* The information provided below is compiled from various independent organizations working on election defense. US BASE cannot verify the accuracy of all data. Additionally we cannot vet every state or local organization working on election defense.
Georgia Technology in Use
Verified Voting Foundation
* Note that "Paper Ballot" in the map below typically designates paper ballots counted by an electronic scanning device.
Georgia Election Security Grade: D
Center for American Progress Report
"In August 2017, the Center for American Progress released a report entitled “9 Solutions for Securing America’s Elections,” laying out nine vulnerabilities in election infrastructure and solutions to help improve election security in time for the 2018 and 2020 elections. This report builds on that analysis to provide an overview of election security and preparedness in each state, looking specifically at state requirements and practices related to:
1. Minimum cybersecurity standards for voter registration systems
2. Voter-verified paper ballots
3. Post-election audits that test election results
4. Ballot accounting and reconciliation
5. Return of voted paper absentee ballots
6. Voting machine certification requirements
7. Pre-election logic and accuracy testing
This report provides an overview of state compliance with baseline standards to protect their elections from hacking and machine malfunction. Some experts may contend that additional standards, beyond those mentioned here, should be required of states to improve election security. The chief purpose of this report is to provide information on how states are faring in meeting even the minimum standards necessary to help secure their elections.
It is important to note at the outset that this report is not meant to be comprehen- sive of all practices that touch on issues of election security. We recognize that local jurisdictions sometimes have different or supplemental requirements and proce- dures from those required by the state. However, this report only considers state requirements reflected in statutes and regulations and does not include the more granular—and voluminous—information on more localized practices. Furthermore, this report does not address specific information technology (IT) requirements for voting machine hardware, software, or the design of pre-election testing ballots and system programming. And while we consider some minimum cybersecurity best practices, we do not analyze specific cyberinfrastructure or system programming requirements. These technical standards and protocols deserve analysis by computer scientists and IT professionals who have the necessary expertise to adequately assess the sufficiency of state requirements in those specialized areas."
Although Georgia adheres to a number of minimum cybersecurity best practices for voter registration systems, its practice of voting using machines that do not provide a paper record and its failure to mandate post-election audits do not provide confirmation that ballots are cast as the voter intends and counted as cast. The state did earn points for prohibiting absentee voters from returning voted bal- lots electronically, a practice that election security experts say is notoriously inse- cure. In Georgia, all voted ballots are returned by mail or delivered in person. The state also exercises good practices by requiring that all voting machines be tested to EAC Voluntary Voting System Guidelines before being purchased or used in the state and for its ballot accounting and reconciliation procedures. Additionally, Georgia requires election officials to conduct pre-election logic and accuracy test- ing on all machines that will be used in an upcoming election.
To improve its overall election security, Georgia should switch over to a paper- based voting system and require mandatory post-election audits that test the accuracy of election results after every election. Encouragingly, a new piece of bipartisan legislation would require paper ballots and establish risk-limiting audits. The state should also work alongside DHS for the purposes of identifying and assessing vulnerabilities in its voter registration system. While recognizing the importance of state autonomy when it comes to elections, federal agencies with expertise in cybersecurity and access to classified information on contemporane- ous cyberthreats have the personnel and resources necessary to thoroughly probe and analyze complex election databases, machines, and cybervulnerabilities. By combining their expertise on cyberthreats and their insight into the unique qualities of localized election infrastructure, state and federal officials can better assess and deter attempts at electoral disruption. These provisions, if implemented cor- rectly, would significantly affect the security of Georgia’s elections.
Minimum cybersecurity standards for voter registration system: Fair
- The state implemented a new voter registration system in 2013.
- The state’s voter registration system provides access control to ensure that only authorized personnel have access to the database.
The state’s voter registration system has logging capabilities to track modifications to the database.
The state’s voter registration system is protected by an intrusion detection system that monitors incoming and outgoing traffic for irregularities.
The state performs regular vulnerability assessments on its voter registration system.
The state has not enlisted DHS to help assess and identify potential threats to its voter registration system.
The state provides cybersecurity training to election officials.
Electronic poll books are used statewide in Georgia.
The state conducts pre-election testing on electronic poll books prior to an election.
Paper voter registration lists are available at polling places that use electronic poll books on Election Day.
Voter-verified paper audit trail: Unsatisfactory
- Elections are carried out using paperless DRE machines.
Post-election audits: Unsatisfactory
- State law does not require post-election audits.
Ballot accounting and reconciliation: Fair
All ballots are accounted for at the precinct level.
Precincts are required to compare and reconcile the number of ballots with the number of voters who signed in at the polling place.
Counties are required to compare and reconcile precinct totals with countywide results to ensure that they add up to the correct number.
There is no statutorily mandated review process to ensure that all voting machine memory cards have been properly loaded onto the tally server at the county level.
However, the election management software that tabulates results provides a warning if all memory cards that were created for the election are not properly uploaded.
The state requires that all election results and reconciliation procedures be made public.
Paper absentee ballots: Fair
- The state does not permit voters—including UOCAVA voters—to submit completed ballots electronically. All ballots must be returned by mail or deliv- ered in person.
Voting machine certification requirements: Fair
Before they may be purchased and used in the state, all voting machines must be certified by the Election Assistance Commission.
Some jurisdictions in the state likely still use voting machines that were pur- chased more than a decade ago.
Pre-election logic and accuracy testing: Fair
Election officials conduct mandatory logic and accuracy testing on all voting machines prior to an election.
Testing is open to the public.
Testing occurs at least three days before an election.