Domain: ga.gov
Stories and comments across the archive that link to ga.gov.
Stories · 5
-
Georgia's Secretary of State Brian Kemp Doxes Thousands of Absentee Voters
An anonymous reader quotes a report from TechCrunch: Georgia's secretary of state and candidate for state governor in the midterm election, Brian Kemp, has taken the unusual, if not unprecedented step of posting the personal details of 291,164 absentee voters online for anyone to download. Kemp's office posted an Excel file on its website within hours of the results of the general election, exposing the names and addresses of state residents who mailed in an absentee ballot -- including their reason why, such as if a person is "disabled" or "elderly."
The file, according to the web page, allows Georgia residents to "check the status of your mail-in absentee ballot." Millions of Americans across the country mail in their completed ballots ahead of election day, particularly if getting to a polling place is difficult -- such as if a person is disabled, elderly or traveling. When reached, Georgia secretary of state's press secretary Candice Broce told TechCrunch that all of the data "is clearly designated as public information under state law," and denied that the data was "confidential or sensitive." "State law requires the public availability of voter lists, including names and address of registered voters," she said in an email. "While the data may already be public, it is not publicly available in aggregate like this," said security expert Jake Williams, founder of Rendition Infosec, who lives in Georgia. Williams took issue with the reasons that the state gave for each absentee ballot, saying it "could be used by criminals to target currently unoccupied properties." "Releasing this data in aggregate could be seen as suppressing future absentee voters in Georgia who do not want their information released in this manner," he said. -
Georgia's Secretary of State Brian Kemp Doxes Thousands of Absentee Voters
An anonymous reader quotes a report from TechCrunch: Georgia's secretary of state and candidate for state governor in the midterm election, Brian Kemp, has taken the unusual, if not unprecedented step of posting the personal details of 291,164 absentee voters online for anyone to download. Kemp's office posted an Excel file on its website within hours of the results of the general election, exposing the names and addresses of state residents who mailed in an absentee ballot -- including their reason why, such as if a person is "disabled" or "elderly."
The file, according to the web page, allows Georgia residents to "check the status of your mail-in absentee ballot." Millions of Americans across the country mail in their completed ballots ahead of election day, particularly if getting to a polling place is difficult -- such as if a person is disabled, elderly or traveling. When reached, Georgia secretary of state's press secretary Candice Broce told TechCrunch that all of the data "is clearly designated as public information under state law," and denied that the data was "confidential or sensitive." "State law requires the public availability of voter lists, including names and address of registered voters," she said in an email. "While the data may already be public, it is not publicly available in aggregate like this," said security expert Jake Williams, founder of Rendition Infosec, who lives in Georgia. Williams took issue with the reasons that the state gave for each absentee ballot, saying it "could be used by criminals to target currently unoccupied properties." "Releasing this data in aggregate could be seen as suppressing future absentee voters in Georgia who do not want their information released in this manner," he said. -
Hacktivists, Tech Giants Protest Georgia's 'Hack-Back' Bill (threatpost.com)
lod123 shares a report from Threatpost: As Georgia Governor Nathan Deal considers whether to sign a controversial piece of legislation that would allow companies to 'hack back' with offensive initiatives in the face of a cyberattack, companies from across the tech spectrum are lining up to protest the measure. Also, a hacktivist group has targeted Georgia Southern University, two restaurants and a church to protest the bill. Opponents have twin beefs when it comes to Senate Bill 315: Some are questioning whether legitimizing offensive attacks will open the door to a new kind of corporate warfare; and others are concerned that the law will have a chilling effect on cyber-research by criminalizing white-hat activity like vulnerability research and pen-testing.
Google and Microsoft are in the former camp, and have asked Deal to veto the bill, which was passed by the Georgia General Assembly in March and which is nearing its deadline for signing into law. The two giants take issue with a provision in the bill that allows "active defense measures that are designed to prevent or detect unauthorized computer access." In a letter to the governor, the two argued that S.B. 315 "will make Georgia a laboratory for offensive cybersecurity practices that may have unintended consequences and that have not been authorized in other jurisdictions," and that "provisions such as this could easily lead to abuse and be deployed for anti-competitive, not protective purposes." They added: "On its face, this provision broadly authorizes the hacking of other networks and systems under the undefined guise of cybersecurity... [B]efore Georgia endorses the 'hack back' authority in 'defense' or even anticipation of a potential attack with no statutory criteria, it should have a much more thorough understanding of the ramifications of such a policy." Tripwire also filed a letter with the governor's office: "[A]ccording to the wording of S.B. 315, well-intentioned ('white-hat') researchers could be subject to civil or criminal prosecution when following industry best practices in investigating a website for protection from a potential cyber-attack. It is our firm belief that an explicit exception is required to exclude prosecution when the party in question is acting in good-faith to protect a business or their customers from attack. Without this exclusion, S.B. 315 will discourage good actors from reporting vulnerabilities and ultimately increase the likelihood that adversaries will find and exploit the underlying weaknesses." -
IT Worker Fired After Massive Georgia Data Breach Speaks Out (ajc.com)
McGruber writes: On November 17, two Georgia women filed a class action lawsuit alleging that Georgia Secretary of State Brian Kemp had released the Social Security numbers, birthdates, Drivers License numbers and other private information of all registered voters in Georgia. After the lawsuit was filed, Secretary Kemp posted an official notice of the breach on his website as required by Georgia state law.
Secretary Kemp also sent a private letter to Georgia lawmakers describing how the breach happened. In the letter, obtained by The Atlanta Journal-Constitution, Kemp said his office learned of the foul-up on Nov. 13 — four days before any public acknowledgment of the problem. In that private letter to Georgia lawmakers, Kemp also stated that he fired the IT worker who had inadvertently added the personal data including Social Security numbers and birth dates to the public statewide voter file.
Now that fired IT worker, longtime state programmer Gary Cooley, has told the Atlanta Journal Constitution newspaper that he did not actually have the security access necessary to add millions of Social Security numbers and birth dates to the data file that was released to the public. While Cooley does acknowledge a role in the gaffe, he also outlined a more complicated series of missteps and miscommunications both within Kemp's office and with PCC Technology Group, an outside vendor tasked with managing voter data for the state. -
Georgia Bill Would Prohibit Subsidies For Municpal Broadband
McGruber writes "The Associated Press has the news that Georgia State Senate Majority Leader Chip Rogers is sponsoring a bill that 'would prevent public broadband providers from paying for communication networks with tax or government revenue.' Senator Rogers claims that 'The private sector is handling this exceptionally well.' Local government officials disagree. Georgia Municipal Association spokeswoman Amy Henderson says 'When cities were getting involved in broadband, it was because private industry would not come there. Without that technology, they were economically disadvantaged. We feel like it is an option cities should have.'"