Read on Twitter
1/ This piece on Georgia elections is unfortunately misleading. So close to an election, this fear-mongering is very counter-productive.
https://www.ajc.com/politics/election/in-high-stakes-election-georgias-voting-system-vulnerable-to-cyberattack/TBFT5U5BH5AZZPFPZTP3LFQ7RY/
[Disclaimer: @voting_works is helping Georgia with post-election auditing.]
https://www.ajc.com/politics/election/in-high-stakes-election-georgias-voting-system-vulnerable-to-cyberattack/TBFT5U5BH5AZZPFPZTP3LFQ7RY/
[Disclaimer: @voting_works is helping Georgia with post-election auditing.]
2/ First, the software update was done after a problem reported during testing of an unusual contest (22 candidates!). The update was reviewed by a testing lab and certified by EAC.
Late software changes are not great, but what other choice did Georgia have? Plus: paper ballots!
Late software changes are not great, but what other choice did Georgia have? Plus: paper ballots!
3/ Second, the barcode issue. This is tired scare-mongering. The claim is that, because the barcode is what's counted, there's no way for you, the voter, to actually verify your vote before you cast it. Scary, right?
4/ Except that's very misleading and it is *not* the consensus of election security experts that this is a problem, as the piece incorrectly implies. The same problem exists with bubble ballots, even ones you fill out by hand. What the voter sees is not what the tabulator sees.
5/ I spoke about this issue at USENIX Security just a few weeks ago:
6/ We also wrote up a @voting_works explainer: https://voting.works/perspectives/barcodes/
7/ Bottom line: bubble *and* barcode ballots can be misprinted. The solution is not to spread fear about barcodes, it's to run a risk-limiting audit. Which Georgia *is doing* this year!
Voting in GA? Check your ballot. Ignore the barcode. Your vote will be counted correctly.
Voting in GA? Check your ballot. Ignore the barcode. Your vote will be counted correctly.
8/ Finally, there's some claim about removing passwords from e-pollbooks. I don't know what this claim is. No source or quote. Maybe there's an issue there? In fact, if this were better sourced, it's an issue that could be fixed before election day!
9/ This late in the election, when all the equipment and voting processes are locked in, this kind of fear-mongering can depress voter turnout. This hurts democracy.
Go vote. Check your ballot. Ignore the noise.
Go vote. Check your ballot. Ignore the noise.
10/ A correction to one of my points: I was sloppy in saying that the password issue wasn't sourced. Thank you to @eddieperezTX for pointing it out.
My sense is that issue is still dramatically exaggerated in the article, but I was wrong to say it isn't sourced.
My sense is that issue is still dramatically exaggerated in the article, but I was wrong to say it isn't sourced.
11/ *If* the pollbooks connect to the registration service with zero authentication, meaning if the pollbooks don't even have a built-in authentication token at configuration time, then that is an issue I would urge GA to address and I would agree with that point in the article.
12/ On the other hand, if it's just a password to unlock the pollbook screen, and there remains an underlying pollbook-to-service authentication, I'm really not that worried about it, and, in that case, the claims in the article are quite exaggerated.
