Georgia's election servers were wiped clean over the summer just days after activists filed a lawsuit over the security of the state's election systems. The data was initially destroyed on 7 July by the Center for Elections Systems at Kennesaw State University, which was contracted to maintain the state's election systems, the Associated Press reported.
The destruction of the data was revealed in an email from an assistant state attorney general to plaintiffs in the case that were obtained by the AP. According to the emails obtained in a public records request, IT staff confirmed deleting the files from the system four days after the suit by election reform advocates was filed on 3 July.
According to the emails, data on all three servers were destroyed.
Earlier this year, security researcher Logan Lamb notified the CES of a severe server vulnerability that allowed malicious hackers to read sensitive internal files, including voter records that listed the dates of birth and Social Security numbers of millions of Georgia residents. It also exposed the credentials used by county officials for election management files as well.
The security flaw was not fixed for months.
The lawsuit by voting transparency activists sought a review of the state's voting systems and called for an overhaul of its outdated election technology.
The state's vote-management system includes 27,000 AccuVote touchscreen voting machines that security experts have warned were susceptible to hackers. These machines do not produce or store voter-verified paper ballots that can be checked to make sure votes are properly tallied.
With such data exposed, the suit alleged that attackers may have impacted the most results of the recent elections, including a congressional election that saw Republican Karen Handel defeat Democrat John Ossoff and last November's presidential election. The data may have revealed if the recent elections were compromised by threat actors.
The election center answers directly to Brian Kemp, Georgia's secretary of state who is running for governor in 2018 and is the main defendant named in the lawsuit. His office said it was not involved and was not notified in advance of the decision to wipe the server's data.
The Kennesaw State elections center's "undeniable ineptitude" was to blame for the erasure, his office said, AP reports.
"The Secretary of State's office had no involvement in this decision, and we would never direct someone to take such action," Kemp said in a statement, The Hill reports. "This pattern of reckless behavior is exactly why we are ending our relationship with KSU and the Center for Elections Systems and moving functionality in-house."
Kennesaw State's media office said the server's wiping was "standard operating procedure." It is still unclear who ordered the erasing of the data.
The AP noted that it is still possible to recover information from the server since the FBI is said to have captured a data image in March while investigating the security flaw. The state attorney general's office is reportedly reaching out to the FBI to inquire whether they still have the image.
The news comes after the Department of Homeland Security revealed in September that hackers attempted to infiltrate the election systems of 21 states during 2016 election. There is currently no evidence that voting outcomes were altered in these attempts.
Multiple congressional committees are currently investigating Russian interference in the 2016 presidential election and possible collusion between Trump's campaign team and the Kremlin. The Kremlin has dismissed the allegations as "baseless" while Trump has slammed the ongoing Russia investigation as a "witch hunt."
"I don't think you could find a voting systems expert who would think the deletion of the server data was anything less than insidious and highly suspicious," Marilyn Marks, executive director of the Coalition for Good Governance and a plaintiff in the lawsuit told the AP.