowledge, no election has used the new software.
"Like any new software, real-world deployment always finds things that may not work the way people intended it," Sterling said.
In a Twitter thread, Halderman wrote, “MITRE's analysis is wrong because it fails to account for how elections are operated in the real world. MITRE "assumes strict and effective controlled access to Dominion election hardware and software."
After the MITRE report, more than 20 cybersecurity and elections experts wrote a letter requesting its retraction.
“MITRE’s logic is that if procedural defences are perfectly implemented, then the system is immune from attack,” experts wrote. Since real-world risk depends on how well defences are implemented and operate, this is an inappropriate method for assessing risk.
“MITRE’s analysis isn’t just wrong—it’s dangerous, since it will surely lead states like Georgia to postpone installing Dominion’s software updates and other important mitigations."
The Coalition for Good Governance and individual voters sued Georgia over its paperless voting machines in 2017.
After Georgia bought the current system in 2019, the case shifted to those voting machines, claiming vulnerabilities.
The lawsuit's U.S. district judge initially resisted releasing Halderman's report out of concerns that bad actors would exploit it.
The judge's order making the report public stated that CISA and the lawsuit parties agreed that the proposed redactions adequately protected election security.
In April, Dominion settled with Fox News for $787 million over the news station's voting machine claims.
On Wednesday, Phill Kline, director of The Amistad Project, told Just the News that experts' disagreement on voting machine integrity is a problem.
He added that election officials must rely on machine manufacturers to ensure proper operation.
“Machines aren’t transparent,” Kline said. He added that the transparency issue is a "key reason Americans are losing faith in elections" and that they cannot get their questions about elections answered "in a manner that’s understandable."
