After two years of legislative debate and loud and persistent grassroots citizen activism, the Georgia Assembly voted to beef up security in Georgia's elections substantially. According to election security activist David Cross, one of the most significant changes will be the addition of a"visible watermark security feature" on ballots that will identify each ballot as an "official Georgia ballot." This election security measure is one of many the Georgia Assembly passed before it adjourned for Sine Die after midnight on Mar. 28.
Three critical bills, SB189, HB974, and HB1207, go a long way to end "unverifiable, secretly counted elections" in Georgia, according to a press release from VoterGA. VoterGA was founded by Garland Favorito, one of the state's most dedicated election security activists. The new bills deter "ballot trafficking, counterfeit ballots, and ballot box stuffing" by requiring visible watermarks and more robust chain of custody procedures. According to Favorito, all of these measures will improve transparency in the administration of elections. The governor has 40 days to sign off on the bills for them to be official.
The omnibus bill SB189 passed 33-22 just after midnight on Mar. 28 after Democrats made several unsuccessful attempts to stop the bill. It is important to note that much of the language in HB976 was transferred to SB189 to make the legislative process more efficient. One of the most significant aspects of SB189 is that the text portion of the paper ballot, not the QR code, will be used as the "official vote for purposes of vote tabulation," both in the election and in any subsequent audit or recount. QR-coded ballots make it impossible for voters to know their votes were cast and counted properly.
Evidence from the 2020 election shows QR codes can be problematic. David Cross and Kevin Moncla found anomalies and QR code failures in 65 of the 67 counties in Georgia for which they had the requisite records. A county in Tennessee reported similar issues with QR code failure errors. SB189 also gives the Secretary of State "two years to eliminate the current voting system that accumulates votes hidden in QR codes," according to the press release. However, according to Clay Parikh, a cybersecurity expert, the most important issue with QR codes is that they "violate HAVA because they are not human readable."
According to Col. Shawn Smith, it is also important to note that even if one removes the QR codes, it does not remove vulnerability on the ballot to hidden coding. Smith, a subject matter expert on the security of computer-based election systems, testified on Apr. 1 in the disciplinary hearing of Trump attorney Jeffrey Clark that removing "QR codes from the ballots does not actually prevent the optical scanner from scanning a ballot for a QR code." Smith added:
"In fact you could have a QR code, that is covertly embedded as an image. It could even be a single 8-bit word. And it would be almost impossible for a person to detect without knowing where to look. They could just look like punctuation marks or changes in the serif fonts of text on the page. Or, you know, timing marks on the edges that don't didn't look right. Once you have a QR code scanner operating on the tabulator scanner, it's going to keep scanning those ballots for QR codes, and there may be a QR code on it that is not noticeable, detectable, visible, or apparent to the naked eye or an imager."
Smith said removing QR codes is a superficial remedy that gives one a false sense of security. According to Smith, the vulnerabilities of the electronic voting systems as a whole are where the focus should be. Smith continued:
"Election officials simply do not have the experience or skill set or capability or knowledge to understand the threats against those systems or, more importantly, to protect them. So, removing the QR codes from the ballots and then pretending that that somehow removes that QR code scanning module from the voting system. There is still the risk that you could insert a ballot not only that would have a different election result than or, or different voting result than the voter was seeing or expecting, but could in fact be providing instructions that would change the configuration of the voting system.
The point I'm trying to make is there's a lot of there's a lot of amateur hour. Unavoidable from election officials in their decisions about election systems and their assumptions and the public statements they make about them. They simply do not have the experience or skill set or capability or knowledge to understand the threats against those systems or, more importantly, to protect them. So that kind of a removing the QR codes from the ballots and then pretending that that somehow removes that QR code scanning module from the voting system. Or the risk that you could insert a ballot not only that would have a different election result than or, or different voting result than the voter was seeing or expecting. But could in fact be providing instructions that would change the configuration of the voting system."
SB189 also allows counties with fewer than 5,000 registered voters to conduct voting on paper ballots rather than ballot marking devices (BMDs). Physical ballots may "only be used to conduct special primaries, special elections, runoffs for county offices or special elections to present a question to the voters of the county," according to the bill. Absentee ballots may only be tabulated on Election Day with results to be reported no later than 1 hour after polls close. Each party will have two observers to monitor mail-in ballot tabulation. Chain of custody procedures and rules are clearly delineated in the bill, as are measures to verify the identification of first-time absentee voters. The bill includes additional sign-off and sealing procedures that must be implemented no later than Jan. 1, 2025. Additional language in the bill states the Secretary of State will be "removed from the State Election Board." The Secretary of State will no longer be an "ex officio voting member of the state board."
HB974 requires the implementation of watermarked ballots. The bill also requires the Secretary of State to "establish and maintain a state-wide system for the posting of scanned paper ballots," there will be "minimum resolution requirements for each scan."
Risk-limiting audits (RLA) are also addressed in HB974. The number of contests subject to RLAs may be expanded, and there will be more transparency with regard to the percentage of risk limits and the procedures used to select the contests subject to RLAs. The Secretary of State will also be required to implement a pilot program to audit paper ballots using optical character recognition. The risk limit for future RLAs means the probability will not exceed "eight percent in 2024; six percent in 2026, and five percent or less in 2028 and thereafter."
HB1207 requires "any person employed by a county election superintendent...shall be a citizen of the United States." In other words, anyone handling ballots or electronic ballots will be a U.S. citizen. This bill also specifies poll watchers' (volunteers) access to polls. Poll watchers will be "entitled to observe any activity conducted at the location where they are serving...and shall be entitled to sit or stand as close as is practicable to the observed activity to be able to see and hear the poll worker or election official being observed." This particular language aggravated State Sen. Derek Mallow (D-GA2). He told the Speaker, "I don't want these folks that close to me when I'm discussing my electoral business with the poll worker." He believes the bill gives poll watchers too much "power" and gives poll watchers the idea "they are the law on election."
UncoverDC spoke with Cross on Monday to hear his opinion on the strength of this set of election security bills, given he has been so involved in the process. He believes legislators "really came through, and we got more than we ever dreamed we would get." The election bills result from almost four years of grassroots citizen activism. Cross, Garland Favorito, Joe Rossi, Kevin Moncla, and others have led the way. Still, they could not have done it without the many activists across the state who stepped up after the 2020 election, risking being ridiculed as "election deniers" by many and the possibility of being embroiled in costly lawsuits. Cross shared his thoughts:
"Prior to 2020, most citizens were quietly asleep at the switch, thinking their government would never screw them over. They finally woke up and said, 'This isn't right. Something is wrong.' They got involved. And I mean tons of people got involved in their local GOPs, in the Republican assemblies, they started going to events, and they were paying attention.
They participated in Garland Favorito's group, VoterGA, the Constitution Party, calls on Saturday mornings. They would volunteer, show up at the Capitol and they came out like an army. It was truly a team effort, from the generals all the way down to the foot soldiers. The foot soldiers did a ton of work, many times without having to take a lot of direction. And it really shifted both public opinion and the legislators to look at things more closely and to not 'poo poo' and say to themselves that this stuff doesn't matter.
To see the number of legislators involved and the variety of things in bills that were being put forward, I was blown away. Two legislators, Senator Max Burns and Senate Majority Leader Steve Gooch, did gigantic work on our behalf. Brad Carver with the Georgia GOP was our lobbyist. He was there all hours of the day and night working on our behalf."
While the Georgia Assembly should be applauded for its efforts to better secure elections in the state, electronic voting systems will remain a poor substitute for election-day voting, paper ballots, and hand counts. Smith's testimony on Apr. 1 makes it clear that using electronic voting systems will inevitably result in "catastrophic" security breaches. Among the threats he listed are tainted supply chains, systems that have never been secured properly, a lack of real-time defensive monitoring, and "public servants who have no knowledge, capability or authority" to examine or defend against the possible compromises that permanently alter the security of the motherboards. Smith said the federal government has understood these election security threats for years. "It is shocking to me that we would employ systems this insecure and then lie to the public about it. I believe that's what happened in Georgia."
