Monday, Sept 30th - Georgia Judge Hears Case on Lawsuit Concerning Dominion Encryption Keys

Georgia Judge Scott McAfee will hear Kurt Olsen’s case DeKalb County Republican Party vs. Raffensperger on Monday, Sept. 30 in Fulton County. The Application for Writ of Mandamus filed on August 30, 2024 alleges Dominion Voting Systems (Dominion) machines used across Georgia and several other states are using “cryptographic encryption keys to secure election systems” that fail to meet the “mandatory security requirements for encryption keys.” 

To be clear, the referenced encryption keys provide access to all tools and functions, including the ability to decrypt, alter, and re-encrypt election results without qualification or detection.

Election systems like Dominion’s Democracy Suite, according to the lawsuit, use encryption to prevent unauthorized access and to “prevent malicious alteration of election results” per mandated EAC-certification requirements. It seems Dominion failed miserably to protect voters from potential manipulation of election data.

According to the filing, the use of unprotected encryption keys “compromised Georgia’s election systems and left them vulnerable to any malicious actor–foreign or domestic– to manipulate results without likely detection.”

Secretary of State Raffensperger “has been on notice of this violation of EAC certification requirements since at least March 28,2024,” according to the lawsuit. The DeKalb County GOP asserts it has "cognizable injury sufficient to support a claim for mandamus relief” because Georgia continues to use election systems “that do not meet the cyber security requirements of Georgia law…”

Georgia’s Secretary of State entered into the contract with Dominion for the purchase of electronic voting equipment “on or about July 29, 2019.” The terms of that contract “remain in force today,” according to the lawsuit. Dominion is making bank with its contract with Georgia; well over $100 million dollars as documented in Exhibit G of the case. The Annual cost of software licenses alone 2023-2029 is over $2.3 million dollars.

Cyber Security expert Clay Parikh testified about the encryption key security issue and other security issues found after the 2020 election before the U.S. Supreme Court in the Kari Lake and Mark Finchem v. Adrian Fontes case. Parikh’s affidavit can also be found in Exhibit 3 of the DeKalb County filing. Parikh called the security violation “egregious,” rendering “the security and accuracy of election results and data…meaningless.” Specifically, Parikh stated,

Parikh also noted in his testimony that during his review of “four Georgia databases, each database contained simple and easy to guess passcodes.” In addition, he shared that “common or shared passwords were also discovered.” Stunningly, “the same exact security code was being utilized in other states during the same election period. The same password and/or security code for certain accounts are identical to the password or security code used in Maricopa County, AZ and Mesa County, CO,” Parikh added. The databases Parikh examined were from Appling, Bibb, Jones, and Telfair counties in Georgia.

According to Parikh, the passwords and encryption keys were easily accessed because the only authentication needed was a Windows log-in. “Windows log-in can easily be bypassed,” said Parikh. As a result of the insecure election systems, Parikh declared that voters of Georgia “should have no confidence that their votes have been accurately counted, if they were even counted at all.”

Notably, the DeKalb lawsuit reveals that Dominion admitted in an internal email that it knew encryption was a key security requirement in elections.

The February 4, 2020 email from Director of Engineering Services, Ivan Vukovic, is pictured below:

Exhibit 4 of the lawsuit features an affidavit from veteran computer forensics and incident response expert Benjamin Cotton. Cotton notes that the State of Georgia has known about the “critical vulnerabilities” in Dominion Voting System’s ability “to secure the encryption keys” and has “failed to address any of the vulnerabilities.” Cotton reviewed Coffee County’s Election Management System (EMS) after the 2020 election. Cotton alleges he found “evidence that executable files were created and modified after the Dominion Voting Software (DVS) was installed and certified.”

Olsen plans to file an amicus brief signed by “50-plus Georgia County GOP parties on Sunday night.” On Sept. 19, Olsen also sent a pre-litigation demand letter to Maricopa County Attorney, Rachel Mitchell. The letter warns Maricopa County that it must “take action to provide a secure and accurate election in the upcoming 2024 general election.” Olsen alleges the 2024 Maricopa County election is vulnerable to security breaches because of the same insecure “vendor-supplied encryption keys placed in unprotected and in plain text.”

In an effort to address these systemic weaknesses and prevent their exploitation, this lawsuit seeks relief including full transparency of digital logs and election-related documents, all to be made publicly available. It is a reasonable remedy that could provide significant safeguards in this November’s election.

In addition, plaintiffs put the state on notice, making it clear that the Secretary of State must comply with “Georgia Election Code and other mandatory regulations” during Georgia’s administration of the 2024 General Election. This will include the application of “any remedial measures…applied state-wide in a uniform fashion” to ensure all Georgia voters are afforded a level playing field as protected by state law and the Equal Protection Clause of the U.S. Constitution.

Godspeed to the plaintiffs and their legal representation. Americans want accountability. This definitely appears to be a step in the right direction.

Live stream of hearing at 9 a.m. EST here.