IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION DONNA CURLING, ET AL., Plaintiffs, Civil Action No. 1:17-CV-2989-AT v. BRIAN KEMP, ET AL., Defendants. COALITION PLAINTIFFS’ BRIEF IN SUPPORT OF MOTION FOR PRELIMINARY INJUNCTION August 3, 2018 Table of Contents INTRODUCTION AND SUMMARY ................................................................................ 1 LEGAL STANDARDS ....................................................................................................... 2 A. Granting of a Preliminary Injunction ............................................................................... 2 B. Procedure and Evidence .................................................................................................. 2 ARGUMENT .................................................................................................................. 3 A. Coalition Plaintiffs Are Likely to Succeed on the Merits ................................................. 3 1. Georgia’s Current DRE System ................................................................................... 6 2. DREs Are Profoundly Insecure and Vulnerable ........................................................... 9 3. Georgia’s System Has Already Been Compromised .................................................. 12 4. Secretary Kemp’s Agents Have Destroyed All the Evidence of Who Accessed the KSU Server ............................................................................................................................... 15 5. Georgia’s Voting Security Failure Has Not Been Remedied ...................................... 16 6. Evidence of Malfunctions in Recent Elections ........................................................... 17 7. International Threat Intensifies: “The Lights Are Blinking”....................................... 19 8. Conclusion – Plaintiffs are Likely to Succeed on the Merits ...................................... 19 B. Plaintiffs Are Likely to Suffer Irreparable Harm............................................................ 20 C. Balance of Equities Favors Granting the Injunction ....................................................... 22 D. Injunction Is in the Public Interest ............................................................................. 25 CONCLUSION ............................................................................................................. 25 Page ii Plaintiffs Coalition for Good Governance, William Digges III, Laura Digges, Megan Missett, and Ricardo Davis (the “Coalition Plaintiffs”) file this Brief in Support of their Motion for Preliminary Injunction. INTRODUCTION AND SUMMARY Officials from the highest levels of the Federal Government have issued repeated and increasingly urgent warnings to states like Georgia to not use electronic voting machines in the upcoming elections and instead to switch to paper ballots. Defendants stubbornly refuse to take any action, insisting -- against overwhelming evidence to the contrary -- that Georgia’s system is secure. The Coalition Plaintiffs are therefore compelled to bring this motion for preliminary injunctive relief to protect their fundamental right to vote and their rights under the Equal Protection Clause of the United States Constitution. As will be explained below, Georgia AccuVote DRE electronic voting system is extremely vulnerable to undetectable attack or system error. Plaintiffs will further show the likelihood of irreparable harm because the results of any election using the DRE machines is unverifiable and highly likely to be inaccurate. Moreover, notwithstanding the Secretary’s protestations to the contrary, Georgia can lawfully switch to a paper ballot system using existing resources with minimal effort. For these reasons, Defendants should be enjoined through the pendency of this litigation from using the unverifiable and hopelessly compromised AccuVote Page 1 DRE paperless voting system, and instead should be enjoined to use paper ballots. LEGAL STANDARDS A. Granting of a Preliminary Injunction Chief Justice Roberts summarized the familiar test for the granting of a preliminary injunction in Winter v. NRDC, 555 U.S. 7, 20 (2008):1 A plaintiff seeking a preliminary injunction must establish that he is likely to succeed on the merits, that he is likely to suffer irreparable harm in the absence of preliminary relief, that the balance of equities tips in his favor, and that an injunction is in the public interest. These are not rigid requirements to be applied by rote. “The essence of equity jurisdiction has been the power of the Chancellor to do equity and to mold each decree to the necessities of the particular case. Flexibility rather than rigidity has distinguished it.” Weinberger v. Romero–Barcelo, 456 U.S. 305, 312 (1982). B. Procedure and Evidence Though discovery in this case has not formally opened and the Defendants have not answered the Third Amended Complaint, this Motion is not premature. “The grant of a temporary injunction need not await any procedural steps perfecting the pleadings or any other formality attendant upon a full-blown trial of this case.” United States v. Lynd, 301 F.2d 818, 823 (5th Cir. 1962) (Tuttle, J.). 1 See also Alabama v. U.S. Army Corps of Engineers, 424 F.3d 1117, 1131 (11th Cir. 2005). Page 2 In considering this Motion, the Court also is permitted to rely upon hearsay and upon affidavits in lieu of live testimony. “[A] preliminary injunction is customarily granted on the basis of procedures that are less formal and evidence that is less complete than in a trial on the merits.” Univ. of Tex. v. Camenisch, 451 U.S. 390, 395 (1981); Levi Strauss & Co. v. Sunrise Int’l Trading, Inc., 51 F.3d 982, 985 (11th Cir. 1995) (at the “preliminary injunction stage, a district court may rely on affidavits and hearsay materials which would not be admissible evidence for a permanent injunction”). ARGUMENT A. Coalition Plaintiffs Are Likely to Succeed on the Merits Plaintiffs are likely to succeed on their claims that the use of Georgia’s DRE voting system to record votes burdens the Plaintiffs’ fundamental right to vote (Count One) and violates the Equal Protection Clause (Count Two). Plaintiffs’ fundamental-right-to-vote claim is based upon “the right of qualified voters within a state to cast their ballots and have them counted.” United States v. Classic, 313 U.S. 299, 315 (1941). “No right is more precious in a free country than that of having a voice in the election of those who make the laws under which, as good citizens, we must live. Other rights, even the most basic, are illusory if the right to vote is undermined.” Wesberry v. Sanders, 376 U.S. 1, 17 (1964). Page 3 This foundational constitutional right necessarily includes the right to have one’s vote counted accurately. “Every voter’s vote is entitled to be counted once. It must be correctly counted and reported.” Gray v. Sanders, 372 U.S. 368, 380 (1963). “Having once granted the right to vote on equal terms, the State may not, by later arbitrary and disparate treatment, value one person’s vote over that of another.” Bush v. Gore, 531 U.S. 98, 104-05 (2000). States may not, by arbitrary action or other unreasonable impairment, burden a citizen’s right to vote. Baker v. Carr, 369 U.S. 186, 208 (1962) (“citizen’s right to a vote free of arbitrary impairment by state action has been judicially recognized as a right secured by the Constitution”). “[T]he free exercise and enjoyment of the rights and privileges guaranteed to the citizens by the Constitution and laws of the United States” entails the right and privilege to express by their votes their choice of a candidate for Senator and their right to have their expressions of choice given full value and effect by not having their votes impaired, lessened, diminished, diluted and destroyed by fictitious ballots fraudulently cast and counted, recorded, returned, and certified. United States v. Saylor, 322 U.S. 385, 386 (1944). See also Reynolds v. Sims, 377 U.S. 533, 555 (1964) (“[T]he right of suffrage can be denied by a debasement or dilution of the weight of a citizen’s vote just as effectively as by wholly prohibiting the free exercise of the franchise.”). Page 4 Plaintiffs need not establish at trial, much less at the preliminary injunction stage of the case, that an impairment of their right to have their votes counted accurately has already occurred or that it is certain to occur. Instead, Plaintiffs will prevail at trial with a showing that the burden imposed upon their rights by the very substantial risk that votes will be miscounted or diluted by the DRE system outweighs any of the State in insisting upon the continued use of the DRE machines. Crawford v. Marion County Election Bd., 553 U.S. 181, 190 (2008). As to Plaintiffs’ claim under the Equal Protection Clause, the issue is whether Georgia voters using AccuVote DREs are “less likely to cast an effective vote” than absentee voters using paper ballots. Wexler v. Anderson, 452 F.3d 1226 (11th Cir. 2006).2 See also Dunn v. Blumstein, 405 U.S. 330, 336 (1972) (“[A] citizen has a constitutionally protected right to participate in elections on an equal basis with other citizens in the jurisdiction.”). There is a substantial likelihood that Plaintiffs will prevail on both claims. 2 The Wexler case involved Florida’s use of AccuVote DRE machines, but the plaintiffs there did not allege or prove that the machines were vulnerable to attack. Instead, the plaintiffs’ theory was that “by certifying touchscreen voting systems that are incapable of providing for the type of manual recounts contemplated by Florida law, the defendants have violated the equal protection and due process rights of voters in touchscreen counties.” 452 F.3d at 1226. In rejecting this claim, the Eleventh Circuit explained that the allegations Plaintiffs make in this case – that voters using touchscreen systems are less likely to cast an effective vote than voters using paper ballots – would state an equal protection violation. Id. at 1231. Page 5 1. Georgia’s Current DRE System The primary features of Georgia’s current DRE system are not in dispute. The voting system used in Georgia today consists of the Diebold Global Election Systems (“Diebold”) AccuVote DRE touchscreen voting units (“DREs”), the Diebold optical scanners for tabulating paper ballots, and the Diebold General Election Management Software (“GEMS”) for tabulation and reporting of data generated by DRE and Diebold optical scanners, as well as the electronic pollbook components and electronic accessories that interface with the vote recording system. Georgia uses approximately 27,000 Diebold DRE touchscreen voting machines. (Third Amended Complaint (“TAC”) ¶ 59). Each DRE internally contains much of the same hardware that might typically be found in a very low-end general-purpose personal desktop computer in use in the early 2000s. (Bernhard Decl. ¶ 11). Georgia’s DREs run a Dieboldmodified version of Microsoft’s Windows CE operating system, the most recent version run in Georgia is Windows CE 4.1—which Microsoft stopped supporting in early January 2013. (Bernhard Decl. ¶ 11). As a consequence, Microsoft is no longer issuing updates or security patches for that software. (Bernhard Decl. ¶ 23). “As the operating system is over twenty years old, it lags behind the two decades of computer security research and is extremely vulnerable to a wide variety of attacks that Diebold’s software, regardless of version, cannot defend against.” Id. Page 6 A proprietary Diebold software application called BallotStation provides the user interface that voters and poll workers see. BallotStation interacts with the voter, accepts, records, and tallies votes on the DRE. ( Bernhard Decl. ¶ 21). DREs are configured by inserting a memory card into a slot behind a locked door on the side of the machine. Before the election, the file system on the memory card stores the election definition, sound files, interpreted code that is used to print reports, and other configuration information. When operating properly, DREs use software to translate the voter’s physical act of touching a particular place on the touchscreen into a vote for the corresponding candidate or issue, which vote is then recorded on both the DRE’s removable memory card and internal flash memory. Both records of the votes are unreadable to humans. Crucially, Georgia’s DREs do not create or retain any non-electronic record of the voter’s selections. (Bernhard Decl. ¶ 12; Lamb Decl. ¶ 5). Upon the closing of the polls, poll workers cause DREs to interpret collected electronic vote information, tabulate vote tallies, and convert it to human readable form to print tallies. The DRE memory cards are removed, secured for transport to a transmission center, in the case of Fulton County, or to county election offices. (TAC ¶ 72-73). DRE memory cards are collected and uploaded into the county election office GEMS server (running on a desktop computer). (TAC ¶ 75). Georgia uses paper ballots for mail-in absentee ballots and in-person Page 7 provisional ballots. These paper ballots are scanned and tabulated by Diebold AccuVote Optical Scan units, located in the county election offices. On election night, the memory cards from the Diebold AccuVote Optical Scan units are uploaded to the Diebold GEMS server and combined with the data from the DREs to create unofficial consolidated results and generate reports in human readable form. (TAC ¶ 76-78). For present purposes, there are two crucial features of Georgia’s election system that must be re-emphasized. First, DREs, by design, create no nonelectronic record of voter intent. There is no possible way to verify if the DRE system has correctly recorded and counted the intent of the voters. This is completely unacceptable for public elections. As Director of Homeland Security Kirstjen Nielsen recently testified: “You must have a way to audit and verity the election result.”3 Second – and this is significant in the evaluation of the proposed remedy – every county in Georgia currently uses the paper ballot/optical scan system proposed by Plaintiffs. Thus, the remedy of conducting the upcoming November and December 2018 elections using paper ballots instead of DREs is 3 Volz, Dustin, and Patricia Zengerle. “Inability to audit U.S. elections a ‘national security concern’: Homeland chief,”Reuters (March 21, 2018), available at https://www.reuters.com/article/us-usa-trumprussia-security/inability-to-audit-u-selections-a-national-security-concern-homeland-chiefidUSKBN1GX200. For a videotape of Secretary Nielsen’s testimony before the Senate, see https://www.youtube.com/watch?v=lXjYNLJ9yAM&feature=youtu.be (video of testimony at 3:38). Page 8 eminently feasible. 2. DREs Are Profoundly Insecure and Vulnerable The unreliability and vulnerability of electronic voting systems like the one used by the State of Georgia has attracted widespread and uniform alarm at all levels of government. On July 26, 2018, House Intelligence Committee Chairman Devin Nunes joined many federal officials and agencies concerned with national security to call for a complete ban on electronic voting.4 In May, the Senate Select Committee on Intelligence concluded that paperless DREs “are at highest risk of security flaws,” and stated that “[s]tates should rapidly replace outdated and vulnerable voting systems” with machines that “[a]t a minimum . . . have a voterverified paper trail.”5 Similarly, in March, DHS Secretary Nielsen labeled electronic voting systems “a national security concern.”6 In January 2018, the Congressional Task Force on Election Security issued a Final Report addressing the insecurity of the country’s voting infrastructure: Given the breadth of security risks facing voting machines, it is especially problematic that approximately 20% of voters are casting their ballots on machines that do not have any paper backup. These voters are using paperless Direct Recording Electronic (DRE) machines that have been shown over and again to be highly 4 http://thehill.com/hilltv/rising/398949-house-intel-chair-calls-for-ban-on-electronic-voting-systems. 5 Senate Select Committee on Intelligence, Russian Targeting of Election Infrastructure During the 2016 Election: Summary of Initial Findings and Recommendations (May 8, 2018) (“SSCI Report”), at https://www.burr.senate.gov/imo/media/doc/RussRptInstlmt1-%20ElecSec%20Findings,Recs2.pdf. 6 See supra note 3. Page 9 vulnerable to attack. Because these machines record votes on the internal memory of the machine, and do not leave any paper backup, it is near impossible to detect whether results have been tampered with.7 As detailed in the Declaration of Matthew D. Bernhard, attached hereto as Exhibit A, and in the Brief of Amici Curiae Common Cause, National Election Defense Coalition, and Protect Democracy (“Common Cause Amici Brief”), these recent alarms from the federal government amplify years of warnings from computer scientists, who have uniformly concluded that paperless balloting is unreliable, unquestionably insecure, and unverifiable. (Bernhard Decl. ¶¶ 13- 20; Common Cause Amici Brief, [Doc. 240-1, passim]). California’s 2007 “Top-toBottom Review” (“TTBR”)8 found that DREs were “inadequate to ensure accuracy and integrity of the election results…”; that the system contained “serious design flaws that have led directly to specific vulnerabilities, which attackers could exploit to affect election outcomes…”; and that “attacks could be carried out in a manner that is not subject to detection by audit, including review of software logs.”9 Citing these vulnerabilities of the Diebold’s AccuVote DREs, California 7 Congressional Task Force of Election Security, Final Report, https://democratshomeland.house.gov/sites/democrats.homeland.house.gov/files/documents/TFESReport.pdf (Feb. 14, 2018), at 24 (emphasis added). 8 See Joseph A. Calandrino, et al., Source Code Review of the Diebold Voting System, http://votingsystems.cdn.sos.ca.gov/oversight/ttbr/diebold-source-public-jul29.pdf (Jul. 20, 2007). 9 See California Secretary of State, Withdrawal Of Approval, http://votingsystems.cdn.sos.ca.gov/vendors/premier/premier-11824-revision-1209.pdf (Dec. 31, 2009 rev.), at 2, 3. Page 10 Secretary of State Debra Bowen decertified California’s voting system.10 Ohio’s 2007 “Evaluation and Validation of Election-Related Equipment, Standards and Testing (“EVEREST”)11 concluded that Ohio’s AccuVote “system lacks the technical protections necessary to guarantee a trustworthy election under operational conditions.” 12 Any number of published studies are in accord. (Bernhard Decl. ¶¶ 14, 15, 16, 17; id., fn. 1, 2, 3). 13 The vulnerabilities identified by all of these governmental authorities and computer experts apply specifically to the DREs used by the State of Georgia today. (Bernhard Decl. ¶ 21; Lamb Decl. ¶¶ 7-10 ). Significantly, the flaws in DREs can be exploited whether or not the machines are directly connected to the Internet. An attacker can gain physical access to a memory card in many different ways and could by that means install malicious code that spreads automatically from machine to machine. Similarly, an attacker could infect the programming by emailing a virus to election officials responsible for programming the machines. An attacker with access to the server on which DRE software is stored – like the KSU server discussed below – could 10 See Withdrawal Of Approval, supra note 9, at 5. 11 Pennsylvania State Univ., et al., EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing, https://www.eac.gov/assets/1/28/EVEREST.pdf (Dec. 7, 2007). 12 See EVEREST, supra note 11, at 103. 13 See also Feldman, et al., “Security Analysis of the Diebold AccuVote-TS Voting Machine,” Proc. 2007 USENIX/ACCURATE Electronic Voting Technology Workshop, 1 (Aug. 2007). Page 11 alter the software surreptitiously so that election officials themselves install the malware in the course of election preparations. Demonstrations show that it is easy to break into AccuVote TSXs with nothing more than a BIC pen and install vote-stealing software that changes votes in undetectable ways. (Bernhard Decl. ¶¶ 29-30). 3. Georgia’s System Has Already Been Compromised The already unacceptable extreme vulnerability of Georgia’s system was greatly increased by Secretary Kemp’s failure to secure the State’s central election server before and after the 2016 elections. (See generally Lamb Decl. ¶¶ 11- 19). From at least 2002 until at least December 31, 2017, Georgia’s Secretaries of State have contracted with Kennesaw State University (“KSU”), for the creation of the Center for Election Services (“CES”) at KSU to assist the Secretary in the fulfillment of his statutory duties to manage Georgia’s DRE system. CES’s Executive Director Merle King maintained a computer server with the URL “elections.kennesaw.edu,” on which CES hosted a comprehensive assemblage of electronic files consisting of software applications, password files, tabulation database programs, encryption keys, confidential voter registration information, ballot proofs, technical training videos, and other sensitive information critical to the safe and secure operation of Georgia’s DRE-based voting system. The information hosted on the “elections.kennesaw.edu” server was not authorized to Page 12 be publicly accessible. But between at least August 2016 and March 2017, and likely for a much longer time, this server was fully accessible to any computer user with Internet access. In late August 2016, cybersecurity researcher Logan Lamb accessed files hosted on the “elections.kennesaw.edu” server on the public internet, including the voter histories and personal information of all Georgia voters, tabulation and memory card programming databases for past and future elections, instructions and passwords for voting equipment administration, and executable programs controlling essential election resources. When he accessed these sensitive files, Lamb noted that the files had been publicly exposed for so long that Google had cached (i.e., saved digital backup copies of) and published much of the sensitive data on the Internet. (Lamb Decl. ¶¶ 13- 14). On August 28, 2016, Lamb contacted King by telephone and email to warn him that CES should assume that the sensitive documents hosted on the “elections.kennesaw.edu” server had already been downloaded by unauthorized persons and that all sensitive files should be considered compromised. King immediately informed CES staff of the breach. Yet for reasons that have never been explained, the server was not secured for months. Lamb and colleague Christopher Grayson accessed the server again several times in late February 2017 and on March 1, 2017, and they were repeatedly able to access and download the Page 13 same types of files that Lamb had accessed months earlier. (Lamb Decl. ¶ 15). On March 1, 2017, Grayson contacted a KSU Computer Science Instructor and informed him of the exact times and IP addresses of his own recent repeated access of the unsecured voting system server. KSU finally caused the elections server to be isolated from the public Internet on or about March 1, 2017. After it became known that the “elections.kennesaw.edu” server was compromised, CES staff emails indicate that Secretary Kemp’s agents at KSU did not conduct or order a forensic examination to determine whether the server had been altered or manipulated. Neither Secretary Kemp’s agents at KSU, nor his internal staff at the Secretary of State’s office, has ever properly verified the integrity of any software, passwords, databases or encryption keys that were hosted on the compromised “elections.kennesaw.edu” server. As a consequence, the compromised software, passwords, and encryption keys continue to be used on the equipment that has been and will be employed to conduct Georgia’s public elections. (Lamb Decl. ¶ 19). According to recent indictments issued by Special Counsel Robert Mueller, at the same time that Lamb was alerting Secretary Kemp’s team at KSU that Georgia’s server was completely exposed, and Secretary Kemp’s team were doing nothing about it, Russian operatives were visiting “the websites of certain counties Page 14 in Georgia, Iowa, and Florida to identify vulnerabilities.”14 4. Secretary Kemp’s Agents Have Destroyed the Evidence of Who Accessed the KSU Server Evidence of these and other intrusions into Georgia’s system has probably been destroyed and lost forever due to the deliberate actions of Secretary Kemp’s agents after the filing of this lawsuit. At least by the filing of this lawsuit on July 3, 2017, Secretary Kemp and his agents were under a duty to preserve evidence. In clear breach of this duty, the Secretary’s agents, three days after this lawsuit was filed, destroyed all data on the hard drives of the KSU “elections.kennesaw.edu” server. On August 9, 2017, less than 24 hours after this action was removed to this Court, Secretary Kemp’s agents went further and destroyed all data on the hard drives of a secondary server hosted at “unicoi.kennesaw.edu,” which contained similar, but not identical data, to that on the “elections.kennesaw.edu” server. The “logfiles” that contain historical records of external access from the public Internet to the “elections.kennesaw.edu” and “unicoi.kennesaw.edu” servers would have been deleted when all data on the respective servers’ hard drives were destroyed. The destruction of this data is significant in two respects. First, the loss of the data will make it impossible for Georgia to determine the nature and extent of any intrusions into the system and, accordingly, to remedy the harm caused 14 United States v.Netyksho, et al., Indictment (D.D.C., July 13, 2018) ¶ 75. Page 15 thereby. Second, the destruction of the data on these servers entitles Plaintiffs, at a bare minimum, to evidentiary presumptions that will make success on the merits even more likely. Kraft Reinsurance Ireland, Ltd. v. Pallets Acquisitions, LLC, 845 F. Supp. 2d 1342, 1358 (N.D. Ga. 2011) (“Spoliation is the destruction...of evidence, or the failure to preserve property for another’s use as evidence in pending or reasonably foreseeable litigation.”). 5. Georgia’s Voting Security Failure Has Not Been Remedied Secretary Kemp may contend that the fact that Georgia’s server may have been ravaged by foreign or domestic criminals in 2016 and 2017 does not have an impact on the current vulnerability of Georgia’s election system because election files are now on a new server with purported proper security under the direct control of the Secretary of State. The overwhelming evidence, however, establishes to the contrary. “A massive, time-consuming effort would be required to address the security breaches that occurred in Georgia,” states expert Matt Bernhard, “requiring experienced technicians to give hands-on attention to individual machines (tens of thousands of pieces of equipment), one at a time.” (Bernhard Decl. ¶ 44). Because of the interconnected nature of the system, which consists of thousands of vulnerable electronic components, properly decontaminating the components at risk across the state would be a nearly impossible undertaking. (Bernhard Decl. ¶ 45; see also Page 16 Lamb Decl. ¶ 20). There is no evidence that Georgia has even attempted to mitigate the massive risks created by the KSU exposure. 6. Evidence of Malfunctions in Recent Elections In addition, there is alarming new evidence that Georgia’s DRE voting system has inexplicably malfunctioned in recent elections in ways that impact voters directly: • Voter eligibility information in the Diebold electronic pollbooks (part of the certified DRE system) differs from Secretary of State’s official voter registration records, which has caused potential and actual disenfranchisement. (Clark Decl. ¶¶ 10-15; Bowers Decl. ¶¶ 35-46; Marks Decl. ¶ 2). • Inaccurate political party designation in electronic pollbook has caused voter disenfranchisement. (Luse Decl. ¶¶ 6-8). • Unauthorized changes in the voter registration records have changed polling places and assigned voters to improper districts. (Mitchell Decl. ¶¶ 8-11). • Inaccurate DRE electronic ballots have been issued to at least one voter, causing the DRE screen to display wrong districts and candidates during early voting – plainly subjecting unwary voters to disenfranchisement. (Kadel Decl. ¶¶ 8-28). Page 17 • Numerous polling place recap sheets provided by Fulton County to Coalition Plaintiffs have revealed unresolved material differences between the number of voters voting at the polling place and the number of ballots cast as reported on the DRE machine results tapes. (Marks Decl. ¶ 2, Ex. 2). • A DRE machine tabulation results tape in Hall County did not include results from 9 races, suggesting the possibility that voters were not given a complete ballot or votes were not counted. (Bowers Decl. ¶¶ 5-8; Copeland Decl. ¶ 5). • DRE machines have printed irregular timestamps indicating materially delayed ballot tallies and reporting and machine malfunction. (E.g., Bowers Decl. ¶ 19; Copeland Decl. ¶ 9). • A Hall County voting machine malfunctioned, was taken out of service and showed no votes cast on a delayed closing tape. Pollworkers had difficulty closing the polls and disagreed on whether votes were cast on the problem machine. (Bowers Decl. ¶¶ 25-31). • Voter turnout of more than 100% was reported in precincts in Habersham County and Fulton County. (Marks Decl. ¶ 4, Ex. 3). It is almost a certainty that the discrepancies reported to Plaintiffs and described above are only a small fraction of the actual number of problems encountered state-wide. These errors are consistent with the kinds of errors that Page 18 experts would expect to be generated by malware, programming errors, or other sources of computer system malfunction. 7. (Bernhard Decl. ¶ 49). International Threat Intensifies: “The Lights Are Blinking” The vulnerability of Georgia’s DRE voting system is not only an issue of past exposure, but a matter of ongoing and growing concern. Director of National Intelligence Daniel Coats stated on July 17, 2018: “Every day, foreign actors — the worst offenders being Russia, China, Iran and North Korea — are penetrating our digital infrastructure and conducting a range of cyber intrusions and attacks against targets in the United States.”15 The federal government is issuing similar reports and warnings daily. At a hearing on this Motion, Plaintiffs will present expert testimony that makes plain to this Court what the U.S. government and private researchers already know — Georgia’s voting system is a catastrophically open invitation to malicious actors intent on disrupting our democracy. 8. Conclusion – Plaintiffs are Likely to Succeed on the Merits On the basis of the foregoing, as to Plaintiffs’ fundamental right to vote claim (Count One), Plaintiffs are likely to succeed at trial on the merits by establishing with overwhelming evidence that Georgia’s DRE voting system is extremely vulnerable to attack, by design is unverifiable, and has been further 15 Remarks of D. Coats to Hudson Institute, July 17, 2018. Transcript available at https://www.npr.org/2018/07/18/630164914/transcript-dan-coats-warns-of-continuing-russiancyberattacks. (Last viewed July 30, 2018). Page 19 compromised by the Defendants’ neglect. Plaintiffs will further show that the risk that votes will be miscounted or diluted outweighs any interest of the State in insisting upon the continued use of these machines. Crawford, 553 U.S. at 190. As to Plaintiffs’ claim under the Equal Protection Clause (Count Two), Plaintiffs will likely succeed in establishing that users of DRE machines are “less likely to cast an effective vote” than users of paper ballots because of the foregoing vulnerability and flaws in the DRE voting system. Wexler, 452 F.3d at 1231. B. Plaintiffs Are Likely to Suffer Irreparable Harm The harm to Plaintiffs if the injunction is not granted is by its very nature irreparable. Voting is a “fundamental political right, because preservative of all rights.” Yick Wo v. Hopkins, 118 U.S. 356, 370 (1886). There will be no remedy – through damages or otherwise – if the DRE system fails to issue correct ballots or count the votes in the November and December 2018 elections correctly. Defendants may contend that Plaintiffs cannot prove to a metaphysical certitude that the DREs will miscount their votes. This argument misstates the legal test and miscomprehends the nature and extent of the threatened injuries. First, the test for granting equitable relief is not whether injury is certain to occur, but whether it is “likely” to occur. Winter, 555 U.S. at 20. Plaintiffs have shown that, unless this injunction is granted, the legitimacy of Georgia’s election results will be cast into doubt and irreparable harm is likely to occur to the right of voters Page 20 to have their votes correctly counted. Second, the likely miscounting of any votes infringes upon Plaintiffs’ constitutional rights. Anderson v. United States, 417 U.S. 211, 226 (1974) (Marshall, J.) (“The deposit of forged ballots in the ballot boxes, no matter how small or great their number, dilutes the influence of honest votes in an election, and whether in greater or less degree is immaterial.”). Third, Georgia’s use of paperless electronic voting system undoubtedly increases the risk of irreparable harm, and the increased risk of harm constitutes actual injury. See Monsanto Co. v. Geerston Seed Farms, 561 U.S. 139, 153-154 (2010) (“A substantial risk of gene flow injures respondents in several ways”); Massachusetts v. E.P.A., 549 U.S. 497, 526 (2007) (“The risk of catastrophic harm, though remote, is nevertheless real.”); Farmer v. Brennan, 511 U.S. 825, 828 (1994) (“‘A prison official's ‘deliberate indifference’ to a substantial risk of serious harm to an inmate violates the Eighth Amendment.”). Indeed, the actual harm with respect to Plaintiffs’ equal-protection claim is the increased risk that DRE votes will not be counted correctly or verified in postelection challenges relative to verifiable paper ballots. Wexler, 452 F.2d at 1231. That harm – the increase in the risk - is certain to occur. Finally, the widespread acceptance of the legitimacy and accuracy of an election is itself a value that is certain to be irreparably harmed if the election goes forward using Georgia’s profoundly vulnerable and concededly unverifiable Page 21 system. What Judge Biery said in Casarez v. Valverde County over twenty years ago unquestionably remains true today: “‘Those who have studied history and have observed the fragility of democratic institutes in our own time realize that one of country’s most precious possessions is . . . widespread acceptance of election results.’” 957 F. Supp. 847, 865 (W.D. Tex. 1997) (citation omitted). C. Balance of Equities Favors Granting the Injunction The balance of equities tips heavily in Plaintiffs favor. On the one hand, the weight of Plaintiffs’ equities is substantial. “No right is more precious in a free country than that of having a voice in the election of those who make the laws under which, as good citizens, we must live. Other rights, even the most basic, are illusory if the right to vote is undermined.” Wesberry, 376 U.S. at 17. On the other hand, the injunction will not cause Defendants substantial harm, but will merely require Defendants to do what every federal agency on record has urged the State to do: use paper ballots to record votes. An injunction also will not cause Defendants to do anything new. Defendants already record votes by paper ballot and count them by optical scanner or by hand; the injunction will of course cause a substantial increase in the number of votes cast by paper ballot, but the actual burden of this change on the Defendants will be slight. Indeed, the cost of additional paper ballots and associated supplies (felt tip pens, cardboard privacy screens) is likely to be more than offset by the savings Page 22 associated with not having to deploy tens of thousands of labor-intensive DRE machines. The State of Maryland in 2016 switched from the type of DRE machines that Georgia uses to the paper ballot/optical scanner process that would be deployed if this preliminary injunction were granted. Rebecca Wilson, Chief Election Judge at Precinct 17-01 in Prince George’s County, Maryland, states in her declaration that Maryland’s paper ballot system “is far easier and faster to set up, manage and close down” than were the previous DRE machines. (Wilson Decl. ¶ 5). Ms. Wilson’s highly detailed declaration shows how the number of steps necessary to set up and close down the paper ballot and optical scanning system is a small fraction of the effort to set up and close down the DRE machines in her precinct. (Wilson Decl. ¶¶ 6-12). Wilson further explains that it took little or no pollworker training to make the switch, and that “[v]oters have expressed to me that they were happy with the new paper balloting equipment.” (Wilson Decl. ¶¶ 13-17, 26). Indeed, even this framing of the issue is overly generous to Defendants, for these cost estimates do not measure the astronomical cost to the State if the election is hacked. Finally, District Courts have repeatedly found that fundamental voting rights outweigh the administrative cost associated with fixing election systems or procedures. An illustrative case is NAACP v. Cortes, 591 F. Supp. 2d 757 (E.D. Pa. 2008). In Cortes, the plaintiff sued seven days before the 2008 general Page 23 election, seeking an injunction addressing Pennsylvania’s contingency plans in the event that the DREs in a polling place malfunctioned. The District Court granted the injunction and issued an order requiring the Secretary of the Commonwealth to direct County Boards to distribute paper ballots whenever 50% of the electronic voting machines in a precinct became inoperable. The District Court rejected as factually unfounded the defendants’ arguments that changing the rule as to use of paper ballots would “cause chaos and confusion,” and that poll workers had not been trained as to the simultaneous use of paper ballots and DRE machines. While the court agreed that the suit was filed “at the eleventh hour,” the court found that “the granting of injunctive relief as requested will cause minimal harm to defendants.” 591 F. Supp.2d at 763, 768. Other district courts have reached the same conclusion in cases involving election systems and processes. “Although these reforms may result in some administrative expenses for Defendants, such expenses are likely to be minimal and are far outweighed by the fundamental right at issue.” United States v. Berks County, 250 F. Supp. 2d 525, 541 (E.D. Pa. 2003) (granting preliminary injunction); see also Johnson v. Halifax County, 594 F. Supp. 161, 171 (E.D.N.C. 1984) (granting preliminary injunction, finding that administrative and financial burdens on defendant not undue in light of irreparable harm caused by unequal opportunity to participate in county election). Page 24 D. Injunction Is in the Public Interest The requested relief is in the public interest because it is in accord with the unanimous, and urgent, recommendations from officials at the highest levels of the Federal Government. In addition, public confidence in Georgia’s election systems will be greatly enhanced by the granting of the requested relief. “‘The public must have confidence that the election process is fair.’” Casarez, 957 F. Supp. at 865 (granting preliminary injunction in election case) (citation omitted). The preliminary injunction requested by the Coalition Plaintiffs is manifestly in the public interest. CONCLUSION For the foregoing reasons, the Motion should be granted. This 3rd day of August, 2018. /s/ Bruce P. Brown Bruce P. Brown Georgia Bar No. 064460 BRUCE P. BROWN LAW LLC Attorney for Coalition for Good Governance 1123 Zonolite Rd. NE Suite 6 Atlanta, Georgia 30306 (404) 881-0700 /s/ Robert A. McGuire, III Robert A. McGuire, III Admitted Pro Hac Vice (ECF No. 125) Attorney for Coalition for Good Governance ROBERT MCGUIRE LAW FIRM 113 Cherry St. #86685 Seattle, Washington 98104-2205 (253) 267-8530 Page 25 /s/ William Brent Ney William Brent Ney Georgia Bar No. 542519 Attorney for Coalition for Good Governance, William Digges III, Laura Digges, Ricardo Davis, and Megan Missett NEY HOFFECKER PEACOCK & HAYLE, LLC 1360 Peachtree Street NE Atlanta, Georgia 30309 (404) 842-7232 /s/ Cary Ichter CARY ICHTER Georgia Bar No. 382515 Attorney for Coalition for Good Governance, William Digges III, Laura Digges, Ricardo Davis and Megan Missett ICHTER DAVIS LLC 3340 Peachtree Road NE Suite 1530 Atlanta, Georgia 30326 (404) 869-7600 Page 26 IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION DONNA CURLING, ET AL., Plaintiffs, Civil Action No. 1:17-CV-2989-AT v. BRIAN KEMP, ET AL., Defendants. CERTIFICATE OF COMPLIANCE I hereby certify that the foregoing document has been prepared in accordance with the font type and margin requirements of LR 5.1, using font type of Times New Roman and a point size of 14. /s/ Bruce P. Brown Bruce P. Brown Georgia Bar No. 064460 BRUCE P. BROWN LAW LLC Attorney for Coalition for Good Governance 1123 Zonolite Rd. NE Suite 6 Atlanta, Georgia 30306 (404) 881-0700 Page 1 IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION DONNA CURLING, ET AL., Plaintiffs, Civil Action No. 1:17-CV-2989-AT v. BRIAN KEMP, ET AL., Defendants. CERTIFICATE OF SERVICE This is to certify that I have this day caused the foregoing COALITION PLAINTIFFS’ BRIEF IN SUPPORT OF MOTION FOR PRELIMINARY INJUNCTION to be served upon all other parties in this action by via electronic delivery using the PACER-ECF system. This 3RD day of August, 2018. /s/ Bruce P. Brown Bruce P. Brown Georgia Bar No. 064460 BRUCE P. BROWN LAW LLC Attorney for Coalition for Good Governance 1123 Zonolite Rd. NE Suite 6 Atlanta, Georgia 30306 (404) 881-0700 Page 2 IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION DONNA CURLING, ET AL., Plaintiffs, Civil Action No. 1:17-CV-2989-AT v. BRIAN KEMP, ET AL., Defendants. DECLARATIONS IN SUPPORT OF PLAINTIFFS’ MOTION FOR PRELIMINARY INJUNCTION August 3, 2018 Umnr>m>joz O.H U. wmeI>mU   UNITED STATES DISTRICT COURT FOR  THE NORTHERN DISTRICT OF GEORGIA  ATLANTA DIVISION    )  )  )  )  )  )  )  )  )  )  )  )    DONNA CURLING, et al.    Plaintiff,    vs.    BRIAN P. KEMP, et al.    Defendant.          CIVIL ACTION FILE NO.:  1:17-cv-2989-AT          DECLARATION OF MATTHEW D. BERNHARD      MATTHEW D. BERNHARD   ("Declarant") hereby declares as follows:  1. I am Ph.D. candidate at the University of Michigan in Computer Science with a  focus on computer security. I received my Bachelor’s degree from Rice University, and my  Master’s in Computer Science from the University of Michigan.     2. I have focused my study in the field of computer science, including cyber-security  in voting systems since 2012, including specific work on new, secure voting technology (the  STAR-Vote system from Austin, Texas). I have worked with the Verified Voting Foundation on  gathering data about currently deployed voting systems. I consulted with the Jill Stein recount  campaign in 2016 to assess threat models and incident reports in Michigan, Wisconsin, and  Pennsylvania. I have also worked with other experts in the field to provide a theoretical survey of  properties of election security.    3. Following the 2016 recount, I, along with a colleague,  performed a statistical  analysis of the data generated in the 2016 recounts in Wisconsin and Michigan. Our findings  highlighted a lack of strong evidence towards concluding that the 2016 election was sufficiently  secured in those states, as well as highlighting some anomalous data. For example, our findings  indicated that the Optech IIIP­Eagle machines in use in some Wisconsin counties had a  significantly high error rate. These machines were subsequently decertified and taken out of use  in Wisconsin. We also found significant anomalies in Michigan’s Wayne County, owing to the  fact that the chain of custody had been compromised in almost half of precincts. In response to    1  BERNHARD DECLARATION these anomalies, the state launched an investigation into Wayne county and subsequently  purchased new voting equipment for the whole of the state.     4. During the last 8 months I have conducted focused research on Diebold AccuVote  voting system, of the type used by Georgia, with a specific emphasis on TS and TSX machines.  That research has included in­lab testing at the University of Michigan on machines acquired  through eBay, during which we performed an in­depth technical analysis of the systems and  found significant vulnerabilities. I have also on several occasions observed AccuVote units in the  field in Georgia, both at the Fulton County Election Preparation Center on multiple occasions  and at the Grady High School precinct during an election. As with lab testing, I observed a  significant number of operational vulnerabilities that make Georgia’s election infrastructure  fundamentally unsafe and untrustworthy.     5. I have  published and spoken extensively about the cybersecurity and other risks  of electronic voting systems and have assisted in preparation of other experts for Congressional  testimony concerning these topics.    6. A copy of my curriculum vitae is attached as Exhibit A.  T I   7. Paperless voting machines, of the type used in Georgia, directly record votes to an  electronic storage medium. Such machines are called Direct Recording Electronic voting  machines, or DREs for short.     8. As DREs only record votes to an electronic medium, e.g. a USB stick, a voter has  no way of independently verifying that the button they touched on the screen is what the machine  recorded in memory. Other voting mechanisms, like paper ballots, provide this feature, which is  called a voter­verifiable paper audit trail (VVPAT).  VVPATs allow voters to check that the vote  cast is the vote they intended, independent of the system itself.     9. As DREs do not have this feature, it is impossible for a voter to check that their  vote was recorded as they intended. Since voters are stored solely in memory, if something in the  software were causing votes to be misrecorded, such an error could similarly cause the system to  misreport that it was correctly recording votes. If the system is not correctly recording votes,  either in error or out of malice, there is no way to tell. Any assurance provided by the machine  would be akin to a criminal insisting that he did not commit the crime­­­other evidence is needed  to corroborate the claim.    10. Because DREs provide no way to independently verify that votes are correctly  recorded, security experts strongly recommend against their use with near unanimity, a  recommendation with which I concur.     11. DREs are essentially just regular computers, often running the same software as a  commodity laptop. Like any regular computer, DREs are vulnerable to any kind of malicious    2  BERNHARD DECLARATION exploitation, and in fact often moreseo as they typically run out­of­date software that lacks  critical security patches. Exploitable vulnerabilities in DREs run the full gamut: buffer overflows  in the vote recording software, privilege escalation bugs in the operating system, improper  checksum verification by the bootloader, and architectural flaws such as improper use of voter  authentication technologies are just a few examples at various levels of the DRE system. Using  one of these exploitations, an attacker can make the DRE do just about anything. For example,  my academic advisor made one such DRE, the Sequoia AVC Edge, run Pac­Man. There is  nothing different about Georgia’s voting system that would prevent a similar exploitation. This  level of vulnerability makes it exceedingly possible for DREs to be infected with software that  does not accurately record votes.     12. Since DREs have no way to independently verify votes as recorded, any software  that could change votes could do so undetected. Since DREs are not made available for public  auditing, there is no way to determine if their software has been modified in anyway. Even if  such an audit were to be performed, it is still not certain that it would definitively prove the  machines are free from infection. As such, for the individual voter and election official, there is  no way to know that a DRE machine has accurately recorded votes. These machines could  essentially output random results and, barring results that prove surprising in light of other  evidence, no one would know. Worse, even if suspicions about incorrect election results were  raised, DREs provide no recourse to explore, detect, or correct for these mistakes. In short, DREs  are in no way fit to be trusted with any election process.         13. Other experts in the field of voting system security and computer science and I  rely on a body of academic research conducted over the years that includes the following key  reports as summarized in paragraphs 14 through 25.     14. Kohno et al.’s 2004 “Analysis of an Electronic Voting System”1 report is the first  independent security analysis of a Diebold voting system that I am aware of. The report focuses  on the election management system (EMS) and AccuVote TS machine, the same that is used in  Georgia. The report’s authors found that it is possible to create voter access cards which enable  the voter to vote an unlimited number of times. The report also highlighted numerous  vulnerabilities in the source code that can be exploited to gain complete control over the voting  system as well as show how each voter voted. This report spurred the commissioning of  additional analyses of the AccuVote TS by the states of Ohio (Compuware2) and Maryland  (SAIC3, RABA4). All of these reports corroborated the findings of Kohno et al., even  implementing voter access cards granting unlimited votes.       3  BERNHARD DECLARATION 15. An independent study on behalf of Blackbox Voting was conducted by Harri  Hursti in 2006,5 following the work of Kohno et al. This study looked exclusively at the  AccuVote TS and TSX machines. This report explains the vulnerabilities present in Windows  CE, the operating system of the machines, which provides almost no security beyond what an  application itself can provide. Essentially, rather than attacking the voting software itself, an  attacker can attack the operating system to completely control the system, or, at a lower level, the  bootloader. The report also notes that the machine lacks physical security: with just a Philips  head screwdriver an attacker can completely circumvent the locks and seals meant to protect the  internals of the machine. With this level of vulnerability, an attacker can coerce the voting  machine into doing anything.      16. A contemporaneous 2006 study done at Princeton by Feldman et al.6 examined  just the AccuVote TS. This study confirmed findings of prior work. Additionally, this study  implemented a new attack, whereby software designed to steal votes (a virus) is installed on the  machine by exploiting the vulnerabilities highlighted in previous work. Once on the machine, the  virus can completely change votes, and additionally make copies of itself onto any removable  media that is plugged into the machine. In this way, an attacker with access to only one voting  machine can potentially infect an entire precinct, county, or in Georgia’s case, state, as the  software reproduces in an exponential fashion with each new infection. Some of the  vulnerabilities highlighted in the study are hardware­based, and thus not patchable. These  vulnerabilities exist in the machines to this day. The study also found that logic and accuracy  testing and parallel testing, methods to detect and reduce machine errors, do not detect any  malicious behavior by the machine.     17. Kiayias et al., researchers from the University of Connecticut,7 built on Hursti and  Feldman et al., designing an attack against the AccuVote TSX machine that could swap  candidate order or remove a candidate from the ballot by exploiting many of the vulnerabilities  pointed out in the earlier studies.     18. The Top­to­Bottom Review (TTBR),8 commissioned by the State of California in  2007, found that every component of Diebold voting systems, of the type used in Georgia, were  riddled with vulnerabilities. With access only to the election management system (EMS, called  GEMS by Diebold) and a few of the machines, researchers found vulnerabilities  which, if  exploited, permit attackers to gain full access to the election management system and complete  control of individual voting machines, including the ability to surreptitiously add, delete, or  change votes.  The EMS was found to have insufficient passwords, integer overflow bugs, no  security enforcement outside the graphical user interface, and lack of critical security patches to  the Windows operating system it runs on. Essentially, an attacker could modify any data in the  EMS (ballot styles, vote databases, etc.) as well as gain control of the operating system. The  TTBR corroborated prior work about significant, numerous vulnerabilities in the voting  machines and expanded it, finding a lack of input validation in voter­accessible fields that lead to    4  BERNHARD DECLARATION erratic behavior, privilege escalation that would enable a voter to gain full administrative control  over the voting machine with little to no effort, and that election administrator credentials can be  extracted from the memory cards used to store votes during the close of election process. The  TTBR also found that the machines expose how voters vote.     19. The EVEREST report9 commissioned by the State of Ohio in 2007  corroborated  the TTBR and found similar issues in Premier (Diebold) systems. In addition to further  confirming prior work, EVEREST also examined ExpressPoll books, computers used to verify  voter registration data and authorized voters to vote on election day. The ExpressPoll, considered  to be a critical component of Georgia’s DRE election system, was found to have similar  vulnerabilities to the other systems already studied: lack of security patches, unencrypted voter  records, and insecure booting procedures that allow an attacker to run any software, including  malware, on the unit. EVEREST also found new vulnerabilities in GEMS and the AccuVote  TSX, including key reuse, unauthenticated log access (anyone can forge an audit log), a shared  SSL certificate between the EMS and TSX, allowing an attacker to impersonate the EMS and  upload fake election results, lack of accurate security protections on data keys, BIOS password  reuse that would allow an attacker to run arbitrary software, and unpatched operating system  vulnerabilities that allow an attacker to gain full access to the EMS or voting machine.    20. The Florida Department of State commissioned a study of Diebold voting  software in 200710 to examine Diebold election management software, touch­screen voting  machines, and optical scan voting machines. This report was independent and contemporaneous  with the EVEREST and TTBR reports. The study focused only on corroborating prior  vulnerability findings from Hursti, Feldman et al., Kohno et al., Ohio’s Compuware assessment,  and Maryland’s RABA and SAIC reports. The study found that some issues from prior source  code reviews had been fixed in in­the­field machines, but many other attack vectors, like  unlimited votes with smart cards or operating system vulnerabilities had not been fixed and still  presented an avenue for attack.     21. All of these studies explore electronic voting systems used in Georgia. Much of  the research was conducted on BallotStation versions 4.3, 4.4.1, and 4.6.4. While the version  used in Georgia, 4.5.2! has a high overlap in functionality and form to these previously studied  systems, it is not known how much functionality, and by extension vulnerability, overlap.  However, given that many of the vulnerabilities above rely on the architecture of the voting  system, not particular features of the software, it is almost certain that they apply to Georgia’s  system.     22. A few cursory examples of vulnerabilities that apply to Diebold software,  regardless of version, include the smartcard vulnerabilities, wherein any malicious party can craft  a smartcard that impersonates a voter access card but which ignores the machine’s command to  deactivate itself. In effect, voter cards which allow an unlimited number of votes are still possible  in the Georgia system.       5  BERNHARD DECLARATION 23. Georgia’s system still runs on Windows CE, an operating system which has not  been supported in 5 years. This means that critical security patches that would mitigate some of  the lower­level attacks proposed and implemented above simply do not exist. As the operating  system is over twenty years old, it lags behind the two decades of computer security research and  is extremely vulnerable to a wide variety of attacks that Diebold’s software, regardless of  version, cannot defend against. If Diebold’s software is a house, the operating system is the  foundation upon which the house is built. No amount of drywall repair can fix a cracked  foundation.      24. Georgia’s voting machine are still programmed using PCMCIA memory cards,  and any piece of software hosted on such a memory card can infect the voting machine, as the  Princeton study demonstrated. Officials are quick to claim that the machines are not connected to  the Internet, and therefore secure, but as we have witnessed in the Stuxnet episode11 as well as  recent Russian attempts to infiltrate other critical infrastructure,12 this does not prevent malware  from coming in contact with the voting machines.    25. Finally, the fundamental architecture of Georgia’s voting machines, specifically  the AccuVote TS and AccuVote TSX, prevent them from providing reliable evidence that the  election results they produce are correct. Votes merely exist on memory cards, and any source of  error, malice, or act of god can change the votes and leave absolutely no indication that such a  change has occurred. Even if such a change were detected, all original evidence of voter intent  no longer exists, so it is not possible to reconstruct a correct election result. In short, Georgia’s  voting machines fail to meet the burden of proof for accurate, verifiable election outcomes: a  durable record of voter intent. For this reason, these machines are unfit for use in any electoral  context.     M D 26. In recent months my academic advisor and I have begun replicating past research  into AccuVote TS and TSX machines, as well as attempting to find new vulnerabilities in more  recent versions of the software. As Georgia’s software is totally unavailable, my efforts have  primarily focused on BallotStation 4.7.     27. We have successfully recreated the unlimited voter access card attack, and I am  confident that, given just a few seconds with access to one of Georgia’s voting machines, I could  very easily produce a card that would let any Georgia voter vote as many times as they would  like.     28. We have observed that more recent versions of the voting software application,  BallotStation, does include fixes for some of the more egregious vulnerabilities found in prior    6  BERNHARD DECLARATION work. For instance, votes are no longer stored completely in plaintext, and the cryptographic key  used on each machine is now no longer the same. However, the fixes put in place are fairly easily  defeated: malware can read the keys out of memory and decrypt votes.     29. The physical security of the machines is easily defeated. The AccuVote TS  machines have their memory cards and power buttons protected by a lock that is keyed by the  same key used in minibars and jukeboxes, which is readily available for purchase online. Failing  this, the locks can be picked in under 10 seconds. The power button and memory card are  protected in a similar fashion on the TSX, however the lock used on that machine is a cylindrical  lock. I can pick this lock in less than ten seconds with nothing but a BIC pen. Video of my first  attempt at this can be found here:  https://www.youtube.com/watch?v=vqNJL0fYwSk .     30. Vote­stealing software that changes votes in an undetectable way has been put on  TSX machines by my advisor and I, targeting the 4.6.4 version of BallotStation. We  demonstrated this for the New York Times here:  https://www.nytimes.com/video/opinion/100000005790489/i-hacked-an-election-so-can-the-russ ians.html     31. We have observed that the seals used to secure individual voting machines after  the close of polls may be purchased on Amazon13. If an attacker were to break off a seal, it would  be easy to simply replace it, and etch the serial number of the broken seal on the replacement  seal. The same can be said for the cable ties used to secure the voting machines in a precinct to  each other.     32. In short, with even a short window of access to one of Georgia’s voting machines,  it would be easy for an attacker to install undetectable vote­stealing software. I have personally  observed Georgia election workers leave voting equipment unattended and insufficiently sealed  to prevent tampering within the last 30 days.     33. Due to the architectural flaws of the system, and failures in operational security at  many levels, it is not possible for any person to faithfully attest that each voting machine in the  state of Georgia is free from malware that could affect election results.     N 34. After the primary on Tuesday, July 24th, 2018, I and my colleagues observed the  close of polls at Grady High School in Atlanta, Georgia. After the poll workers had closed down  the polling place, they stacked the voting machines and sealed them. At this point, they all left  the gym, leaving myself and my colleagues alone with the voting machines, with only one  security camera watching over us. It would have been very easy for an attacker to disable the  camera and modify the voting machines without detection. As the results of the Princeton study  demonstrate, it only takes one lapse for a virus to propagate from machine to machine, silently  changing votes all over the state of Georgia. As mentioned above, the seals and cable locks on    7  BERNHARD DECLARATION the machines are available for purchase, so they provide no security against this kind of attack.     35. I have also on several occasions visited the Fulton County Election Preparation  Center in 2017 and 2018. On several occasions, I was allowed to roam the warehouse where all  of Fulton County’s voting machines are programmed, serviced, and stored, as well as where  election night results are tabulated and published. The facility was wholesale lacking in  operational security necessary to protect Georgia’s machines from tampering or misuse.     36. In the Fulton County Election Preparation Center warehouse, I witnessed      a. stacks of voter access and supervisor cards that could easily be stolen,  with no chain of custody to ensure none have left the facility,    b. printouts of password sheets are pasted all over the facility, divulging  passwords that would allow anyone to render voting machines  unusable,     c. stacks of memory cards were strewn about during the election  programming process, as many cards are programmed at once using  card replicators. If a virus were present on even one of these memory  cards, the card replicators would ensure that the virus could spread  even more quickly than first imagined in the Princeton study,     d. I was able to learn the three­digit password for the code­protected door  into the facility while being invited in by a poll worker, and     e. the election prep center has no surveillance on its exterior, save for a  motion detector, and the security cameras inside the facility are often  obstructed by the high warehouse shelves.     37. In Fulton County, votes are transmitted on election night from annexes via  modem, meaning that all ballots from the annexes are sent unencrypted to the tabulation server.  An employee reported that occasionally the phone lines leading into the tabulation server receive  telemarketing calls.    38. Votes transmitted via modem are routed using AccuVote TSX machines into the  tabulation server. Given the vulnerabilities present in the machine, any malware resident on these  machines could very efficiently change election results.     39. In June of 2018 at the Fulton County Election Preparation Center, I observed the  logic and accuracy testing performed on the voting machines before they are sent to their  precincts. These tests are fully automated, and could be easily defeated by malware that simply  kept track of the date. In 2015, it came to light that Volkswagen had written software in their cars    8  BERNHARD DECLARATION to fool emissions tests in just this way, and a voting machine logic and accuracy test is far more  simple than an automobile emissions test.14      40. I understand that four poll books in Georgia were stolen in April 201715. This  raises additional security concerns. The poll books contain an encryption key to generate voter  access cards (VACs).  Someone in possession of the poll books could, thus, extract these keys  and use them later to generate VACs that could be used to cast illegal votes, as discussed above.  To address the threat posed by this breach of security, it would be necessary to generate new  encryption keys and install them in all poll books and voting machines.        ADVANCED PERSISTENT THREAT  41. Advanced Persistent Threats (APTs) are cyber attackers that specialize in gaining  unauthorized access to system and maintain that access over a long period of time, undetected. In  order to defend against these kinds of attackers, an incredibly high level of security discipline is  required. After a period of vulnerability, it is a significant effort to identify the presence of APTs  and successfully eliminate their access.    42. Advanced Persistent Threat actors often try to penetrate critical infrastructure  systems in order to gain access, gather intelligence, and gain the ability to create damage at a  time of their choosing. As one example, Exhibit B is an FBI bulletin from 2013 on Advanced  Persistent Threat actors’ attacks against the aviation sector. Exhibit C is a more recent alert from  the Department of Homeland Security, revised on August 23, 2017, detailing activities by “actors  of the North Korean government to target the media, aerospace, financial, and critical  infrastructure sectors in the United States and globally.”    43. Given my knowledge and study of cybersecurity as it pertains to voting systems,  it is extremely likely that APTs are trying to access and manipulate election systems. Given the  level of vulnerability present in Georgia’s voting system, it is a near certainty that if an APT has  tried to get in, it has succeeded. As I myself have gained access to Georgia’s election system, it is  certainly true that a well resourced and motivated attacker could do so as well.    44. A massive, time­consuming effort would be required to address the security  breaches that occurred in Georgia, requiring experienced technicians to give hands­on attention  to individual machines (tens of thousands of pieces of equipment), one at a time.  The memory  cards also would need to be disinfected or replaced. Such an effort could mitigate the potential  effects of past breaches but future breaches would still be possible.       9  BERNHARD DECLARATION 45. Due to the apparent lack of chain of custody of election equipment in Georgia,  specifically voter cards and memory cards, Georgia would have to first provide a way to  exhaustively inventory every piece of election equipment in its possession, and then  meticulously scrub each component to ensure no malware persists. Such an effort would be  enormously costly, and potentially not possible.    46. Even if such a task could be completed, if at any time in the future another  exposure or breach occurs, the entire process would have to be repeated, again at enormous cost.    47. Because of the vulnerability of Georgia’s voting system to software manipulation,  and because of intelligence reports about APTs having attempted to affect elections in the United  States, such precautions appear to be necessary in Georgia. Without significant effort to detect  and revoke access to attackers, the ability for Georgia’s voting systems to correctly carry out  elections should be viewed with even greater skepticism.     48. DREs are fundamentally unable to provide sufficient evidence that the election  results they produce are correct. Given Georgia’s reliance on these machines, and known security  breaches in 2016 and 2017, and the significant challenges to mitigate current vulnerabilities in  the system, it is my opinion that Georgia, in order to effectively run its elections, must abandon  its DREs prior to the upcoming November election.      49. I have reviewed the affidavits and exhibits listed in paragraph _____ of the  Motion for Preliminary Injunction, as well as additional documentation of numerous similar  irregularities from recent elections. The errors reported are consistent with the kinds of errors I  would expect to see generated by malware, programming errors, or other sources of computer  system malfunction.  The Diebold DRE system, including the ExpressPollbook, is known to be  vulnerable to malicious manipulation that would produce such errors. Without a forensic  examination of the machines involved in the reports, the reported errors cannot be explained to  any degree of certainty.  In some cases, the lack of a reliable audit trail and the ability for  malicious users to install undetectable malware could result in the original source of the  irregularities and malfunctions being indeterminable even in spite of a forensic examination.     50. I declare under penalty of perjury, in accordance with 28 U.S.C. § 1746, that the  foregoing is true and correct.      Executed on this date, August 2, 2018.    3     Matthew D. Bernhard    10  BERNHARD DECLARATION BERNHARD DECLARATION _I> any any (msg:"DPRK_HIDDEN_COBRA_DDoS_HANDSHAKE_SUCCESS"; dsize:6; flow:established,to_server; content:" 18 17 e9 e9 e9 e9 "; fast_pattern:only; sid:1; rev:1;) ________________________________________________________________ alert tcp any any -> any any (msg:"DPRK_HIDDEN_COBRA_Botnet_C2_Host_Beacon"; flow:established,to_server; content:" 1b 17 e9 e9 e9 e9 "; depth:6; fast_pattern; sid:1; rev:1;) ________________________________________________________________ YARA Rules { meta: description = “RSA Key” strings: $rsaKey = {7B 4E 1E A7 E9 3F 36 4C DE F4 F0 99 C4 D9 B7 94 A1 FF F2 97 D3 91 13 9D C0 12 02 E4 4C BB 6C 77 48 EE 6F 4B 9B 53 60 98 45 A5 28 65 8A 0B F8 39 TLP:WHITE BERNHARD DECLARATION TLP:WHITE 73 D7 1A 44 13 B3 6A BB 61 44 AF 31 47 E7 87 C2 AE 7A A7 2C 3A D9 5C 2E 42 1A A6 78 FE 2C AD ED 39 3F FA D0 AD 3D D9 C5 3D 28 EF 3D 67 B1 E0 68 3F 58 A0 19 27 CC 27 C9 E8 D8 1E 7E EE 91 DD 13 B3 47 EF 57 1A CA FF 9A 60 E0 64 08 AA E2 92 D0} condition: any of them } ________________________________________________________________ { meta: description = “DDoS Misspelled Strings” strings: $STR1 = "Wating" wide ascii $STR2 = "Reamin" wide ascii $STR3 = "laptos" wide ascii condition: (uint16(0) == 0x5A4D or uint16(0) == 0xCFD0 or uint16(0) == 0xC3D4 or uint32(0) == 0x46445025 or uint32(1) == 0x6674725C) and 2 of them } ________________________________________________________________ { meta: description = “DDoS Random URL Builder” strings: $randomUrlBuilder = { 83 EC 48 53 55 56 57 8B 3D ?? ?? ?? ?? 33 C0 C7 44 24 28 B4 6F 41 00 C7 44 24 2C B0 6F 41 00 C7 44 24 30 AC 6F 41 00 C7 44 24 34 A8 6F 41 00 C7 44 24 38 A4 6F 41 00 C7 44 24 3C A0 6F 41 00 C7 44 24 40 9C 6F 41 00 C7 44 24 44 94 6F 41 00 C7 44 24 48 8C 6F 41 00 C7 44 24 4C 88 6F 41 00 C7 44 24 50 80 6F 41 00 89 44 24 54 C7 44 24 10 7C 6F 41 00 C7 44 24 14 78 6F 41 00 C7 44 24 18 74 6F 41 00 C7 44 24 1C 70 6F 41 00 C7 44 24 20 6C 6F 41 00 89 44 24 24 FF D7 99 B9 0B 00 00 00 F7 F9 8B 74 94 28 BA 9C 6F 41 00 66 8B 06 66 3B 02 74 34 8B FE 83 C9 FF 33 C0 8B 54 24 60 F2 AE 8B 6C 24 5C A1 ?? ?? ?? ?? F7 D1 49 89 45 00 8B FE 33 C0 8D 5C 11 05 83 C9 FF 03 DD F2 AE F7 D1 49 8B FE 8B D1 EB 78 FF D7 99 B9 05 00 00 00 8B 6C 24 5C F7 F9 83 C9 FF 33 C0 8B 74 94 10 8B 54 24 60 8B FE F2 AE F7 D1 49 BF 60 6F 41 00 8B D9 83 C9 FF F2 AE F7 D1 8B C2 49 03 C3 8B FE 8D 5C 01 05 8B 0D ?? ?? ?? ?? 89 4D 00 83 C9 FF 33 C0 03 DD F2 AE F7 D1 49 8D 7C 2A 05 8B D1 C1 E9 02 F3 A5 8B CA 83 E1 03 F3 A4 BF 60 6F 41 00 83 C9 TLP:WHITE BERNHARD DECLARATION FF F2 AE F7 D1 49 BE 60 6F 41 00 8B D1 8B FE 83 C9 FF 33 C0 F2 AE F7 D1 49 8B FB 2B F9 8B CA 8B C1 C1 E9 02 F3 A5 8B C8 83 E1 03 F3 A4 8B 7C 24 60 8D 75 04 57 56 E8 ?? ?? ?? ?? 83 C4 08 C6 04 3E 2E 8B C5 C6 03 00 5F 5E 5D 5B 83 C4 48 C3 } TLP:WHITE condition: $randomUrlBuilder } ________________________________________________________________   Impact A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include: temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation. Solution Mitigation Strategies Network administrators are encouraged to apply the following recommendations, which can prevent as many as 85 percent of targeted cyber intrusions. The mitigation strategies provided may seem like common sense. However, many organizations fail to use these basic security measures, leaving their systems open to compromise: 1. Patch applications and operating systems – Most attackers target vulnerable applications and operating systems. Ensuring that applications and operating systems are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker. Use best practices when updating software and patches by only downloading updates from authenticated vendor sites. 2. Use application whitelisting – Whitelisting is one of the best security strategies because it allows only specified programs to run while blocking all others, including malicious software. 3. Restrict administrative privileges – Threat actors are increasingly focused on gaining control of legitimate credentials, especially credentials associated with highly privileged accounts. Reduce privileges to only those needed for a user’s duties. Separate administrators into privilege tiers with limited access to other tiers. 4. Segment networks and segregate them into security zones – Segment networks into logical enclaves and restrict host-to-host communications paths. This helps protect sensitive information and critical services, and limits damage from network perimeter breaches. 5. Validate input – Input validation is a method of sanitizing untrusted input provided by users of a web application. Implementing input validation can protect against the security flaws of web applications by significantly reducing the probability of successful exploitation. Types of attacks possibly averted include Structured Query Language (SQL) injection, cross-site scripting, and command injection. 6. Use stringent file reputation settings – Tune the file reputation systems of your antivirus software to the most aggressive setting possible. Some anti-virus products can limit TLP:WHITE BERNHARD DECLARATION execution to only the highest reputation files, stopping a wide range of untrustworthy code from gaining control. TLP:WHITE 7. Understand firewalls – Firewalls provide security to make your network less susceptible to attack. They can be configured to block data and applications from certain locations (IP whitelisting), while allowing relevant and necessary data through. Response to Unauthorized Network Access Enforce your security incident response and business continuity plan. It may take time for your organization’s IT professionals to isolate and remove threats to your systems and restore normal operations. Meanwhile, you should take steps to maintain your organization’s essential functions according to your business continuity plan. Organizations should maintain and regularly test backup plans, disaster recovery plans, and business continuity procedures. Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, you are encouraged to contact DHS NCCIC (NCCICCustomerService@hq.dhs.gov or 888-282-0870), the FBI through a local field office, or the FBI’s Cyber Division (CyWatch@fbi.gov or 855-292-3937). Protect Against SQL Injection and Other Attacks on Web Services To protect against code injections and other attacks, system operators should routinely evaluate known and published vulnerabilities, periodically perform software updates and technology refreshes, and audit external-facing systems for known web application vulnerabilities. They should also take the following steps to harden both web applications and the servers hosting them to reduce the risk of network intrusion via this vector. Use and configure available firewalls to block attacks. Take steps to secure Windows systems, such as installing and configuring Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) and Microsoft AppLocker. Monitor and remove any unauthorized code present in any www directories. Disable, discontinue, or disallow the use of Internet Control Message Protocol (ICMP) and Simple Network Management Protocol (SNMP) as much as possible. Remove unnecessary HTTP verbs from web servers. Typical web servers and applications only require GET, POST, and HEAD. Where possible, minimize server fingerprinting by configuring web servers to avoid responding with banners identifying the server software and version number. Secure both the operating system and the application. Update and patch production servers regularly. Disable potentially harmful SQL-stored procedure calls. Sanitize and validate input to ensure that it is properly typed and does not contain escaped code. Consider using type-safe stored procedures and prepared statements. Audit transaction logs regularly for suspicious activity. Perform penetration testing on web services. Ensure error messages are generic and do not expose too much information. Permissions, Privileges, and Access Controls System operators should take the following steps to limit permissions, privileges, and access controls. Reduce privileges to only those needed for a user’s duties. TLP:WHITE BERNHARD DECLARATION Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network. TLP:WHITE Carefully consider the risks before granting administrative rights to users on their own machines. Scrub and verify all administrator accounts regularly. Configure Group Policy to restrict all users to only one login session, where possible. Enforce secure network authentication, where possible. Instruct administrators to use non-privileged accounts for standard functions such as web browsing or checking webmail. Segment networks into logical enclaves and restrict host-to-host communication paths. Containment provided by enclaving also makes incident cleanup significantly less costly. Configure firewalls to disallow Remote Desktop Protocol (RDP) traffic coming from outside of the network boundary, except for in specific configurations such as when tunneled through a secondary virtual private network (VPN) with lower privileges. Audit existing firewall rules and close all ports that are not explicitly needed for business. Specifically, carefully consider which ports should be connecting outbound versus inbound. Enforce a strict lockout policy for network users and closely monitor logs for failed login activity. Failed login activity can be indicative of failed intrusion activity. If remote access between zones is an unavoidable business need, log and monitor these connections closely. In environments with a high risk of interception or intrusion, organizations should consider supplementing password authentication with other forms of authentication such as challenge/response or multifactor authentication using biometric or physical tokens. Logging Practices System operators should follow these secure logging practices. Ensure event logging, including applications, events, login activities, and security attributes, is turned on or monitored for identification of security issues. Configure network logs to provide adequate information to assist in quickly developing an accurate determination of a security incident. Upgrade PowerShell to new versions with enhanced logging features and monitor the logs to detect usage of PowerShell commands, which are often malware-related. Secure logs in a centralized location and protect them from modification. Prepare an incident response plan that can be rapidly administered in case of a cyber intrusion. References [1] IBM. Actor Lazarus Group – Blog Post by IBM X-Force Exchange. [2] AlienVault. Operation Blockbuster Unveils the Actors Behind the Sony Attacks. [3] Symantec. Destover: Destructive Malware has links back to attacks on South Korea. [4] Symantec. Duuzer back door Trojan targets South Korea to take over computers. [5] FireEye. Zero-Day HWP Exploit. [6] US-CERT. Alert (TA14-353A) Targeted Destructive Malware. Original Release Date: 12/19/2014   Last revised: 9/30/2016 TLP:WHITE BERNHARD DECLARATION [7] Novetta. Operation Blockbuster Destructive Malware Report. TLP:WHITE Revisions June 13, 2017: Initial Release August 23, 2017: Updated YARA Rules and included MAR-10132963 (.pdf and .stix files) This product is provided subject to this Notification and this Privacy & Use policy. TLP:WHITE BERNHARD DECLARATION DECLARATION OF DANA BOWERS IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION DONNA CURLING, et al. Plaintiff, vs. BRIAN P. KEMP, et al. Defendant. ) ) ) ) ) CIVIL ACTION FILE NO.: ) 1:17-cv-2989-AT ) ) ) ) ) ) DECLARATION OF DANA BOWERS DANA BOWERS hereby declares as follows: 1. I am have been a Georgia voter since May 7, 2002 and am currently registered to vote at 3514 Debbie Ct. Duluth, GA 30097 I have been registered to vote at this address continuously since April 16, 2013. 2. When I have voted on Election Day, I have voted at Precinct 96 at 3180 Bunten Rd. Duluth, GA 30096 for 5 years, without a problem. 3. I am the Advocacy Coordinator in candidate Josh McCall’s campaign for the the 9th Congressional District. As a part of my McCall campaign work, I have been active in voter protection, voter outreach and voter registration activities. BOWERS DECLARATION 4. One of my responsibilities for the campaign is monitoring possible voting problems in the 9th Congressional District, which includes Hall County. 5. On approximately June 28, 2018 I received reports of a machine results tape in Hall County Precinct 10 that did not include the 9th Congressional District race in the May 22, 2018 primary election, which it should have, as well as other races (identified below). I received a photo of the key portion of the voting machine results tape (Exhibit 1) taken on election night by Kim Copeland, Chairman of the Hall County Democratic Party. I immediately undertook research on the discrepancy. That research is incomplete because Hall County has declined to fulfill my public records requests for information related to the discrepancy. 6. The photo of the results tape (Exhibit 1) shows that the following races were missing from the machine results tape in Hall County: • • • • • • • • • U.S. Representative, District 9 - REP U.S. Representative, District 9 - DEM State Senator, District 49 - REP State Representative, District 30 - REP State Representative, District 30 - DEM District Attorney, Northeastern Circuit - REP Solicitor General - R County Commissioner P1 - R County Commissioner P1 – D BOWERS DECLARATION 7. I obtained additional photos of machine tapes (Exhibit 2) from Alana Watkins, Democratic Candidate for State Representative in District 30, whose race was missing from the tape. The particular tape in question was for machine serial number 291032 and was printed at 9:59 pm. This was approximately 3 hours after the closing of the polls; tapes are required to be printed upon the closing of the polls. 8. I also obtained Mr. Copeland’s video recording of the Precinct 10 results tapes, that provided more data for comparison. The video shows that the pollworkers certified all results tapes on the door, including the tape from machine 291032 missing certain races. The video recording can be found at the following link: https://www.dropbox.com/s/ea0599yeo5kiy5u/Candler%20elec tion%20tape.mp4 9. On June 29, 2018 requested public records related to this discrepancy from Hall County Elections. After repeated emails, meetings, phone conversations and visits to her office, the majority of my requests for such public records have not been honored. The denial of access to public records has curtailed my ability to assess the cause of the problems or recommend mitigation efforts to Candidate Josh McCall. BOWERS DECLARATION 10. I attended the Hall County Board of Elections meeting on July 10, 2018 and presented my concerns. Other citizens presented similar concerns at the meeting. In response, Elections Director Lori Wurtz stated that there were “no discrepancies” and that the photo was not proof of a discrepancy. Ms. Wurtz did not provide any explanation for the missing races. The Board of Elections refused to discuss the issue and adjourned the meeting. 11. As noted above, I made repeated oral and formal written requests for the related public records without meaningful success. Hall County initially took the position that the public records at issue related to this litigation and were not to be shown to the public. 12. On July 13, 2018 the Hall County Board of Elections conducted a special meeting to go into executive session to discuss “threatened litigation,” and public records request. I have not threatened Hall County with litigation nor am I aware of any threatened litigation. I attended the very short public portion of the meeting to attempt to again express concern not only about the discrepant machine tapes, and reporting delays, but also their refusal to honor public records requests for key election records. BOWERS DECLARATION 13. I was met at the July 13, 2018 meeting by five armed security officers assigned to the meeting (there were approximately 4 members of the public in attendance). I felt intimidated by this show of force which I interpreted to communicate to me and other concerned citizens that we should not pursue questions on election irregularities. 14. At the July 13, 2018 meeting, citizens challenged the Board of Elections about the legitimacy of their planned closed door session. Nevertheless, the Board shut out the public, and did not accept public comment before going into closed session. 15. Mr. Tom Smiley, Chairman of the Board of Elections, reported to me after the meeting that the Board decided in their closed door session that they would honor my public records request because I was not involved in the Curling v Kemp litigation, but would not honor requests from people associated with this lawsuit. However, to date, the County has only permitted me to examine a small portion of the records I requested. 16. I am concerned that by filing this affidavit, I will be retaliated against by the Hall County Board of Elections for involvement in the lawsuit, and the McCall campaign will continue be denied access to important public records. BOWERS DECLARATION 17. On July 13, 2018 I was permitted to review the county’s paper copy of the machine results tape from Precinct 10. Ms. Wurtz stated that they do not collect the tapes on the precinct doors and this was the county’s copy printed at the same time. The county’s copy contained vote tallies for the races missing from the tape copy on the door. 18. I note that, on the May 22, 2018 election night, Hall County results were delayed and not reported by media until after 11:30pm. 19. Because my public records request have been denied by Hall County, I have been unable to confirm reports of election night machine malfunctions that contributed to the late results reporting, although the late printing times for the machine tapes in Precint 10 indicate an unusual condition that should be thoroughly investigated. 20. I am aware that even if I have access to the public records, I will be unable to confirm that the results recorded reflect voters’ votes on the unaudtiable touchscreen machines. I will be unable to confirm whether the missing races were on the electronic ballot on the problem machine because there is no paper record. 21. I have talked with voting system experts and read the research to understand that there is no way to audit whether the votes that were reported in the official results were actually cast by voters on the BOWERS DECLARATION touchscreen machines. However, I want to review and compare the records of this discrepancy. 22. I was told by Ms. Wurtz and Mr. Smiley that the likely cause for the missing races is that the problem machine tape may have failed to engage and print a portion of the results. Even if this speculation is accurate, there appears to be no way to verify whether that is sole problem and what impact it had, nor does it address why the results tapes were late in being printed, nor why they were certified by poll workers as accurate, when they were missing 9 races. 23. As of the date of this declaration, weeks after my repeated requests, Hall County has not yet permitted me to review public records related to the reported voting machine closing problems, results printing discrepancies, results reporting delays, and system logs for the machines. 24. On July 24, 2018 I voted in Gwinnett County precinct 100 (and report on discrepancies in my voter records below), and observed a voting machine discrepancy of concern to me. 25. When I was in the polling place, I noticed that one DRE voting machine (serial number 291429) was marked “Do Not Touch” and was not in service. I inquired about the machine and was told by Ms. BOWERS DECLARATION Williams, a poll worker, that the out-of-service machine “froze a few times” earlier in the day, and the poll manager made the decision to discontinue its use for the remainder of the election. I asked Ms. Williams if voters had been casting votes on the out-of-service machine before it appeared to malfunction. Ms. Williams confirmed that, yes, the out-of-service machine had been in use and ballots had been cast on it for approximately “an hour to an hour and a half” after the polling location, Gwinnett 100, had opened at 7am. Ms. Williams told me of one voter who attempted to use the machine when it froze up on the language selection screen. 26. Poll Manager Denise Sullivan, however, told me that voters had not cast votes on that machine. I have no way of knowing which story is accurate as to whether voters cast votes on the machine. 27. I asked whether the voter who experienced the frozen machine at the language selection screen had been able to cast a ballot and Ms. Sullivan told me that the voter had been given a provisional ballot to complete. I could not learn whether there was an attempt made to determine if this voter had successfully cast a vote on the DRE voting machine in addition to his provisional ballot. BOWERS DECLARATION 28. If the machine was not functioning, I do not know why this voter would have been given a provisional ballot instead of being instructed to cast a vote on another machine without the necessity of checking his eligibility through the provisional process. I am concerned about the process of forcing voters to use provisional ballots when machines do not accept their vote. Provisional ballot credentials are time consuming to complete and therefore discourage some voters. 29. After the closing of the polls, I overhead the pollworkers talking about two machines for which the tabulations were not reconciling. I became curious about what the ballot and voter certificate reconciliation on the precinct recap sheet would show. Therefore, I asked Poll Manager Sullivan to see the polling place recap sheets, which I believe are public records. I wanted to see the discrepancy for myself, but I was denied access. 30. After the closing at the polls at 7pm, I watched carefully as poll workers attempted to print the closing tape on the out-of-service machine. Poll workers appeared to attempt at least four times to print the results tape. I stayed inside the polling place to watch the shutdown process which was being delayed by the problem machine. BOWERS DECLARATION 31. I then went outside the polling place with Ms. Sullivan and took photographs of the DRE machine results tapes including machine number 192429 after they were posted on the door at approximately 8:40pm. I noticed that the results tape for this DRE machine showed no votes tallied on the machine and the results tape was attached to a “Zero tape” (used at opening of the polls to purportedly show that no votes are stored in memory). Both opening zero report and the closing results tape displayed printing times of 7:42 a.m. with no votes recorded for any candidate. (Exhibit 3) 32. Given that the tape was printed from a machine that had reportedly been used to record votes that day, and was printed well after the polls were closed, I was puzzled to see a 7:42 am time stamp, no votes cast, and the “Zero report” also attached to the results tape. The printing time of 7:42 am was also concerning as it would have been 42 minutes after the polls were open and over 11 hours before the polls were closed. Machine reports are supposed to be printed before the 7 am opening and immediately after the 7pm close. 33. Other machine results tapes that I recorded posted on the door showed print times of 7:36 pm and 7:29pm, which times are consistent with the time of day I observed the printing of the results tapes. BOWERS DECLARATION 34. I am gravely concerned about the integrity of the upcoming election based my personal observations of DRE machine malfunctions in recent elections. ELECTRONIC POLLBOOK AND VOTER REGISTRATION DISCREPANCIES 35. Based on my awareness of widespread problems with wrong ballot issuance at polling places in the May 22, 2018 primary, I decided to verify my own voter registration records before voting on July 24, 2018. I checked my voter registration and polling place location on the My Voter Page on the Secretary of State’s website ( https://www.mvp.sos.ga.gov/MVP/mvp.do ), and saw that my precinct number had apparently changed to Precinct 100, although I had not received a notice of such change. 36. My precinct has long been precinct 96, but I assumed the precinct assignments had changed and were authorized. 37. I went to Precinct 100 at 54 Buford Highway, Suwanee, Georgia, at approximately 6:20 pm and completed the voter application form in order to vote. 38. I presented my driver’s license to the pollworker whose first name is Christine. I do not know her last name. She located my name in the BOWERS DECLARATION electronic pollbook and told me that I was in the wrong precinct location, and that I was supposed to vote in Precinct 96, not 100. I explained that I had checked my registration on the Secretary of State website that morning and that my assigned precinct was 100 at the Suwanee polling place. 39. Another pollworker, Carolyn Williams told me, “Don’t worry Ms. Bowers, this has been happening all day,” and went on to tell me that she was aware of approximately 50 voters who had been assigned the wrong precinct. 40. Pollworker Christine suggested that I vote a provisional ballot given that there was not time to get to precinct 96 by 7 pm when the polls would close. She assured me that the provisional ballot would be counted. 41. I completed my provisional ballot information, marked the paper ballot, and cast it, enclosed in an envelope, and in the large locked black box I had been directed to. 42. At 8:55pm that evening, I checked my voter registration page again on the My Voter Page on the Secretary of State website and captured screenshots (Exhibit 4) which showed the same Precinct 100 assignment as it had that morning (Election Day). BOWERS DECLARATION 43. Several days later, at 7:24pm on July 29, 2018, I checked My Voter Page again and my precinct assignment displayed Precinct 096, having been changed back to my original precinct 96. (Exhibit 5). I had not made any changes to my voter registration nor requested a correction. 44. Precincts 96 and 100 are not identical precincts in the same governmental jurisdictions. The misassignment can have the effect of disenfranchising voters by giving them the wrong ballots or forcing them to vote provisional ballots because they are not on the electronic pollbook in the precinct stated on the SOS voter registration website. I am concerned that a wrong assignment will also occur in the November election and I will be disenfranchised. I am also concerned about the impact on election integrity overall, as these malfunctions in the pollbooks or voter records happen to other voters. 45. In my work to protect 9th Congressional District voters’ ability to vote in the correct races and avoid disenfrachinsement in the upcoming November election, I have undertaken research work using the voter registration records. I personally researched dozens of registration records for voters who were allegedly assigned to the wrong Georgia House District and allegedly received incorrect ballots in Habersham, BOWERS DECLARATION Banks, Stephens, Franklin and Jackson Counties in the May 22, 2018 primary, based on voter specific information disclosed in the election contest pending in Fulton Superior Court (Fulton County Superior Court (2018CV306197)). These counties are in the 9th Congressional District so they are of primary interest. 46. I used information on from Vote Builder, the Democratic Party’s voter history database, fed by the Secretary of State’s official database, and designed specifically for use by candidates and campaign staff, and My Voter Page on the Secretary of State’s website to compare House District assignments on the two records to the information disclosed in the election contest complaint. I personally reviewed numerous discrepancies between the various voter assignment records including the House District Maps. 47. I am concerned about discrepancies in the pollbooks and voter registration files in anticipation of the November election. I do not believe that provisional ballots are an adequate remedy for inaccurate voter rolls. I recognize that provisional ballots can unintentionally disenfranchise voters voting in the wrong precinct, as candidates in their home precinct may not be on the provisional ballot voted in a different precinct. BOWERS DECLARATION 48. Because of the numerous and widespread voter registration discrepancies I am personally aware of, I am concerned about my own vote, the votes for Mr. McCall in the 9th Congressional District, and more generally for the voters of the state in the upcoming election. 49. If Georgia does not adopt paper ballots in the polling places for the November 2018 election, I plan to vote by mail-in paper ballot. I will accept the inconvenience of the absentee ballot application and voting process where I must vote in advance so that I may vote a verifiable ballot. In order to cast a secure ballot, I will have to give up my preference of voting in my home precinct on Election Day when all last minute campaign information will be available. 50. I will personally launch activist efforts to encourage voters to request a mail-in absentee ballot, so that their votes can be verified and recounted if necessary, even if it adds expense and inconvenience to the voting process. 51. I am a member of Coalition for Good Governance. I declare under penalty of perjury, in accordance with 28 U.S.C. § 1746, that the foregoing is true and correct. BOWERS DECLARATION Executed on this date, August 3, 2018. 2 Dana Bowers BOWERS DECLARATION EXHIBIT UNTED ES BLANK VOTED MILLER J. NOEL J. C, WHITE ************ Psc Pr; demore-- R RACE # 95 # RUNNING # TO VOTE •/fi p PARTY· FOR # TI MES COUNTED # TI MES BLANK VOTED J. HITCHINS III TI PRIDEMORE 0) 2 1 75 11 3o 3a ************************ PSC Pridemore- D RACE # 96 PARTY:OEM # RUNNING 2 # TO VOTE FOR 1 # TIMES COUNTED 21 # TIMES BLANK VOTED RACE # 476 PARTY:REP # RUNNING 1 # TO VOTE FDR 1 COUNTED BLANK VOTED B. THOMPSON (I) # TIMES # TIMES 74 9 65 ************************ BOE At Large - D RACE # a77 PARTY:OEM # RUNNING 1 # TO VOTE FOR 1 TIMES COUNTED TIMES BLANK VOTED S. LOPEZ # # 18 a 15 ************'*********** BOE 1 - R RACE # 479 PARTY:REP # RUNNING 1 BOWERS DECLARATION EXHIBIT DECLARATION EXHIBIT DECLARATION EXHIBIT Corporations Elections I ' I News Room rofessional Licensing Boards I Securities I t1y Voter Page I oter Information Polling Place for State, County, and Municipal Elections DANA LORRAINE BOWERS 3514 DEBBIE CT Prec1 net 100 Race: Whit e not of Hispanic Origin GEORGE PIERCE PARK 55 BUFORD HWY SUWANEE, GA, 30024- 0000 Gender: Female Election Day polling place hours are 7:00 am - 7:00 pm. DULUTH, GA, 30097 Status: Active Regist ration Dat e: 05/07/2002 Dire ctions to Polling Place 1 Change Voter Information Click Here for Early Voting Locations and Times Click Here for Sample Ballots Click Here for Municipal Polling Place NOTE: Non-specific rura l addresses may not be available. BOWERS DECLARATION EXHIBIT Corporations Elections News Roo fessional Licensing Boards I Securities II Ch My Vot er Page olling Place for State, County, and Municipal Elections Race: White not of Hispanic Orig in Precinct 096 BUNT EN ROAD PARK 3180 BUNTEN RD DULUTH, GA, 30096 - 0000 Gender: Female Election Day polling place hours are 7:00 am - 7:00 pm. 351 4 DEBBI E CT DULUTH, GA, 30097 Stat us: Active Registration Date: 05/07 /2002 Directions to Polling Place Change Voter Information Click Here for Early Voting Locations and Times Click Here for Sample Ballots Click Here for Municipal Polling Place NOTE: Non-specific rural addresses may not be available. BOWERS DECLARATION DECLARATION OF BRUCE P. BROWN IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION DONNA CURLING, ET AL., Plaintiffs Civil Action o. v. BRIAN KEMP, ET AL, Defendants. DECLARATION OF BRUCE P. BROWN BRUCE P. BROWN hereby declares as follows: 1. I am an attorney licensed to practice law in Georgia. I am one of the attorneys representing Plaintiffs in this action. 2. Attached hereto as Exhibit 1 is a true and correct copy of a letter that I sent to Defendants? counsel Governor Roy Barnes and John Salter dated July 26, 2018. This letter includes as an exhibit my April 16, 2018 letter to Governor Barnes and Mr. Salter. 3. Attached hereto as Exhibit 2 is a true and correct copy of an August 1, 2018 memorandum from Chris Harvey, State of Georgia?s Elections Division Director, to County Election Of?cials and County Registrars. 4. In accordance with 28 U.S.C. 1746, I pledge under penalty of perjury that the foregoing is true and correct. Executed on this date, August 3, 2018. A Bruce P. Brown BRUCE BROWN DECLARATION _I> Wednesday, March 15, 2017 10:51 AM Michael L. Barnes; Merle Steven King Request for data retrieval from elections.kennesaw.edu We would like to retrieve certain records from elections.kennesaw.edu, including equipment inventory records and workflow databases used during ballot building. These data are located in the cesuser user directory at /home/cesuser. We would like to retrieve the entire cesuser directory. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 LAMB DECLARATION From: To: Subject: Date: Stephen Craig Gay Lectra Lawhorne CES Investigative update Friday, March 17, 2017 5:11:58 PM Lectra, Good afternoon. I wanted to take a moment and provide you with an update on the Center for Election Systems Incident Response process: - We met with CES Staff today to review the architecture of their internal network, review physical access controls, and understand the services running on the internal network. We validated that an air gap exists between the internal and external network and further validated via arp tables that no routes were available from the intranet servers to an external network. Several opportunities for improvement were identified and CES staff are working on documentation for the system. An executive summary with recommendations is forthcoming - All external-facing servers associated with the Center are isolated to elections.kennesaw.edu which is hosted in the Enterprise instance ofOmniUpdate and contains only public information. - UITS WinServ, in partnership with the ISO and CES, is provisioning a dedicated Virtual Server which will be used for internal file storage for CES. The server will be locked down via AD group memberships and will use verbose logging and monitoring tied to our splunk instance. The logs will specifically audit for file access and alert on any modifications to the authorizing AD group. Furthermore a local firewall will be in place and all traffic outside the CES IP range blocked. - I met with FBI Agent Ware at 4:30pm to receive the elections server - Dell PowerEdge R610 Tag Number 96J2F21. The ISO team will be performing a data recovery for data requested by the CES (Business Operations) on Monday. We have confirmed that the FBI is maintaining a forensic image and changes to the server can occur. Agent Ware shared that "the investigation is wrapping up" and mentioned being in attendance at the March 29th meeting with AUSA Grimberg. Please let me know if you have any questions or if I can provide any additional information. In service, Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu LAMB DECLARATION Milestone Due Date Status Lead Private Network Assessment Meeting 26-Jun Complete S.Gay Spec UPS 13-Jul Complete Order UPS DBAN R610 Hard Drives 13-Jul Complete 7-Jul Complete C.Dehner C. Dehner Deliver R610 to Networking 7-Jul Complete Image Dell PowerEdge R630s (101614 & 101613) 26-Jul Complete Rack Dell PowerEdge R630 and migrate DC and NAS 28-Jul In progress Install UPS 4-Aug Complete C. C. C. C. C. Notes Dehner Dehner Darrow Darrow Darrow Due data dependant on delivery of UPS from CDW-G. LAMB DECLARATION 192.168.3.1 192.168.3.119 192.168.3.Bl 192.168.3. 192.168.3.116 192.168.3.104 192.168.3.115 192.168.3.1130 192.168.3.745 192.168.3.1~ 192.188.3.1 192.168.3.1<11 192.168.3.71 192.168.3.1,12 192.188.3.6 192.168.3.641 192.168.3.2 192.168.3.5;3 192.168.3.~ 192.168.3. 7 192.168.3.51) 192.168.3.4 192.168.3.3 192.188.3.1 192.188.3.5,j 192.168.3.51; 192.168.3.6 --. ~ - - - ~ ~ ' - ~ - ~ · - - - :_:-_· Llrwx2.6.8 Linux 2.6.8 Llnux2.8.B Unux2.6.8 Linux 2.6.8 Llnux2.8.8 Unux2.6.8 Linux2.6.12 Unux2.6.8 Llnux2.6,8 Llnux2.6.8 Linux2.6.8 Llnux2.6.8 Llnux2.6.8 Llnux2.6.8 ·IIMl6ooM86 -MCl6ooM73 ·M4!600Mao ~ ·IIMl6ooM82 ~70 ~M71 •I\Ml6ooM81 -MfSeooM69 •MIM!OOM26 -M~M79 •Mf!sooM84 •MfieooM83 Unux2.6.8 Microsoft Windows Server 2003 R2 SP2 HP P2055 Series Microsoft Windows XP Microsoft Windows XP Microsoft Windows Serv~r 2008 R2, Standard Edition Microsoft Windows Serv~r 2008 R2, ·seedition En Microsoft Windows Serv~ 2008 R2, Standard Ecfrtion Mk:n>aoft WindoWa Serv~r 2008 Mlcroaoft Windows XP Microsoft Windows XP Microsoft Windows 7 HO!lie, Premium Edition WindowsXP WlndowsXP Microsoft Windows 7.5 - - IMI Card Duplicator IMI Card Du llcator IMI Card Duplicator IMI Card Du licator IMI Card Du llcator IMI Card Du licator IMI Card Du licator IMI Card Duplicator IMI Card Du licator IMI Card Du licator IMI Card Duplicator IMI Card Duplicator IMI Card Du licator IMI Card Du llcator IMI Card Duplicator IMI Card Duplicator ·F~-Printar •FAX.PRINTER •SIJEAN-GEMS-2 -Cl\u.CENTER •E C -C.S-OC1 •C"S-NAS -CifS-OC.CES,KENNESAW,EDU •Ml>EARS09-980 -Gl:MS-DDESSERT •S VEN7-GEMS Audio recording SP1 192.168.3.70 192.188.3.66 192.168.3.51 192.168.3.61 192.168.3.5~ . h57-marle,CES.KENNESAW.EDU GEMS-mking.CES.KENNESAW.EDU ·~VCE8-2H.A.LL Audio recording Unknown WindowsXP semlnole-termln.CES.KENNESAW.EDU LAMB DECLARATION From: To: Cc: Subject: Date: Chnstopher Dehner Steven Dean; Jason Figueroa Michael Barnes; Stephen Gay CES server surplus Wednesday, August 9, 2017 11:24:58 AM Fellas, I will arrive at the center around 1:30 today to pick up the old DC. I will also get the old unicoi server from secure storage. Additionally, I sent in a service ticket for this request. Regards, Chris Get Outlook for Android LAMB DECLARATION STATE OF GEORGIA FULTON COUNTY AGREEMENT BETWEEN THE SECRETARY OF STATE AND THE BOARD OF REGENTS OF THE UNIVERSITY SYSTEM OF GEORGIA This AGREEMENT ("Agreement"), made this ~ day o f ~ 2016, by and between the OFFICE OF THE SECRETARY OF STATE OF THE STATE OF GEORGIA (hereinafter the "Secretary of State"} and the BOARD OF REGENTS OF THE UNIVERSITY SYSTEM OF GEORGIA through KENNESAW STATE UNIVERSITY, a unit of the University System of Georgia, (hereinafter "University") for the consulting services of the Center for Election Systems of KENNESAW STATE UNIVERSITY (hereinafter" KSU"). WI1NESSETH WHEREAS, the Secretary of State desires to employ the services ofKSU to assist the staff of the Elections Division of the Office of the Secretary of State (hereinafter "the Elections Division") with: technical support and training of State election officials in the use ofthe Statewide unifonn electronic voting system {hereinafter "the voting system") in the State of Georgia; acceptance testing for the fiscal year 2017 of the GEMS software, the direct recording electronic voting devices (hereinafter "DREs"), and the electronic poll book/encoders "ExpressPoll" which constitute components of the voting system; ballot building and related activities for counties and municipalities in the State of Georgia ("State"); WHEREAS, the Secretary of State has the authority under the Laws of the State ofOeorgia to enter into this Agreement; and WHEREAS, the University is both qualified to enter into this Agreement and has offered such services to the Secretary of State under the terms and conditions stated herein; and WHEREAS, the parties wish to enter into this Agreement under the terms and conditions set forth herein; NOW THEREFORE, in consideration of the mutual promises and agreements hereinafter set forth, the satisfactory consideration each for the other hereby expressly recognized and agreed, the parties hereby contract for services in accordance with the following provisions. -1- LAMB DECLARATION ARTICLE I. SCOPE OF SERVICES KSU will assist the staff of the Elections Division under the direction of and as directed by the Director of the Elections Division or his/her designee, in the following areas: A. KSU shall maintain a "Center for Election Systems" (hereinafter "the Center") that will primarily provide technical and training support on the statewide wiifonn system to the Elections Division, Georgia election officials, county election board members and election superintendents; B. KSU shall test the voting system for compliance with the Georgia Elections Code, as required under Article 9 of Chapter 21 of the Official Code of Georgia and under the Rules of the State Election Board and the Rules of the Secretary of State, as these laws and rules presently exist and may hereafter be amended. This testing to be conducted during Fiscal Year 2017 shall include, but is not limited to, the physical examination of software and voting equipment acquired by the Secretary of State or any County in the State of Georgia in connection with deployment of the voting system, and the preparation and submission of reports of such evaluations to the staff of the Elections Division; C. KSU shall work with the vendor and the Elections Division to define the next versions of all components of the voting system; D. KSU shall implement classes and training modules, using electronic media where possible, for the instruction of Election Superintendents and Voter Registrars in the use of the voting system; E. KSU shall provide ballot building support for county election officials. KSU will provide office space and appropriate technical support for these services. KSU will coordinate the printing of paper absentee ballots; F. KSU shall support the deployment of the ExpressPoJI electronic pollbook, including preparation of compact flash memory cards with voter lists for each election and extraction of credit-for-voting data, post-election; G. KSU shall support all State certification testing of voting systems and will provide acceptance testing for the State's voting system H. KSU shall provide technical support for the State's election servers installed in the county election offices throughout the State; -2- LAMB DECLARATION I. KSU shall provide consultation and advice to local governments on the purchase, testing, and utilization of the software, voting equipment and other components which comprise the voting system; J. KSU shall maintain a website that will provide an initial point of contact for election officials wishing to utilize the services of the Center. The website shall describe the various services available through the Center, provide directions for obtaining these services from the Center, and facilitate answers to ..frequently asked questions"; K. KSU shall maintain a Help Desk designed for immediate response to problems encountered with any component of the voting system during the conduct of an election in any precinct. The Help Desk shall be staffed from 8:00 a.m. to 5:00 p.m. on all business days throughout the year, and from 6:00 a.m. witil County tabulations are concluded on election days; L. Upon request of the Secretary of State, KSU shall assist the Secretary of State with identifying, inspecting, and/ or implementing a new state wide voter registration system which will allow integration with the voting system; M. Upon request of the Secretary of State, KSU shall provide key faculty/employees identified as the Executive Director, Director, and Assistant Director of KSU with Blackberry technology or equivalent email and messaging capabilities; N. KSU shall coordinate the proper disposal of decommissioned voting system components at the direction of the Elections Division; 0. KSU shall provide consulting services to Secretary of State on legislation or pending legislation and laws affecting elections; P. KSU shall provide any other election services as may be required by the Elections Division; ARTICLE II. RESPONSIBILITIES OF KSU KSU shall continue to maintain a permanent location on the KSU campus for the operation of the Center. The Center shall be operated and maintained by a full-time staff, including but not limited to, an Executive Director, a Center Director, a Center Assistant Director, technical support staff, and student assistants. The Center shall contain voting equipment and software, provided by the Secretary of State, necessary to completely define, setup and conduct a sampJe election. The Center shall maintain a ballot building facility to house Center staff and Elections Division staff for the purpose of building ballots for counties and municipalities. -3- LAMB DECLARATION KSU shall not possess, obtain, or acquire, either directly or indirectly. a pecuniary interest in any business entity involved in the development,. manufacture, marketing, or sale of computer voting equipment or software during the term of this Agreement and for one year after the ending date of this Agreement. Any software, databases, or other analytic tools obtained or developed in support of activities covered under this Agreement and any work product resulting from activities covered under this Agreement are the property of the Secretary of State and may not be offered or utilized by any other entity in any manner whatsoever, in whole or in part, without the written pennission of the Secretary of State or a designee of the Secretary of State. KSU shall deploy newly purchased property acquired by the Elections Division, only after consultation with the individual within the Elections Division designated by the Elections Division Director for such pwpose. KSU shall require all employees of the Center who have access to the system and system security measures to sign confidentiality agreements, as provided by the Secretary of State. ARTICLE Ill. TIME OF PERFORMANCE./ (., CJJ/7 cir q.- arfctr The period of this Agreement shall be from July l , 201¥, through June 30, 201'. Either party may cancel this Agreement upon thirty days written notice to the other party. ARTICLE IV. COMPENSATION AND PAYMENT For the satisfactory perfonnance of its duties and obligations set forth herein, K.SU shall be compensated for its services for the full year of this Agreement in the amowit not to exceed $792,385.00, for the State fiscal year 2017, billable in 12 installments of$66,032.08. Invoices shall be submitted to the Secretary of State on a monthly basis. KSU 's services shall include support for such professional services. including secretarial, student assistants, mail and express mail deliYery, telephone, computer charges, computer equipment and software, photocopying and other staff expenses as set forth in Appendix "A" attached hereto and incorporated herein by reference KSU' s services and obligations under this Agreement shall be completed at or prior to the time of final payment. In the event of cancellation under Article III, no further payments shall be required under this Agreement beyond the end of the month in which the cancellation is executed. ARTICLE V. RETENTION OF RECORDS KSU shall keep and maintain as records of the Secretary of State all records and other docwnents pertaining to the perfonnance of this Agreement until the final payment of funds to -4- . LAMB DECLARATION KSU by the Secretary of State pursuant to this Agreement has been completed. At such time, physical custody of the records and documents shall be returned to the Secretary of State. The University and KSU shall give immediate notice by telephone to the Elections Division Director of the Secretary of State of any open records request made pursuant to O.C.O.A. § 50-1870 et seq., request for production of documents and tlrings, or subpoena associated with any litigation relating to any computer programs. computer software, equipment, or any other documents, issues or materials relating to the Voting System or any of its components. The University and KSU acknowledge that computer programs and computer software may be exempted from disclosure when meeting the defmitions and provisions ofO.C.G.A. § S0-18-72(f) and that an open records request may affect State or vendor rights. The University and KSU shall deliver to the Elections Division Director a copy of any written open records request received by the University or KSU promptly by electronic transmission. facsimile or in any event within 24~ hours of its receipt of the request. In so far as possible, the University and KSU will allow the Secretary of State prior opportunity to comment on any response to any open records request within this paragraph; however, such review shall be for the convenience of the Secretary of State. without responsibility or liability to the University or KSU. ARTICLE VI. REPORTING AND AUDITING REQUIREMENTS KSU shall provide monthly reports to Secretary of State to report the status of the Center's performance under the Agreement and the Center's progress toward fulfilling the requirements of the Agreement KSU shall, ifit has expended $100,000 or more during its fiscal year in State funds, provide for and cause to be made annually an audit of the financial affairs and transactions of all the Center's funds and activities. The audit shall be performed in accordance with generally accepted auditing standards. KSU shall, if it has expended less than $ I 00,000 in a fiscal year in state funds, forward to the State auditor and each contracting State organization a copy of the Center's financiaJ statements. If annual financial statements are reported upon by a public accountant, the accountant's report must accompany them. If not, the annual financial statements must be accompanied by the statement of the president or person responsible for the nonprofit organization's financial statements. -5- LAMB DECLARATION ARTICLE VIL MISCELLA1SEOUS TI1e 'University, KSl r. and the Secretary of State further mutually agree as follows; A. This Agreement constitutes the entire agreement bet\J.een the parties and any amendments to this Agrc\!ment must be in writing. 8. The provisions of O.C.G.A. § 45-10-20. 111 wq! ~ill not be violated by the parties to this agreement. .fk ~-ITNESS WHEREOF. the parties hereto have executed this Agreement, this __Le'. day of .,} , ,n.e.. , 20 V-:,G, ON BEHALF OF THE SECRETARY OF STATE OF THE STATE Of GEORGIA: Print N e Title Clee~fp 5°J Date: :. _ 5_/1¼L. -6- LAMB DECLARATION Appendix A Budget, FY 2017 Center for Election Systems, Kennesaw State University Category FY 2017 Proposed Budget Personnel Center Executive Director $ 70.800.00 Director $ 87.800.00 Assistant Director $ 56.500.00 Election Professional II $ 48,500.00 Election Professional II $ 44,900.00 Election Professional II $ 43.300.00 IT Sys Supp Pro II $ 41,200.00 IT Sys Supp Pro I $ 36.500.00 Salaries $ 429,500.00 Fringes $ 128,850.00 Salaries and Fringes $ 558,350.00 Student Assistants $ 33,000.00 Temporary Staff Assistants $ 10,000.00 TOTAL PERSONNEL s 601,350.00 OFFICE/LAB SPACE RENT s 41,000.00 TRAVEL s 20.000.00 -7- LAMB DECLARATION TELECOMM $ 12,000.00 SUPPLIES s 12,000.00 COPYING $ 2,000.00 FREIGHT & SHIPPING $ 20,000.00 COMPUTERS/SOFTWARE $ 12,000.00 Indirects (10%) $ 72,035.00 TOTAL BUDGET $ 792,385.00 -8- LAMB DECLARATION FD-597 (Rev 8-11-94) Page of·--11-'_ _ - 4 -_ _ UNITED STATES DEPARTMENT OF JUSTICE FEDERAL BUREAU OF INVESTIGATION Receipt for Property Received/Returned/Released/Seized File# item(s) listed below were: O Re.ceived From ~eturned To D Released To D Seized I ~-r-"---------------------- (Name) _ _ _ _/_-___._ _\_.....,,.._____ (Street Address),_ _ _-"-_,__....,..._ _ _ _··...:-~;;...-''-.;......>_ _ _ _.:-.!,:..:·--, _ _ _ . . _ ; _ _ ~ - - - - - - - - - - - - - - (City) _________________,,_-\_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ __ Description of Item(s): - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ' . ! -~ Received By: 4z6-(Signature):;;;,--<" ~ Received From: LAMB DECLARATION FD-597 (Rev 8-11-94) Page _ ___,_/_ _of--+-'-- UNITED STATES DEPARTMENT OF JUSTICE FEDERAL BUREAU OF INVESTIGATION Receipt for Property Received/Returned/Released/Seized File# 1 ---=~-1-/. . .....:.·:--+;-+t~7'------------r1 On (date) ( _ ,· l item(s) )isted below were: Q....-Ireceived From O Returned To Released To D Seized o ...:;~-----'---¥-------------------------- (Name) _______.:_/.;;.·-+--\.--". / (Street Address)._ _.....,.,.______._ _ _ _ _ · r___ _.________________________ (City) _ _ _ _ _----;..., , ~ . · . ; . . . · ~ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - · Description of Item(s): - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I ,,,. Received By: 1 ·1/" ,· . / ._,..: • . ·· · _..::..,..:._.;::l:.a-.;_,;.,,.,:._-·::_' ,;_r(,--.::::.....,.__,,.__'"- __ Received From: (Signature) LAMB DECLARATION \Jonnaenua1 Evidence Tag Date March 2, 2017 Tag No Case No: 20170302CES Location Center for Elections Systems Public Safety Officer(s) involved__ NA Description of Property Server with DNS name elections.kennesaw.edu with KSU asset tag )030 IC, Chain of Custody Receipt Released by (Print and Sign) Date Merle King \MI"""", . . ?- c:7A(f 1.-.,.... - 'J Jar~ cw--~~~ ~ March 2, 2017 \ Received by (Print and Sign) Purpose 3/2/4oq~ Retrieving server after reported data breach. Server will be retrieved by the FBI by UITS ISO ~Swct? fidec.~~ of ~ t'.c;,c~t'1,~q'°1,y -> St,.ephen Rose .f , .I ~ ~ ,.. ~+-cP,.,,., RosP ,.e.__.L--r, ___ Date (cp7 March 2, 2017 /J?~fch '3 1o(J ' UITS Information Security Office LAMB DECLARATION From: To: Cc: Subject: Date: Mariel Louise Fox Stephen Craig Gav Tamara Elena Livingston Fwd: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Wednesday, March 15, 2017 4:22:40 PM Stephen, Below is the communication thread among Steven Dean, JeffMilsteen and myself. I'll await your direction and guidance as to next steps in providing consultation to Steven regarding KSU records, and I will communicate that message to Steven shortly. Thanks! Mariel Fox Director, Records & Information Management Museums, Archives & Rare Books (MARB) LB216MD 1704 Direct: 4 70-578-2225 Main: 470-578-6289 ----- Forwarded Message----From: "JeffMilsteen" <:jmilstee@kennesaw.edu> To: "Steven Dean" Cc: "Mariel Fox" Sent: Friday, March 10, 2017 1:38:30 PM Subject: Re: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Steven, Mariel forwarded your inquiry to me. I believe there are a number of issues here that will require some additional work. For example, some of the data maintained by the Center is, by contract, property of the Secretary of State. That data would be subject to the Secretary of State's records retention policies and presumably those records should either be returned to the SOS Office or, if appropriate, destroyed at their direction and pursuant to their policies. All other records of the Center would be subject to the retention policies ofKSU and Mariel can probably help you with existing retention guidelines. The trick, of course, is to correctly identify and categorize those records. I was not clear what was being asked with respect to FOIA requests. If the Center receives any open records requests, those should immediately be forwarded to the Legal Division for review. The requests themselves, like all other official records of the university, are subjection to our retention guidelines. I hope this helps. If you have additional questions, please let me know. Thanks. JeffMilsteen Chief Legal Affairs Officer ----- Original Message ----From: "Mariel Fox" To: "JeffMilsteen" <:jmilstee@kennesaw.edu> Sent: Friday, March 10, 2017 9:26:22 AM Subject: Fwd: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Jeff, LAMB DECLARATION This request (see below) for advice came from Steven Dean (sdean29@kennesaw.edu), IT Systems Support at the Center for Election Systems. I spoke to him on the phone concerning what types of records to keep and how long to keep them, directing him to the State of Georgia retention schedules on the Georgia Archives website. As to his question about FOIA requests, I said that for KSU open records requests, those are handled by Legal Affairs. But for the Center's records, I did not know. I told him I would forward this question to you. Please let me know if you have any questions, of if you have any suggestions on how to handle such inquiries in the future. Thank you! Mariel Fox Director, Records & Information Management Museums, Archives & Rare Books (MARB) LB 216 MD 1704 Direct: 470-578-2225 Main: 470-578-6289 ----- Forwarded Message----From: stevendean@kennesaw.edu To: "records2go" Sent: Thursday, March 9, 2017 1:58:52 PM Subject: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Date Available for Consultation: REQUESTED BY: Steven Dean No in-person consolation needed. Phone# 470-578-2120 Campus: Kennesaw Department: Center for Election Systems Office Location: House 3205 Advice requested for: Myself and my supervisor or manager. Need advice on: ['Which records do we need to keep?', 'How long do we need to keep records?', 'Do we need to keep both hard copy and digitial files?', 'What are our records responsibilities?', 'Topic not listed above. Describe in comments.'] Additional comments: In writing new policies for data storage for the Center, I'd like to see your written policies for data storage periods as relating to FOIA requests. Preferred communication method: Email. LAMB DECLARATION From: To: Cc: Subject: Date: Mariel Louise Fox Steven Jay Dean Stephen Craig Gay Fwd: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Wednesday, March 15, 2017 4:27:49 PM Steven, I just learned that Stephen Gay will be providing direction and guidance concerning your inquiry about records retention/data storage policies and issues. I'm sure we'll be working together more closely in the future. Thanks for bringing up these important issues! Regards, Mariel Fox Director, Records & Information Management Museums, Archives & Rare Books (MARB) LB 216 MD 1704 Direct: 470-578-2225 Main: 470-578-6289 ----- Forwarded Message----From: "JeffMilsteen" To: "Steven Dean" Cc: "Mariel Fox" Sent: Friday, March 10, 2017 1:38:30 PM Subject: Re: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Steven, Mariel forwarded your inquiry to me. I believe there are a number of issues here that will require some additional work. For example, some of the data maintained by the Center is, by contract, property of the Secretary of State. That data would be subject to the Secretary of State's records retention policies and presumably those records should either be returned to the SOS Office or, if appropriate, destroyed at their direction and pursuant to their policies. All other records of the Center would be subject to the retention policies ofKSU and Mariel can probably help you with existing retention guidelines. The trick, of course, is to correctly identify and categorize those records. I was not clear what was being asked with respect to FOIA requests. If the Center receives any open records requests, those should immediately be forwarded to the Legal Division for review. The requests themselves, like all other official records of the university, are subjection to our retention guidelines. I hope this helps. If you have additional questions, please let me know. Thanks. Jeff Milsteen Chief Legal Affairs Officer ----- Original Message ----From: "Mariel Fox" To: "JeffMilsteen" Sent: Friday, March 10, 2017 9:26:22 AM Subject: Fwd: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus LAMB DECLARATION Jeff, This request (see below) for advice came from Steven Dean (sdean29@kennesaw.edu), IT Systems Support at the Center for Election Systems. I spoke to him on the phone concerning what types of records to keep and how long to keep them, directing him to the State of Georgia retention schedules on the Georgia Archives website. As to his question about FOIA requests, I said that for KSU open records requests, those are handled by Legal Affairs. But for the Center's records, I did not know. I told him I would forward this question to you. Please let me know if you have any questions, of if you have any suggestions on how to handle such inquiries in the future. Thank you! Mariel Fox Director, Records & Information Management Museums, Archives & Rare Books (MARB) LB 216 MD 1704 Direct: 470-578-2225 Main: 470-578-6289 ----- Forwarded Message----From: stevendean@kennesaw.edu To: "records2go" Sent: Thursday, March 9, 2017 1:58:52 PM Subject: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Date Available for Consultation: REQUESTED BY: Steven Dean No in-person consolation needed. Phone# 470-578-2120 Campus: Kennesaw Department: Center for Election Systems Office Location: House 3205 Advice requested for: Myself and my supervisor or manager. Need advice on: ('Which records do we need to keep?', 'How long do we need to keep records?', 'Do we need to keep both hard copy and digitial files?', 'What are our records responsibilities?', 'Topic not listed above. Describe in comments.'] Additional comments: In writing new policies for data storage for the Center, I'd like to see your written policies for data storage periods as relating to FOIA requests. Preferred communication method: Email. LAMB DECLARATION From: To: Cc: Subject: Date: Importance: Stephen Craig Gay Steven Jay Dean; Jason Stephen Figueroa Christopher Michael Dehner: James Christopher Gaddis; Michael L Barnes Fwd: Plan of action for the passing of data Wednesday, March 22, 2017 6:27:33 PM High Steven and Jason, Please work with Christopher Dehner on this tomorrow, as this functionality is at the core of securely returning the data to the Secretary of State's Office. Chris will pull in additional ISO staff members as needed and I'll be available if any challenges or questions come up. Thank you, Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu ----- Forwarded Message----From: "Stephen C Gay" To: mbeaver@sos.ga.gov Cc: "Lectra Lawhorne" , "Michael Barnes" Sent: Wednesday, March 22, 2017 6:25:02 PM Subject: Plan of action for the passing of data Merritt, Thank you for the conversation regarding the ExpressPoll file pickup and discussion on getting the processed data back to your office. Looking over my notes, I have the following plan of action from our discussion: Objective: KSU will use the Secretary of State SFTP server to upload the data moving forward, after which members of your team will coordinate the distribution to the counties which require the data. Tasks: - Remove all users/rights with the current KSU folder on the Secretary of State SFTP Server and provision new accounts for specified users (Likely SDean, MFiguero, CDehner) - Work with Chris Dehner, in the UITS Information Security Office, to share and validate SFTP certificate for server. - Work with Chris Dehner and members of CES to develop process for file transfer, account password expiration, and archiving of file and associated password sharing - Chris Dehner will work with Steven and Jason on selecting the archive software client, SFTP client and validating the functionality - Test the clients and processes, and resolve any challenges. If you could send me the contact information for James and Stephen on your team I will share with the team and ask that they connect 1st thing tomorrow. I don't want to be a roadblock to these tasks and progress, but will check-in on LAMB DECLARATION the progress and will be available to assist as needed. Stephen C Gay CISSP CISA KSU Chieflnformation Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu LAMB DECLARATION From: To: Stephen Craig Gay Ware, William D. II CAD CEBil Subject: Fwd: Request for data retrieval Wednesday, March 15, 2017 1:51:26 PM Date: Agent Ware, We received the request below from the Center for Election Systems regarding data contained on the seized server which they do not have a backup of. What is the possibility of having the data extracted and us picking it up? Thank you for your consideration of this request. Stephen ----- Forwarded Message----From: "Michael Barnes" To: "Stephen C Gay" Cc: "Steven Dean" , "Merle King" Sent: Wednesday, March 15, 2017 1:41:25 PM Subject: Request for data retrieval Stephen, As discussed earlier today, we would like to retrieve certain records from elections.kennesaw.edu that support our daily office activities, items such as inventory records, workflow databases used during our ballot building efforts, and operation manuals. These data are located in the cesuser user directory at /home/cesuser. We would like to retrieve the entire cesuser directory, if possible. Thanks, Michael Barnes Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, GA 30144 ph: 470-KSU-6900 fax: 470-KSU-9012 LAMB DECLARATION From: To: Cc: Subject: Date: Stephen Craig Gay Christopher Michael Dehner Davide Gaetano Infrastructure projects for CES Monday, July 10, 2017 5:48:48 PM Chris, Speaking to Davide about the infrastructure surplus recommendations and I would like to divide the project into 2 phases, one focused on the surplus, switches, and APC's mentioned in the AAR; and the 2nd focused on the slightly longer plan to add environmental and log monitoring. If you could please connect with him on these projects, I would sincerely appreciate it and if I can assist in any way please let me know. Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu LAMB DECLARATION To: stephen Craig Gay Ware. William D. II (AT) (FBI) Subject: Investigative update Date: Monday, March 13, 2017 7:59:09 AM From: Agent Ware, Good Monday morning. I wanted to take a moment to reach out to ask for an update on the status of the investigation. If there is anything at all we can do to assist please let me know. Thank you, Stephen Sent from Nine LAMB DECLARATION March 3, 2017 Election-related files elections.kennesaw.edu The voting system and electronic pollbooks used in Georgia require files to be named in compliance with the application's requirements. As a consequence, many of the files will have identical names, but their contents vary by county. Some of the pollbook related files will only contain voter registration values. These files are used to update the electors list, indicating voters who were issued ballots during advance/early voting. Other pollbook files will contain the state's entire electors list. The folder names relate to the content contained within the files placed within the folders, back to the county to which they are assigned. We developed a folder for each county (159) and within each folder we placed files generated for that individual county. Examples of files posted for a county to pull down: ./Appling County/Proof/Audio/Appling Audio.zip - This zip file contains audio files linked within the county's election database. This files are posted so a county can proof whether the candidate's name, ballot information headers, race headers are all present and recorded properly. The file is zipped due to file size . ./Appling County/Proof/Ballot/01-Appling.zip - This zip file contains ballot proofs for a given election. These files are provided to each county to allow them to confirm that the contents of their ballots are accurate for the given election. The file is zipped due to files size . ./Appling County/Proof/Ballots/Ballot and Audio Proofs Signoff v2.pdf- This file is provided to every county when proofing audio files and ballot proofs. We require each county to return a signed signoff form to our office after they have completed their proofing. This form allows the completed election database to be released from us to the jurisdiction for use in the given election. "V2" indicates that this is the second version of this form . ./Appling County/ExpressPoll/Numbered List/001 (11-08-2016}.pdf-This file is provided to every county after the completion of the given election. This file contains a list of those voters who participated at their assigned polling location on Election Day in sequential order. ./Appling County/ExpressPoll/ABSFile/PollData.db3 -This is a data file for use within the assigned county on their ExpressPoll units that are used to create voter access cards given to voters during the Advance Voting period. No individual voter data is contained within this file. A file of this nature is created for each county prior to a given election. "ABS" relates to voters casting ballots prior to Election Day . ./Appling County/ExpressPoll/ABSFile/Expoll.resources - This file accompanies the above mention file. The resource file instructs the ExpressPoll device what operations to allow and what buttons to display on screen to the user of the ExpressPoll device. LAMB DECLARATION ./Baldwin County/ExpressPoll/ED Files/November 2016 General Voter Lookup.zip - This file is not built for all counties. This file is only built for those counties who request it from our office. This file contains the elector's list for the county for the given election, but it is not used to create any voter access cards. The file is zipped due to size of the files content . ./Baldwin County/ExpressPoll/ED Files/November 2016 General Voter Lookup Password Memo.pdfThis file accompanies the above mentioned file. This file contains what the passwords are to access the data contained in the zipped file above when loaded onto an ExpressPoll. These passwords are changed for every election . ./Cherokee County/ExpressPoll/ED Files/November2016GeneralElectionDay.zip -This is not a file posted for each county. This file is only posted to those counties who produce the storage media loaded into the jurisdictions' ExpressPolls themselves. Counties that do this operation are: Fulton, Cobb, Dekalb, Gwinnett, Forsyth, Chatham, Muscogee, Henry, Columbia, Clayton, and Cherokee. This file contains the full elector's list for the state for a given election . ./Cherokee County/ExpressPoll/ED Files/November 2016 General Election Day Password Memo.pdfThis file accompanies the above mentioned file. This file contains what the passwords are to access the data contained in the zipped file above when loaded onto an ExpressPoll. These passwords are changed for every election . ./Clayton County/GEMS DB/**** .gbf- This is a file posted to a county only in select circumstances. This is an election database file containing the ballot contents for a given election. These files are accessed by the GEMS application . ./Pickens County/ExpressPoll/ED Files/ExpReport.exe - File allows a county to produce a numbered list of voters directly from the ExpressPoll media, when installed on the ExpressPoll media . ./Pickens County/ExpressPoll/ED Files/System.Data.SQLite.DLL-This file allows the file mentioned above to operate on the ExpressPoll. The above file is inoperative without this file . ./Richmond County/GEMS DB/2. GEMS lnstructions.pdf-This is a manual on GEMS operations. Only posted if requested by a county . ./Richmond County/GEMS DB/General Demo.zip - Only posted if requested by a county. Contains a demonstration election database. This concludes the types of files placed within the county folders for distribution to counties LAMB DECLARATION Attached is the known county user accounts allowing access to these to county folders. When an account is created, the county recipient is automatically sent (by Drupal) an email that contains a password reset link. Counties create their own passwords for accessing the folders. Folder Username Appling County Elections Appling County Appling County Registrar Appling County Atkinson County Elections Atkinson County Atkinson County Registrar Atkinson County Bacon County Elections Bacon County Bacon County Registrar Bacon County Baker County Elections Baker County Baker County Registrar Baker County Baldwin County Elections Baldwin County Baldwin County Registrar Banks County Elections Baldwin County Banks County Banks County Registrar Banks County Barrow County Elections Barrow County Barrow County Registrar Barrow County Bartow County Elections Bartow County Bartow County Registrar Ben Hill County Elections Ben Hill County Ben Hill County Registrar Ben Hill County Berrien County Elections Berrien County Berrien County Registrar Berrien County Bartow County Bibb County Elections Bibb County Bibb County Registrar Bibb County Bleckley County Elections Bleckley County Bleckley County Registrar Brantley County Elections Bleckley County Brantley County Brantley County Registrar Brantley County Brooks County Elections Brooks County Brooks County Registrar Bryan County Elections Brooks County Bryan County Bryan County Registrar Bryan County Bulloch County Elections Bulloch County Bulloch County Registrar Bulloch County Burke County Elections Burke County Burke County Registrar Burke County Butts County Elections Butts County Registrar Butts County Butts County Phone Number 912-367-8113 912-367-8113 912-422-3003 912-422-3003 912-632-5551 912-632-5551 229-734-3019 229-734-3019 4 78-445-4807 4 78-445-4807 706-677-6260 706-677-6260 770-307-3510 770-307-3510 770-387-5098 770-387-5098 229-426-5151 229-426-5151 229-686-5213 229-686-5213 478-621-6622 478-621-6622 478-934-3204 478-934-3204 912-462-6159 912-462-6159 229-263-9939 229-263-9939 912-653-3859 912-653-3859 912-764-6502 912-764-6502 770-775-8299 770-775-8299 770-775-8299 770-775-8299 LAMB DECLARATION Calhoun County Elections Calhoun County Calhoun County Registrar Calhoun County Camden County Elections Camden County Camden County Registrar Camden County Candler County Elections Candler County Candler County Registrar Candler County Carroll County Elections Carroll County Carroll County Registrar Carroll County Catoosa County Elections Catoosa County Catoosa County Registrar Catoosa County Charlton County Elections Charlton County Charlton County Registrar Charlton County Chatham County Elections Chatham County Chatham County Registrar Chattahoochee County Elections Chattahoochee County Registrar Chatham County Chattahoochee County Chattahoochee County Chattooga County Elections Chattooga County Chattooga County Registrar Chattooga County Cherokee County Elections Cherokee County Cherokee County Registrar Cherokee County Clarke County Elections Clarke County Clarke County Registrar Clarke County Clay County Clay County Elections Clay County Registrar Clay County Clayton County Elections Clayton County Clayton County Registrar Clayton County Clinch County Elections Clinch County Clinch County Registrar Cobb County Elections Clinch County Cobb County Registrar Cobb County Cobb County Coffee County Elections Coffee County Coffee County Registrar Coffee County Colquitt County Elections Colquitt County Registrar Colquitt County Columbia County Elections Colquitt County Columbia County Columbia County Registrar Columbia County Cook County Elections Cook County Cook County Registrar Cook County Coweta County Coweta County Elections 229-849-2115 229-849-2115 912-576-3785 912-576-3785 912-515-4424 912-515-4424 770-830-5824 770-830-5824 706-935-3990 706-935-3990 912-496-2607 912-496-2607 912-201-4375 912-201-4375 706-989-3603 706-989-3603 706-857-0709 706-85 7-0709 770-479-0407 770-479-0407 706-613-3150 706-613-3150 229-768-2445 229-768-2445 770-477-4572 770-477-4572 912-487-3656 912-487-3656 770-528-2312 770-528-2312 912-384-7018 912-384-7018 229-616-7415 229-616-7415 706-868-3355 706-868-3355 229-896-7925 229-896-7925 678-854-0015 LAMB DECLARATION Coweta County Registrar Coweta County Crawford County Elections Crawford County Crawford County Registrar Crawford County Crisp County Elections Crisp County Crisp County Registrar Crisp County Dade County Elections Dade County Dade County Registrar Dade County Dawson County Elections Dawson County Dawson County Registrar Dawson County Decatur County Elections Decatur County Decatur County Registrar Decatur County DeKalb County Elections DeKalb County DeKalb County Registrar DeKalb County Dodge County Elections Dodge County Dodge County Registrar Dodge County Dooly County Elections Dooly County Dooly County Registrar Dooly County Dougherty County Elections Dougherty County Dougherty County Registrar Dougherty County Douglas County Elections Douglas County Douglas County Registrar Douglas County Early County Elections Early County Early County Registrar Early County Echols County Elections Echols County Echols County Registrar Echols County Effingham County Elections Effingham County Effingham County Registrar Effingham County Elbert County Elections Elbert County Elbert County Registrar Elbert County Emanuel County Elections Emanuel County Emanuel County Registrar Emanuel County Evans County Elections Evans County Evans County Registrar Evans County Fannin County Elections Fannin County Fannin County Registrar Fannin County Fayette County Elections Fayette County Fayette County Registrar Fayette County Floyd County Elections Floyd County Floyd County Registrar Floyd County Forsyth County Elections Forsyth County Registrar Forsyth County Forsyth County 678-854-0015 478-836-1877 478-836-1877 229-276-2611 229-276-2611 706-657-8170 706-657-8170 706-344-3640 706-344-3640 229-243-2087 229-243-2087 404-298-4020 404-298-4020 478-374-3775 478-374-3775 229-268-9023 229-268-9023 229-431-3247 229-431-3247 770-920-7412 770-920-7412 229-723-4522 229-723-4522 229-559-7526 229-559-7526 912 754-8030 912 754-8030 706-283-2016 706-283-2016 478-237-3471 478-237-3471 912-739-4080 912-739-4080 706-632-7740 706-632-7740 770-305-5138 770-305-5138 706-291-5167 706-291-5167 770-781-2118 770-781-2118 LAMB DECLARATION Franklin County Elections Franklin County Franklin County Registrar Franklin County Fulton County Elections Fulton County Fulton County Registrar Fulton County Gilmer County Elections Gilmer County Gilmer County Registrar Gilmer County Glascock County Elections Glascock County Glascock County Registrar Glascock County Glynn County Elections Glynn County Glynn County Registrar Glynn County Gordon County Elections Gordon County Gordon County Registrar Grady County Elections Gordon County Grady County Grady County Registrar Grady County Greene County Elections Greene County Greene County Registrar Greene County Gwinnett County Elections Gwinnett County Gwinnett County Registrar Gwinnett County Habersham County Elections Habersham County Habersham County Registrar Habersham County Hall County Elections Hall County Hall County Registrar Hall County Hancock County Elections Hancock County Registrar Hancock County Haralson County Elections Haralson County Haralson County Registrar Haralson County Harris County Elections Harris County Hancock County Harris County Registrar Harris County Hart County Elections Hart County Registrar Hart County Hart County Heard County Elections Heard County Heard County Registrar Heard County Henry County Elections Henry County Henry County Henry County Registrar Houston County Elections Houston County Houston County Houston County Registrar Irwin County Elections Irwin County Irwin County Registrar Irwin County Jackson County Elections Jackson County Jackson County Registrar Jasper County Elections Jackson County Jasper County 706-384-4390 706-384-4390 706-384-4390 706-384-4390 706-635-4 763 706-635-4763 706-598-3241 706-598-3241 912-554-7063 912-554-7063 706-629-7781 706-629-7781 229-377-4621 229-377-4621 706-531-1108 706-531-1108 678-226-7231 678-226-7231 706-839-0170 706-839-0170 770-531-6945 770-531-6945 706-444-5259 706-444-5259 770-646-2010 770-646-2010 706-628-5210 706-628-5210 706-376-8911 706-376-8911 706-675-3353 706-675-3353 770-288-6448 770-288-6448 478-987-1973 478-987-1973 229-468-5894 229-468-5894 706-367-6377 706-367-6377 706-468-4903 LAMB DECLARATION Jasper County Registrar Jasper County Jeff Davis County Elections Jeff Davis County Jeff Davis County Registrar Jeff Davis County Jefferson County Elections Jefferson County Jefferson County Registrar Jefferson County Jenkins County Elections Jenkins County Jenkins County Registrar Jenkins County Johnson County Elections Johnson County Johnson County Registrar Johnson County Jones County Elections Jones County Jones County Registrar Jones County Lamar County Elections Lamar County Lamar County Registrar Lamar County Lanier County Elections Lanier County Lanier County Registrar Lanier County Laurens County Elections Laurens County Laurens County Registrar Laurens County Lee County Elections Lee County Lee County Registrar Lee County Liberty County Elections Liberty County Liberty County Registrar Liberty County Lincoln County Elections Lincoln County Lincoln County Registrar Lincoln County Long County Elections Long County Long County Registrar Long County Lowndes County Elections Lowndes County Lowndes County Registrar Lumpkin County Elections Lumpkin County Registrar Lowndes County Lumpkin County Lumpkin County Macon County Elections Macon County Macon County Registrar Macon County Madison County Elections Madison County Madison County Registrar Marion County Elections Madison County Marion County Marion County Registrar Marion County McDuffie County Elections McDuffie County McDuffie County Registrar McIntosh County Elections McDuffie County McIntosh County McIntosh County Registrar Meriwether County Elections Meriwether County Registrar McIntosh County Meriwether County Meriwether County 706-468-4903 912-375-6635 912-375-6635 478-625-8357 4 78-625-835 7 478-982-5581 478-982-5581 478-864-4019 478-864-4019 478-986-8234 4 78-986-8234 770-358-5235 770-358-5235 229-482-3668 229-482-3668 478-272-2566 478-272-2566 229-759-6002 229-759-6002 912-876-3310 912-876-3310 706-359-6126 706-359-6126 912-545-2234 912-545-2234 229-671-2850 229-671-2850 706-864-6279 706-864-6279 478-472-8520 478-472-8520 706-795-6335 706-795-6335 229-649-9838 229-649-9838 706-595-2105 706-595-2105 912-437-6605 912-437-6605 706-672-9433 706-672-9433 LAMB DECLARATION Miller County Elections Miller County Miller County Registrar Miller County Mitchell County Elections Mitchell County Registrar Mitchell County Mitchell County Monroe County Elections Monroe County Monroe County Registrar Monroe County Montgomery County Elections Montgomery County Montgomery County Registrar Montgomery County Morgan County Elections Morgan County Morgan County Registrar Morgan County 706-343-6311 Murray County Elections Murray County 706-517-1400 #7 Murray County Registrar Murray County 706-517-1400 #7 Muscogee County Elections Muscogee County 706-653-4392 Muscogee County Registrar Muscogee County 706-653-4392 Newton County Elections Newton County 678-625-1692 Newton County Registrar Newton County 678-625-1692 Oconee County Elections Oconee County 706-769-3958 Oconee County Registrar Oconee County 706-769-3958 Oglethorpe County Elections Oglethorpe County 706-7 43-5350 Oglethorpe County Registrar Paulding County Elections Oglethorpe County Paulding County Paulding County Registrar Paulding County Peach County Elections Peach County Peach County Registrar Pickens County Elections Peach County Pickens County Pickens County Registrar Pickens County Pierce County Elections Pierce County Pierce County Registrar Pierce County Pike County Elections Pike County 706-743-5350 770-443-7503 770-443-7503 478-825-3514 478-825-3514 706-253-8781 706-253-8781 912-449-2028 912-449-2028 770-567-8734 770-567-8734 770-749-2103 770-749-2103 478-783-2061 478-783-2061 706-485-8683 706-485-8683 229-334-2224 229-334-2224 706-782-1878 706-782-1878 Pike County Registrar Pike County Polk County Elections Polk County Registrar Polk County Pulaski County Elections Polk County Pulaski County Registrar Pulaski County Pulaski County Putnam County Elections Putnam County Putnam County Registrar Quitman County Elections Putnam County Quitman County Registrar Rabun County Elections Rabun County Registrar Randolph County Elections Quitman County Quitman County Rabun County Rabun County Randolph County 229-758-4110 229-758-4110 229-336-2018 229-336-2018 4 78-994-7036 4 78-994-7036 912-583-2681 912-583-2681 706-343-6311 855-782-6310 ext 5 LAMB DECLARATION Randolph County Registrar Randolph County 855-782-6310 ext 5 Richmond County Elections Richmond County 706-821-2340 Richmond County Registrar Richmond County 706-821-2340 Rockdale County Elections Rockdale County Rockdale County Registrar Rockdale County Schley County Elections Schley County Schley County Registrar Schley County Screven County Elections Screven County Screven County Registrar Screven County 770-278-7333 770-278-7333 229-93 7-2905 229-937-2905 912-564-2783 912-564-2783 Seminole County Elections Seminole County 229-524-5256 229-524-5256 770-467-4370 770-467-4370 706-886-8954 706-886-8954 Seminole County Registrar Seminole County Spalding County Elections Spalding County Spalding County Registrar Spalding County Stephens County Elections Stephens County Stephens County Registrar Stephens County Stewart County Elections Stewart County Stewart County Registrar Stewart County Sumter County Elections Sumter County Sumter County Registrar Sumter County Talbot County Elections Talbot County Talbot County Talbot County Registrar Taliaferro County Elections Taliaferro County Registrar Taliaferro County Taliaferro County Tattnall County Elections Tattnall County Tattnall County Registrar Tattnall County Taylor County Elections Taylor County Registrar Taylor County Taylor County Telfair County Elections Telfair County Telfair County Registrar Telfair County Terrell County Elections Terrell County Terrell County Registrar Terrell County Thomas County Elections Thomas County Registrar Tift County Elections Thomas County Thomas County Tift County Tift County Registrar Tift County Toombs County Elections Toombs County Toombs County Registrar Towns County Elections Towns County Registrar Toombs County Towns County Towns County 229-838-4682 ext 210 229-838-4682 ext 210 229-928-4580 229-928-4580 706-665-8270 706-665-8270 706-456-2253 706-456-2253 912-557-6417 912-557-6417 478-862-3997 478-862-3997 229-868-6038 229-868-6038 229-995-5066 229-995-5066 229-225-4101 229-225-4101 229-386-7915 229-386-7915 912-526-8226 912-526-8226 706-896-6920 706-896-6920 LAMB DECLARATION Treutlen County Elections Treutlen County Registrar Troup County Elections Troup County Registrar Turner County Elections Turner County Registrar Twiggs County Elections Twiggs County Registrar Treutlen County Treutlen County Troup County Troup County Turner County Turner County Union County Elections Union County Registrar Twiggs County Twiggs County Union County Union County Upson County Elections Upson County Upson County Registrar Walker County Elections Walker County Registrar Upson County Walker County Walker County Walton County Elections Walton County Registrar Walton County Walton County Ware County Elections Ware County Registrar Ware County Ware County Warren County Elections Warren County Registrar Washington County Elections Washington County Registrar Warren County Warren County Washington County Wayne County Elections Wayne County Wayne County Webster County Webster County Wheeler County Wheeler County Wayne County Registrar Webster County Elections Webster County Registrar Wheeler County Elections Wheeler County Registrar White County Elections White County Registrar Whitfield County Elections Whitfield County Registrar Wilcox County Elections Wilcox County Registrar Wilkes County Elections Wilkes County Registrar Wilkinson County Elections Wilkinson County Registrar Worth County Elections Worth County Registrar Washington County White County White County Whitfield County Whitfield County Wilcox County Wilcox County Wilkes County Wilkes County Wilkinson County Wilkinson County Worth County Worth County 912-529-3342 912-529-3342 706-883-17 45 706-883-1745 229-567-2909 229-567-2909 478-945-3639 478-945-3639 706-439-6041 706-439-6041 706-647-6259 706-647-6259 706-638-4349 706-638-4349 770-267-1337 770-267-1337 912-287-4363 912-287-4363 706-465-222 7 706-465-222 7 478-552-3304 478-552-3304 912-427-5940 912-427-5940 229-828-5775 229-828-5775 912-568-7133 912-568-7133 706-865-4141 706-865-4141 706-278-7183 706-278-7183 229-467-2111 229-467-2111 706-678-2523 706-678-2523 478-946-2188 478-946-2188 229-776-8208 229-776-8208 LAMB DECLARATION From: To: Cc: Subject: Date: Steven Dean James Christopher Gaddis William Moore; Stephen Craig Gay: Michael L. Barnes; Merle Steven King Next steps for elections.kennesaw.edu Thursday, March 2, 2017 1:32:27 PM c. Chris, is there any further data you need from the server for your investigation? Our next intention is to make a backup of the affected files and remove them from the server. This would only affect files in the county folders, not log files are and config files. After that we will reach out to have the security of the server assessed by your group so that we may bring it back online without any previously vulnerable links. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 LAMB DECLARATION From: To: Cc: Subject: Date: Stephen Craig Gav mbeaver@sos.ga.gov Lectra Lawhorne; Michael L. Barnes Plan of action for the passing of data Wednesday, March 22, 2017 6:25:02 PM Merritt, Thank you for the conversation regarding the ExpressPoll file pickup and discussion on getting the processed data back to your office. Looking over my notes, I have the following plan of action from our discussion: Objective: KSU will use the Secretary of State SFTP server to upload the data moving forward, after which members of your team will coordinate the distribution to the counties which require the data. Tasks: - Remove all users/rights with the current KSU folder on the Secretary of State SFTP Server and provision new accounts for specified users (Likely SDean, MFiguero, CDehner) - Work with Chris Dehner, in the UITS Information Security Office, to share and validate SFTP certificate for server. - Work with Chris Dehner and members of CES to develop process for file transfer, account password expiration, and archiving of file and associated password sharing - Chris Dehner will work with Steven and Jason on selecting the archive software client, SFTP client and validating the functionality - Test the clients and processes, and resolve any challenges. If you could send me the contact information for James and Stephen on your team I will share with the team and ask that they connect 1st thing tomorrow. I don't want to be a roadblock to these tasks and progress, but will check-in on the progress and will be available to assist as needed. Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: ( 470) 578-6620 Fax: ( 470) 578-9050 sgay@kennesaw.edu LAMB DECLARATION From: To: Cc: Subject: Date: Stephen Craig Gay Steven Jay Dean Michael L. Barnes; Christopher Michael Dehner Question regarding private network Friday, June 23, 2017 7:24:59 AM Steven, Quick question: In preparation for next week's infrastructure meeting regarding the devices on the CES private network, I was curious how many of these devices allow for us to update or modify them? For example, the 16 Card Duplicators are likely dictated by the Secretary of State's Office and I would assume that there are other devices in this same scenario (GEMS server), but which devices could allow us to install local firewalls or run the latest version of operating software (Windows file server perhaps)? Thanks, Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu LAMB DECLARATION To: Stephen Craig Gay Michael L. Barnes Subject: Date: Re: Center for Election Systems Contract FY"17 Tuesday, March 7, 2017 9:32:10 AM From: Thanks Michael. Stephen Sent from Nine From: Michael Barnes Sent: Mar 7, 2017 8:57 AM To: 'Stephen C. Gay' Subject: Center for Election Systems Contract FY' 17 Stephen, Here is our current contract with the Secretary of State's office. The content of the contract hasn't really changed since 2012 or so. Michael Barnes Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, GA 30144 ph: 470-KSU-6900 fax: 470-KSU-9012 LAMB DECLARATION From: To: Cc: Subject: Date: Attachments: Christopher Dehner Davide Gaetano Casey Darrow; Stephen Gay: Chris Gaddis RE: CES Network Assessment Meeting Notes 6/26 Wednesday, July 19, 2017 1:29:00 PM CES Network surplus milestones.xlsx Davide, I think we're ready to make the final push on closing the CES AAR recommendations. All we have left is the imaging and transference of services of the two Dell PowerEdge R630s (both in CES private network data center) and the replacement of the UPSs. Per our conversations, one server is for DC/NAS and the other for Epic. I checked with Steven Dean and both servers not running any services so we can begin as soon as possible without impacting their services. The UPSs were ordered last week and we are waiting on delivery. I've included the project milestones and suggested due dates. If these due dates are not feasible, please provide alternative dates. If you have any questions, please feel free to reach out. Regards, Chris From: Christopher Michael Dehner Sent: Friday, July 7, 2017 11:16 AM To: Davide Gaetano Cc: Casey Darrow ; Stephen Craig Gay ; James Christopher Gaddis Subject: Fw: CES Network Assessment Meeting Notes 6/26 Davide, I am reseeding this email because for some reason, it was sent to a dgaetano@students.kennesaw.edu account. Per your instructions regarding the reimaging and installation of the CES server, we DBAN'd the hard drives and delivered the server to TS023. The server is a Dell PowerEdge R610 (Asset Tag: 103019). When it is ready for racking in the CES private network, please let me know and I'll coordinate with the Steven Dean. Regards, Chris LAMB DECLARATION From: Christopher Michael Dehner Sent: Tuesday, June 27, 2017 5:22 PM To: Stephen Craig Gay; Nickolaus E Hassis; Jason Stephen Figueroa; Steven Jay Dean; Michael L. Barnes; Davide F Gaetano Subject: CES Network Assessment Meeting Notes 6/26 CES Network Assessment 6/27/17 4:00PM-5:lSPM Attendees: Nick Hassis, Stephen Gay, Jason Figuera, Steven Dean, Michael Barns, Davide Gaetano Notes: CES - is most secure network at KSU, making it more secure 9/10 AAR items closed - Final item: Private Network Inventory Goal: Reduce number of devices on private network IMI Card Duplicators also act as data extractor to private network NAS Reconciled Windows XP devices not captured by network scan GEMS services dependent on .NET version found on WinXP Davide - Can GEMS services be virtualized to work on Win? or WinlO? Steven - Not certain Stephen: Can we use local authentication instead of domain controller? Davide: Put domain controllers on Epic and NA Cellular dialer to send syslog, environment, arpwatch alerts & GPS updates for time keeping. New Epic and New NAS servicers will also be domain controllers Cycle hard drive backups to fireproof safe in Secure Storage Davide suggestions: • Physically label computers if on private network • Add distance between private and public network devices • Replace wifi access point, create new ssid for only CES • Arpwatch box for public and private networks to prevent network crossovers • Put CES behind a firewall - force denial and whitelist Action Items: CES IT • Confirm printer has unnecessary services disabled • Work with vendor on upgrading Epic to more current version of Windows Server UITS • Build new XP image • Windows 10 build for audio box LAMB DECLARATION • Migrate data from Poweredge 1900 to Server TBD and decommission box • Spin up new servers • Collaborate with CES on transferring services to new servers • Chris: Connect with Jonathan on new APCs • Chris: Wipe R610 server, deliver to Davide & Casey for install • Chris Schedule update meetings for CES Network Updates (include Casey, Jonathan, and GJ) Christopher Dehner, CISA IT Security Professional Ill Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 027 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: 470-578-6620 Fax: 470-578-9050 cmd9090@kennesaw.edu LAMB DECLARATION From: To: Cc: Subject: Date: Christopher Dehner Stephen Gay Michael Barnes; Steven Dean: Jason Fiqueroa Re: CES server surplus Wednesday, August 9, 2017 3:S4:39 PM Stephen, I'm happy to report that the remaining two servers on the AAR were delivered to ITIM and the hard drives were degaussed three times. Additionally, I followed up with Jonathan on replacing the old UPSs with the new ones. Regards, Chris From: Stephen Gay Sent: Wednesday, August 9, 2017 11:32 AM To: Christopher Dehner; Steven Dean; Jason Figueroa Cc: Michael Barnes; Lectra Lawhorne Subject: Re: CES server surplus Chris, This is fantastic news. Great work to all parties on closing the final recommendation from the incident after action report. In your service, Stephen. Sent from Nine From: Christopher Dehner Sent: Aug 9, 2017 11:24 AM To: Steven Dean; Jason Figueroa Cc: Michael Barnes; Stephen Gay Subject: CES server surplus Fellas, I will arrive at the center around 1:30 today to pick up the old DC. I will also get the old unicoi server from secure storage. Additionally, I sent in a service ticket for this request. Regards, LAMB DECLARATION Chris Get LAMB DECLARATION Cc: Stephen Gay Christopher Dehner; Steven Dean; Jason Figueroa Michael Barnes; Lectra Lawhorne Subject: Date: Re: CES server surplus Wednesday, August 9, 2017 11:32:38 AM From: To: Chris, This is fantastic news. Great work to all parties on closing the final recommendation from the incident after action report. In your service, Stephen. Sent from Nine From: Christopher Dehner Sent: Aug 9, 2017 11:24 AM To: Steven Dean; Jason Figueroa Cc: Michael Barnes; Stephen Gay Subject: CES server surplus Fellas, I will arrive at the center around 1:30 today to pick up the old DC. I will also get the old unicoi server from secure storage. Additionally, I sent in a service ticket for this request. Regards, Chris Get Outlook for Android LAMB DECLARATION From: To: Steven Dean Cc: Subject: Date: Marje! Louise Fox Steven Jay Dean; Stephen Craig Gay Re: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Wednesday, March 15, 2017 4:31:54 PM Thank you for your time the other day, Mariel, it was very helpful. I look forward to speaking again about this soon. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Mar 15, 2017, at 4:27 PM, Mariel Fox wrote: Steven, I just learned that Stephen Gay will be providing direction and guidance concerning your inquiry about records retention/data storage policies and issues. I'm sure we'll be working together more closely in the future. Thanks for bringing up these important issues! Regards, Mariel Fox Director, Records & Information Management Museums, Archives & Rare Books (MARB) LB 216 MD 1704 Direct: 470-578-2225 Main: 470-578-6289 ----- Forwarded Message ----From: "JeffMilsteen" To: "Steven Dean" Cc: "Mariel Fox" Sent: Friday, March 10, 2017 1:38:30 PM Subject: Re: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Steven, Mariel forwarded your inquiry to me. I believe there are a number of issues here that will require some additional work. For example, some of the data maintained by the Center is, by contract, property of the Secretary of State. That data would be subject to the Secretary of State's records retention policies and presumably LAMB DECLARATION those records should either be returned to the SOS Office or, if appropriate, destroyed at their direction and pursuant to their policies. All other records of the Center would be subject to the retention policies of KSU and Mariel can probably help you with existing retention guidelines. The trick, of course, is to correctly identify and categorize those records. I was not clear what was being asked with respect to FOIA requests. If the Center receives any open records requests, those should immediately be forwarded to the Legal Division for review. The requests themselves, like all other official records of the university, are subjection to our retention guidelines. I hope this helps. If you have additional questions, please let me know. Thanks. Jeff Milsteen Chief Legal Affairs Officer ----- Original Message ----From: "Mariel Fox" To: "JeffMilsteen" Sent: Friday, March 10, 2017 9:26:22 AM Subject: Fwd: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Jeff, This request (see below) for advice came from Steven Dean (sdean29@kennesaw.edu), IT Systems Support at the Center for Election Systems. I spoke to him on the phone concerning what types of records to keep and how long to keep them, directing him to the State of Georgia retention schedules on the Georgia Archives website. As to his question about FOIA requests, I said that for KSU open records requests, those are handled by Legal Affairs. But for the Center's records, I did not know. I told him I would forward this question to you. Please let me know if you have any questions, of if you have any suggestions on how to handle such inquiries in the future. Thank you! Mariel Fox Director, Records & Information Management Museums, Archives & Rare Books (MARB) LB 216 MD 1704 Direct: 470-578-2225 Main: 470-578-6289 LAMB DECLARATION ----- Forwarded Message ----From: stevendean@kennesaw.edu To: "records2go" Sent: Thursday, March 9, 2017 1:58:52 PM Subject: CONSULTATION REQUEST from Steven Dean, Kennesaw Campus Date Available for Consultation: REQUESTED BY: Steven Dean No in-person consolation needed. Phone# 470-578-2120 Campus: Kennesaw Department: Center for Election Systems Office Location: House 3205 Advice requested for: Myself and my supervisor or manager. Need advice on: ['Which records do we need to keep?', 'How long do we need to keep records?', 'Do we need to keep both hard copy and digitial files?', 'What are our records responsibilities?', 'Topic not listed above. Describe in comments.'] Additional comments: In writing new policies for data storage for the Center, I'd like to see your written policies for data storage periods as relating to FOIA requests. Preferred communication method: Email. LAMB DECLARATION From: To: Subject: Date: Ware, William D. II (AT) (FBI) Stephen Craig Gay RE: Investigative update Tuesday, March 14, 2017 9:02:53 AM Hi Stephen, Sorry for the late reply. The investigation is moving along. We are reviewing the logs and issuing legal process. The legal process is what will take the longest. It could take from two weeks to a month depending on the Internet Service Provider. Thanks, SA Davey Ware FBI - Atlanta Division 2635 Century Parkway, NE Suite 400 Atlanta, GA 0: 404-679-6126 C: 404-520-3342 F: 404-679-1417 From: Stephen C. Gay [mailto:sgay@kennesaw.edu] Sent: Monday, March 13, 2017 7:59 AM To: Ware, William D. II (AT) (FBI) Subject: Investigative update Agent Ware, Good Monday morning. I wanted to take a moment to reach out to ask for an update on the status of the investigation. If there is anything at all we can do to assist please let me know. Thank you, Stephen Sent from Nine LAMB DECLARATION From: To: Cc: Subject: Date: Koonce, Steven Christopher Michael Dehner Oliver. James; Stephen Craig Gay; Steven Jay Dean; Jason Stephen Figueroa; James Christopher Gaddis RE; KSU Account Creation and SFrP Key Management Friday, March 24, 2017 11:47:05 AM Our current FTP server uses FTPS (also known as FTP with SSL). Whether we remain on the existing server or stand up a new server, the FTP accounts we are setting up will use a secure protocol, most likely FTPS. -----Original Message----From: Christopher M. Dehner [mailto:cmd9090@kennesaw edu] Sent: Friday, March 24, 2017 11 :42 AM To: Koonce, Steven Cc: Oliver, James ; sgay ; Steven Dean ; Jason Figueroa ; jgaddis6 Subject: Re: KSU Account Creation and SFTP Key Management Steven, Just a quick point of clarification, when referring to FTP in your email, are you including SFTP or FTPS in your conversations? Per USG Policy and information security best practices, KSU don't allow straight FTP transfers. External file transfers are managed through SFTP or FTPS. Can you confirm that we'll be using SFTP or FTPS to manage these transfers. Regards, Christopher Dehner, CISA IT Security Professional III Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 027 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: 470-578-6620 Fax: 470-578-9050 cmd9090@kennesaw.edu ----- Original Message ----From: "Koonce, Steven" To: "Christopher M. Dehner" Cc: "Oliver, James" , "sgay" , "Steven Dean" , "Jason Figueroa" , "jgaddis6" Sent: Friday, March 24, 2017 11 :33:01 AM Subject: RE: KSU Account Creation and SFTP Key Management We are having an Internal IT meeting Monday to review governance of our FTP site and to decide if a separate FTP server will be used for Elections processes. I am going to work on the accounts below this afternoon so that they will be ready to go on Monday provided we have no significant changes in our FTP Infrastructure. -----Original Message----From: Christopher M. Dehner [majJto·cmd9090@kennesaw.edu] Sent: Friday, March 24, 2017 11 :23 AM LAMB DECLARATION To: Koonce, Steven Cc: Oliver, James ; Stephen C. Gay ; Steven Dean ; Jason Figueroa ; Chris Gaddis Subject: KSU Account Creation and SFTP Key Management Steven, My name is Christopher Dehner and I work in the KSU Information Security Office. I've been tasked to cooridnate with you on creating accounts for KSU Center for Elections Systems technicians in the Secretary of State's SFTP server. We would like the following users added: Steven Dean Jason Figueroa Christopher Dehner I would like to have my account disabled but still in the system. This will allow us to reactivate the account ifmy support is needed. Additionally, are you able to accommodate specific password requirements (length, special characters, annual expiration, etc.). If at all possible, we would like to align it with our institutional practices. If not, we can discuss this further. After the accounts are provisioned but before any data transfers, we would like to validate the SFTP encryption key. Based on our understanding, we'll need to make a connection and have you provide the key which we can validate against the SFTP client. This would probably be best done over the phone. If you have an alternative method of key validation, we'll be happy to discuss. We're looking forward to patterning with your office in building secures processes for data transfers. If you have any additional questions, comments, or concerns, please feel free to reach out. Warmest Regards, Christopher Dehner, CISA IT Security Professional III Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 027 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: 470-578-6620 Fax: 470-578-9050 cmd9090@kennesaw.edu LAMB DECLARATION From: To: Cc: Subject: Date: Christopher Michael Dehner Casey Darrow Stephen Craig Gay; Chase Alexander Elliott; Freddie Lewis Re: New server and share Tuesday, March 21, 2017 3:09:44 PM Casey, We would like this only accessible on-campus from the following subnet: 10.62.44.0/24 (House 57) Additionally, we would like all off-campus traffic prohibited. If you need anything else, just let me know. Regards, Christopher Dehner, CISA IT Security Professional III Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 027 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: 470-578-6620 Fax: 470-578-9050 cmd9090@kennesaw.edu ----- Original Message ----From: "Casey Darrow" To: "Christopher M. Dehner" Cc: "sgay" , "Chase Elliott" , "Freddie Lewis" Sent: Tuesday, March 21, 2017 2:44:04 PM Subject: Re: New server and share Thanks! Casey Darrow Director of Windows Server and Infrastructure University Information Technology Services Kennesaw State University Phone 470-578-2634 From: "Christopher M. Dehner" To: "cdarrow" Cc: "Stephen C Gay" , "Chase Elliott" , "Freddie Lewis" Sent: Tuesday, March 21, 2017 2:43:28 PM Subject: Re: New server and share Casey, LAMB DECLARATION I'll co-ordinate with CFES technicians, let me gather that information and get back to you. Christopher Dehner, CISA IT Security Professional III Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 027 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone:470-578-6620 Fax: 470-578-9050 cmd9090@kennesaw.edu ----- Original Message ----From: "Casey Darrow" To: "Christopher M. Dehner" Cc: "sgay" , "Chase Elliott" , "Freddie Lewis" Sent: Tuesday, March 21, 2017 2:37:47 PM Subject: Re: New server and share Chris, Can you get us the firewall rules we that are needed? We just need to know what exact IP or what subnets need to access this fileshare. Or should we work directly with Steven Dean on this? Thanks, Casey Casey Darrow Director of Windows Server and Infrastructure University Information Technology Services Kennesaw State University Phone 470-578-2634 From: "Stephen C Gay" To: "Steven Dean" Cc: "Steven Dean" , "Jason Figueroa" , "Christopher M. Dehner" , "Chase Elliott" , "cdarrow" Sent: Tuesday, March 21, 2017 11:14:06 AM Subject: Re: New server and share Steven, I would like for us to have all safeguards in place before CES begins using the server in a production sense. Chris Dehner is CC'd on this email and, by copy, I'll ask him to coordinate between the WinServ team and CES on making this a priority Stephen C Gay CISSP CISA KSU Chieflnformation Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University LAMB DECLARATION Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu ----- Original Message ----From: "Steven Dean" To: "Stephen C Gay" Cc: "Steven Dean" , "Jason Figueroa" <:jfigue12@kennesaw.edu>, "cmd9090" , "Elliott Chase" , "Casey Darrow" Sent: Tuesday, March 21, 2017 11:04:04 AM Subject: Re: New server and share Stephen, thank you. Can we begin using this share today to host our project tracker and inventory lists? Or do we need to wait for the firewall changes? Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 > On Mar 21, 2017, at 7:44 AM, Stephen C. Gay wrote: > > Steven and Jason, > > The WinServ team has provisioned a new server dedicated to CES and created a file share which is locked down to the list of users in the center. The path to the share is > > \\FS-ES.kennesaw.edu\shared > > As we discussed on Friday, I'd like to use a host-based firewall on the server to only allow traffic from the CES network and the UITS network (for management). As I get more information I'll pass along. > > Stephen LAMB DECLARATION From: To: Cc: Subject: Date: Beaver, Merritt Stephen Craig Gay: Koonce. Steven; Oliver. James Lectra Lawhorne; Michael L. Barnes RE: Plan of action for the passing of data Thursday, March 23, 2017 10:24:00 AM Stephen I would like to tie in both Steven Koonce, one of our Network administrators and James Oliver, our security manager. See their emails attached. I talked with my team and our election"s team and we would like to just create a new set of SFTP folders for this effort. The old folder was set up the exchange sample ballot forms and we would like to not repurpose that folder for this new use. There will be a need for KSU to upload files to SOS and also for SOS to send files to KSU. We are suggesting that we have two folders to serve each of these purposes. Both of these folders will only hold data for 30 days and after that time any files left will be automatically deleted as these will be transfer folders only. I will let Steven and James work with your team to best set this environment up. Thanks Merritt S. Merritt Beaver Chief Information Officer Office of Georgia Secretary of State Brian P. Kemp Office (404) 656-7744 Mobile: (770)330-0016 mbeaver@sos.ga.gov -----Original Message----From: Stephen C. Gay [majjto·sgay@kennesaw.edu] Sent: Wednesday, March 22, 2017 6:25 PM To: Beaver, Merritt Cc: Lectra Lawhorne ; Michael Barnes Subject: Plan of action for the passing of data Merritt, Thank you for the conversation regarding the ExpressPoll file pickup and discussion on getting the processed data back to your office. Looking over my notes, I have the following plan of action from our discussion: Objective: KSU will use the Secretary of State SFTP server to upload the data moving forward, after which members of your team will coordinate the distribution to the counties which require the data. Tasks: - Remove all users/rights with the current KSU folder on the Secretary of State SFTP Server and provision new accounts for specified users (Likely SDean, MFiguero, CDehner) - Work with Chris Dehner, in the UITS Information Security Office, to share and validate SFTP certificate for server. - Work with Chris Dehner and members ofCES to develop process for file transfer, account password expiration, and archiving of file and associated password sharing - Chris Dehner will work with Steven and Jason on selecting the archive software client, SFTP client and validating the functionality - Test the clients and processes, and resolve any challenges. LAMB DECLARATION If you could send me the contact information for James and Stephen on your team I will share with the team and ask that they connect 1st thing tomorrow. I don't want to be a roadblock to these tasks and progress, but will check-in on the progress and will be available to assist as needed. Stephen C Gay CISSP CISA KSU Chieflnformation Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (4 70) 578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu LAMB DECLARATION From: To: Subject: Date: Michael L. Barnes Stephen Craig Gay Re: Plan of action for the passing of data Wednesday, March 22, 2017 6:26:57 PM Thank you jumping on this quickly. Michael Barnes Director Center for Election Systems 3205 Campus Loop Road Kennesaw State University Kennesaw, GA 30144 ph: 470-578-6900 On Mar 22, 2017, at 6:25 PM, Stephen C. Gay wrote: Merritt, Thank you for the conversation regarding the ExpressPoll file pickup and discussion on getting the processed data back to your office. Looking over my notes, I have the following plan of action from our discussion: Objective: KSU will use the Secretary of State SFTP server to upload the data moving forward, after which members of your team will coordinate the distribution to the counties which require the data. Tasks: - Remove all users/rights with the current KSU folder on the Secretary of State SFTP Server and provision new accounts for specified users (Likely SDean, MFiguero, CDehner) - Work with Chris Dehner, in the UITS Information Security Office, to share and validate SFTP certificate for server. - Work with Chris Dehner and members of CES to develop process for file transfer, account password expiration, and archiving of file and associated password sharing - Chris Dehner will work with Steven and Jason on selecting the archive software client, SFTP client and validating the functionality - Test the clients and processes, and resolve any challenges. If you could send me the contact information for James and Stephen on your team I will share with the team and ask that they connect 1st thing tomorrow. I don't want to be a roadblock to these tasks and progress, but will check-in on the progress and will be available to assist as needed. Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University LAMB DECLARATION Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu LAMB DECLARATION From: To: Cc: Subject: Date: Michael L Barnes Christopher Michael Dehner Steven Jay Dean; Stephen Craig Gay Re: Question Wednesday, March 29, 2017 12:10:55 PM Will do. Thank you. Michael Barnes Director Center for Election Systems 3205 Campus Loop Road Kennesaw State University Kennesaw, GA 30144 ph: 470-578-6900 On Mar 29, 2017, at 12:10 PM, Christopher M. Dehner wrote: Michael, From a security perspective we don't have an issue with sending a sample ballot via email, as it contains no confidential data. I would advise to double check with the SoS investigator that this is their preferred method of transmission. As we continue to collaborate with the SoS IT department, we can standardize and document these processes. Regards, Christopher Dehner, CISA IT Security Professional III Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 027 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: 470-578-6620 Fax: 470-578-9050 cmd9090@kennesaw.edu ----- Original Message ----From: "Michael Barnes" To: "Christopher M. Dehner" Cc: "Steven Dean" Sent: Wednesday, March 29, 2017 11:12:29 AM Subject: Question LAMB DECLARATION EXHIBIT From: Merle S. King mking@kennesaw.edu Subject: Date: To: Cc: Re: PII found on unicoi.kennesaw.edu (only open to the KSU network) March 4, 2017 at 6:17 PM Lectra Lawhorne llawhorn@kennesaw.edu Stephen C. Gay sgay@kennesaw edu, Michael Barnes mbarne281'ilkennesa·Nedu, sdean29@kennesaw.edu Working on it now Merle S. King Executive Director Center for Election Systems 3205 Campus Loop Road; MD#5700 Kennesaw State University Kennesaw, GA 30144 Voice: 470-578-6900 Fax: 470-578-9012 On Mar 4, 2017, at 5:51 PM, Lectra Lawhorne wrote: Stephen, Please call me. Lee On Mar 4, 2017, at 5:48 PM, Stephen C. Gay <§g§'{@kennesaw.edu> wrote: Michael, Please see below. Can you please shut this server down until we have a chance to meet on Monday to discuss the Center's needs and how best we can work together to meet them? Could you please send conformation of shutdown when completed. Thank you, Stephen Sent from Nine From: William C. Moore Sent: Mar 4, 2017 5:44 PM To: Stephen Gay Cc: Chris Gaddis Subject: Fwd: PII found on unicoi.kennesaw.edu (only open to the KSU network) Stephen The Core Team is reporting that the Center if Elections server unicoi.kennesaw.edu has files containing PII. One file potentially has 5. 7 records and is suspected to be files from 2010. Tt1e server is currently only available from the campus network. We however recommend that the server be removed from the network until all PII data can be secured or removed and verified by the ISO Bill William C Moore II CISSP, MEd MLIS Associate Executive Director LAMB DECLARATION Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg Rm 031 1075 Canton Pl Kennesaw. GA 30144 Tel 470-578-6620 Fax 678-915-4940 wcmoore@kennesaw.edu Begin forwarded message From: Chris Gaddis Date: March 4, 2017 at 17:32:24 EST To: "William C. Moore" Subject: PII found on unicoi.kennesaw.edu (only open to the KSU network) Bill, I noticed that CES brought up Unicoi on Friday (I think its their backup server). Regardless I ran a spider tool on it and found a number of files listed since directory listing is enabled. The top file on this list has 5.7 million records of PII. The rest have a variety of different types of data and some may be completely fine to keep open to the public. Please note that this server is ONLY open to the KSU network but even still this type of PII should not be open to the KSU network in any form without authentication. httQ://unicoi.kennesawedu/sites/default/files/vendors/ESandS/Primary 201 a.zip <---- main concern httQ://unicoi.kennesaw.edu/sites/default/files/mQearso9/ExQressPoll/L&AFiles/PollData.db3 httQ://unicoi.kennesaw.edu/sites/default/files/ExQressPoll L&A/Pol1Data.db3 httQ://unicoi.kennesaw.edu/sites/default/files/ExQressPoll L&A/muni/Pol1Data.db3 httQ://unicoi.kennesaw.edu/sites/default/files/SoS Audio Proof/May 24 Primary/HD68 Audio.zip httQ://unicoi.kennesaw.edu/sites/default/files/SoS Audio Proof/May 24 Primary/022 - Carroll.zip httQ://unicoi.kennesaw.edu/sites/default/files/SoS Audio Proof/May 24 Primary/048 - Douglas.zip http ://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-10-N P-FB. Qdf httQ://unicoi. kennesaw. edu/sites/default/files/ceswebadmin/Proof/Ballots/1-100-N P-FB.Qdf httQ://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/001.Qdf httQ://u nicoi .kennesaw. edu/sites/default/files/ceswebadmin/ballotQroof/1-275-NP-FB. pdf httQ ://u n icoi. kennesaw. edu/sites/default/files/ceswebadmin/1-10-N P-FB. pd! http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Bal1otsNote Centers with Cards.pd! http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/Sign Off Sheet - Ballot Proofs.pd! http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/1-50-NP-FB.pdf http ://u n icoi. ken nesaw. edu/sites/defau It/Ii les/mpearso9 /Proof /Bal lots/Bal lot Order. pdf httQ://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/1-40-NP-FB.pdf httQ://unicoi.kennesaw.edu/sites/default/files/mQearso9/Proof/Ballots/1-30-NP-FB.pdf httQ://unicoi.kennesaw.edu/sites/default/files/mQearso9/Proof/Ballots/1-20-NP-FB.Qdl http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/1-10-N P-FB. pd! http://unicoi.kennesaw.edu/sites/defau1t/files/mpearso9/Proof/Audio/Sign Off Sheet - Audio Review.pd! http://unicoi.kennesaw.edu/sites/delault/files/ExpressPoll L&A/muni/Reporting Precincts with Cards.pd! httQ://unicoi.kennesaw.edu/sites/delault/files/ExpressPoll L&A/Reporting Precincts with Cards.pd! http://unicoi.kennesaw.edu/sites/delault/files/Documents/Summary Statistics.pd! httQ://u nicoi.kennesaw. edu/sites/default/files/ceswebadmin/Proof/Ballots/1-90-N P-FB.pdf httQ://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/BallotsNote Centers with Cards.pd! http://unicoi. kennesaw. edu/sites/defau lt/files/ceswebadmin/Proof/Ballots/1-80-N P-FB.pdf http ://un icoi.kennesaw. edu/sites/default/files/ceswebadmin/Proof/Ballots/1-70-N P-FB.Qdf http://unicoi.kennesaw.edu/sites/defaultlfiles/ceswebadmin/Proof/Ballots/Sign Off Sheet - March 15, 2011 Proofs.pd! http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/Ballot Order.pd! httQ://un icoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-60-N P-FB. Qdf httQ://unicoi. kennesaw.edu/sites/default/fi les/ceswebadmin/Proof/Ballots/1-50-N P-FB.pdf httQ ://unicoi. kennesaw. edu/sites/default/files/ceswebadmin/Proof/Ballots/1-40-N P-FB. pdf httQ://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-30-NP-FB.Qdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-20-NP-FB.pdf http ://unicoi. ken nesaw.edu/sites/defaultlfiles/ceswebadmin/Proof/Ballots/1-170-NP-FB. pdf http ://unicoi. ken nesaw.edu/sites/defau ltlfiles/ceswebadmin/Proof/Ballots/1-160-NP-FB. pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-140-N P-FB. pd! httQ://un icoi. kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-130-N P-FB. Qdf httQ ://u n icoi. kennesaw. edu/sites/default/fi les/ceswebadmin/Proof/Ballots/1-120-N P-FB.pdf httQ ://u n icoi.kennesaw. edu/sites/default/files/ceswebadmin/Proof/Ballots/1-110-NP-FB. Qdf Let me know if you have any questions about this. LAMB DECLARATION Thanks, Chris Chris Gaddis SSCP Information Security Engineer Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 029 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 USA Phone: (470) 578-6620 Fax: (470) 578-9050 jgaddis6@kennesaw.edu LAMB DECLARATION Michael Barnes From: Sent: To: Cc: Subject: Stephen Craig Gay Saturday, March 04, 2017 5:49 PM Michael L. Barnes Lectra Lawhorne; Merle Steven King Fw: PII found on unicoi.kennesaw.edu (only open to the KSU network) Michael, Please see below. Can you please shut this server down until we have a chance to meet on Monday to discuss the Center's needs and how best we can work together to meet them? Could you please send conformation of shutdown when completed. Thank you, Stephen Sent from Nine From: William C. Moore Sent: Mar 4, 2017 5:44 PM To: Stephen Gay Cc: Chris Gaddis Subject: Fwd: PII found on unicoi.kennesaw.edu (only open to the KSU network) Stephen The Core Team is reporting that the Center if Elections server unicoi.kennesaw.edu has files containing PII. One file potentially has 5. 7 records and is suspected to be files from 2010. The server is currently only available from the campus network. We however recommend that the server be removed from the network until all PII data can be secured or removed and verified by the ISO. Bill William C. Moore II CISSP, MEd,MLIS Associate Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg. Rm 031 1075 Canton Pl Kennesaw, GA 30144 Tel: 470-578-6620 1 LAMB DECLARATION Fax: 678-915-4940 wcmoore@kennesaw.edu Begin forwarded message: From: Chris Gaddis Date: March 4, 2017 at 17:32:24 EST To: "William C. Moore" Subject: PII found on unicoi.kennesaw.edu (only open to the KSU network) Bill, I noticed that CES brought up Unicoi on Friday (I think its their backup server). Regardless I ran a spider tool on it and found a number of files listed since directory listing is enabled. The top file on this list has 5. 7 million records of PII. The rest have a variety of different types of data and some may be completely fine to keep open to the public. Please note that this server is ONLY open to the KSU network but even still this type of PII should not be open to the KSU network in any form without authentication. http://unicoi .kennesaw .edu/sites/default/fi les/vendors/ESandS/Primary 2010 .zip <---- main concern http://unicoi.kennesaw.edu/sites/default/files/mpearso9/ExpressPo11/L&AFiles/Pol1Data.db3 http ://unicoi .kennesaw .edu/sites/default/files/ExpressPo 11 L&A/Po 11Data.db3 http://unicoi.kennesaw.edu/sites/default/files/ExpressPolI L&A/muni/Pol!Data.db3 http://unicoi.kennesaw.edu/sites/default/files/SoS Audio Proof/May 24 Primary/HD68 Audio.zip http://unicoi.kennesaw.edu/sites/default/files/SoS Audio Proof/May 24 Primary/022 - Carroll.zip http://unicoi.kennesaw.edu/sites/default/files/SoS Audio Proof/May 24 Primary/048 Douglas.zip http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-10-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-1 00-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/OO l .pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/bal lotproof/ 1-2 75-NP-FB. pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/l-l 0-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/fi les/mpearso9 /Proof/Ballots/Vote Centers with Cards.pdf http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/S ign Off Sheet - Ballot Proofs.pdf http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ba11ots/1-50-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/Ballot Order.pdf http://un icoi.kennesaw .edu/sites/default/files/mpearso9 /Proof/Ballots/l -40-NP-FB .pdf http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/l-30-NP-FB.pdf http://unicoi.kennesaw.edu/ sites/default/files/mpearso9 /Proof/Ballots/ 1-20-NP-FB. pdf http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/l- l 0-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Audio/Sign Off Sheet - Audio Review.pdf http://unicoi.kennesaw.edu/sites/default/files/ExpressPoll L&A/muni/Reporting Precincts with Cards.pdf http://unicoi.kennesaw.edu/sites/default/files/ExpressPoll L&A/Reporting Precincts with Cards.pd[ http://unico i.kennesaw .edu/sites/default/files/Documents/Summary Statistics. pdf 2 LAMB DECLARATION http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-90-NP-FB.pdf http ://uni coi .kennesaw .edu/sites/default/files/ceswebadmin/Proof/Bal lots/Vote Centers with Cards.pd[ http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-80-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-70-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/Sign Off Sheet - March 15, 2011 Proofs.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/Ballot Order.pd[ http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-60-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-50-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-40-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-30-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-20-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-l 70-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-l 60-NP-FB.pdf http://unicoi .kennesaw .edu/sites/default/files/ceswebadmin/Proof/Ballots/1-140-NP-FB. pdf http://unico i.kennesaw .edu/sites/default/fi !es/ceswe badmin/Proof/Ballots/1-13 0-NP-F B. pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-l 20-NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-l l 0-NP-FB.pdf Let me know if you have any questions about this. Thanks, Chris Chris Gaddis SSCP Information Security Engineer Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 029 I 075 Canton Pl, MB #3503 Kennesaw, GA 30144 USA Phone: (470) 578-6620 Fax: (470) 578-9050 jgaddis6@kennesaw.edu 3 LAMB DECLARATION Michael Barnes From: Sent: To: Cc: Subject: Merle Steven King Sunday, August 28, 2016 3:56 PM Steven Jay Dean; Jason Stephen Figueroa Michael L. Barnes Fwd: [IMPORTANT] concerning the security of elections.kennesaw.edu Steven and Jason - Please review this email and advise. Sooner is better than later. Thanks, MSK From: "Logan Lamb" To: "Merle King" Cc: research@bastille.net Sent: Sunday, August 28, 2016 3:47:50 PM Subject: [IMPORTANT] concerning the security of elections.kennesaw.edu Hello Merle, My name is Logan Lamb, and I'm a cybersecurity researcher who is a member of Bastille Threat Research Team. We work to secure devices against new and existing wireless threats: https://www.bastille.net/. This past Tuesday I went to Fulton County Government Center to speak with Rick Barron about securing voting machines against wireless threats. I was then directed to contact you and the center. I'd like to collaborate with you on securing our state's election systems infrastructure against wireless attacks. While attempting to get more background information on the center prior to contacting you, I discovered serious vulnerabilities affecting elections.kennesaw.edu. The following google searches reveal documents that shouldn't be indexed and appear to be critical to the elections process. In addition, the Drupal install needs to be immediately upgraded from the current version, 7.31: "site:elections.kennesaw.edu inurl:pdf" I generally use this type of search to find documents on websites that lack search functionality. This search revealed a completely open Drupal install. LAMB DECLARATION Assume any document that requires authorization has already been downloaded without authorization. "site:elections.kennesaw.edu L&A" The second search result appears to be for disseminating critical voting system software. This is especially concerning because, as the following article states, there's a strong probability that your site is already compromised. https://www.drupal.org/project/drupalgeddon https://www.drupal.org/SA-CORE-2014-005 If you have any questions or concerns please contact me. I'm able to come to the center this Monday for a more thorough discussion. Take care, Logan Merle S. King Executive Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, Georgia 30144 Voice: 470-578-6900 Fax: 470-578-9012 2 LAMB DECLARATION Michael Barnes From: Sent: To: Subject: Merle Steven King Wednesday, March 01, 2017 11 :45 PM Michael L. Barnes; Steven Jay Dean Fwd: Vulnerability on the elections.kennesaw.edu website FYI. Sent from my iPad Begin forwarded message: From: "Stephen C. Gay" Date: March 1, 2017 at 11 :10:16 PM EST To: Merle King , Steven Dean Cc: Lectra Lawhorne , "William C. Moore" Subject: Fwd: Vulnerability on the elections.kennesaw.edu website Merle, I received the following email, and call, tonight regarding a directory traversal vulnerability on elections.kennesaw.edu. I immediately activated our Incident Response Team and, through the use of burp suite, we were able to recreate the vulnerability described below. In the vulnerability recreation, we were able to pull voter information in database files for counties across the state and the data elements included DOB, Drivers License Number, Party Affiliation, etc. Understanding the risk associated with this vulnerability, we have closed all firewall exceptions for elections.kennesaw.edu to contain the incident. I have asked Bill Moore to act as point for this incident and we need to coordinate with your team on the web logs for elections.kennesaw.edu first thing tomorrow morning. The logs will help us understand the scope of the breach and allow us to advise the CI O as to next steps. I will be temporarily out of pocket for a short time tomorrow, then remote thereafter, but your cooperation in this incident response is appreciated. Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone:(470)578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu ----- Forwarded Message ----1 LAMB DECLARATION From: "Andy Green" To: "Stephen C Gay" Sent: Wednesday, March 1, 2017 9:55:27 PM Subject: Vulnerability on the elections.kennesaw.edu website Stephen, Thanks for taking the time to talk with me tonight. As I mentioned during our call, I was contacted by a friend in the security space here in Atlanta earlier tonight. My friend relayed to me the existence of a Drupal plug-in vulnerability that a friend of his located on the elections.kennesaw.edu website. The vulnerability allows for directory traversal without authentication, leaving files exposed. My friend shared with me that the exposed directories contained, among other things: - voter registration detail files, including DOB and full SSN. - PDFs of memos to county election officials which contained full credentials for ExpressPoll Election Day access, for the November 2016 election. I was able to verify the presence of the vulnerability myself, and was able to traverse directories without authenticating. I did not download any of the voter data files to verify his statement, for obvious reasons. However, I did successfully open a PDF in my browser window, located in the Fulton County Elections/ExpressPoll/ED_Files/ folder for proof of concept. The base URL of interest is http://elections.kennesaw.edu/sites/default/files - please note that the URL must be http, as use of https will return a 404 error. I'm told the researcher works for a reputable organization. I'm also told that the organization may be interested in going public with this at some point, due to the seriousness of the matter as well as the related publicity it would generate for the organization. My sense is that there is a desire to go public in a coordinated, responsible manner, in order to give the university appropriate time to remediate the vulnerability. This is certainly not set in bedrock, as I'm just the middleman here. However, given that they reached out to me as opposed to releasing to the public, I'm hopeful that my sense is correct. If I can be of further service, including facilitating communication between all parties, please don't hesitate to let me know. Thanks Andy Green, MSIS Lecturer of Information Security and Assurance BBA-ISA program coordinator KSU Student ISSA chapter faculty sponsor KSU Offensive Security Research Club faculty sponsor Michael J. Coles College of Business Kennesaw State University - A Center of Academic Excellence in Information Assurance Education 560 Parliament Garden Way NW, MD 0405 Kennesaw, GA 30144-5591 2 LAMB DECLARATION agreen57 (a),kennesaw.edu http://coles.kennesaw.edu/faculty/green-andrew.php Ph: 470-578-4352 Burruss Building, Room #490 73656d7065722070617261747573 3 LAMB DECLARATION Michael Barnes From: Sent: To: Cc: Subject: Steven Dean Thursday, March 02, 2017 1:32 PM James Christopher Gaddis William C. Moore; Stephen Craig Gay; Michael L. Barnes; Merle Steven King Next steps for elections.kennesaw.edu Chris, is there any further data you need from the server for your investigation? Our next intention is to make a backup of the affected files and remove them from the server. This would only affect files in the county folders, not log files are and config files. After that we will reach out to have the security of the server assessed by your group so that we may bring it back online without any previously vulnerable links. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 LAMB DECLARATION Michael Barnes From: Sent: To: Cc: Subject: Steven Jay Dean Wednesday, April 26, 2017 3:18 PM Christopher Michael Dehner Merle Steven King; Michael L. Barnes; Jason Stephen Figueroa Private Network Hardware Assessment Chris, we recently receive a draft of the Incident report and I would like to go through the hardware section to get a plan outlined for addressing the recommendations. The document states the following: 1. Rackmount UPS Battery backups (one displaying warning light) Recommendation: Replace batteries as needed and move under UITS ISS management 2. 3com Switches -Age IO+ years -- No Support -- L2 only Recommendation: Replace and move under UITS ISS management 3. Dell 1950 (Windows Domain Controller)-Age 10+ years Recommendation: Surplus 4. Dell PowerEdge R630 - Age I year Recommendation: Migrate services from Dell 1950 and move under UITS ISS management on CES Isolated Network 5. EPIC - Vision Computer-Age Unknown- Electors list creation box Recommendation: Continue as ISO/CES managed 6. EPIC Files - Dell 1900 - Age 6+ years - Electors list creation box backups Recommendation: Surplus 7. NAS - Dell 1900 - Age 6+ years - CES Isolated Network NAS Recommendation: Surplus 8. elections.kennesaw.edu - Age 5 years - Dell PowerEdge R610 Recommendation: Format and reinstall on CES Isolated Network as NAS 9. unicoi.kennesaw.edu - Age 6+ years. Dell PowerEdge 1950 Recommendation: Surplus 10. Web server backup Recommendation: Surplus We had submitted for approval to UITS the purchase of two new UPS units prior to the incident. Should we continue and order these as previously planned? Will new hardware (and other equipment) be ordered by ISO under ISO budget, ordered by ISO under CES budget, or ordered by CES? Who will decide what hardware is purchased? How should we proceed with replacing the Switches and who will install and manage them? When will the assessment of the private network software commence and what department will handle the migrations and updates? How will this project factor into their schedule? We would like to get moving on this list as soon as possible. Please let me know what I can do as the next step. Thanks. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road 1 LAMB DECLARATION Kennesaw, GA 30144 P: 470-578-6900 F: 470-578?9012 LAMB DECLARATION Michael Barnes From: Sent: To: Subject: Merle Steven King Monday, August 29, 2016 11 :06 AM Michael L. Barnes Re: Follow Up from earlier email regarding security of elections.kennesaw.edu Well said. Thanks Merle S. King Executive Director Center for Election Systems 3205 Campus Loop Road; MD#5700 Kennesaw State University Kennesaw, GA 30144 Voice: 470-578-6900 Fax:470-578-9012 On Aug 29, 2016, at 11:04 AM, Michael Barnes wrote: Stephen, In retrospect, I need to pull back my request that you include Logan Lamb or his associated organization Bastille Threat Research Team (www.bastille.net) on a black list of ip addresses. My request was an over-reaction on my part. The quick security assessment they provided us, though unsolicited, did highlight an issue we needed to resolve with our website. To black list them for helping us would be inappropriate. Leading up to this election, where the question of whether or not someone can hack election systems is so in the forefront, we will need your team will help us continually analyze our on line systems and inspect for any openings that need to be sealed. Our IT staff will be in touch today to let you know what enhancements we have made and will request that your team ping our system to see if you all find other issues. Thanks in advance for your help, Michael Barnes Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, GA 30144 ph: 470-KSU-6900 fax: 470-KSU-9012 LAMB DECLARATION Michael Barnes From: Sent: To: Cc: Subject: Attachments: Stephen Craig Gay Thursday, April 27, 2017 10:29 AM Michael L. Barnes; Merle Steven King Lectra Lawhorne; Christopher Michael Dehner Re: Incident Reponse Walk through CES AAR Rev04.pdf Michael and Merle, Thank you for the edits. I have accepted them and attached the updated version and will be on the lookout for the referenced email. Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director Information Security Office University Information Technology Services {UITS} Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470} 578-6620 Fax: (470} 578-9050 sgay@kennesaw.edu ----- Original Message ----From: "Michael Barnes" To: "Stephen C Gay" Cc: "Lectra Lawhorne" , "cmd9090" , "Merle King" Sent: Wednesday, April 26, 2017 3:29:43 PM Subject: RE: Incident Reponse Walk through Stephen, Thank you for giving us the opportunity to review the attached. We have provided a few grammatical changes and added just a few clarifying comments. I am attaching a copy with Change Tracker on so you can quickly see those changes. We have asked Steven Dean to follow up with Chris Dehner to see what timeline may be in place in relation to items listed in Issue 7. We want to make sure we are doing our part but we will need some guidance. Please let us know what other assistance we can provide. Thanks, Michael Barnes Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, GA 30144 LAMB DECLARATION ph: 470-KSU-6900 fax: 470-KSU-9012 -----Original Message----From: Stephen C. Gay [mailto:sgay@kennesaw.edu] Sent: Monday, April 24, 2017 12:01 PM To: Merle King ; Michael Barnes Cc: Lectra Lawhorne ; Christopher M. Dehner Subject: Re: Incident Reponse Walk through Merle & Michael, Following up on this, one of the areas in which we are actively looking to grow is in the "Post-Incident Activity" area and specifically working to understand what vectors led to a compromise and what KSU could have done better to close those vectors (or minimally detected earlier). For the Center for Election Systems incident, we adopted a format which GaTech shared to conduct document incident "After Action Reports". The document purposely vague in regards to the incident, but is highly tactical in prescribing mitigation steps to prevent future incidents. Can I ask you to review and provide your feedback, as I value your input and all mitigation is going to be conducted in a secure and collaborative manner. Thank you, Stephen ----- Original Message----From: "Merle King" To: "Stephen C Gay" Cc: "Michael Barnes" , "Lectra Lawhorne" , "Steven Dean" Sent: Tuesday, April 18, 2017 9:55:05 AM Subject: Incident Reponse Walk through Stephen - We are looking for assistance in designing and conducting an incident response exercise walk through for several difference scenarios here at the Center. Do you have a template or other guidelines that can help us organize the exercise? We would like to include our staff, UITS, and SOS IT staff in the exercise. Thanks in advance, Merle Merle S. King Executive Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, Georgia 30144 Voice: 470-578-6900 Fax: 470-578-9012 2 LAMB DECLARATION Michael Barnes From: Sent: To: Cc: Subject: James Christopher Gaddis Thursday, March 02, 2017 1:59 PM Steven Dean William C. Moore; Stephen Craig Gay; Michael L. Barnes; Merle Steven King Re: Next steps for elections.kennesaw.edu Steven, As long as all log and config files are kept and you keep a record of what actions you are taking then I have no problem with that. We SHOULD have everything we need but you never know what questions might come up based upon the data we are reviewing. Thanks, Chris Gaddis SSCP Information Security Engineer Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 029 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 USA Phone: (470) 578-6620 Fax: (470) 578-9050 jgaddis6@kennesaw.edu ----- Original Message----From: "Steven Dean" To: "Chris Gaddis" Cc: "William C.Moore", ''Stephen C Gay" , "Michael Barnes" , "Merle S. King" Sent: Thursday, March 2, 2017 1:32:15 PM Subject: Next steps for elections.kennesaw.edu Chris, is there any further data you need from the server for your investigation? Our next intention is to make a backup of the affected files and remove them from the server. This would only affect files in the county folders, not log files are and config files. After that we will reach out to have the security of the server assessed by your group so that we may bring it back online without any previously vulnerable links. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 LAMB DECLARATION Michael Barnes From: Sent: To: Cc: Subject: Stephen Craig Gay Saturday, March 04, 2017 7:42 PM Michael L. Barnes Lectra Lawhorne; Merle Steven King Re: PII found on unicoi.kennesaw.edu (only open to the KSU network) Michael, Thank you so much and appreciate you coming to KSU to handle this tonight. Stephen Sent from Nine From: Michael Barnes Sent: Mar 4, 2017 7:11 PM To: Stephen C. Gay Cc: Lectra Lawhorne; Merle King Subject: Re: PII found on unicoi.kennesaw.edu (only open to the KSU network) Unicoi has been shutdown Michael Barnes Director Center for Election Systems 3205 Campus Loop Road Kennesaw State University Kennesaw, GA 30144 ph: 470-578-6900 On Mar 4, 2017, at 5:48 PM, Stephen C. Gay wrote: Michael, Please see below. Can you please shut this server down until we have a chance to meet on Monday to discuss the Center's needs and how best we can work together to meet them? Could you please send conformation of shutdown when completed. Thank you, Stephen Sent from Nine From: William C. Moore Sent: Mar 4, 2017 5:44 PM To: Stephen Gay LAMB DECLARATION Cc: Chris Gaddis Subject: Fwd: PII found on unicoi.kennesaw.edu (only open to the KSU network) Stephen The Core Team is reporting that the Center if Elections server unicoi.kennesaw.edu has files containing PII. One file potentially has 5. 7 records and is suspected to be files from 2010. The server is currently only available from the campus network. We however recommend that the server be removed from the network until all PII data can be secured or removed and verified by the ISO. Bill William C. Moore II CISSP, MEd,MLIS Associate Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg. Rm 031 I 075 Canton Pl Kennesaw, GA 30144 Tel: 470-578-6620 Fax: 678-915-4940 wcmoore@kennesaw.edu Begin forwarded message: From: Chris Gaddis Date: March 4, 2017 at 17:32:24 EST To: "William C. Moore" Subject: PII found on unicoi.kennesaw.edu (only open to the KSU network) Bill, I noticed that CES brought up Unicoi on Friday (I think its their backup server). Regardless I ran a spider tool on it and found a number of files listed since directory listing is enabled. The top file on this list has 5.7 million records of PII. The rest have a variety of different types of data and some may be completely fine to keep open to the public. Please note that this server is ONLY open to the KSU network but even still this type of PII should not be open to the KSU network in any form without authentication. http://unicoi.kennesaw.edu/sites/default/files/vendors/ESandS/Primary 2 LAMB DECLARATION 2010.zip <---- main concern http://unicoi.kennesaw.edu/sites/default/files/mpearso9/ExpressPoll/L&AFiles/Po 11Data.db3 http://unicoi.kennesaw.edu/sites/default/files/ExpressPoll L&A/Pol1Data.db3 http://uni coi .kennesaw .edu/s ites/default/fil es/ExpressPo 11 L&A/muni/Pol1Data.db3 http://unicoi.kennesaw.edu/sites/default/files/SoS Audio Proof/May 24 Primary/HD68 Audio.zip http://unicoi.kennesaw.edu/sites/default/files/SoS Audio Proof/May 24 Primary/022 - Carroll.zip http://unicoi.kennesaw.edu/sites/default/files/SoS Audio Proof/May 24 Primary/048 - Douglas.zip http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-l 0NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-100NP-F B. pdf http://uni co i .kennesaw .edu/sites/default/files/ceswebadmin/Proof/Ballots/001. pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/ballotproof/1-275-NPFB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/1-10-NP-FB .pdf http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/BallotsNote Centers with Cards.pdf http ://uni coi .kennesaw .edu/sites/default/files/mpearso 9/Proof/Ballots/Sign Off Sheet - Ballot Proofs.pd[ http://unicoi.kennesaw.edu/sites/defau1t/files/mpearso9/Proof/Ballots/l-50-NPFB.pdf http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/Ballot Order.pd[ http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/l-40-NPFB.pdf http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/1-30-NPFB.pdf http://uni co i .kennesaw .edu/sites/default/ti les/mpearso9 /Proof/Bal lots/ 1-2 0-NPFB. pdf http ://unicoi .kennesaw.edu/sites/default/files/mpearso9/Proof/Ballots/ 1-10-NPFB. pdf http://unicoi.kennesaw.edu/sites/default/files/mpearso9/Proof/Audio/Sign Off Sheet - Audio Review.pdf http://unicoi.kennesaw.edu/sites/default/files/ExpressPoll L&A/muni/Reporting Precincts with Cards.pd[ http://unicoi.kennesaw.edu/sites/default/files/ExpressPoll L&A/Reporting Precincts with Cards.pd[ http://unicoi.kennesaw.edu/sites/default/files/Documents/Summary Statistics.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/ 1-90NP-F B. pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/BallotsNote Centers with Cards.pdf http://uni co i .kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/ 1-80NP-FB. pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-70NP-FB.pdf 3 LAMB DECLARATION http://uni co i.kennesaw .edu/sites/default/files/ceswebadm in/Proof/Bal lots/Sign Off Sheet - March 15, 2011 Proofs.pdf http ://unico i.kenne saw. ed u/ sites/default/files/ce swe badm in/Proof/Bal 1ots/B allot Order.pdf http ://unicoi .kennesaw .edu/sites/default/files/ceswebadmin/Proof/Ballots/ 1-60N P-FB. pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/ 1-5 0NP-F B .pdf http ://unico i.kennesaw .edu/sites/default/files/ceswe badmin/Proof/Ballots/1-40NP-FB. pdf http://unicoi .kennesaw .edu/sites/default/files/ceswebadmin/Proof/Bal lots/ 1-3 0N P-FB. pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-20NP-FB.pdf http ://unicoi .kennesaw. edu/sites/default/files/ceswebadmin/Proof/Ballots/ 1-17 0NP-F B. pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/ 1-160NP-F B. pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/l-140NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-130NP-FB.pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/ 1-120NP-FB .pdf http://unicoi.kennesaw.edu/sites/default/files/ceswebadmin/Proof/Ballots/1-l 10NP-FB.pdf Let me know if you have any questions about this. Thanks, Chris Chris Gaddis SSCP Information Security Engineer Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 029 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 USA Phone: (470) 578-6620 Fax: (470) 578-9050 jgaddis6@kennesaw.edu 4 LAMB DECLARATION Michael Barnes From: Sent: To: Cc: Subject: Stephen Craig Gay Thursday, May 04, 2017 10:08 AM Michael L. Barnes Lectra Lawhorne; Christopher Michael Dehner; Merle Steven King Re: Private Network Hardware Assessment Michael, Thank you for forwarding the email. UITS, as the provider of network infrastructure & connectivity, will provide the funding and specs for the battery backups as well as replacement switches. Other IT equipment which is specific to CES's mission {desktops/servers on the isolated network) will continue to be funded from the Center's budget and we will all work together on hardware specs which allows for support/maintenance to align with KSU standards. The assessment & hardening of the private network will begin with the port locks and continue with post moves and equipment surplus as noted in the AAR. Our ultimate goal is to collectively remove all unnecessary services/hardware from the network and further secure and improve the remaining/new systems. I've asked Chris Dehner to take point and, working with his embedded staff, develop a plan for these items. As always, please let me know if you have any additional questions or if I can assist further in any way, Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director Information Security Office University Information Technology Services {UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone:(470) 578-6620 Fax: (470} 578-9050 sgay@kennesaw.edu ----- Original Message ----From: "Michael Barnes" To: "Stephen C Gay" Cc: "Merle King" Sent: Thursday, April 27, 2017 10:39:08 AM Subject: FW: Private Network Hardware Assessment Stephen, Here is the email Steven Dean sent Chris Dehner yesterday. Michael Barnes Director Center for Election Systems Kennesaw State University 1 LAMB DECLARATION 3205 Campus Loop Road Kennesaw, GA 30144 ph: 470-KSU-6900 fax: 470-KSU-9012 From: Steven Dean [mailto:sdean29@kennesaw.edu] Sent: Wednesday, April 26, 2017 3:18 PM To: Christopher M. Dehner Cc: Merle S. King ; Michael Barnes ; Jason Figueroa Subject: Private Network Hardware Assessment Chris, we recently receive a draft of the Incident report and I would like to go through the hardware section to get a plan outlined for addressing the recommendations. The document states the following: 1. Rackmount UPS Battery backups (one displaying warning light) Recommendation: Replace batteries as needed and move under UITS ISS management 2. 3com Switches -Age 10+ years -- No Support -- L2 only Recommendation: Replace and move under UITS ISS management 3. Dell 1950 (Windows Domain Controller) -Age 10+ years Recommendation: Surplus 4. Dell PowerEdge R630 - Age 1 year Recommendation: Migrate services from Dell 1950 and move under UITS ISS management on CES Isolated Network 5. EPIC-Vision Computer-Age Unknown - Electors list creation box Recommendation: Continue as ISO/CES managed 6. EPIC Files - Dell 1900 -Age 6+ years - Electors list creation box backups Recommendation: Surplus 7. NAS - Dell 1900 -Age 6+ years - CES Isolated Network NAS Recommendation: Surplus 8. elections.kennesaw.edu - Age 5 years - Dell PowerEdge R610 Recommendation: Format and reinstall on CES Isolated Network as NAS 9. unicoi.kennesaw.edu -Age 6+ years. Dell PowerEdge 1950 Recommendation: Surplus 10. Web server backup Recommendation: Surplus We had submitted for approval to UITS the purchase of two new UPS units prior to the incident. Should we continue and order these as previously 2 LAMB DECLARATION planned? Will new hardware (and other equipment) be ordered by ISO under ISO budget, ordered by ISO under CES budget, or ordered by CES? Who will decide what hardware is purchased? How should we proceed with replacing the Switches and who will install and manage them? When will the assessment of the private network software commence and what department will handle the migrations and updates? How will this project factor into their schedule? We would like to get moving on this list as soon as possible. Please let me know what I can do as the next step. Thanks. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 3 LAMB DECLARATION Michael Barnes From: Sent: To: Cc: Subject: Stephen Craig Gay Monday, March 20, 2017 8:54 AM Christopher Michael Dehner Steven Jay Dean; Michael L. Barnes; James Christopher Gaddis Re: Request for data retrieval Chris, This server is physically secured in ISO Evidence Storage. Please coordinate with Chris Gaddis and Steven Dean on the Data Recovery this morning. Stephen ----- Original Message----From: "Michael Barnes" To: "Stephen C Gay" Cc: "Steven Dean" , "Merle King" , "Lectra Lawhorne" Sent: Friday, March 17, 2017 9:10:57 AM Subject: RE: Request for data retrieval Stephen, Thank you. Steven and Jason will be available first thing Monday to assist. Michael Barnes Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, GA 30144 ph: 470-KSU-6900 fax: 470-KSU-9012 -----Original Message----From: Stephen C.Gay[mailto:sgay@kennesaw.edu] Sent: Friday, March 17, 2017 9:09 AM To: Michael Barnes Cc: Steven Dean ; Merle King ; Lectra Lawhorne Subject: Re: Request for data retrieval Michael, I have contacted the Federal investigators and they have agreed to return the server. I will be meeting with them late this afternoon to receive it and then secure it within ISO Secure Storage. I have asked the team to make this a top priority and to work with Steven and Jason on the request data retrieval 1st thing on Monday. Please let me know if you have any questions or if I can assist further in any way, Stephen 1 LAMB DECLARATION ----- Original Message----From: "Michael Barnes" To: "Stephen C Gay" Cc: "Steven Dean" , "Merle King" Sent: Wednesday, March 15, 2017 1:41:25 PM Subject: Request for data retrieval Stephen, As discussed earlier today, we would like to retrieve certain records from elections.kennesaw.edu that support our daily office activities, items such as inventory records, workflow databases used during our ballot building efforts, and operation manuals. These data are located in the cesuser user directory at /home/cesuser. We would like to retrieve the entire cesuser directory, if possible. Thanks, Michael Barnes Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, GA 30144 ph: 470-KSU-6900 fax: 470-KSU-9012 2 LAMB DECLARATION Michael Barnes From: Sent: To: Subject: Steven Dean Wednesday, March 29, 2017 1:43 PM James Christopher Gaddis Christopher Michael Dehner Re: Unknown files on elections.kennesaw.edu Importance: High Cc: Chris, here are the data contained in each of the file types you have listed: >mpearso9/ExpressPoll/L&AFiles/PollData.db3 This type of file may contain a subset of the list of voters and any associated voter information for a given election. The file is used for testing purposes by counties before using an ExpressPoll during an election. The directory listed here indicates that this file was for CES testing purposes and may not contain PII. >ExpressPoll%20L%26A/PollData.db3.php >Test%20Staff/ExpressPoll/ABSFile/PollData.db3.php >County%20U ser/ExpressPol 1/AB SFile/Po 11Data.db3. php These files enable download of associated "Pol1Data.db3" files by every browser. Note: these are PHP files that only link to other files and do not contain any election data. >/sites/default/fi les/vendors/ESandS/Primary%20201 0 .zip Without analyzing this file, I cannot say for certain what is in it. Previous emails from ISO have indicated that inspection of this file showed it to contain voter information from the time the file was created in 2010. May contain PII. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Mar 29, 2017, at 1:15 PM, Chris Gaddis wrote: Steven, Can you please help me understand what data was contain in the files listed below. Was this County data? Full state data? Other Pii? Something else? 1 LAMB DECLARATION Also can you please respond ASAP on this. Unique file names ExpressPoll%20L%26A/PollData.db3.php mpearso9/ExpressPoll/L&AFiles/PollData.db3 Test%20Staff/ExpressPoll/AB SFile/PollData.db3 .php County%20U ser/ExpressPoll/ABSFile/PollData.db3 .php /sites/default/files/vendors/ESandS/Primary%20201 0.zip Thanks so much! -Chris 2 LAMB DECLARATION Michael Barnes Steven Dean Wednesday, March 01, 2017 11 :49 PM Merle Steven King Michael L. Barnes Re: Vulnerability on the elections.kennesaw.edu website From: Sent: To: Cc: Subject: Acknowledging that I've seen this. See you tomorrow. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Mar 1, 2017, at 11 :44 PM, Merle S. King wrote: FYI. Sent from my iPad Begin forwarded message: From: "Stephen C. Gay" Date: March 1, 2017 at 11:10:16 PM EST To: Merle King , Steven Dean Cc: Lectra Lawhorne , "William C. Moore" Subject: Fwd: Vulnerability on the elections.kennesaw.edu website Merle, l received the following email, and call, tonight regarding a directory traversal vulnerability on elections.kennesaw.edu. I immediately activated our Incident Response Team and, through the use of burp suite, we were able to recreate the vulnerability described below. In the vulnerability recreation, we were able to pull voter information in database files for counties across the state and the data elements included DOB, Drivers License Number, Party Affiliation, etc. Understanding the risk associated with this vulnerability, we have closed all firewall exceptions for elections.kennesaw.edu to contain the incident. I have asked Bill Moore to act as point for this incident and we need to coordinate with your team on the web logs for elections.kennesaw.edu first thing tomorrow morning. The logs will help us understand the scope of the breach and allow us to advise the CIO as to next steps. I will be temporarily out of pocket for a short time tomorrow, then remote LAMB DECLARATION thereafter, but your cooperation in this incident response is appreciated. Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu ----- Forwarded Message ----From: "Andy Green" To: "Stephen C Gay" Sent: Wednesday, March 1, 2017 9:55:27 PM Subject: Vulnerability on the elections.kennesaw.edu website Stephen, Thanks for taking the time to talk with me tonight. As I mentioned during our call, I was contacted by a friend in the security space here in Atlanta earlier tonight. My friend relayed to me the existence of a Drupal plug-in vulnerability that a friend of his located on the elections.kennesaw.edu website. The vulnerability allows for directory traversal without authentication, leaving files exposed. My friend shared with me that the exposed directories contained, among other things: - voter registration detail files, including DOB and full SSN. - PDFs of memos to county election officials which contained full credentials for ExpressPoll Election Day access, for the November 2016 election. I was able to verify the presence of the vulnerability myself, and was able to traverse directories without authenticating. I did not download any of the voter data files to verify his statement, for obvious reasons. However, I did successfully open a PDF in my browser window, located in the Fulton County Elections/ExpressPoll/ED_Files/ folder for proof of concept. The base URL of interest is http://elections.kennesaw.edu/sites/default/files please note that the URL must be http, as use of https will return a 404 error. I'm told the researcher works for a reputable organization. I'm also told that the organization may be interested in going public with this at some point, due to the seriousness of the matter as well as the related publicity it would generate for the organization. My sense is that there is a desire to go public in a coordinated, responsible manner, in order to give the university appropriate time to remediate the vulnerability. This is certainly not set in bedrock, as I'm just the middleman here. However, given that they reached out to me as opposed to releasing to the 2 LAMB DECLARATION public, I'm hopeful that my sense is correct. If I can be of further service, including facilitating communication between all parties, please don't hesitate to let me know. Thanks Andy Green, MSIS Lecturer of Information Security and Assurance BBA-ISA program coordinator KSU Student ISSA chapter faculty sponsor KSU Offensive Security Research Club faculty sponsor Michael J. Coles College of Business Kennesaw State University - A Center of Academic Excellence in Information Assurance Education 560 Parliament Garden Way NW, MD 0405 Kennesaw, GA 30144-5591 agreen5 7@kennesaw.edu http://co les.kennesaw .edu/faculty/green-andrew. php Ph: 470-578-4352 Burruss Building, Room #490 73656d7065722070617261747573 3 LAMB DECLARATION Bill, we updated the production server last night and I initiated a scan this morning. It looks really good to me, I'll just need your guidance on what issues we should address immediately. Thank you again for you and your department's work on the security on campus. This has been a huge help to us. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Oct 12, 2016, at 5:53 PM, Steven Dean wrote: Bill, thank you! This is great news. The unicoi server doesn't have an ssl cert so the plain text log-ins over http will be corrected when we role the updates into the production server. Samba shouldn't be running on these servers so that is also easily remedied. Elections.kennesaw hasn't been updated yet, so that's why you're seeing all of the same vulnerabilities. Now that we've confirmed the updates fix most if not all of the vulnerabilities, we will work after hours in the coming days to transition elections.kennesaw to the latest versions of Debian and PHP, as is currently the case on unicoi. Thank you for all your help with this, we will let you know when we are ready for the next round of scans. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Wed, Oct 12, 2016 at 2:25 PM -0400, "William C. Moore" wrote: Steven, We have scanned both elections and Unicoi servers with basic level scans. The scan of the Unicoi server identified one critical vulnerability but we also noticed two pages that allowed plaintext logins LAMB DECLARATION (http://unicoi.kennesaw.edu/?q=user/login and the samba-swat login http://unicoi.kennesaw.edu:901/l . I am sure that you are aware that these are opportunities for malicious users to gather account credentials. Therefore, all website logins should be passed through an SSL tunnel such as using https for authentication. The critical vulnerability discovered on the Unicoi server is for "Invalid CIFS Logins Permitted" which is most likely related to the Samba Configuration file smb.conf (https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html). The server elections.kennesaw.edu however is still showing that an outdated version of PHP is running and may be the reason 40+ critical vulnerabilities are being identified as related to PHP. Can you tell us what version of PHP is running and when we may be allowed to run a more through scan? Bill William C. Moore II CISSP, MEd, MLIS Associate Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg. Rm 031 1075 Canton Pl Kennesaw, GA 30144 Tel: 470-578-6620 Fax: 678-915-4940 wcmoore@kennesaw.edu LAMB DECLARATION From: Steven Dean [mailto:stevendean@kennesaw.edu) Sent: Thursday, October 06, 2016 11:58 To: William C. Moore Cc: Michael Barnes ; Jason Figueroa ; Chris Gaddis ; Merle S. King ; Stephen C. Gay Subject: Re: [IMPORTANT) concerning the security of elections.kennesaw.edu Bill, we have the backup site up and running (thanks to G.J.!) on the new version of Debian with all packages updated. Can we have unicoi.kennesaw.edu added to NeXpose for scanning? Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Oct 4, 2016, at 4:41 PM, Steven Dean wrote: Bill, thank you for following up. So far we haven't heard from anyone who can help us reconfigure apache and have thus far been unable to get it working. I sent our apache server logs to Matt as requested. Has any information about our configuration come from them? Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Oct 4, 2016, at 4:37 PM, William C. Moore wrote: Steven, I and my team are taking the ISO lead on working with your team to help resolve any security issues with the server elections.kennesaw.edu. This is the last communication that I was copied on so can you LAMB DECLARATION please provide me an update on where we stand on the server, PHP and Apache configurations? Where can we help and provide the greatest level of security support? Thanks, Bill William C. Moore II CISSP, MEd, MLIS Associate Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg. Rm 031 1075 Canton Pl Kennesaw, GA 30144 Tel: 470-578-6620 Fax: 678-915-4940 wcmoore@kennesaw .ed u From: Steven Dean (mailto:stevendean@kennesaw.edu] Sent: Thursday, September 15, 2016 12:37 To: Matthew Sims Cc: Michael Barnes ; William C. Moore ; Tyler Hayden ; Jason Figueroa ; Chris Gaddis ; Merle S. King Subject: Re: (IMPORTANT] concerning the security of elections.kennesaw.edu Matt, we've the backup server updated to Debian Jessie, but with the changes to apache between versions, we've discovered we're a little out of our depth in trying to reconfigure apache to work with our website. Can you put us in touch with someone who may be able to help us get the website back up LAMB DECLARATION on the backup server? We're probably up to date with security on the backup server, but it's all for naught if the website doesn't work;-) Thank you! Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Sep 12, 2016, at 11:55 AM, Matthew Sims wrote: Steven, I'm glad that the backup server is up and running. Thank you for the updates, and I hope your roll to production goes smoothly after testing. From: "Steven Dean" To: "Matthew Sims" Cc: "Michael Barnes" , "William C. Moore" , "Tyler Hayden" , "Jason Figueroa" , "Chris Gaddis" , "Merle S. King" Sent: Friday, September 9, 2016 3:54:40 PM Subject: Re: [IMPORTANT] concerning the security of elections.kennesaw.edu Good afternoon, Matt. We have our backup server up and running and just need to do a little testing before performing the updates. Once we confirm the distro update works on the backup server, we will roll the updates onto the production server and have you begin scans. This will give the most accurate scan results and tells us what we actually need help with security-wise. Thanks for your patience and the offer of help. I'll send you another update early next week. Have a great weekend. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road LAMB DECLARATION Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Sep 7, 2016, at 5:03 PM, Matthew Sims wrote: Steven, Thank you for the updates and transparency. We look forward to hearing back from you. Have a good afternoon. From: "Steven Dean" To: "Matthew Sims" Cc: "Michael Barnes" , "William C. Moore" , "Tyler Hayden" , "Jason Figueroa" , "Chris Gaddis" Sent: Wednesday, September 7, 2016 4:43:28 PM Subject: Re: [IMPORTANT] concerning the security of elections.kennesaw.edu Matt, we're still working on getting a fully working clone on another server to perform the updates on. Once we have that working we'll roll the updates onto the production server. Then you can begin a new round of testing through NeXpose. Unfortunately, getting the updates completed with proper backups and testing has been slow going because of the election build, but that is all but passed and we are now working to get the server updated. We will send you an update tomorrow on our progress and we should have a day for you to begin the new round of testing. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Sep 7, 2016, at 3:29 PM, Matthew Sims wrote: Hi Michael, LAMB DECLARATION I wanted to touch base with you and see what our game plan will be moving forward. Are we still in the stages of upgrading the OS and PHP version or has that already happened? In terms of scanning at the application level, I am trying to iron out a timeline and determine when this can be done using more aggressive scanning similar to Nexpose, but if you are going to be upgrading the OS and PHP version, then I may need to wait and coordinate a later time. Thanks for your time and please let me know what you think. From: "Michael Barnes" To: "William C. Moore" Cc: "Steven Dean" , "Tyler Hayden" , "Jason Figueroa" , "Matthew Sims" , "Chris Gaddis" Sent: Friday, September 2, 2016 5:59:17 PM Subject: Re: [IMPORTANT] concerning the security of elections.kennesaw.edu Bill, Thank you. I will be back in touch on Tuesday to discuss when we would like for these scans to begin. Sincerely, Michael Barnes Director Center for Election Systems 3205 Campus Loop Road Kennesaw State University Kennesaw, GA 30144 ph: 4 70-578-6900 On Sep 2, 2016, at 5:55 PM, William C. Moore wrote: Michael, The directive to begin more agressive scanning came from Stephen Gay to help ensure that the server was not posing a risk to the Center of Elections missions and objectives. The probability of damaging your website should be low. We do not wish to take any action that would actually damage any of your data or website(s). Typically a large portion of emails are sent by the LAMB DECLARATION scanning engines auto completing website forms tha are not properly protected. These are usually more of an annoyance than any real damage. The server does however have a number of critical and severe vulnerabilities some of which are reported to be exploitable. The majority of these are centered around PHP but others are OS related. These may be problematic but we would much rather test under controlled environments instead of the system becoming exploited during a time when your services are under high scrutiny and in great demand by polling stations around the state. Since we would control the assessment tools the Information Security Office would be able to stop any assessments we (the ISO) are performing as soon as you noticed a degradation in services via a phone call to our team. Of course, I suspect that you have current backups of your website and data in case any other persons are performing malicious attacks against the Center of Elections. We do not of course anticipate you needing these backups for our assessments but you should still keep them and the restoration process up-to-date as a best practice. The Information Security Office does not want to impede the Center's objectives at all. We want to help mitigate any risks that the Center is facing such as the risks that Mr. Lamb from the Bastille Threat Research Team discovered and reported. There are a number of documents found from the Center of Elections website that have been cached by various search engines. These are not threats that we can now prevent; however, we can offer suggestions on how to request those cached documents be removed from the various search engine providers. I hope that this addresses some of your concerns and since this has to be a two way partnership in our assessment we encourage you to ask questions along the way. Bill William C. Moore II CISSP, MEd, MLIS Associate Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg. Rm 031 1075 Canton Pl Kennesaw, GA 30144 Tel: 470-578-6620 Fax: 678-915-4940 wcmoore@kennesaw .ed u ----- Original Message ----From: "Michael Barnes" To: "William C. Moore" , "Steven Dean" Cc: "Tyler Hayden" , "Jason Figueroa" , "Matthew Sims" , "Chris Gaddis" Sent: Wednesday, August 31, 2016 3:15:46 PM Subject: RE: [IMPORTANT] concerning the security of elections.kennesaw.edu LAMB DECLARATION Bill, Before we give go ahead on potential scan periods I have a couple of follow up questions: 1. The directive to begin more aggressive scanning has come from who and for what reason? 2. How high a probability is there of issues being created that could damage the functionality of our website? We are currently in the busiest time of the year for use of our website by our county clients. The last thing we can afford to have happen is for our website to become unavailable or usable. If the action of conducting these scans were to disable our website, what remedy would be available so the services we provide to the election community in Georgia would not be damaged? Michael Barnes Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, GA 30144 ph: 4 70-KSU-6900 fax: 470-KSU-9012 From: William C. Moore [mailto:wcmoore@kennesaw.edu] Sent: Wednesday, August 31, 2016 2:47 PM To: 'Steven Dean' Cc: 'Tyler Hayden' ; 'Michael Barnes' ; 'Jason Figueroa' ; 'Matthew Sims' ; Chris Gaddis Subject: RE: [IMPORTANT] concerning the security of elections.kennesaw.edu Steven, The recent scans have been "Safe Scans w/o Spidering". I have been asked though to begin more aggressive scanning. Since these types of scans have the potential of creating issues such as completing and submitting forms LAMB DECLARATION (creating email messages) interfering with services and/or stopping services which we try to avoid. Since these assessments have the potential of creating issues we need to schedule these types of assessments. Please understand that we do not perform any testing that cannot already be performed by any user on the campus network. We also do not purposefully perform any DOS or DDOS attempts since the network perimeter firewalls provide some level of protection against DDOS attempts. When is the earliest we can schedule more aggressive scanning of the server? Bill William C. Moore II CISSP, MEd, MLIS Associate Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg. Rm 031 1075 Canton Pl Kennesaw, GA 30144 Tel: 470-578-6620 Fax: 678-915-4940 wcmoore@kennesaw.edu From: Steven Dean (mailto:stevendean@kennesaw.edu] Sent: Wednesday, August 31, 2016 10:38 To: William C. Moore > Cc: Tyler Hayden >; Michael Barnes >; Jason Figueroa >; Matthew Sims > Subject: Re: (IMPORTANT] concerning the security of elections.kennesaw.edu LAMB DECLARATION Thanks Bill. I see the list appears to be the same as from the first scan. Jason and I are working on a plan to upgrade to the latest version of Debian which will also allow us to update to the latest version of PHP, where it seems most of the vulnerabilities are. Let me know if there is anything in the scan we should be concerned about that the Debian update may not fix. Thanks for all the help, we really appreciate your time. It has been immensely beneficial. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 4 70-578-6900 F: 4 70-578-9012 On Aug 31, 2016, at 10:34 AM, William C. Moore > wrote: Steven The authenticated scan completed last night and I will share the results as soon as my current meeting completes. William C. Moore II CISSP, MEd,MLIS Associate Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg. Rm 031 1075 Canton Pl Kennesaw, GA 30144 LAMB DECLARATION Tel: 470-578-6620 Fax: 678-915-4940 wcmoore@kennesaw.edu On Aug 31, 2016, at 10:00, Steven Dean > wrote: Sounds good to us. Thanks Tyler. What is the status of the authenticated scan? I couldn't find where it had been run and when I went to run a scan, the available options made it difficult to choose while not really understanding them. Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Wed, Aug 31, 2016 at 9:56 AM -0400, "Tyler Hayden" > wrote: Hi Steven, In addition to the NeXpose scan, we'd also like to scan with IBM AppScan. AppScan will focus more specifically on the Drupal application rather than an overarching system scan with NeXpose. Matt Sims will reach out to you to configure and schedule the AppScan assessment. Regards, Tyler Hayden IT Security Professional Ill Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 026 1075 Canton Pl, MB #3503 LAMB DECLARATION Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9051 thayden2@kennesaw.edu ----- Original Message ----From: "William C. Moore" To: "Steven Dean" > Cc: "Tyler Hayden" >, "Michael Barnes" >, "Jason Figueroa" >, "Matthew Sims" > Sent: Tuesday, August 30, 2016 2:03:57 PM Subject: RE: [IMPORTANT] concerning the security of elections.kennesaw.edu Yes, this will be a local Linux account. It is preferable that the account be provided sudo privileges only. I strongly recommend that you limit the account to only be allowed to log in locally for your testing purposes and from the IP addresses 130.218.100.80 and 10.97.52.25 (the two current Nexpose scanning engines). Bill William C. Moore II CISSP, MEd, MLIS Associate Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg. Rm 031 1075 Canton Pl Kennesaw, GA 30144 Tel: 470-578-6620 Fax: 678-915-4940 wcmoore@kennesaw.edu LAMB DECLARATION From: Steven Dean [mailto:sdean29@kennesaw.edu1 Sent: Tuesday, August 30, 2016 12:21 To: William C. Moore > Cc: Tyler Hayden >; Michael Barnes >; Jason Figueroa >; Matthew Sims > Subject: Re: [IMPORTANT] concerning the security of elections.kennesaw.edu Just to clarify, are the required credentials a linux account for the server itself? Also, could you define "privileged account"? Does it need to be an admin or just have sudo ability? Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Aug 30, 2016, at 11 :59 AM, William C. Moore > wrote: Steven, Please log back in to Nexpose and use the following steps to add an account for patching and vulnerability verification. Select Home then scroll though Sites until you find the site "Elections-Server". Select the Edit icon (pencil) for the Elections-Server site. Select the Authentication tab at the top of the page. Click the "Elections-Server-Account" link under Scan Credentials. You should now be in the Edit Credential page. From this page select LAMB DECLARATION "Account" on the left hand side of the page. This page already has the Service as Secure Shell (SSH) selected. You should enter the User Name and enter the appropriate password in both the Password field and Confirm Password field. After you have entered and confirmed the account credentials please click the "Test Credentials" link beside the question mark near the bottom of the page to verify the account and credentials work. After successfully testing the credentials click the Save button at the bottom of the page then click the Save button at the top right hand side of the page. Please let us know when you have added, tested and saved the authentication information and we will test the site again for vulnerabilities. Bill William C. Moore II CISSP, MEd, MLIS Associate Executive Director Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg. Rm 031 1075 Canton Pl Kennesaw, GA 30144 Tel: 470-578-6620 Fax: 678-915-4940 wcmoore@kennesaw.edu From: Steven Dean [mailto:sdean29@kennesaw.edu] Sent: Monday, August 29, 2016 16:46 To: Tyler Hayden > LAMB DECLARATION Cc: Michael Barnes >; Jason Figueroa >; Matthew Sims >; William C. Moore > Subject: Re: [IMPORTANT] concerning the security of elections.kennesaw.edu >; Thanks Tyler. I've logged into NeXpose so we're ready to have our server added. Server info: Hostname: >; elections.kennesaw.edu IP: 130.218.251.50 OS: Debian Wheezy v7.11 Hosted Application: Drupal 7.5 Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 On Aug 29, 2016, at 4:22 PM, Tyler Hayden< thayden2@kennesaw.edu > wrote: Hi Steven, Thanks for reaching out. We can definitely assist in assessing the security and of your site. For starters, we can arrange for a security and vulnerability assessment scan on your systems via NeXpose to get some better insight. We can scan both authenticated or unauthenticated. Authenticated scans will LAMB DECLARATION produce more accurate results, but also require credentials for a privileged account. We can configure it to allow you to log in to NeXpose to provide these credentials, if you do not want to provide them to us directly. We'll just need information on the systems you'd want assessed. (Host names, OS, IP address, hosted applications, etc.) While I am not all too familiar with Drupal, I do know that there are several modules available for restricting content in Drupal, such as the Secure Site module which is available here: >; https://www.drupal.org/project/securesite This is just one of the available modules, so if this does not suit your needs there are others available. I would also review Drupal's documentation on secure configuration available here: >; https://www.drupal.org/security/secure-configuration to ensure that your site is following their best practices. Without doing some research of my own, I am not certain on how to go about restricting file access using the htaccess files. Typically you would include a directive to only allow authenticated users to access the file, however, I am not certain of how Drupal handles it's authentication or if it shares it with the Apache web server. This is something we can look into and let you know what we find. Regards, Tyler Hayden IT Security Professional Ill Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 026 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9051 thayden2@kennesaw.edu ----- Original Message ----From: "Steven Dean" < sdean29@kennesaw.edu > To: "Tyler Ray Hayden" < thayden2@kennesaw.edu > LAMB DECLARATION Cc: "Michael Barnes" < mbarne28@kennesaw.edu >, "Merle S. King"< mking@kennesaw.edu >, "Jason Figueroa"< jfigue12@kennesaw.edu > Sent: Monday, August 29, 2016 2:39:41 PM Subject: Re: [IMPORTANT] concerning the security of >; elections.kennesaw.edu Good afternoon, Tyler. I wanted to reach out for some assistance with our website as suggested in Stephen's email below. For some background information, Jason and I have taken responsibility for the website here at Center for Election Systems. This site was build on Drupal before either of us were employed here and we have spent the last several years simply maintaining it in the order it had been working previously. Obviously this has become untenable in the current atmosphere, and Jason and I must learn more to get the security of the website under control. In this regard we appreciate any help you can offer on security best practices and specific security implementations that will allow us to secure the site. This morning we implemented a patch to disallow file tree access by anonymous users and we updated our Drupal installation to the current version of Drupal 7. Unfortunately, until today, it seems the file tree had been available to anonymous users. We have denied access by changing the "AllowOverride None" in the apache virtualhost configuration for /var/www/ to "AllowOverride All" so that the .htaccess file parameters will disallow anonymous user access outside Drupal. While we have denied access to the file tree, we are currently we are having trouble patching the ability for anonymous users to access individual files directly without also disallowing Drupal user access to those files. We have tried adding a tag section tot he apache2.conf to deny access to pdf files, but this breaks Drupal user access as well. I'm sure there is some way to do this in the .htaccess file, but we have so far been unable to find the method. Please let Jason and I know if you have any insights that will help accomplish this goal, as well as get a local firewall set up to allow us to monitor access through logs. Thank you, Steven Dean Technical Coordinator KSU Center for Election Systems 3205 Campus Loop Road Kennesaw, GA 30144 P: 470-578-6900 F: 470-578-9012 LAMB DECLARATION On Aug 29, 2016, at 11 :31 AM, Stephen C. Gay< sgay@kennesaw.edu > wrote: Michael, Thanks for reaching out and we stand on ready to help. The source email domain, >; bastille.net < >; http://bastille.net/ >;, has a valid domain registration through GoDaddy and located in Atlanta: Registry Registrant ID: Registrant Name: Michael Engle Registrant Organization: Bastille Networks Registrant Street: 1000 Marietta St NW Registrant Street: Suite 112 Registrant City: Atlanta Registrant State/Province: GA Registrant Postal Code: 30318 Registrant Country: US Registrant Phone: +1.7328200096 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: domains@bastillenetworks.com < mailto:domains@bastillenetworks.com> We don't put internal domain blocks in place unless we detect a spike in phishing or vulnerability scanning from that domain which, at this point, isn't the case for >; bastille.net < >; http://bastille.net/ >;. It's very likely that the tester utilized Google searches on the >; elections. ken nesaw .ed u < >; http://elections.kennesaw.edu/ >; domain which included file extensions, along with HTML Headers which include the service versions. Here the the Google search string which reveals the document he references ".pdf site:elections.kennesaw.edu" Reporting precincts with cards - LAMB DECLARATION &A/Reporting%20Precincts%20with%20Cards.pdf>; https://elections.kennesaw.edu/sites/default/files/ExpressPoll%20L &A/Reporting%20Precincts%20with%20Cards.pdf<; &A/Reporting%20Precincts%20with%20Cards.pdf>; https://elections.kennesaw.edu/sites/default/files/ExpressPoll%20L &A/Reporting%20Precincts%20with%20Cards.pdf>; And here is the header response for >; https://elections.kennesaw.edu/?g=user/login <; >; https://elections.kennesaw.edu/?q=user/login >; that gives away the use of Drupal >; https://elections.kennesaw.edu/misc/drupal.js?ococft < >; https://elections.kennesaw.edu/misc/drupal.js?ococft >; It is reasonable to assume that these types of unsolicited requests are going to increase leading up to the general election in November and we stand on ready to offer application security analysis and recommendations. In turn, I would highly recommend the use of an server based firewall/IDS to track this activity (specifically brute force attempts on the login page) and ensure that all access are logged. I am cc'ing 2 members of my team, Mr. Tyler Haden and Mr. Bill Moore, to advise on operating system/application vulnerabilities and provide advice on mitigating strategies. Tyler will act as your point of contact and if I can assist in any way please let me know. In service, Stephen C Gay CISSP CISA KSU Chief Information Security Officer & UITS Executive Director LAMB DECLARATION Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 031 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 Fax: (470) 578-9050 sgay@kennesaw.edu < mailto:sgay@kennesaw.edu> ----- Original Message ----From: "Michael Barnes" < mbarne28@kennesaw.edu < mailto:mbarne28@kennesaw.edu>> To: "Stephen C Gay" < sqay@kennesaw.edu < mailto:sgay@kennesaw.edu>> Cc: "Merle King" < mking@kennesaw.edu < mailto:mking@kennesaw.edu>>, "Steven Dean"< sdean29@kennesaw.edu < mailto:sdean29@kennesaw.edu>>, "Jason Figueroa" < jfique12@kennesaw.edu < mailto:jfigue12@kennesaw.edu» Sent: Monday, August 29, 2016 9:24:30 AM Subject: FW: [IMPORTANT] concerning the security of >; elections.kennesaw.edu < >; http://elections.kennesaw.edu/ >; Stephen, We received an unsolicited email over the weekend from a Logan Lamb. The content of the email has engaged our staff and we are looking into these claims regarding the security of our website. Would you please add this individual and the organization he claims to be affiliated with to the list of IP addresses most recently black listed? Also, our IT staff, Steven Dean and Jason Figueroa will be reaching out to you and your staff to see what assistance your group can provide us in pinging our site to verify that we are addressing security issues within our site. Thank you in advance, LAMB DECLARATION Michael Barnes Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, GA 30144 ph: 470-KSU-6900 fax: 470-KSU-9012 From: Merle S. King [ mailto:mking@kennesaw.edu] Sent: Sunday, August 28, 2016 3:56 PM To: Steven Dean < sdean29@kennesaw.edu >; Jason Figueroa < jfigue12@kennesaw.edu > Cc: Michael Barnes < mbarne28@kennesaw.edu > Subject: Fwd: [IMPORTANT] concerning the security of >; elections. ken nesaw. ed u Steven and Jason - Please review this email and advise. Sooner is better than later. Thanks, MSK From: "Logan Lamb"< logan@bastille.net < mailto:logan@bastille. net> < mailto:logan@bastille.net< mailto:loqan@bastille.net» > To: "Merle King" < mking@kennesaw.edu < mailto:mkinq@kennesaw.edu> < mailto:mking@kennesaw.edu< mailto:mking@kennesaw.edu>> > LAMB DECLARATION Cc: research@bastille.net < mailto:research@bastille.net> < mailto:research@bastille.net< mailto:research@bastille.net>> Sent: Sunday, August 28, 2016 3:47:50 PM Subject: [IMPORTANT] concerning the security of >; elections. kennesaw .ed u < >; http://elections.kennesaw.edu/ >; Hello Merle, My name is Logan Lamb, and I'm a cybersecurity researcher who is a member of Bastille Threat Research Team. We work to secure devices against new and existing wireless threats: >; https://www.bastille.net/ < >; https://www.bastille.net/ >;. This past Tuesday I went to Fulton County Government Center to speak with Rick Barron about securing voting machines against wireless threats. I was then directed to contact you and the center. I'd like to collaborate with you on securing our state's election systems infrastructure against wireless attacks. While attempting to get more background information on the center prior to contacting you, I discovered serious vulnerabilities affecting >; elections.kennesaw.edu < >; http://elections.kennesaw.edu/ >; < >; http://elections.kennesaw.edu <; >; http://elections.kennesaw.edu/ »; . LAMB DECLARATION The following google searches reveal documents that shouldn't be indexed and appear to be critical to the elections process. In addition, the Drupal install needs to be immediately upgraded from the current version, 7.31: "site:elections.kennesaw.edu < >; http://elections.kennesaw.edu < >; http://elections.kennesaw.edu/ >>; inurl:pdf" I generally use this type of search to find documents on websites that lack search functionality. This search revealed a completely open Drupal install. Assume any document that requires authorization has already been downloaded without authorization. "site:elections.kennesaw.edu < >; http://elections.kennesaw.edu < >; http://elections.kennesaw.edu/ >>; L&A" The second search result appears to be for disseminating critical voting system software. This is especially concerning because, as the following article states, there's a strong probability that your site is already compromised. >; https://www.drupal.org/project/drupalgeddon< >; https://www.drupal.org/project/drupalqeddon >; LAMB DECLARATION >; https://www.drupal.org/SA-CORE-2014-005< >; https://www.drupal.org/SA-CORE-2014-005 >; If you have any questions or concerns please contact me. I'm able to come to the center this Monday for a more thorough discussion. Take care, Logan Merle S. King Executive Director Center for Election Systems Kennesaw State University 3205 Campus Loop Road Kennesaw, Georgia 30144 Voice: 470-578-6900 Fax: 470-578-9012 LAMB DECLARATION Matt Sims Information Security Specialist Identity & Access Management Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 026 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 msims24@kennesaw.edu Matt Sims Information Security Specialist Identity & Access Management Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 026 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 Phone: (470) 578-6620 msims24@kennesaw.edu Matt Sims Information Security Specialist Identity & Access Management Information Security Office University Information Technology Services (UITS) Kennesaw State University Technology Services Bldg, Room 026 1075 Canton Pl, MB #3503 Kennesaw, GA 30144 LAMB DECLARATION Phone: (470! 578-6620 msim524@kennesaw.edu LAMB DECLARATION DECLARATION OF CARRI GIBBS LUSE IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION DONNA CURLING, et al. Plaintiff, vs. BRIAN P. KEMP, et al. Defendant. ) ) ) ) ) ) ) ) ) ) ) ) CIVIL ACTION FILE NO.: 1:17-cv2989-AT DECLARATION OF CARRI GIBBS LUSE CARRI GIBBS LUSE hereby declares as follows: 1. I am have been a Georgia voter since at least 1992 and am currently registered to vote at 175 Sampson Street NE, Atlanta, Georgia 30312, in Fulton County. I have been registered to vote at this address since November 2013. 2. On May 1, 2018 I voted in early voting at the Fulton County Elections Office at 140 Pryor Street, Atlanta in the May 22, 2018 primary. 3. I made a special trip to the central Elections Office to vote because I felt more confident of my early vote being counted at the central office than at a remote voting location. I took my mother to vote there at the same time. LUSE DECLARATION 4. I requested a Democratic Party ballot by completing the voter application certificate, specifying the Democratic Party ballot. I voted a Democratic Party electronic ballot on the touchscreen, and later proudly told friends about the candidates I selected on my ballot. I am very confident that I voted a Democratic Party ballot on the touchscreen machine that day. 5. On July 2, 2018 I voted in the July 24, 2018 runoff during early voting, this time choosing to vote in the Ponce de Leon Library early voting location. 6. When I checked in to vote that day and asked for a Democratic ballot, the pollworkers claimed that I had voted a Republican Party ballot in May, and could not vote a Democratic Party ballot in the runoff. I was in disbelief and continued to challenge the pollworkers, as I was confident that I voted a Democratic Party ballot in May. 7. I repeatedly asked what could be done to correct this error and vote a Democratic Party ballot, and the poll workers said that nothing could be done, and permitted me only to vote a Republican ballot or a nonpartisan ballot, or not vote at all. 8. The pollworkers did not offer to let me vote a Democratic Party provisional ballot, despite my repeated request for a solution so that I LUSE DECLARATION could vote for Democrats. I don’t understand why I was not offered a provisional ballot which could have been counted after reviewing my May 1, 2018 voter application documenting the fact that I requested a Democratic ballot. 9. I am concerned that I was disenfranchised in this way, and concerned about the integrity of the electronic pollbooks that contain this error that caused my disenfranchisement. I am concerned that I might be further disenfranchised in the November election by other types of electronic election records errors. 10. I have read a number of recent reports of voter disenfranchisement, electronic pollbook errors, and voting machine errors, and I now have grave concerns about the integrity of the upcoming November election. 11. Because of my concerns about the integrity of the electronic election records in Georgia, I am researching the procedure and pros and cons of voting a paper mail-in ballot in November. It is my preference to have the flexibility of voting on Election Day in my home precinct, as I may want to wait until Election Day to obtain all last minute information about all campaigns, and not be required to vote several days before Election Day to assure that my mail ballot arrives in time LUSE DECLARATION to be counted. ll?l have to make a choice between casting a secure veri?able ballot and the conveniean of voting in my precinct on Election Day, I will choose to cast a inail-in paper ballot the week before the election. I declare under penalty in accor?lance with 28 ll.S.C. 1746. that the foregoing is true and correct. Executed on this date. July 31. 2018. I 4?4; Carri Gibb's Luse LUSE DECLARATION DECLARATION OF MARILYN MARKS IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION DONNA CURLING, ET AL., Plaintiffs Civil Action No. 1:17-CV-2989-AT , v. BRIAN KEMP, ET AL., Defendants. DECLARATION OF MARILYN MARKS MARILYN MARKS hereby declares as follows: 1. I am Executive Director of Coalition for Good Government, a Plaintiff in this action. 2. Attached as Exhibit 1 are true and correct copies of documents received by Coalition from Fulton County Board of Elections on June 7, 2017 at a hearing in the matter of Curling v Kemp (2017cv290630) 3. Attached as Exhibit 2 are true and correct copies of a sample of documents showing differences between the number of voters reported as voting at the polling place on Election Day and the number of ballots cast as reported on the polling place DRE machine results tapes. The documents were obtained from Fulton County Board of Elections as part of the agreed on DRE inventory information submission in this action. 4. Attached as Exhibit 3 are true and correct copies of documents appearing to show greater than 100% voter turnout. The documents are screenshots taken from MARKS DECLARATION official reports from the Secretary of State’s election results pages on website: http://sos.ga.gov/index.php/Elections/current_and_past_elections_results ) 5. This is a link to a news report describing how electronic pollbook eliminated some voters’ records with recent 4 digit zipcode suffix additions, forcing them to vote by provisional ballot: https://www.11alive.com/article/news/politics/voters-in-certain-metro-atlantacounties-say-they-were-given-provisional-ballots-because-of-this/85-577127862. 6. Attached as Exhibit 4 is a screen shot from Secretary of State’s election results pages on website: (http://sos.ga.gov/index.php/Elections/current_and_past_elections_results ) from the November 8, 2016 election showing a DRE machine vote for a Congressional District 6 candidate from a precinct in Congressional District 5. 7. Attached as Exhibit 5 is a letter dated August 1, 2018 addressed to County Election Officials and Registrars from State Elections Division Director, Chris Harvey. I obtained this letter from Stephens County voter Packy McKibben via email who reported that he had obtained it as a public document at the August 2, 2018 Stephens County Board of Elections meeting. In accordance with 28 U.S.C. § 1746, I pledge under penalty of perjury that the foregoing is true and correct. Executed on this date, August 3, 2018. ______________________ Marilyn Marks PAGE 2 MARKS DECLARATION EXHIBIT Ringer, Cheryl From: Jones, Ralph Sent: Thursday, April 20, 2017 1:08 PM To: Brower, Dwight Subject: FW: Elections Complaint from Brian Blosser Attachments: image2.jpeg From: Harris, Axiver [mailtozaharris@sos.ga.gov] Sent: Thursday, April 20, 2017 9:00 AM To: Jones, Ralph Cc: Marshall, Shamira Subject: FW: Elections Complaint from Brian Blosser Ralph or Shamira, When you get time today can you look into this and see if he should have been in US Congress District 6? Looks like he had an address change at Read email below. From: Simmons, Jessica Sent: Thursday, April 20, 2017 8:51 AM To: Harris, Axiver Subject: FW: Elections Complaint from Brian Blosser Can you please have Fulton look into this? Thanks! From: Brian Blosser Sent: Wednesday, April 19, 2017 7:07 PM To: Simmons, Jessica Cc: Brian Blosser (bblosseranlcom) Subject: Fwd: Elections Complaint from Brian Blosser Ms Simmons your facts assumptions are incorrect. There appears to be a big issue in your data base. Please see the below voter registration card from 2015 that shows both my current address which your team claimed I did not have) and the proper voting precinct for this special election. I would appreciate your team making the corrections so we have no further issues. I have lost every con?dence in what I would call an impractical voting system in Georgia and many issues surrounding this special election. When I am being told that I cannot vote because of my af?liation by more than one individual) and that they knew how I voted in the last election is very concerning. Please verify that this has/ will be resolved by the next election again my proof is below I look forward to hearing back from you regarding this egregious error. El (?I?l'll Brian Blosser 678-699-4153 MARKS DECLARATION From: "Simmons, Jessica" <'simmons sos. a. ov> Date: April 19, 2017 at 12:39:17 PM EDT To: "bblosser@aol.com" Subject: RE: Elections Complaint from Brian Blosser Mr. Blosser, Thank you for contacting the Secretary of State's Of?ce. According to your voter registration, you are in Congressional District 11 and State Senate District 6. The Special Election yesterday in Fulton was for Congressional District 6 and State Senate District 32. If you feel that you are in not in the proper district, please call the Fulton County Registrar's Of?ce at 404?612-3816. Please let me know if you have any questions. Thanks, Jessica Original From: gov Sent: Wednesday, April 19, 2017 8:52 AM To: electionscomplaints Subject: Elections Complaint from Brian Blosser Name: Brian Blosser Phone: (678) 699-4153 Address: 5996 Mitchell Road, Apt 15 City: Atlanta State: GA Zip Code: 30328 E-mail: bblosser@aol.com Complaint Type: Turned Away at the P011 Election Date: County: Fulton City: Atlanta Description of Complaint: I was not allowed to vote due to my "af?liation". I asked how they know what my af?liation is. The reply was "by the way you voted in the last election". I have a valid voter registration card that was issued on 12/29/2015. Since the poll supervisor used the work "af?liation" the only reason I would have been turned away would be to surpress a republican/conservative vote. Please contact me for more details. Thank you. MARKS DECLARATION This electronic transmission and any attached documents or other writings are confidential and are for the sole use of the intended recipient(s) identified above. This message may contain information that is privileged, confidential or otherwise protected from disclosure under applicable law. If you are the intended recipient, you are responsible for establishing appropriate safeguards to maintain data integrity and security. If the receiver of this information is not the intended recipient, or the employee, or agent responsible for delivering the information to the intended recipient, you are hereby notified that any use, reading, dissemination, distribution, c0pying or storage of this information is strictly prohibited. If you have received this information in error, please notify the sender and destroy the transmission, including all attachments from your system. MARKS DECLARATION - ezsos vs vmuvqmv ST. .Iud'i CIH 9669 NVIHEI 3J.VN3S ONOO 1700 390 900 900 we WWOO Gnl" 80 8 - ONLLOA 83909 V9 AGNVS Cit! A8833 NOSNHOF i793 SLHV LESS 33WVN ALIS 82808 V9 AGNVS GEI A8833 793 H3LN3O SLHV 330Wd LESS 99899690 ?338 3088! 8080038 800A 80:! d33>l CINV GENO NOIS GENO MNHOO 3 .LVCI 031830033 3OIAH3S L9't7017 :0 'ensicaa 09179 - 80808 V9 . . ms 0ch 98LZ JEEHLS 08L "\va 301530 Nouwmsnoaa HELOA ARKS DECLARATION EXHIBIT Exhibit 2.1 Fulton County Polling Place Recap Sheet Discrepancy April 18, 2017 (Congressional District 6 Runoff) Polling Place SS25 Note: The number of voters applying to vote at the polling place should reconcile to the number of ballots cast and number of votes reported with few, if any, reconciling items. The example recap sheet shows unreconciled differences. The number of ballots cast should not exceed the number of voters voting. Information on Recap Sheet: Reported ballots cast per DRE results tape=486 Reported number of voter certificates (voters voting)= 477 Reported election day votes for CD6 per official results= 479 (computed) (http://results.enr.clarityelections.com/GA/Fulton/67378/Web02/#/) MARKS DECLARATION ELECTION: (Check One) General Primary Runoff (if applicable) Special 0 / Presidential Preference Primary i _Apr i DATE OF ELECTION COUNTY /MUNICIPALITY PRECINCT 0...C.. USE BALL POINT PEN Bear Down_ - You Are Making Three Copies 0 ~~0 l 1 fb' \~ - '....-Uc2,b WHITE sheet to Secretary of State YEUOW sheet to Superintendent PINK sheet to Clerk of Superior Court or Municipal Clerk l v /i ~ } TIME LAST VOTER VOTED - NUMBER OF REGISTERED VOTERS IN PRECINCT -.. . / -·( _ \. . _ ( DIRECT RECORD'EL.ECTRONIC VOTING MACHINE RECAP···, SECTION A: RECORD EACH UNIT Before Polls Open SEAL NUMBER DRE UNIT NUMBER I l l 1l--'--1(....:, l I ! ,-.oc' / I l II/ I Before Polls Open COUNT NUMBER After Pons-close .. COUNT N-UMBER I~)'-/ _,' ( , II -, I Pl () . -· •. -·--- \ ' l J _____..;...__i..... ... .,1 . ' ~ -------'--. -~·------- SECTION B: TOTAL OF ALL VOTES CAST (ALL UNITS COMBINED) SECTION C: NUMBERED LISTS and VOTER CERTIFICATES I I ExpressPoll -- , 20 I? . SIGNED/IN.TRl~ VI A E 7 cC/-- -.,u.-e__c, _,..,.-(__ /~ - / Aaalstant Manager ' - - - C7':·/,J4;l_JL".C, Aaalstant Manager;,- .· ci!v~ " MARKS DECLARATION Form RS-DRE-10 Exhibit 2.2 Fulton County Polling Place Recap Sheet Discrepancy June 20, 2017 (Congressional District 6 Runoff) Polling Place RW20 Note: The number of voters applying to vote at the polling place should reconcile to the number of ballots cast and number of votes reported with few, if any, reconciling items. The example recap sheet shows unreconciled differences. The number of voter certificates (voters voting) should be equal to the number of ballots cast. Information on Recap Sheet: Reported ballots cast per DRE results tape=347 Reported number of voter certificates (voters voting)= 362 Reported number of voters recorded in electronic pollbook=345 MARKS DECLARATION . USE BALL POINT PEN Bear Down - You Are Making Three ~opie_s General Primary ~ Runoff (if applicable) -· Special Presidential Preference Primary 1 ---.f0 \ fuV\..' ELECTION: (Check One) 0 0 WHITE sheet to Secretary of State YELLOW sheet to Superintendent PINK sheet to Clerk of Superior Court or Municipal Clerk QQ , QU l l DATE OF ELECTION ~) Y\ f.. COUNTY /MUNICIPALITY 1 n/ \)9,_Q PRECINCT 15 3 TIME LAST VOTER VOTED NUMBER OF REGISTERED VOTERS IN PRECINCT 7 DIRECT RECORD ELECTRONIC VOTING MACHINE RECAP SECTION A: RECORD EACH UNIT Before Polls Open DRE UNIT NUMBER SEAL NUMBER Before Polls Open COUNT NUMBER JI~(_, (Z.2U---£5 12 l71 ?_ 11-s 76 'i I Li-- 5· 7 ll--- 7 ) bl '] S v After Polls Close SEAL NU~ER coui~7~MBER Is- 'JP!!-1 ~ 'J 5 ~ t) ..Jb6 3.~ --; '-'} 0 t{, 35 4 7 ut{, 3 5 6 } 101303 I I 2- 7 (..I 2. After Polls Close ;;i 17 #-I~ )> 1/;?L. 57i· l:?'>712!1 t'.)~ 7'7J.'7 ~ 0 1.._:::, L_ I /55'i71 :;,;-_-,..a.. cf L] tt 3 S' 7 4/ l:/I _ .'- SECTION B: TOTAL OF ALL VOTES CAST (ALL UNITS COMBINED) . SECTION C: NUMBERED LISTS and VOTER CERTIFICATES 1 E~pressPoll (See ExpressPoll Recap) Democratic Primary______ I ' ' Su6plemental Democratic Primary ===:::-:_-- Republican Primary __ General/Special _ Total (a) ~ ( \ \ I ~ ')! ':2 ·' 1 Republican Primary General/Special --,,_(-~ri--Total {b) _---== ./__ ~ ~ V' _ Total Voter's Certificates ~/ ;J__ Democratic Primary ..., ( 0-Republican Primary _ General/Special Total (c) Ji r V. } ~ '' ......, <~- •;,, SECTION D: T0TAL NUMBER OF PERSOI\IS VOTING AS SHOWN BY: 1. -Results {ap~s (or Accumulator Ta~_e\~esu!!§) (Total from Section B above) 2. "Voters ~~rke~ (See ExpressPoll Recap)3 S + Supplemental List ~ 3. Numbered ~ists ~'} ExpressPoll {a) \ + Supplemental (b) _ 1- 4. Voter's Certificates (c) (1/ ' I . NOTE: Numbers-fr?~ _D1',))2, D3, and d~ Je Ve,reul ~t J =_ ..5_b_Z.: ~ = , '/ Jl..r p4 should match. If n9t, explain c;lifference here:~~e,./ 1, 1--e_ we..;::;;,/1 -n rYJe-5. Nup, p-ffW-'2.-r,e. <0F • • I I 0 . ,?(, I We, the unp signed Managers, herelfydertify 1at the above is a true J11d co,:r,e_frt accounting on this ')' , ; (;t/1/,t 1 Manager y/,{,n(j-, ,t' ]I/ , ·.' d~y of I fr,_, / v ;J / 1 • 1' L---/ L.- J 1 Z~ Ii_ ! /1 · 'Assistant Manager f /!!!!7. /t,__ / _;. 1 / :., SIGNED IN TRIPLICATE_ _,,t-./ . _ /'~«.- ~; ~ , --ksislant Manager - MARKS DECLARATION Form RS-DRE-JO Exhibit 2.3 Fulton County Polling Place Recap Sheet Discrepancy April 18, 2017 (Congressional District 6 Special Election) Polling Places SS02A/B, SS19A/B, SS20, SS26 (combined) Note: The number of voters applying to vote at the polling place should reconcile to the number of ballots cast and number of votes reported with few, if any, reconciling items. The example recap sheet shows unreconciled differences. The number of ballots cast should not exceed the number of voters applying to vote. Information on Recap Sheet: Reported ballots cast per DRE results tape= 1,962 Reported number of voter certificates (voters voting)= not reported, unknown Electronic Pollbook voter count (voters voting)= 1,790 MARKS DECLARATION · I 615-V ELECTION: (Check One) ~ Q__ l 0 0 \ O.,i USE BALL POINT PEN Bear Down, - You Are Making Three Copies General Primary Runoff (if applicable) Special J"' ~ 'Presidential Preference Primary WHITE sheet to Secretary of State YELLOW sheet to Superintendent PINK sheet to Clerk of Superior Court or Municipal Clerk 'P. t / -=---.'_Q _~__ ..20l] DATE OF ELECTIONfrV( l \ COUNTY/ MUNICIPALrrt -J. tl -+0""'4l4t+ :5) ;;.ii1c,1.,,. . I---Ln :), PRECINC-6.Sc.'.;l $l9' ,.:4 ~~alp TIME LAST VOTER VOTED __ NUMBER OF REGISTERED (5, AF, / vorens rN PREcINcT q lo ·2- _ DIRECT RECORD ELECTRONIC VOTING MACHINE RECAP SECTION A: RECORD EACH UNIT DRE UNIT NUMBER \ . . . q . . . ,- I I I - 1- l '- - Before Polls Open Before Polls Open COUNT NUMBER SEAL NUMB~~ 05941'ti1 I.., COUNT NUMB E~ 1 ILJ-7.51..l. 9b \L...\ 7~-343 ~~ -P-\1~4 _ : ,• / I Total Voter's Certificates Democratic Primary Republican Primary _ _ General/Special Tot~I (c) _ SEqTION D: TOTAL NUMBER OF PERSONS VOTING AS SHOWN BY: 1. 2. ! 3. 4. Results Tapes (or Accumulator Tape Results) (Total from Section B above) "Voters Marked" (See ExpressPoll Recap) \ 7 q,u+ Supplemental List-=-'-Numbered Lists on ExpressPoll (a) \ 1 ~\) + Supplemental (b) (l . Voter's Certificates (c) =----- , Numbers from D1, D2l ~3, and D4 should match. If not, explajP difference here..' NOTE: ~~-.::.--t.u.r'> ' ~ :::2::'::::<:..=::::.c~-S..':> ?:t:>\\ ' ' . t+· -~IGNE:r~ AT . :. c- ~ r-~')., We, the under~l}_,ed Managers, hereby certify ~ that the ab~ve is a true and correct accounting on t~ '·s the~ -~ Manager dayof c--' ( (I J . ,2Q\] l~ Assistant Manager ,YA[, I .t,_L ~ _/ _ ..:..._ · -=!---- Assistant M\ager ~ MARKS DECLARATION Form RS-DRE-JO .cL/) J{'l-, a ELECTION: (Check One) f 0 O I? USE BALL POINT PEN Bear Down, - You Are Making Three Copies General Primary Runoff {if applicable) Special Presidential Preference Primary WHITE sheet to Secretary of State YELLOW sheet to Superintendent PINK sheet to Clerk Superior Court or Municipal Clerk ?' I Ii ~ll DATEOFELECTION~ri COUNTY I Ml!_~ICIPAUTY + tl-+-, 04-( TIME LAST VOTER VOTED +-l~ ~ ~,-----t ]. ,(}._S../ ' A l'Ez, 55 ,er A rP.z, :.::z..&o .t ~ vorsas 1N PREc1NcT PREc1NcOSOQ I NUMBER OF REGISTERED I DIRECT RECORD ELECTRONIC VOTING MACHINE RECAP SECTION A: RECORD EACH UNIT .~ ,, DRE UNIT NUMBER - I l O.SCIL./ r-13 I - > LI .:. I i , ' I (It 111..1-.., ! ~ ~,,. I . 0§~~1ir::; l'-f'-1 ,_ ~ I : I ._ .: . I L 11 ~ _) l l' I ·; \ 2..c "()54i:/ 74~ - o::/:;I J../ 717 COUNT§'bBER )'-\l S~\..ov, yfj G?'j_ JG ~7 ] 3> lo·· \ L-\ 7 ~S:\J) \ \ l..\ 7 SL\<-\ -:7 \Y, sa.7 ~ ~ L..\ 7 S:.:. 7~,.. Cl SECTION B: TOTAL OF ALL VOTES CAST (ALL UNITS COMBINED) SECTION C: NUMBERED LISTS and VOTER CERTIFICATES I '* ,~-rss~~· 'L\7-S3>7 7 ~> \'--\"3>~~\\ t....: > J C. \Y7s' ~\.D9 \ I..\=( SS'o ~' V .0 ''l'Lf15l./ \\...\7 ,s;~~$ \~ls-Sw'Z_ 'Y 3 4 ~ \'1' / 059'-l ?lPO ,. '/ 05941 LPb 05lJ~ 17J-. O~YP-rl1+3 After Polls Close ,~, S"L\{14 ,__, 0Si'i78] l After Polls Close SEAL NUMBER \ ~3,3,2(~~ QSltLI-/C(L/ .059L\t{J)3 I I I I I,;: , 11 1 ~'-1'-I I_ :- c , /Q S:lL./ -,u,q Before Polls Open COUNT NUMBER OSC,'--1 7 Lc>5 05C-?Lf,q::; I - -..., - I I I L It;. I" I \ · I I 1..... l '-1 'c \ ,. I· Before Polls Open SEAL NUMBER . 3Q . YIP . LQ ~ gy., . ' .;k~ --- ExpressPoll csee ExpressPoll Recap) Democratic Primary _ Supplemental Democratic Primary _ Total Voter's Certificates Democratic Primary _ Republican ~rimary _ Republican Primary _ Republican Primary _ _ General/Special Total (b) _ General/Special Total (c) _ General/Special Total (a) SECTION D: TOTAL NUMBER OF PERSONS VOTING AS SHOWN BY: 1. Results Tapes (or Accumulator Tape Results) (Total from Section B above) + Supplemental List + Supplemental (b) _ 4. Voter's Certificates (c) ··• NOTE:c....Numbers from D1, b2, b3, and 04 should match. If not, explain difference here: 2. "Voters Marked" (See ExpressPoll Recap) 3. Numbered Lists on ExpressPoll (a) c,,Z. Manager 6,~! "'-~~ _.J___ >½-.L. Assls1ant Mar;iager = = \v._\,L \7 ½ \ =----=----_ MARKS DECLARATION Form RS-DRE-10 - 6 "\~ii ELECTION: (Check One) ' 0 • • · 0 0 (~ ()·c. 0 USE BALL POINT PEN General Primary Runoff (if applicable} Special Presidential Preference Primary Bear Down, - You Are Making Three Copies -WHITE sheet to Secrelary of State YELLOW sheet to Superintendent PINK sheet to Clerk of Superior Court or Municipal Clerk Aft~~~iL)-++-I / \ ~ JD l 7 DATE OF EL.ECTION _ COUNTY / MUNICIPALITY -1- ,=:;.~ ~A ~---- ~l4' I , , , ,. . \) ~ NUMBER OF REGISTERED VOTERS IN PRECINCT \J½, 3St9Affi,~C~Jr- PRECINC~ ).. l , 7· TIME LAST VOTER VOTED DIRECT RECORD ELECTRONIC VOTING MACHINE RECAP SECTION A: REC.ORD EACH UNIT DRE UNIT NUMBER \L \ I'- LI ,:_ I, u Before Polls Open SE'1k N'1JMBER Before Polls Open COUNT NUMBER ( 0!:>'1'-f 7.3:k /C '- b · 05'1Y148 After Polls Close After Polls Close }~~~~~ COUNTNPER \q7s3Ltg (.) / SECTION B: TOTAL OF ALL VOTES CAST (ALL UNITS COMBINED) SECTION C: NUMBERED LISTS and VOTER CERTIFICATES ExpressPo!I /See Expresseon Beca11l, Democratic Primary Republican Primary _ ___,_, __ GeneraVSpecial Total (a) _,;'--- Supplemental Democratic Primary_,,__ _ Total Voter's Certificates Democratic Rrimary _ Republican Primary _ Republican Primary _ General/Special GeneraVSpecial ~ Total (b>--------''--- Total (c) _ SECTION D: TOTAL NUMBER OF PERSONS VOTING AS SHOWN BY: 1. Results Tapes (or Accumulator Tape Results) (Total from Section B above) 2. "Voters Marked" (See ExpressPoll Recap}\' qi) 3. Numbered Lists on ExpressPoll (a) \ 1 + Supplemental List----'\ __ ~ V + Supplemental (b) _ 4. Voter's Certificates (c) · NOTE: Numbers from D1, D2, D~~d 04 should match. If not, explain difference here: ~ -v-6 ~ .E.~. 6-~ "'o~ =----=----- ~\t...t>·t.,. MARKS DECLARATION Form RS-DRE- I 0 Exhibit 2.4 Fulton County Polling Place Recap Sheet Discrepancy December 5, 2017 (Atlanta Municipal Election Runoff) Polling Place 07F 08L Note: The number of voters applying to vote at the polling place should reconcile to the number of ballots cast and number of votes reported with few, if any, reconciling items. The example recap sheet shows unreconciled differences. The number of ballots cast should not exceed than the number of voters applying to vote. Information on Recap Sheet: Reported ballots cast per DRE results tape=486 Reported number of voter certificates (voters voting)= 477 Reported election day votes for CD6 per official results= 479 (computed) (http://results.enr.clarityelections.com/GA/Fulton/67378/Web02/#/) MARKS DECLARATION ELECTION: (Check Onei 0 USE BALL POINT PEN General Primary Runoff (if applicable) Special Bear Down - You Are Making Three Copies WHITE sheet to Secretary of State YELLOW sheet to Superintendent PINK sheet to Clerk of Superior Court or Municipal Clerk Presidential Preference Primary )1 DATE OF ELECTION COUNTY /MUNICIPAL! TIME LAST VOTER VOTED _ NUMBER OF REGISTERED VOTERS IN PRECINCT DIRECT RECORD ELECTRONIC VOTING MACHINE RECAP SECTION A: RECORD EACH UNIT Before Polls Open SEAL NUMBER DRE UNIT NUll,'IBER 'ff ,12-[?6 I :z_ :g q 1//0f'S i/6':)4--z_ / '2-5 7/ 7- 1/ 5' 3 0 t-iI I ooo Cf I li-- 3 '1 i.,c 9_ ;s¥ :;-~ 12--S~,3 06 I 33.{; ~ Before Polls Open COUNT NUMBER After Polls Close COllNT N~BER '3321 0 ~t: ~1ii-6 ~~iii?# di 336 I 2- ,x,/ 337tc: tzf l'tJ ff 06/ s s4-o i"' 18 o/2/338'.S: q I SECTION B: TOTAL OF ALL VOTES CAST (ALL UNITS COMBINED) SECTION C: NUMBERED LISTS and VOTER CERTIFICATES ExpressPoll (Sea ExpressPoll Recap} Supplemental Democratic Primary ./ Republican-,Primary __ 7 General/Special Total (a) Democratic Primary---,,L-+-Republican Primary_~~-- _ ---11,cl/'lo~l~-~l~l~(-o~I Total Voter's Certificates General/Special _ Democratic Primary_-r':..___ Republican Primary~-~-General/Special Total (b) ~I-"-'--- Total (c) SECTION D: TOTAL NUMBER OF PERSONS VOTING AS SHOWN BY: 2. ''Voters Marked" {See ExpressPo11 Recap) :i Numbered Lists on Express Poll {a) 4. Voter's Certificates (c) I I Ip l IQ + Supplemental List + Supplemental (b) t) O Numbers from D1, D2, D3, and D4 should match. If not, explain difference here: \?Dl\s sh1~.Jt,,1el Glo&rl, the= \A-'• . .,J_3,., , 3;;.Z)I--~1_3~3=:~ 3 -- ll 1. Results Tapes (or Accumulator Tape Results) (Total from Section B above) NOTE: lo ,3 I :5Sl\c::"S = {olf =~ l l~\~n,_(__ = ~-.{"7~-) = W f e-J.- .Pff'S 5, I ':/f/i 10~;09 spnc cg1nl<::bOY\, /VJ\lV\"'Q ,Si.,_,_, }-M1:2,hj _) We, the undersigned Managers, hereby certify that the above is a true and correct accounting on this M~ day of '/)f<.([l:he,f ""'"'"' M,o,go, ,2 0/1 .SIGNEDINTRIPLICATE ..,. =,,. =m"M-',o=,cc,,cc,------MARKS DECLARATION Forn1 RS-DRE-10 EXHIBIT A ICounty lRegistered Voters Ballots Cast Voter Turnout Ha bersham North 7740 1747 22.57 Habersham South 5113 969 18.95 Demorest 4135 816 19.73 Town of Mount Airy 650 135 20.77 City of Baldwin 838 102 12.17 Mud Creek 276 670 242.75 Amys Creek 1355 309 22.80 Total: 20107 4748 23.61 MARKS DECLARATION mm?mmvh-WNH h-Ia +4 c: u>x>joz Om IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION DONNA CURLING, et al. Plaintiff, vs. BRIAN P. KEMP, et al. Defendant. ------------ ) ) ) ) ) ) ) ) ) ) ) CIVIL ACTION FILE NO.: 1:17-cv­ 2989-AT ) DECLARATION OF LAURIE ADERHOLT MITCHELL LAURIE ADERHOLT MITCHELL hereby declares as follows: 1. I am have been a Georgia voter since 2015 and am currently registered to vote at 408 E. Wesley Road NE, Atlanta, GA 30305. I have been continuously registered to vote at this address since June 20, 2015. 2. I have not made changes to my voter registration while living at this address. 3. I reside with my husband Mark Mitchell, who is also registered to vote at the above address, and has been continuously registered at this address since February 10, 2014. MITCHELL DECLARATION 4. On or about July 18, 2018, was surprised to receive a new voter registration card in the mail. A copy is attached (Exhibit A). 5. I noticed that my polling place had changed from my traditional polling place of Cathederal of St. Philip at 2744 Peachtree Road to Sutton Middle School at 2875 Northside Drive. 6. My husband stated to me that he received no such notice. 7. I read reports on social media of various voting problems during the July 24, 2018 runoff with voters? registration records showing discrepancies in pollbooks when they attempted to vote. 8. Based on the concernng reports, I reviewed my registration card again and on July 19, 2018 went to My Voter Page on the Secretary of State?s website at to verify that the card I received in the mail matched the online information. (Exhibit B) All information matched. 9. However, I noticed that not only had the precinct voting location changed but my precinct assignment had changed to 08H from 07F. 10. On July 19, 2018, both my husband and I checked his voter registration on My Voter Page and found that his registration had MITCHELL DECLARATION remained at Precinct 07F with the same polling location at St. Philip's Cathedral. (Exhibit C) 11. I reviewed both my husband's and my registration information on My Voter Page and noted that I am assigned to City Council District 8, while he is assigned to City Council District 7, although the City Council District maps appear to show that we live in District 7. 12. I plan to vote in the November 2018 election and am concerned that I may be given an inaccurate ballot, or that my name may not be found in the pollbook, or that I will be otherwise disenfranchised. 13.After reading of reports of widespread errors in the pollbooks, I am also concerned about the impact of such discrepancies on the election as a whole, and the impact of widespread errors on voter confidence and voter turnout. I declare under penalty of perjury, in accordance with 28 U.S.C. § 1746, that the foregoing is true and correct. Executed on this date, July 30, 2018. A'p,1/I } ,1 ~~ J'akJ{IJ!/ Laurie Aderholt Mitchell MITCHELL DECLARATION EXHIBIT A TTENTl0N: This is your NEW Voter Registration Precinct Card. It replaces any other Voter ---------- Cardyou currentlyhave in your possession.Keep for your records. (Cut or fold on the dottedlinefor wallet card) - ---- - - -- --------------------YOUR NEW RESIDENCE ADDRESS WITHIN If you change your address within the county, complete this form and mail to the return address on the front of this card . Note: Change of addressmustbe submittedat.feast30-dayspreceeding any election. If you move to another county or if there is a change in your,J~gal name, you must complete a .ne.wvoter registration application in order ,to remain qualified to vote. This card may not be used as evidenceto prove United States Citizenshipor as identificationto vote. (ref.1996 UnitedStates Public Law 104-99) COUNTY (PleasePrint) Nu mber Street Apartment Zip Code City ~---------------------., I Ma iliag Add ress (If different) "O 0 u.. Z ip Code Dayt11ne Tele phone Date VOTER'S SIGNATURE Visit our website@ www.mvp.sos.ga.gov/MVP, download the GA Votes app or contact your local registrar's p_ffu;e. For Android MITCHELL DECLARATION VOTER .. .. . .. MAIL 130 21'86 US. POSTAGE PAID SW ATLANTA GA 30303 3460 Atlanta: PHONE: 404?612?7020 PERMIT No. RETURN SERVICE REQUESTED REG DATE 06?20?201 5 FULTON COUNTY PRECINCT CARD DATE 05/25/2018 SIGN CARD AND KEEP FOR YOUR RECORDS REG. No. 02559347 PRECINCT NAME: 08H POLLING PLACE: SUTTON MIDDLE SCHOOL 2875 NORTHSIDE DRIVE NW ATLANTA GA 30305 - 0000 CITY PRECINCT NAME: 08H POLLING PLACE: SUTTON MIDDLE SCHOOL 2875 NORTHSIDE DRIVE NW ATLANTA GA 30305 - 0000 VOTING DISTRICTS: 005 039 054 ATLA 3 08 4 CONG SENATE HOUSE JUD COMM CITYL MUNIB LAURIE ADERHOLT MITCHELL 408 WESLEY RD NE ATLANTA GA 30305 - 3826 MITCHELL DECLARATION EXHIBIT 7/29/2018 Georgia My Voter Page Corporations Elections News Room Professional Licensing Boards Securities Charities My Voter Page Voter Information Polling Place for State, County, and Municipal Elections LAURIE ADERHOLT MITCHELL 408 WESLEY RD NW ATLANTA, GA, 30305 Race: White not of Hispanic Origin Gender: Female Status: Active Registration Date: 06/20/2015 Precinct 08H SUTTON MIDDLE SCHOOL 2875 NORTHSIDE DRIVE NW ATLANTA, GA, 30305 - 0000 Election Day polling place hours are 7:00 am - 7:00 pm. Directions to Polling Place Change Voter Information Click Here for Early Voting Locations and Times Click Here for Municipal Polling Place Click Here for Sample Ballots NOTE: Non-specific rural addresses may not be available. Absentee Ballot Request Information Your Elected Officials Candidates Elected: Officials Elected Statewide District Maps: Congressional District Maps U.S. Congress: District 005 Click Here for an Absentee Ballot Application Georgia Senate: District 039 Click here for Absentee Ballot status Georgia House: District 054 If you prefer to vote off-site, mail or fax your absentee ballot application to your county registrar. Click Here for Qualified Candidates Check your Provisional Ballot Status Please Note: Polling places are subject to change. Always check your designated polling place location via this website prior to going to vote. Newly Registered Voters: Please review your registration date which is located under your name and address above. You must be registered on or before the established deadlines to vote in upcoming elections. Please view the current election calendar to confirm the first election in which you will be eligible to vote. Print / Email Precinct Card Back Home GA.gov Home https://www.mvp.sos.ga.gov/MVP/voterDetails.do 1/1 EXHIBIT 7/29/2018 Georgia My Voter Page Corporations Elections News Room Professional Licensing Boards Securities Charities My Voter Page Voter Information Polling Place for State, County, and Municipal Elections MARK ALEXANDER MITCHELL 408 E WESLEY RD NE ATLANTA, GA, 30305 Race: White not of Hispanic Origin Gender: Male Status: Active Registration Date: 02/10/2014 Precinct 07F CATHEDRAL OF SAINT PHILIP 2744 PEACHTREE RD NW ATLANTA, GA, 30305 - 2937 Election Day polling place hours are 7:00 am - 7:00 pm. Directions to Polling Place Change Voter Information Click Here for Early Voting Locations and Times Click Here for Municipal Polling Place Click Here for Sample Ballots NOTE: Non-specific rural addresses may not be available. Absentee Ballot Request Information Your Elected Officials Candidates Elected: Officials Elected Statewide District Maps: Congressional District Maps U.S. Congress: District 005 Click Here for an Absentee Ballot Application Georgia Senate: District 039 Click here for Absentee Ballot status Georgia House: District 054 If you prefer to vote off-site, mail or fax your absentee ballot application to your county registrar. Click Here for Qualified Candidates Check your Provisional Ballot Status Please Note: Polling places are subject to change. Always check your designated polling place location via this website prior to going to vote. Newly Registered Voters: Please review your registration date which is located under your name and address above. You must be registered on or before the established deadlines to vote in upcoming elections. Please view the current election calendar to confirm the first election in which you will be eligible to vote. Print / Email Precinct Card Back Home GA.gov Home https://www.mvp.sos.ga.gov/MVP/voterDetails.do 1/1 DECLARATION OF REBECCA WILSON IN THE SUPERIOR COURT OF FULTON COUNTY STATE OF GEORGIA DONNA CURLING, et a1. Plaintiff, CIVIL ACTION FILE NO.: 1:17-cv? vs. 2989-AT BRIAN P. KEMP, et al. Defendant. DECLARATION OF REBECCA WILSON REBECCA WILSON ("Declarant"), hereby declares as follows: 1. I serve as the Republican/Unaf?liated Chief Election Judge at Precinct 17?01, in Prince George's County, Maryland. In Maryland, a bipartisan pair of ?Chief Election Judges? supervises and manages the polling place on Election Day. I believe Georgia refers to these poll workers as ?Supervisors.? . I have been serving there since 2004. Until 2016, Maryland used Diebold?s AccuVote Direct Recording Electronic (AV-TS DRE) voting machines, the same voting equipment that I understand Georgia uses. I supervised precinct pollworkers for the conduct of 11 elections in Precinct 17-01 using that equipment. In 2016 Maryland switched to voter-marked paper ballots scanned by optical ballot scanners in the precinct. I have supervised 3 elections using paper ballots scanned by the new equipment. . The experience in my precinct is that the optical ballot-scanning system is far easier and faster to set up, manage, and close down after the polls are closed than the previous DRE equipment was. All of our election judges working in the polling place expressed to me that they believe paper ballots and optical scanning equipment are a more ef?cient approach to the conduct of the election. WILSON DECLARATION 10. 11. 12. 13. SETTING UP THE POLLING PLACE Since the switch to paper ballots in 2016, it is far easier for the poll workers under my supervision to set up the equipment on Election Day morning and to open the polls on time. Under Maryland?s procedures, setting up the DREs required numerous security, technical testing and preparation steps to be performed for each DRE. Our polling place had at least 11 and as many as 17 DREs deployed there, depending on anticipated turnout. Setting up each unit required 43 steps, as detailed in Chapter 10 of our former election judges manual (Exhibit A) for a total of 473 to 731 steps. I have reviewed the Georgia pollworkers manual at r%20Training%20Man ual.pd and have concluded that the DRE set up and closing procedures are similar to the procedures used in my polling location until 2016. Setting up the ballot-scanning equipment requires 32 steps to be performed for each of the 2 ballot scanners in our current con?guration for paper ballots and optical scans, for a total of 64 steps. Setting up the accessible ballot-marking device (BMD) requires 18 steps for the one BMD in our precinct. (See Exhibit B, Chapters 11 12 of our current election judges manual.) CLOSING DOWN THE EQUIPMENT After switching to paper ballots in 2016, it was far easier for the pollworkers under my supervision to close down the equipment on Election Night and to obtain election results quickly. Closing down the DREs required 40 steps to be performed for each DRE, for a total of 440 to 680 steps. Workers were required to print multiple copies of results tapes of each of the 11-17 DRE machines and then go through the cumbersome and time consuming process of shutting down, securing, and aggregating the results from each machine. These steps are detailed in Chapter 11 of our former election judge's manual. (See Exhibit C.) Closing down the ballot-scanning equipment requires 29 steps to be performed for each of the two ballot scanners in our precinct, for a total of 58 steps. Closing the accessible ballot-marking device requires 9 steps for the one BMD in our precinct. These steps are detailed in Chapters 12 and 17 of our current election judge's manual. (See Exhibit D.) ELECTION JUDGE TRAINING Prince George's County requires four hours of training for each election judge before each election. This has been our long-standing training time requirement. 2 WILSON DECLARATION 14have attended each of the four hour training sessions for the past 16 years. The bulk of the training has not changed with the introduction of the new ballot-scanning system. Most of the training time is dedicated to polling place laws, rules, and procedures and to operation of the electronic pollbooks, which are not affected by the voting equipment used. The training time that used to be dedicated to practice setting up, using, and closing down the DREs is now devoted instead to training election judges in paper ballot management and on instructing voters how to hand-mark their paper ballots, use the ballot-marking devices, and insert their ballots into the scanners. There were few questions and judges appeared to be quite comfortable with the change to paper ballots at the training session I attended. Chief judges are also instructed in how to set up, manage, and close down the ballot scanners and the ballot-marking devices. I found these procedures to be relatively simple compared to the same procedures on DREs. My experience in the polling place on Election Day was consistent with the training that a paper ballot election is fairly simple to conduct. SECURITY In my role in supervising the polling place, I found it far easier to monitor the physical security of the ballot scanning system than the DRE system. During the years we used DREs I knew that when I printed the ?zero report? before voting opened that it was intended to indicate that the machine contained no votes, but provide no actual assurance. I was aware that bad actors could program the machines to print zeroes regardless of whether votes may have been pre?loaded into the machines. In contrast, when we set up the ballot?scanning machine on Election Day morning, we can see with our own eyes that the ballot bin is empty and contains no voted ballots. The zero report printed from the DREs does not provide the same level of certainty. With the DREs, each voter was left unattended at a voting machine for the amount of time it took them to cast their ballot, which could be up to 20 or 30 minutes depending upon the length of the ballot. If a voter had wanted to access the compartment of the machine where the memory card is stored, or cast multiple ballots with forged voter access cards, or manipulate the machine in other ways, the privacy screen on the machine would have generally prevented poll workers from seeing them do so. By contrast, paper ballots and the ballot scanner are securely controlled, preventing anyone from accessing voted ballots or voting multiple ballots. Voters never have unattended access to the voted ballots or unvoted paper ballot stock or the ballot scanning 3 WILSON DECLARATION 23. 24. 25. 26. 27. 28. machine. An election judge is stationed at the ballot scanner all day and supervises each voter?s brief interaction with the machine. To receive a blank paper ballot, a voter must present to the election judge their Voter Authority Card (VAC), the check-in slip printed by the e-pollbook when the voter checked in. A blank paper ballot may not be issued without a valid VAC. By contrast, the memory card compartment of the AV-TS DRE is locked with a commonly available key that is the same key used by every Diebold DRE, as well as by many other devices such as hotel minibars. This information has been widely published for many years. Despite the enormous time and attention devoted to monitoring the physical security of the DREs, I believe that this is mostly "security theater." These precautions could not prevent or detect the most dangerous type of threat to the security of the machines: the threat of insider tampering with the software on which the machines operate. I feel con?dent that paper ballot security provides for veri?able and auditable results. REDUCED VOTER CONFUSION AND INCONVENIENCE Voters have expressed to me that they were very happy with the new paper balloting equipment. Voting went smoothly and quickly in my precinct and we experienced no wait times longer than 10 minutes at check-in during peak voting hours. Based on my experience, I would foresee no likelihood of confusion on the part of voters if they were required to switch from DRE to paper ballot voting. In previous elections with our DREs we had documented wait times as long as 105 minutes in our polling place. (See Exhibit E.) DRE machines occasionally freeze operations, have calibration problems, battery life issues, and experience other functional issues expected when running 15 year old computers. Further Declarant sayeth not. I declare under penalty of perjury, in accordance with 28 U.S.C. 1746, that the foregoing is true and correct. Executed on this date, August 1, 2018. WILSON DECLARATION EXHIBIT Setting Up the Voting Units Note: voting units can be placed on a table instead of on the unit?s legs. A metal bracket is used to secure the at a 90- degree angle. Voters can use the voting unit to vote while sitting (wheelchair or folding chair). If the voting unit is set up on the unit?s legs instead of a table, the 90?degree will still be accessible to most voters in a seated position. To set a voting unit up on its legs: 1. V\?th two people, place the voting unit upside down or on its side on the ?oor or table. 2. Locate the black securing latch connected to a ?at metal support bar on the top leg assembly. 3. Release this latch. 4. Unfold the top leg until fully extended, and re-secure the black latch. 5. Release the smaller black securing latches on the end of each leg. 6. Extend each leg by pulling the lower leg assembly out until it locks and the silver button appears in the leg slot. If the silver button does not lock into the slot, you may need to twist the leg to align the silver button with the slot. Do not over-twist the leg. 7. Lock the black securing latches. Leg latch must be closed after leg is extended it Leg latch must be opened before extending the leg it Silver button must "pop? into hole when leg is extended 8. Repeat steps 2-7 for the other legs. 9. two people, lift the voting unit and stand it on all four legs. 10. When the voting unit is placed on the ?oor, gently pull the 4 legs outward for the widest stance and greatest stability. 11.Verify that each black securing latch is in the closed position. Note: Power cords are locked inside the metal blue box on top of the voting units. 12. Locate and insert the power cord into the left side of the voting unit and connect voting units according to the site survey. Follow the diagram below to daisy-chain the voting units. 163.61 .. .15.:2g with-:1. lea-J, Audio Ballot Equipment (VIBS - Visually Impaired Ballot Station) Note: All voting units can be set up as VIBS (Visually Impaired Ballot Station) units with a keypad and headphones for voters Who wish to use the audio ballot. Note: The audio ballot equipment may have already been installed prior to delivery of the voting units. If not, follow the steps below. The keypad, headphones, and bracket are located in the supply bag (purple bag with red tag). The accessible voting unit is labeled with an orange tag. 1. Insert the keypad into the ?Keypad? port on the right side of the voting unit. If already attached, check that it is connected. 2. Insert the headphones into the ?Audio? port on the right side of the voting unit. If already attached, check that it is connected. 3. Secure the right side privacy screen. . 1' luiia PMR 0? LEFT SIDE OF EACH VOTING [min [9:53 C. in", lug?9 WW l? [l tn Ffil _?j?ij jg? Unit mmumro?m 70PM: A daisy-chain more than 10 voting units together. 13. Plug the last power cord into the power strip, and plug the power strip into the wall. Turn power strip on. Opening the Voting Units 1. Verify that the number on the seal matches the number recorded on the Voting System Integrity Report. If the number does not match, call the local board of elections immediately. 2. Break the seal and place the broken seal into the Chief Judges? Case. 3. Locate the two latches by the black handle. Pull down the center of each latch and lift up the lid to the voting unit case. 4. Verify that the tamper tape covering the side compartment door is intact. If the word ?Void? is visible (see image below) or there is no tape, call the local board of elections immediately. State of Maryland 00-000302 Sample of intact tamper tape 10.5 Sample of voided tamper tape 5. Verify that the tamper tape number matches the number recorded on Page 1 of the Voting System Integrity Report. Two election judges must initial Page 1 of the Voting System Integrity Report to show that the number on each tamper tape was veri?ed. If the tamper tape number doesn?t match, call the local board of elections immediately. 6. Push the internal power cord on the back left side of the voting unit to ensure that it is connected securely. 7. Extend both privacy screens (side panels) from the lid. 8. Snap the left privacy screen to the voting unit. Leave the right privacy screen unsnapped until you have printed the Zero Report. 9. Press the black button at the top of the Raise the until you feel resistance from the base suppon. Note: Don?t over-rotate the unless you are setting up the accessible voting unit. If you over-rotate the the base support will pop out of its slot. To get the base support into its slot, press on it with a ?rm inward motion while lowering the A Metal angle adjustment bar 0 base support I Printer compartment with lock . latch to secure the privacy screen I Side door, unlocked and span 0 Keypad . Audio port for 0 Red power button I PCcard slots for was Headset memory card and modem card {if used) 10. Lower the metal angle-adjustment bar under the A. To set the at an angle for a voter who will stand while voting, allow the to rest on the bar at an appropriate angle90-degree angle (for voters who will sit while voting): 0 Over-rotate the so that the base support pops out of its slot. - Insert the end of the metal bracket with the rectangular hole into the slot on the back of the . Insert the other end of the metal bracket into the slot on the base of the voting unit. - Verify that the is stable in its 90-degree position. Note: Be aware of glare on the If there is too much glare, adjust the angle and/or, if practical, turn off overhead lights. set to a 90" angle g. base support extended out of slot 0 Metal bracket Keypad port 0 Audio port for 5* Tamper Tape over was Headset locked side door 1 1. Remove the tamper tape from the side compartment and place the used tamper tape on the back of Page 1 of the Voting System Integrity Report. 12. Using the key, unlock the side compartment located on the right side of the unit and the printer compartment located on the top of the unit. The key is located in the Chief Judge?s Case. 13. Make sure that the gray bar on the printer is lowered. 14. Press the red power button in the side compartment. 15. Once the unit starts up (about 45 seconds), the 1St Zero Report will automatically print. 16. Lock the side compartment door. 17. Verify that the following information appears correctly on the A. At the top center of the screen, verify the current election, Election Day date, the county and the precinct number. 10.8 B. Verify that the power bar at the bottom right of the screen is green and says ?Charging.? If the power bar is not green and ?Charging,? refer to Chapter 12: Problems and Solutions. C. Verify that the ?Ballots? number at the bottom of the screen is zero. Record that number on Page 1 of the Voting System Integrity Report. D. Verify that the ?Tot? number at the bottom of the screen matches the number on Page 1 of the Voting System Integrity Report. Note: If any of the information in items A - is incorrect, lower the screen and do not use the voting unit. Call the local board of elections immediately. 18.When the ?rst Zero Report has been printed, verify that: A. The date and precinct information on the report is correct; B. The ?Public Counter? on the report is zero and matches the ?Ballots? number at the bottom of the screen; C. The ?System Counter? matches the ?Tot? at the bottom of the screen; and D. All contests on the report are zero. Note: Notify the local board of elections immediately if there are errors on the Zero Report. Getting the tits-ring Unit's Ready MODE Gubemlloml Sammbar 12,?m 7 a rn.'ta a rn Any Calm?, - - - ELECTION ZERO REPORT . ?mount-"nut? . Hm trust's-mum's mm, Sample Elma: Santeria: 12.20% 7 out. to it pm. DATE: POLL OER: 313503 g- IMOHN 1 OOHNT: l} SIZE: 32M REPORT: US 115 Please Insert Your Card SN: 000mm MID: Balots: canon rename-ow 1-w- ?rig?; 19.Tear off the 1St Zero Report. Two election judges must sign the Zero Report before posting it near the entrance to the polling place where the voters can see the report. TIME: 0mm SYSTEM COUME: 249M 20. The ?Need Another Copy?" message will automatically appear. Press ?Yes.? mm tall-pd?. Any taunty; Markham! ?ll? 001 ?ower High School Ml?l??m'm -- - tub-gm. 1 - Your Card 35H: 0000001 M1012 Ballots: 00000 Tot: 0024904 44?; 10.10 21 .A second Zero Report will print. tear off the second Zero Report. (The Totals Report printed at the end of election day must be attached to this Zero Report.) Two election judges must sign the second Zero Report. A Do NOT tear off the 2nd Zero Report! 22.The ?Need Another Copy?? message will automatically appear again. If the second Zero Report printed correctly, press If the second Zero Report did not print correctly the paper jammed), reset the paper, and return to step 20. 23.The ?Please Insert Your Card? screen will automatically appear. Please Insert You Card SN: MID: 2 Ballots: 00000 ?Tot: 0024904 I3 Ifm'un. 24. Roll up the second Zero Report and place it in front of the paper roll. 25. Lock the top printer compartment and verify that the side compartment is locked. 26. Locate the new tamper tape in the Chief Judges? Case. 27. Record the new tamper tape number on Page 1 of the Voting System Integrity Report. 28. Place the new tamper tape over the keyhole of the side compartment. The tamper tape must extend above and below the side compartment door. See the illustration below for the proper positioning of the tamper tape. 10.11 i?iJ ??letns t? 9 keypad port 9 Audio port for 3? Tamper Tape over VIBS Headset locked side door up 29. Secure the right side privacy screen. A Attach the container used to collect voter authority cards to the voting unit. 30. Locate the brown envelopes marked ?Voter Authority Cards" in the sign bag (blue tote bag with blue tag). Write the precinct, ward, and voting unit number on the front of the envelope before attaching it securely to the back of the black top of the voting unit with duct tape. Note: The next illustration shows how the voting system should look once set up and ready for voting. is Privacy Screen ?a ft: The latch at the t0p of wt! Privacy Screen it Power Cord plugs in on the left side Each privacy screen is secured with two latches at the bottom 0 Slot to insert Voter Access Card each back leg and the latch in the middle of each leg must be closed 7 I e. The silver button above the latch in the middle of each leg must be in its slot 10.13 EXHIBIT Overview Each precinct will receive at least one Scanning Unit. Large precincts may receive more than one Scanning Unit. Poll Watchers may observe opening procedures. A At least one voting judge must be stationed at the Scanning Unit at all times. Voting Judges may be rotated in and out of this position by Chief Judges during the day. Required Supplies You will need the following supplies to open the Scanning Units: Large Manila Envelope for collecting VACs Scanning Unit key Scanning Unit Integrity Report Opening New tamper tape and green seals Wire Cutters to break security seals on the outside of the Scanning Unit Scanning Unit Setup 1. Remove the Scanning Unit from the Transfer Cart (to prevent injury and damage, this should be done by at least two election judges). Roll the Scanning Unit to the location designated by precinct site survey. 2. Engage both parking brakes on the Scanning Unit by gently stepping on the metal tabs. They will snap into place. Caution: The metal tabs are sharp. 3. Confirm that the shipping label on the back of the Scanning Unit shows the correct polling place. If it does not, immediately notify the local board of elections. Shipping Tag 0-: ifunlock the back door of the Scanning Unit, ole. unwrap the power cord (with the grey surge protector attached) and plug the cord into an electrical outlet. Leave the power cord compartment door open. IMPORTANT: Keep the back door of the Scanning Unit open when the Scanning Unit is plugged into an electrical outlet. Failure to do so may result in the unit overheating. Ensure that both lights on the surge protector (red and green) are lit. Opening the Polls 1. Verify the security seal number on the Scanning Unit lid (column A of the Scanning Unit Integrity Report Opening). h?ml?m Scanning UnitLid Seal ?Micah-I mum lthW-i ?Hm IMW ilr'IN'H-l 2. Remove the security seal. Use the flat Scanning Unit key to unlock the lid. 3. Unhook the lid latches. Pull both latches out and flip up. Do not force the lid up. Instead, hold onto the latches as you nudge the lid upward. The hydraulic arms will do the lifting. .v a 4. Verify the serial number on the top of the Scanning Unit (column of the Scanning Unit Integrity Report - Opening). 5. Verify the tamper tape number on the rear access door (column of the Scanning Unit Integrity Report Opening). Do NOT remove the tamper tape. RearAccess Door 6. Use the round key to unlock and open the Ballot Scanner. 11.61 7. Gently lift and raise the screen to the upright position. The Ballot Scanner will turn on by itself. If the Ballot Scanner does not turn on, alert a chief judge. 8. Verify the tamper tape number on the front access door (column of the Scanning Unit Integrity Report Opening). Do NOT remove the tamper tape. Front Access Door 11.7 Note: If the scanner does not turn on or if you hear a series of four beeps check the power supply to the Scanning Unit. Make sure power cord is connected firmly in the back of the Scanning Unit and also into the grey surge protector and power outlet. Make sure the power outlet is ?live? power is coming through the outlet). If the Ballot Scanner still does not turn on alert a chiefjudge. 9. Verify the number on the security seal on the Main Ballot Box (column of the Scanning Unit Integrity Report - Opening). Main Batlot Box 10. Remove the security seal on the Main Ballot Box and place it in the Completed Forms Envelope. Use the flat Scanning Unit key to unlock and open the Main Ballot Box door. 'l 1 I 11. Use the strap handle to pull the Ballot Transfer Bin out of the Main Ballot Box. 12. You will find the ballots in this Ballot Transfer Bin and possibly the other Transfer Bins that were delivered in the Black Cart. Check inside each for ballots. Look inside the Main Ballot Box to verify that it is empty. If there are any ballots inside the Main Ballot Box, alert a chiefjudge. if} 13. Open the lid of the Ballot Transfer Bin and look inside. Extend the 14. Ii. roller handle and lift the handle to shift the weight of the Ballot Transfer Bin to the rear wheels. Roll the Ballot Transfer Bin to where its contents will be removed, verified, and counted. Complete the opening portion of the Ballot Certificate. Return the empty Ballot Transfer Bin to the Scanning Unit area and keep the ballots at the Ballot Issuance Table. Place the empty Ballot Transfer Bin back inside the Main Ballot Box. Ensure that both lids of the Ballot Transfer Bin are open and resting on the sides inside the Main Ballot Box and the strap handle is facing out. 15. Close, lock, and reseal the Main Ballot Box door. Record the new seal number in column of the Scanning Unit Integrity Report - Opening. 16. Verify the number on the security seal on the Emergency Ballot Compartment door (column of the Scanning Unit Integrity Report Opening). Remove the security seal. Emergen cy Ballot Compartment 17. Unlock and open the Emergency Ballot Compartment door. Make sure that the compartment is empty. Beware of sharp edges. Alert a chief judge if any ballots are found inside the Emergency Ballot Compartment. 18. Ensure that the metal flap on the Emergency Ballot Compartment door is raised. Emergen cy Ballot Compartment metal flap in position 7.. i ?i 19. Close, lock and reseal the Emergency Ballot Compartment door. Record the new security seal number in column of the Scanning Unit Integrity Report - Opening. 20. Verify the left and right side case red seals are intact (columns I and of the Scanning Unit Integrity Report Opening). DO NOT remove the red seals. Right Case Seal on opposite side is 01: sh own here (column J). 21. Once the Ballot Scanner turns on, verify the Public Count number is the same as indicated in column of the Scanning Unit Integrity Repon? Opening. Also verify the Protected Count number is the same as indicated in column L. r4 - .- mm: Enter Ell-cunt! NOTE: The Ballot Scanner performs an internal self-test. This process may take several minutes. If the following screen appears, or if the Ballot Scanner down, alert a chief judge immediately. Be aware that the unit will automatically shut down after you incorrectly enter the code three times. Never turn off the Ballot Scanner or unplug the Scanning Unit unless instructed by the local board of elections. 0 This voting device is not ready to be opened For voting. Election definition not found! Plugged into electricity' The elect'mn definition must be. inserted in ?ne. voting rnadwine before you can open poll for voting. Press ?Show Me How? to see how it is dame. Don't Open Turn Off ?x 23. A Configuration Report will automatically print. an QT ?0 5(1' ""4:ch . 24. Confirm that the polling place name displayed on the screen is correct and the unit is receiving power. Touch ?Open Poll? on the screen. Power Indicator Precinct Name Nu miner Huruauihrrtuvc m?urnm*mwmlumwimbnr MWWeme-J-Fw?nl W. 1 71' am 25. Two copies of the ?Zero Report? will print. Separate the Zero Reports into two individual reports: A. Both chiefjudges sign both Zero Reports; B. Attach the first copy of the Zero Report (with the Configuration Report still attached) to the Scanning Unit Integrity Report - Opening. C. Post the second copy of the Zero Report for public viewing. 26. Once the self-test is completed, the following screen appears. Touch ?Go To Voting Mode.? -: The poll. is open and the voting device is now ready for voting. For rep-?curt Orphans press "Report Citations" now- To start accepting ballats press to: Voting Please Cbse the access doo? and place the key rot; In a mare iocatlan- 'Illnn. PM rm rm pally-cortex Instructm fur further dicta-is lain ml 09mm tax-u. 27. When the Ballot Scanner is ready to receive ballots. The following screen appears. I i" (Mfg-w- fads I In!" nW? . 3.12.5334 Welcome, Please insert your ballot. Setting-up the Ballot Marking Device 1. Remove the BMD from the Transfer Cart and check the ID tag on the BMD carrying case to ensure that the tag designates the correct polling place. 2. Take the BMD in its carrying case to the designated location inside the voting area as shown on the polling place diagram. 3. Remove the BMD, keypad, and headphones from the case. Remove the power cord from the case side pocket. 4. Push the small circular plug of the power cord with ?at side up into the port on (the back of the BMD. The plug will click into place when properly connected. Plug the other end of the power cord into an electrical outlet. 5. Grasp the bottom of the stand on the back of the BMD. Pull out and extend the stand. Rest the BMD on the stand. Position the BMD on the designated table. 6. Verify the serial number located on the top of the BMD. Confirm by checking the box in column A of the Ballot Marking Device Integrity Report. 1' I I 7. Verify the tamper tape number located on the left side compartment door of the BMD. Confirm by checking the box in column of the Ballot Marking Device Integrity Report. Side compartment tamper tape location. I 8. Remove the tamper tape and place it on the back of the Ballot Marking Device Integrity Report. Use the BMD barrel key to unlock and open the left side compartment door. 9. Check that the memory stick is installed. If not, immediately notify a chief judge. . . .. . 10. Check to ensure that the ?Mode? switch is on 11. IMPORTANT: Do not touch the display screen while the BMD is starting up. Startup is long, about 4 minutes. No reports are printed. ?it. 12. Flip the ?Power? switch to the ?On? position. 13. Position the keypad cord so it threads through the circular opening at top of the side compartment door. Close and lock the side compartment door. Apply new tamper tape and record the new tamper tape number in column of the Ballot Marking Device Integrity Report. it: 14. Install the privacy screen. rm. Ballot trier-:1: ling ?1.315573; Setup Closing 15. A Chief Judge enters the Election Code, then touches Accept. 16. Verify that the precinct number and name displayed on the screen are correct and the unit is receiving power. Touch 0K. Contact the local board of elections of?ce immediately if the precinct number and name are incorrect. John-II- cJ?u?? ?lm.?t .I?wm 1:4 I Rue-Indy far Voting T3113 12:- W?uw-Vmu he; emit-15.1 lo be underused-J: fa?. Precinct Number Name Emciara 2 ?l Gama-Halal! lumbar: war ?Llrqu-Il'm tulle-I AC: Hamill-wry stun-Imam: Qr1urgm