Judge orders Lawson to produce documents on voting-machine security

Keywords Elections / Law
  • Comments
  • Print

A Marion County Superior Court judge has ordered Indiana Secretary of State Connie Lawson to produce documents to back up her claim that the public should not see emails and other communications about the reliability and security of voting machines because they could jeopardize cyberterrorism security.

Judge Heather Welch ruled Tuesday that Lawson did not provide adequate justification for withholding the materials and ordered her to produce some of the documents for inspection in chambers.

In a 27-page ruling, the judge ordered Lawson to submit the materials that she had withheld based on the counterterrorism exception so that she may examine them in private.

A spokesman for Lawson declined comment on Wednesday.

The matter arose after a national group of cybersecurity experts sued Lawson last year, saying she has refused to turn over emails and other communications about the reliability and security of voting machines, despite numerous requests.

The experts, known as the National Election Defense Coalition, claimed she unlawfully denied access to public records regarding election security.

Lawson was recently president of the National Association of Secretaries of State, and, in that position, issued statements about the security and trustworthiness of U.S. voting systems. The cybersecurity group said some of Lawson’s statements were “inaccurate and potentially detrimental” to election security efforts.

As an example, it pointed to Lawson’s testimony in June 2017 to the U.S. Senate Select Committee’s investigation into Russian interference in the 2016 election, in which she said it was “very important to underscore that voting machines are not connected to the Internet or networked in any way.”

The coalition disputed that statement, saying many voting machines certified for use in Florida, Illinois, Michigan, and Wisconsin contained wireless modems that connect to the Internet and expose voting machines to online attacks. It added that some voting systems were found to be configured with remote-access software.

The cybersecurity group said it repeatedly tried to ascertain the sources of information used in Lawson’s public statements.

It submitted a records request under the Indiana Access to Public Records Act in September 2018, seeking copies of communications between Lawson’s office and the national association, and later amended its request to cover only specific email domains and communications containing specific election security-related keywords.

“After nine months of fruitless exchanges and Secretary Lawson’s repeatedly evolving explanations for denial and delay, NEDC still hasn’t received the vast majority of public records that it requested from the Secretary,” Ron Fein, Legal Director of Free Speech For People, said in a statement Wednesday. “The ruling today is an important victory in ensuring that the public have access to essential information regarding the reliability and security of voting machines.”

Lawson’s office argued the information was exempt from public disclosure.

Free Speech For People is representing the cybersecurity group pro bono in this matter, with the assistance of William Groth of Macey Swanson LLP.

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our updated comment policy that will govern how comments are moderated.

3 thoughts on “Judge orders Lawson to produce documents on voting-machine security

  1. Security by obscurity is no security at all. I understand not wanting to publicly disclose some of the details. If might open you up to denial of service attacks, but even that should be planned for. If things really are secure, then a certain level of disclosure is good.

  2. The irony is that neither Lawson nor the judge are qualified to render valid or reliable opinions on the security of these machines.

    Law school does not confer technical abilities, aptitudes, or understanding.

    Lawson is in over her head.

    She wouldn’t know a byte from a boot disk.

    Truth be told there are very few people who understand the vulnerabilities of these machines.

    None of them are involved in this case.

    If the emails are that damning, then the vulnerabilities are many and the machines should not be utilized.

    A voting machine is a tabulator. Assuming the tabulations are correct then protecting the machine from tampering is the secondary element although from a security perspective it is the primary element.

    There are many reasons that the National Election Defense Coalition has concern.

    The more one understands about cybersecurity, the less they want to rely on electronic voting.

    Too many vulnerabilities and the stakes are too high to leave to private companies.