Investigators find no evidence for Georgia Gov. Kemp’s hacking claim

Georgia investigators found no evidence to support Kemp’s allegation just before Election Day in 2018 that the Democratic Party tried to hack election information

Just two days before the 2018 election for governor, Republican Brian Kemp opened an explosive investigation, accusing the Democratic Party of Georgia of trying to hack voter registration systems.

Kemp was Georgia's secretary of state at the time, overseeing his own heated election for governor against Democrat Stacey Abrams.

Sixteen months later, the attorney general's office released a report Tuesday finding no evidence of a hack and closing the investigation Kemp had launched.

No election information was damaged, stolen or lost, according to the report, and there was no evidence of computer crimes.

Democratic Party of Georgia Chairwoman Nikema Williams said Kemp created “outright lies” to attack his political opponents and help his election.

Kemp went on to defeat Abrams by 55,000 votes, a margin of 1.4 percentage points.

Members of the news media surround then-Secretary of State Brian Kemp, the Republican candidate for Georgia governor, after he cast his vote Nov. 6 at the Winterville Train Depot. Curtis Compton/ccompton@ajc.com

icon to expand image

“More than a year after the sitting secretary of state leveraged baseless accusations against his political opponents, we’re finally receiving closure on an ‘investigation’ that has been a sham from the start,” said Williams, a state senator from Atlanta. “As we have since well before these outright lies came to light in the first place, Georgia Democrats will continue to do everything in our power to fight back against voter suppression.”

A spokeswoman for Kemp said his office did the right thing by asking law enforcement agencies, including the FBI and GBI, to investigate.

“We appreciate the Georgia Bureau of Investigation and attorney general’s office for investigating a failed cyber intrusion before the November 2018 election,” said Candice Broce, a spokeswoman for Kemp. “More importantly, we are grateful that the systems put in place by Brian Kemp as Georgia’s secretary of state kept voter data safe and secure.”

Abrams' 2018 campaign manager said Kemp abused his power as secretary of state to help him win the governor's office.

“This is Kemp’s playbook in his desperate attempt to keep his ever-loosening grasp on power,” said Lauren Groh-Wargo, who is now the CEO for Fair Fight Action, a voting rights group. “The motivation is clear: producing headlines while wasting the time and resources of individuals and groups who dared to challenge Kemp.”

The report from the office of Attorney General Chris Carr, a Republican, found that there were some vulnerabilities with the state’s online voter registration systems. Those issues, which were not identified, have been corrected.

In addition, a cybersecurity contractor called Fortalice identified intrusions into the state’s network in October. But those intrusions were later found to be tests conducted by the U.S. Department of Homeland Security, which had been asked by the secretary of state’s office to do that kind of work.

There’s no indication that the Democratic Party of Georgia probed the secretary of state’s websites for weaknesses.

But the Democratic Party did bring potential vulnerabilities to the attention of election officials, only to find itself accused of tampering.

Events unfolded quickly the weekend before the 2018 election.

Richard Wright, a Georgia resident, logged into the state’s My Voter Page on the secretary of state’s website to check whether his registration information was up to date.

Wright also said he discovered security flaws in the state’s voter registration system, according to an email he wrote to an attorney at the time.

Wright alleged that anyone could download voter registration files, likely including personal information such as Social Security numbers and driver’s license numbers, according to his email from Nov. 4, 2018. Wright also said anyone could download voter registration cards.

Wright notified a volunteer for the Democratic Party and the attorney, David Cross, who is suing the state to force it to use paper ballots filled out by hand in elections. The Democratic Party informed two computer security experts, and Cross contacted the FBI and an attorney representing the secretary of state’s office.

Soon afterward, Kemp turned the report into an all-caps election-year attack:

"AFTER FAILED HACKING ATTEMPT, SOS LAUNCHES INVESTIGATION INTO GEORGIA DEMOCRATIC PARTY," said the press release posted on the secretary of state's website.

Broce, who was Kemp’s spokeswoman when he was secretary of state, said Wright’s claims weren’t true.

Wright was wrong when he claimed that election systems weren’t secure, Broce said. She said Wright refused to cooperate with the investigation.

“While the evidence in this case properly gave rise to concerns that were appropriately addressed by law enforcement, the investigation did not reveal any evidence to support the criminal prosecution of Mr. Wright,” according to a memo from Senior Assistant Attorney General Laura Pfister. “Therefore, I recommend closing the file at this time.”

Cross said it was clear from the start that Kemp’s accusations against the Democratic Party were false.

“I had a hard time believing that anyone else believed the Democratic Party was trying to hack an election,” Cross said. “The M.O. of this administration is to go on the offensive rather than take responsibility for the vulnerabilities.”