[ad_1]
ATLANTA — A federal cybersecurity agency is examining a report alleging vulnerabilities in voting machines used by Georgia and other states, and says the document should not be made public until the agency has time to assess and mitigate potential risks.
The report has been under seal since July in federal court in Atlanta, part of a long-running lawsuit against Georgia’s voting machines. Its author, J. Alex Halderman, said in affidavits submitted to the court that he examined Dominion Voting Systems’ machines for 12 weeks and identified “a large number of serious vulnerabilities” that would allow bad actors to install malware.
Plaintiffs in the lawsuit, election security advocates and individual voters, have for months called for a revised version of the report to be published and shared with state and federal election security officials. State attorneys have repeatedly contested these demands, but Secretary of State Brad Raffensperger published a newsletter last month calling for his release.
US District Judge Amy Totenberg agreed on February 2 that the report could be shared with the US Cybersecurity and Infrastructure Agency, or CISA. The agency said in a court filing Thursday that it will work with Halderman and Dominion to work with jurisdictions that use the machines to analyze potential vulnerabilities, develop any necessary mitigation measures, and test and enforce any protections.
CISA said it would complete the “coordinated vulnerability disclosure” process as soon as possible, but urged the judge not to release the report before it was complete and said, “Dr. all vulnerabilities are ultimately identified, helping malicious actors and thereby undermining electoral security.”
The report was originally designated as “lawyers’ eyes only,” meaning that even the real parties to the case could not see – only lawyers and experts. Halderman, a voting technologist and director of the University of Michigan’s Center for Computer Security and Community, urged the court to make its findings public in a limited and responsible manner so that the issues can be addressed.
Halderman told The Associated Press in August that he saw no evidence that the machines’ vulnerabilities were being used to falsify the 2020 election, but “there are serious risks that policymakers and the public should be aware of.”
Totenberg declined to make the report public, saying he was concerned that the report could be exploited by attackers.
Raffensperger’s newsletter was released on January 27, when the case’s lawyers were on a conference call with Totenberg. Noting that all parties in the case agreed that the report should be made public, the plaintiffs’ lawyer asked the judge to release a version edited by Halderman to exclude details showing how the hacks could have been carried out.
In a February 2 phone call, Totenberg acknowledged that the report could be submitted to CISA, but did not immediately decide whether it would otherwise be made public. He instructed the parties to meet with the federal agency for information on its review and said he wanted to know if CISA could provide any guidance on what should and should not be disclosed.
The plaintiffs’ lawyers suggested that Totenberg make a redacted version of the report public 30 days after receiving the unedited version of the CISA. The state’s attorney did not object to CISA’s receipt of the report, but said that keeping the report closed undermines confidence in the electoral system and that its public release should not be delayed.
At the Atlanta Press Club event on Thursday, Raffensperger said Halderman had unlimited access to touchscreen voting machines and was given security codes, so he didn’t work “in the real world.” In a statement to the court, Halderman wrote that attackers could install malware “either by temporary physical access (such as access by voters at a polling place) or remotely from election management systems.”
The lawsuit alleges that Georgia’s voting machines are not secure and must be replaced with hand-marked paper ballots. As an expert witness for plaintiffs, Halderman is a staunch supporter of hand-marked paper ballots.
Others also requested access to the report. Totenberg had denied access last month to the secretary of state, who used the Dominion system for early voting in Louisiana. Fox News and One America News, which are both facing defamation lawsuits by Dominion, have yet to decide on their access requests.
CISA said in the court filing that it “understands and shares the urgency of the parties to complete this work and will prioritize its completion as quickly as possible.” He proposed to report to the court within 30 days his thoughts on the progress, the timeline, and the “scope and information to be included in a future public disclosure.”
[ad_2]
Source link