I was in Georgia on Other Business over the weekend, and I was lucky because the Atlanta Journal-Constitution broke a brilliant story that pretty much shreds what was left of the credibility of both the recent gubernatorial election and the new governor it produced, Brian Kemp. The Republican candidate, you may recall, also was serving as Georgia’s Secretary of State and, therefore, was tasked with overseeing a close election in which he was one of the candidates. The AJC added yet another big window into the veritable Plato’s Retreat of ratfcking that was that election:
It was Nov. 3, a Saturday, 72 hours to Election Day. Virtually tied in the polls with Democrat Stacey Abrams, Kemp was in danger of becoming the first Georgia Republican to lose a statewide election since 2006. And, now, a new threat. The secretary of state’s office had left its voter-registration system exposed online, opening Kemp to criticism that he couldn’t secure an election that featured him in the dual roles of candidate and overseer. But by the next day, Kemp and his aides had devised one solution for both problems, an investigation by The Atlanta Journal-Constitution shows.
They publicly accused the Democratic Party of Georgia of trying to hack into the voter database in a failed attempt to steal the election. The announcement added last-minute drama to an already contentious campaign. More important, it also pre-empted scrutiny of the secretary of state’s own missteps while initiating a highly unusual criminal investigation into his political rivals. But no evidence supported the allegations against the Democrats at the time, and none has emerged in the six weeks since, the Journal-Constitution found. It appears unlikely that any crime occurred.
To recap: Kemp was overseeing his own election, and he was so bad at it that, three days before the polls opened, it was discovered that the registration system was ridiculously hackable. This called for some serious hackery in response. Kemp already had proven to be up to the task:
In 2015, Kemp’s office accidentally sent political organizations, media outlets and others a trove of confidential information about every Georgia voter. Kemp blamed a single employee, whom he fired. The following year, Kemp was one of just seven state election directors who rejected the federal government’s help to secure their voting systems. Kemp called the offer an “overreach” by the administration of President Barack Obama after hackers stole emails from the Democratic National Committee. “It seems like now it’s just the D.C. media and the bureaucrats, because of the DNC getting hacked – they now think our whole system is on the verge of disaster because some Russian’s going to tap into the voting system,” Kemp said…At that moment, the computer servers that ran Georgia’s election system were wide open to potential intruders. Voters’ personal data, passwords that poll supervisors used on Election Day, the coding for memory cards with which voters cast ballots – all of it was readily accessible.
Meanwhile, a guy named Logan Lamb, a specialist in cybersecurity from Kennesaw State, where Georgia’s servers are located, spent several months ringing the alarm bell before anyone in Kemp’s office deigned to get involved. Have I mentioned that Kemp was running for governor at the time, and that a story about incompetence centered on the office he already held might have proven to be a drag on that effort?
But it wasn’t until seven months later, when Lamb and a colleague found that the data still had not been secured, that officials shut off unauthorized access to the servers. Kemp said at the time that he expected the FBI to catch the “perpetrators.” “There were no perpetrators,” Lamb, who works for the Atlanta-based online security firm Bastille, said recently. “We are computer security professionals. We were trying to go through the process of responsible disclosure to make sure the system was secure.” For months, Lamb said, “anyone could just have downloaded” – or manipulated – all the state’s election files.
At this point, it might have become obvious to all but the dimmest voter that Kemp shouldn’t be entrusted to manage anything more complicated than a food truck. A new strategy was needed because, after all, those rats won’t fck themselves.
On Dec. 8, 2016, Kemp wrote to Homeland Security Secretary Jeh Johnson, demanding to know why the federal agency “was attempting to breach our firewall.” Kemp said a computer traced to Homeland Security had executed a “large unblocked scan” of the secretary of state’s website. The intrusion, Kemp suggested, was in retaliation for his refusing the government’s help before the 2016 election. Johnson replied four days later. He said a worker at his agency’s Federal Law Enforcement Training Center in Brunswick, Georgia, had merely verified the professional licenses of job applicants – “a service, as I understand it, your website provides to the general public,” Johnson wrote.
Kemp wasn’t satisfied with Johnson’s response. “I will be elevating my concerns to the incoming administration,” he wrote back, and the same day, he asked Trump, then the president-elect, to investigate the Obama administration’s “failed cyberattacks” on Georgia. Republicans in Congress warned Johnson not to destroy evidence of what Rep. Jason Chaffetz, then chairman of the House Oversight Committee, called a possible breach of “state sovereignty” and a violation of state and federal laws. Finally, in June 2017, a report by Homeland Security’s inspector general said a digital forensic investigation found no evidence of a cyberattack.
This is pure bubblespeak, aimed at an audience conditioned for decades to believe anything that strokes their ideological G-spots. (That Jason Chaffetz had a cameo in this farce was almost comically predictable.) And it roped in the Department of Homeland Security, which had to hunt all the snipes Kemp had set loose in the minds of his voters. Was it time to turn things up to 11? Of course, it was.
Kemp’s aides broke their silence early Sunday. At 4:47 a.m., Candice Broce, the secretary of state’s spokeswoman, received a message from the online news site WhoWhatWhy, which says it practices “forensic journalism.” Its reporters had heard about Wright’s email and were preparing to post a story at 6 a.m. The website said it told Broce its story would describe a security breakdown in the secretary of state’s office, not a failed hack by the Democrats.
Exactly one hour later, a statement appeared on the secretary of state’s website, on the same page where voters search for sample ballots, find their polling place or check their registration. In all-capital letters, the headline announced: “AFTER FAILED HACKING ATTEMPT, SOS LAUNCHES INVESTIGATION INTO GEORGIA DEMOCRATIC PARTY. “While we cannot comment on the specifics of an ongoing investigation,” Broce was quoted as saying, “I can confirm that the Democratic Party of Georgia is under investigation for possible cyber crimes.”
This is great work by the AJC, especially the survey of how so many news operations, both in Georgia and nationally, ran with the phony accusation. Kemp’s people did what they did full in the knowledge that there wasn’t enough time before the election for them to get called on it. (That it also was picked up by Sputnik, the Russian misinformation laundromat, is even less surprising than Chaffetz’s appearance in the story was.) The Democratic party in Georgia admits in the story that its rapid-response operation wasn’t nearly as rapid as it should have been. But, in general, the AJC’s story is another one to add to the now towering pile of evidence that the Republican party has become unmoored from any attachment it still had to actual democracy.
Respond to this post on the Esquire Politics Facebook page here.