Last week, the United States District Court for the Northern District of Georgia issued a preliminary injunction prohibiting the state of Georgia from using direct recording electronic (DRE) and global election management (GEMS) voting systems after this year. These systems rely on technology widely regarded as being highly vulnerable to cyber threats. The injunction also directs Georgia to establish a contingency plan in the event that a new and more secure print-balloting system is not ready in time for the state’s March 2020 presidential primary. The injunction further stipulates that the contingency plan must incorporate the use of hand-marked paper ballots. As of this writing, the state has not appealed the issuance of the injunction.
The injunction stems from litigation brought against state officials by concerned voters who allege that the state’s delay in responding to cyber threats faced by DRE and GEMS has deprived them of their constitutional rights to cast secure votes that are reliably counted. The litigation’s constitutional dimension provides an important warning: legislative, bureaucratic, and logistical delays in protecting election systems from cyber threats can result in federal courts becoming the venue in which controversies concerning election cybersecurity are settled.
Attorneys from McDonald Hopkins Data Privacy and Cybersecurity Practice Group are available to advise on legal issues related to election cybersecurity.