Like any subset of society, the world of technology has its own culture, its own precepts of what separates good behavior from bad. Some people find certain aspects of that culture baffling – specifically, the topic of cyber security. And many of those people can be found in and around the state Capitol. Over the weekend, our AJC colleague Alan Judd posted a catch-up piece on one of Secretary of State Brian Kemp’s last actions in that office – his Nov. 3 decision to announce that he had placed the Democratic Party of Georgia under investigation for an alleged attempt to hack the state’s voter registration database. Never mind that Kemp was the GOP nominee for governor, and Election Day was 72 hours away.
[A] Georgia man identified as Richard Wright logged onto the My Voter Page on the secretary of state’s website. Wright wanted to make sure his registration information was up to date. It was. But not everything else appeared to be in order.
Wright, who apparently has a background in software development, discovered two significant security flaws that could jeopardize the election’s integrity. First, downloading a sample ballot also “allows you to download any file on the system,” he later wrote in an email to the Democratic Party.
Georgia Democrats passed the info to two computer security experts at Georgia Tech. One of the experts notified a national security agency. Kemp’s office was eventually brought into the loop. Then a technology journalist emailed the secretary of state, informing Kemp aides that the reporter intended to publish an article about the vulnerability. The news site asked Kemp for comment.
hat’s when Secretary of State Brian Kemp turned a “white hat” notice of data-base vulnerability into a “black hat” conspiracy theory, issuing a press release that named his rival’s party as one of the villains.