A long-running federal lawsuit challenging the security of Georgia’s voting system is now entangled in a dispute over the handling of an investigation into allegations that 2020 election skeptics illegally breached a county’s voting system.

This story also appeared in Georgia Recorder

Attorneys representing the Coalition for a Good Governance and other election security advocates will attempt to wrap up depositions in the coming weeks and obtain other evidence regarding accusations that Coffee County elections officials granted activists access to the Dominion Voting System that is a frequent target of conspiracy theories tied to Republican President Donald Trump’s loss in the 2020 election to Democrat Joe Biden.

Among the dozen Coffee County-related subpoenas filed in U.S. District Court Northern District of Georgia is one last month for Cyber Ninjas CEO Doug Logan, whose firm was behind the shoddy audit of Arizona’s Maricopa County in its administration of the 2020 presidential election. Cyber Ninjas is connected to digital security executive Benjamin Cotton, who has claimed in another investigation that he forensically examined voting systems in Coffee County and several other battleground states. 

The state election officials removed the county’s election server shortly after a newly hired Coffee County election director notified the state that the password no longer worked and that he found Logan’s business card on an office computer in April 2021.

In recent court filings, the plaintiffs’ lawyers accuse the secretary of state’s office of withholding information and allege that the state purposefully delayed investigating a breach that threatens a system the state has fiercely defended.

State lawyers said the information has been turned over to the attorney general’s office, or should remain confidential until the State Election Board receives the findings of the secretary of state’s investigation.

State attorney Vincent Russo filed a brief last week arguing that Georgia has provided summaries, and that plenty of information could be gleaned from Coffee County witness testimony and county records. Russo argues the case is tangential to a long-sought injunction on Georgia’s use of electronic voting machines and ballot marking devices in favor of hand marked paper ballots.

“An injunction would not resolve the plaintiffs’ claims about Dominion Voting Systems (BMDs),” Russo wrote. “Put another way, even if the defendants in this case (and the 158 counties in Georgia not a party to this litigation) perfectly administered every election in every single respect and perfectly secured the (voting equipment), plaintiffs still would remain unsatisfied without removal of the BMDs themselves.”

David Cross, a lawyer for the plaintiffs who issued the subpoenas, said that details about the removal of a server are scarce as state officials have “stuck their heads in the sand” instead of actively pursuing a situation that they’ve been aware of for more than a year.

“Shortly after the 2020 presidential election, the former Coffee County Elections Supervisor, Misty Hampton, made a video that went viral on YouTube claiming to show that Dominion’s voting equipment could be manipulated,” Cross wrote in a Friday court filing.

“Coffee County just this week admitted that, per plaintiffs’ subpoenas, it ‘has recently been able to recover the items on Misty Hampton’s Coffee County issued phone’ and aims to produce those to the parties,” Cross added. “No investigation (if any) had recovered those items before plaintiffs’ subpoenas.”

Cross’ clients also want to hear from Atlanta bail bondsman Scott Hall about the airplane he said he provided to fly a team to the south Georgia county of about 43,000 residents shortly after the 2020 election.

In May, Marilyn Marks, executive director of Coalition for Good Governance, released a March 2021 recorded phone conversation with Hall that reopened the state investigation. In that call, Hall explains how the group was able to copy Coffee County’s voting records in an attempt to discredit the machines and justify Trump’s overtures to overturn the results.

The Coffee County case illustrates how the state is relying on technology that is not secure enough to prevent bad actors from meddling in elections, Marks said.

“Unfortunately for years, our theme has been that this system’s vulnerabilities can be exploited and they cannot be detected or mitigated so long as we’re voting on touch screens,” she said.

Hampton has claimed that she and an election board member were there while the group examined the equipment. Some other prospective witnesses dispute accusations that the server was compromised or that any such visit even occurred. 

The initial state probe into Coffee began after its election board refused to certify the 2020 election following a 50-vote discrepancy during a recount and into Hampton revealing a password while explaining how to change votes in the online videos.   

At a July teleconference court hearing, Judge Amy Totenberg said secretary of state officials gave inadequate answers about the breach in their depositions and that not all of the state’s evidence could conceivably be “tucked under investigative privilege.”

Totenberg has criticized the Dominion machines for recording votes in a QR code or barcode that’s opaque to voters, before printing paper copies of ballots to review and scan.  

Just two months before the November statewide election, Totenberg has set a Sept. 2 deadline for completing depositions and turning over other documents.

“I’m not going to be drowned by what happened with Coffee County, but I think there needs to be some direct answers to some of these issues,” she said at the July 15 hearing.

Federal agency asks to unseal security report

A federal cybersecurity agency is giving the green light to release an independent report that says Georgia is relying on a digital technology that is more likely to be compromised.

In a letter filed late last week, the U.S. Cybersecurity and Infrastructure Security Agency told Totenberg that she could remove the court-ordered seal on the report of Alex Halderman, a University of Michigan computer science professor and expert witness for Cross’ clients.

Totenberg is expected to decide soon if she’ll make the findings public. Halderman says he uncovered multiple severe security flaws in Georgia’s electronic voting machines, including ways malicious software can manipulate the bar codes.

Halderman’s contention on how the platform could be exploited were bolstered by a June cybersecurity agency advisory about the vulnerabilities of voting machines used in Georgia and several other states.

The federal cybersecurity warning says there are no signs hackers were involved in interfering in the 2020 election, but that future elections could be compromised by someone with unauthorized access.

“It now has been 49 days since the public release of CISA’s advisory, which has allowed affected end users additional time to implement the recommended mitigation measures contained in CISA’s public advisory,” wrote Bryan Boynton, principal deputy assistant attorney general for the cybersecurity agency. “In light of these facts, CISA respectfully submits that plaintiffs’ most-recent proposed redactions appropriately manage the risk to election security while advancing security through transparency.”

Republican Secretary of State Brad Raffensperger has also called for the report to become public, likening Halderman’s unfettered access to the state’s voting system to giving someone a house key and alarm code.

Meanwhile, Dominion has requested to see the redacted analysis and company executives have criticized Halderman for not properly accounting for safeguards that were already in place.

Georgia Recorder is part of States Newsroom, a network of news bureaus supported by grants and a coalition of donors as a 501c(3) public charity.