Law Enforcement

Is the FBI investigating Georgia's wiped election server?

FBI Director Christopher Wray testifies at a House Judiciary Committee Hearing Dec 7 2017 

FBI Director Christopher Wray testifies at a Dec. 7 hearing of the House Judiciary Committee.

At a Dec. 7 House hearing, FBI Director Christopher Wray declined to answer questions about whether the bureau retained data on a Georgia election server before it was wiped clean by state election officials, then declined to answer whether the FBI was investigating the matter.

Rep. Hank Johnson (D-Ga.) raised the specter of an investigation into a server containing voting data from a recent special election to fill the seat vacated by Tom Price, who resigned from the House of Representatives to serve as Secretary of Health and Human Services before resigning from that post.

Georgia is currently facing a lawsuit in federal court by voters and advocacy groups that claim the June 2017 special election may have been compromised because of faulty election security practices by Georgia officials and the organization that oversaw election infrastructure, Kennesaw State University (KSU).

"Again, I don't want to confirm or deny -- it's important that I put both of those words in there -- the existence of a specific investigation," Wray said at a hearing of the House Judiciary Committee. 

The plaintiffs in the lawsuit allege that Georgia's voter registration data was hosted on the same server as the vote tabulation databases, the software used to program ballots and the passwords for both voting machines and election supervisors. Further, all of this data was connected to a public-facing website that was accessible for at least 10 months to anyone with an internet connection and technical expertise.

In March 2017, the FBI took custody and made copies of the server after opening an investigation into Logan Lamb, the information security researcher who discovered the flaws, but it has not commented publicly on the results of the investigation or whether it is still ongoing.

However, according to email records, KSU Chief Information Security Officer Stephen Gay told colleagues on March 17 that William Ware, the FBI special agent in charge, relayed that "the investigation is wrapping up" and that federal investigators would return the server to KSU later that same day. Other emails sent in March by Ware indicate that the FBI expected the investigation to continue for another two to four weeks.

FCW obtained the emails from one of the plaintiffs in the suit, Marilyn Marks, executive director for the Coalition for Good Governance.

On July 3, Marks' organization and state voters filed their lawsuit, and on July 7, technicians at KSU wiped the server. When the case later moved to federal court in August, technicians wiped at least one additional server one day after a federal judge was assigned to the case.

Georgia Secretary of State Brian Kemp, the defendant in the case, told the Associated Press that he did not order the server wipes and blamed incompetence by KSU officials.

While emphasizing that she had no special knowledge, Marks speculated that the actions by KSU officials may have given cause for a new FBI investigation.

"I'm guessing the FBI may be investigating why the servers were wiped after the lawsuit was filed," Marks said. "We have not yet gone into the court with any kind of motions … with what we want the court to do with respect to this purposeful destruction of evidence."

In addition to the security vulnerabilities associated with the election server, the lawsuit is also seeking to completely replace Georgia's voting machines. According to Marks, all 159 counties in Georgia use the same paperless DRE voting machines, a model that some election security experts believe is particularly vulnerable to hacking and that do not allow for reliable post-election audits.

Most states use multiple models of voting machines, and that variety can make it difficult for hackers to penetrate too deeply into a state's election infrastructure. The use of the same paperless models across the entire state combined with easy access to election servers that host much of the software used to program machines may have left Georgia exceptionally vulnerable to intrusion.

Joe Kiniry, CEO of Free and Fair, a company that tests election systems for cybersecurity vulnerabilities, praised Johnson's line of questioning. He said the combination of Georgia's reliance on paperless voting, outsourcing of election operations to a third-party and "really bad security processes" by KSU created a perfect storm that inevitably led to lawsuits but also opportunity.

"I believe that the positive outcome of all of this will be that, eventually, Georgia will replace its election system with machines that have paper ballot records, Kiniry said.

However, he expressed skepticism that the incident would lead to widespread change. He noted that there are currently around 20 bills pending in Congress to address election security that have not been seen significant movement.

On Dec. 6, Sen. Richard Burr (R-N.C.) hinted the Senate Intelligence Committee's report on Russian election interference would largely avoid legislative proposals to Congress and instead focus on recommending best practices to state and local governments.

If Russian interference coupled with what's going on in Georgia [and other states] doesn't get a bill out of committee, then nothing will," Kiniry said.

This article was updated Dec. 9.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.