ATLANTA — The tale of breached voting equipment in one of the country's most important political battleground states involves a bail bondsman, a prominent attorney tied to former President Donald Trump’s attempts to overturn the 2020 presidential election and a cast of characters from a rural county that rarely draws notice from outsiders.
How they all came together and what it could mean for the security of voting in the upcoming midterm elections are questions tangled up in a lawsuit and state investigations that have prompted calls to ditch the machines altogether.
Details of the unauthorized access of sensitive voting equipment in Coffee County, Georgia, became public last month when documents and emails revealed the involvement of high-profile Trump supporters. That's also when it caught the attention of an Atlanta-based prosecutor who is leading a separate investigation of Trump’s efforts to undo his loss in the state.
Since then, revelations about what happened in the county of 43,000 people have raised questions about whether the Dominion Voting Systems machines used in Georgia have been compromised.
The public disclosure of the breach began with a rambling phone call from an Atlanta-area bail bondsman to the head of an election security advocacy group involved in a long-running lawsuit targeting the state’s voting machines.
According to a recording filed in court earlier this year, the bail bondsman said he'd chartered a jet and was with a computer forensics team at the Coffee County elections office when they “imaged every hard drive of every piece of equipment.”
That happened on Jan. 7, 2021, a day after the violent insurrection at the U.S. Capitol and two days after a runoff election in which Democrats swept both of Georgia’s U.S. Senate seats.
The trip to Coffee County, about 200 miles south of Atlanta, to copy data and software from elections equipment was directed by attorney Sidney Powell and other Trump allies, according to deposition testimony and documents produced in response to subpoenas.
Later that month, security camera footage shows, two men who have participated in efforts to question the results of the 2020 election in several states spent days going in and out of the Coffee County elections office.
The footage also shows local election and Republican Party officials welcoming the visitors and allowing them access to the election equipment. The video seems to contradict statements some of the officials made about their apparent involvement.
The new information has made Coffee County, where Trump won nearly 70% of the vote two years ago, a focal point of concerns over the security of voting machines. While there is no evidence of widespread problems with voting equipment in 2020, some Trump supporters have spread false information about machines and the election outcome.
Election security experts and activists fear state election officials haven't acted fast enough in the face of what they see as a real threat.
The copying of the software and its availability for download means potential bad actors could build exact copies of the Dominion system to test different types of attacks, said University of California, Berkeley computer scientist Philip Stark, an expert witness for the plaintiffs in the voting machines lawsuit.
“This is like bank robbers having an exact replica of the vault that they’re trying to break into,” he said.
Stark said the risks could be minimized by using hand-marked paper ballots and rigorous audits. Dominion says its equipment remains secure.
Marilyn Marks, executive director of the Coalition for Good Governance, the group that sued over the state’s voting machines, said the state has been slow to investigate. She was on the receiving end of the phone call from the bail bondsman.
The state, she said, has been “repeatedly looking the other way when faced with flashing red lights of serious voting system security problems.”
State officials say they're confident the election system is safe. All Coffee County election equipment that wasn't already replaced will be swapped out before early voting begins next month, the secretary of state's office said Friday.
State officials also noted they were deluged by false claims after the 2020 election.
“In retrospect, you can say, well what about this, this and this,” said Gabriel Sterling, a top official in the Georgia secretary of state’s office. “In real time, no, there was no reason to think that.”
In late January 2021, a few weeks after the computer forensics team visited, security video shows a secretary of state's office investigator arriving at the Coffee County elections office. He and the elections supervisor walk into the room that houses the election management system server. Seconds later, Jeff Lenberg, who has been identified by Michigan authorities as being part of an effort to gain access to voting machines there, is seen walking out of that room.
Asked whether Lenberg’s presence in the room with sensitive election equipment raised concerns for the investigator, secretary of state's office spokesperson Mike Hassinger said the investigator was looking into an unrelated matter and didn't know who Lenberg was.
Security video also showed another man, Doug Logan, at the office in mid-January. Logan founded a company called Cyber Ninjas, which led a discredited review of the 2020 election in Maricopa County, Arizona. In May 2021, Coffee County’s new elections supervisor raised concerns with the secretary of state’s office after finding Logan's business card by a computer. The election supervisor’s concerns were referred to an investigator, but he testified that no one ever contacted him.
Hassinger said the secretary of state’s office responds to allegations when they are raised but that “information about unauthorized access to Coffee County’s election equipment has been kept hidden” by local officials and others.
Much of what is known was uncovered through documents, security camera video and depositions produced in response to subpoenas in the lawsuit filed by individual voters and the election security advocacy group. The suit alleges Georgia’s touchscreen voting machines are not secure and seeks to force the state to use hand-marked paper ballots instead.
The recently produced evidence of a breach wasn't the first sign of problems in Coffee County, which caused headaches for state election officials in the hectic weeks following the 2020 election. It's likely that turmoil helped opened the door for Trump's allies.
In early December 2020, the county elections board declined to certify the results of a machine recount requested by Trump, saying the election system had produced inaccurate results. A video posted online days later showed the former county elections supervisor saying the elections software could be manipulated; as she spoke, the password to the county election management system server was visible on a note stuck to her computer.
At the end of December, Cathy Latham, the Coffee County Republican Party chair who also was a fake elector for Trump, appeared at a state legislative committee hearing and made further claims that the voting machines were unreliable.
Within days of that hearing, Latham said, she was contacted by Scott Hall, the bail bondsman, who had been a Republican observer during an election recount. Latham testified in a deposition that Hall asked her to connect him with the Coffee County elections supervisor (who later was accused of falsifying timesheets and forced to resign).
A few days later, on Jan. 7, Hall met with a computer forensics team from data solutions firm SullivanStrickler at the Coffee County elections office. The team copied the data and software on the election management system server and other voting system components, a company executive said in a deposition. The company said it believed its clients had the necessary permission.
Invoices show the data firm billed Powell $26,000 for the day’s work.
“Everything went smoothly yesterday with the Coffee County collection,” the firm's chief operating officer wrote to Powell in an email. “Everyone involved was extremely helpful.”