Common Cause Georgia v. Kemp

Case 1:18-cv-05102-AT Document 1-1 Filed 11/05/18 Page 1 of 2
JS44 (Re\ 08/18

CIVIL COVER SHEET
The JS 44 civil cover sheet and the information contained herein neither replace nor supplement the filing and service of pleadings or other papers as required by law, except as
provided by local rules of court This form, approved by the Judicial Conference of the United States in September 1974, is required for the use of the Clerk of Court for the
purpose of initiating the civil docket sheet (SEE INSTRUCTIONS ON NEXT PAGE OF THISI-ORM)
I. (a) PLAINTIFFS DEFENDANTS
Common Cause Georgia Georgia Secretary of State's Office; KEMP, Brian P.; Secretary of
State
(b) County of Residence of First Listed Plaintiff Fulton C o u n t y o f R e s i d e n c e o f First List :d D e f e n d a n t
(I-XCEPTINUS PIAINIIII CAS1 S) ONUS P AINIIPI-CASPSONIY)
NOTE IN LAND CONDEMNATION CASES, USE THE LOCATION OF
THE TRACT OF LAND INVOLVED
( c ) A t t o r n e y s (hum Name, Addiess, and lelephone Number) A t t o r n e y s (If Know n)

Christopher G Campbell
DLA Piper LLP (US)
One Atlantic Center 1201 West Peachtree Street Suite 2800
Atlanta, GA 30309-3450
(404) 736-7808
I I . B A S I S O F J U R I S D I C T I O N (Placean "X- mOmBcxOnly) I I I . C I T I Z E N S H I P O F P R I N C I P A L P A R T I E S (Place an "X" ,n One Box for PlauU.ff
(I or Dtvei sity Case-, Only) and One Box for Defendant)
O 1 U S Government ZJ 3 Federal Question PTF DEF PTF DEF
Plaintiff (US Governmeni Not a Party) Citizen of This State • 1 D 1 Incorpoiated or Pi incipal Place O 4 0 4
of Business In This State
0 2 U S Government O 4 Diversity Citizen of Anothei State O 2 D 2 Incorpoiated am/Piincipal Place 0 5 G 5

Defendant (Indicate C 'itizenship of Parties in Item III) of Business In Anothei State
Citizen 01 Sub|ect of a • 3 O 3 Foieign Nation O 6 D 6

Foieien Country
IV. N A T U R E O F S U I T (Place an • X" m One Box Only) C l i c k h e r e for N a t u i e o f Suit C o d e D e s c n p t i o n s
1 CONTRACT TORTS FORFEITUREffENALTY BANKRUPTCY OTHER STATUTES 1
CI 110 Insurance P E R S O N A L INJURY PERSONAL INJURY O 625 Drug Related Seizure a 422 Appeal 28 USC 158 • 375 False Claims Act
O 120 Manne • 310 Anplane O 365 Personal Injury - of Pioperty 21 USC881 • 423 Withdiawal O 376 Qui Tam (31 USC
O 130Millei Act • 315 Anplane Pioduct Pioduct Liability • 690 Othei 28 USC 157 3729(a))
D 140 Negotiable Instrument Liability O 367 Health Caie/ • 400 State Reapportionment
D 150 Recovery of 0\erpayment O 320 Assault Libel & Pharmaceutical PROPERTY RIGHTS D 410 Antitrust
& Enfoicement of Judgmen Slander Personal Injury • 820 Copynghts O 430 Banks and Banking
O 151 Medical e Act O 330 Fedeial Employeis' Pi oduct Liability O 830 Patent G 450 Commerce
• 152 Recovery of Defaulted Liability • 368 Asbestos Peisonal O 835 Patent - Abbieviated • 460 Deportation
Student Loans O 340 Manne Injury Pioduct New Drug Application • 470 Racketeer Influenced and
(Excludes Veteians) • 345 Manne Pioduct Liability O 840 Tiademark Conupt Oigamzations
O 153 Recovery of 0\eipaynient Liability' PERSONAL PROPERTY IABOR SOCIAL SECURITY • 480 Consumer Ciedit
of Veteran's Benefits O 350 Motoi Vehicle a 370 Othei Fraud O 710 Fair Labor Standaids O 861 HIA(1395ff) O 485 Telephone Consumei
3 160 Stockholders* Suits O 355 Motoi Vehicle O 371 Truth in Lending Act O 862 Black Lung (923) Protection Act
• 190 Other Conti act Product Liability O 380 Other Personal • 720 Laboi/Management O 863 DIWC/DIWW (405(g)} • 490 Cable/Sat TV
D 195 Contract Pi oduct Liability O 360 Other Personal Pi operty Damage Relations O 864 SSID Title XVI O 850 Securities/Commodities/
• 196 Fianchise Iniuiy O 385 Property Damage O 740 Railway Labor Act O 865 RSI (405(g)) Exchange
O 362 Peisonal Injury - Pioduct Liability D 751 Family and Medical O 890 Odier Statutory Actions
Medical Malpiactice Lea\ e Act O 891 Agncultuial Acts
1 REAL PROPERTY CIVIL RIGHTS PRISONER PETITIONS • 790 Othei Labor Litigation F E D E R A L T A X SUITS O 893 Em n onmental Matters
• 210 Land Condemnation • 440 Other Civil Rights Habeas C o r p u s : G 791 Employee Retuement • 870 Taxes (U S Plaintiff O 895 Fieedom of Information
O 220Foieclosuie & 441 Voting • 463 Alien Detainee Income Secunty Act or Defendant) Act
• 230 Rent Lease & Eiectment • 442 Employment O 510 Motions to Vacate O 871 IRS—Third Party • 896 Aibitration
O 240 Torts to Land D 443 Housing/ Sentence 26 USC 7609 D 899 Admimstiatne Piocedure
O 245 Tort Pioduct Liability Accommodations O 530Geneiai Act/Review oi Appeal of
O 290 All Other Real Pioperty O 445 Amei w/Disabilities - O 535 Death Penalty IMMIGRATION Agency Decision
Employ ment Other: • 462 Naturalization Application • 950 Constitutionality of
O 446 Amer w/Disabilities - • 540 Mandamus & Othei D 465 Other Imnngiation State Statutes
Othei O 550 C m l Rights Actions
• 448 Education O 555 Pi ison Condition
• 560 Ci\ il Detainee -
Conditions of
Confinement
V. O R I G I N (Place an X" in One Box Only)

li 1 Original O 2 Removed from a 3 Remanded from • 4 Reinstated or 6 Multidistrict O 8 Multidistrict
a 5 Transferred from
Proceeding State Court Appellate Court Reopened Litigation - Litigation -
Another District
(specify) Transfer Direct File
Cite the U S Civil Statute under which you are filing (Do not cite jurisdictional statutes unless diversity)
VI. CAUSE OF ACTION U.S. Constitution, 52 U.S.C. § 21082, Georgia Constitution; Ga. Code § 21-2-211
Brief description of cause
Violations of U.S. Const, amend. XIV, Help America Vote Act, Georgia Constitution, and Georgia Code.
VII. REQUESTED IN • CHECK IF THIS IS A CLASS ACTION DEMAND $ CHECK YES only if demanded in complaint
COMPLAINT: UNDER RULE 23, F R Cv P JURY DEMAND: a Yes ONo
VIII. RELATED CASE(S)
(See nnllltclioin)
IF ANY JUDGE Hon. Amy Mil Totenberg DOCKET NUMBER 1 17-CV-02989-AT
DATE SIGNATURE OF ATTORNEY OF RECORD
11/05/2018 /s Christopher G. Campbell
FOR OFFICE USE ONLY
RECEIPT # AMOUNT APPLYING IFP JUDGE MAG JUDGE

JS 44 Reverse (Re\ 08/18)
INSTRUCTIONS FOR ATTORNEYS COMPLETING CIVIL COVER SHEET F O R M JS 44

Authority For Civil Cover Sheet
The JS 44 civil cover sheet and the information contained herein neither replaces nor supplements the filings and service of pleading or other papers as
required by law, except as provided by local rules of court This form, approved by the Judicial Conference of the United States in September 1974 is
required for the use of the Clerk of Court for the purpose of initiating the c m l docket sheet Consequently, a civil cover sheet is submitted to the Clerk of
Court for each civil complaint filed The attorney filing a case should complete the form as follows
I (a) Plaintiffs-Defendants. Enter names (last, first, middle initial) of plaintiff and defendant If the plaintiff or defendant is a government agency, use
only the full name or standard abbreviations If the plaintiff or defendant is an official within a government agency, identify first the agency and
then the official, giving both name and title
(b) County of Residence. For each civil case filed, except U S plaintiff cases, enter the name of the county where the first listed plaintiff resides at the
time of filing In U S plaintiff cases, enter the name of the count) in which the first listed defendant resides at the time of filing (NOTE Inland
condemnation cases, the county of residence of the "defendant" is the location of the tract of land involved )
(c) Attorneys. Enter the firm name, address, telephone number, and attorney of record It there are several attorneys, list them on an attachment noting
in this section "(see attachment)"
II Jurisdiction. The basis of |uiisdiction is set forth under Rule 8(a), F R Cv P , which lequires that lunsdictions be shown in pleadings Place an "X"
in one of the boxes If there is more than one basis ofjurisdiction precedence is given in the order shown below
United States plaintiff (1) Jurisdiction based on 28 U S C 1345 and 1348 Suits by agencies and officers of the United States are included here
United States defendant (2) When the plaintiff is suing the United States its officers or agencies, place an "X" in this box
Federal question (3) This refeis to suits under 28 U S C 1331 where lunsdiction anses undei the Constitution of the United States, an amendment
to the Constitution an act of Congress or a treaty of the United States In cases where the U S is a party, the U S plaintiff or defendant code takes
precedence, and box 1 or 2 should be maiked
Diversity of citizenship (4) This refers to suits under 28 U S C 1332, where parties are citizens of different states When Box 4 is checked the
citizenship of the different parties must be checked (See Section III below; NOTE: federal question actions take precedence over dnersity
cases.)
III. Residence (citizenship) of Principal Parties This section of the JS 44 is to be completed if diversity of citizenship was indicated above Mark this
section for each principal party
IV. Nature of Suit. Place an "X" in the appropriate box If there are multiple nature of suit codes associated with the case pick the nature ot suit code
that is most applicable Click here for Natuie of Suit Code Descnptions
V. Origin Place an "X" in one ot the seven boxes

Original Proceedings (1) Cases which originate in the United States district courts
Removed from State Court (2) Proceedings initiated in state courts ma) be removed to the district courts under Title 28 U S C Section 1441
When the petition for removal is granted, check this box
Remanded from Appellate Court (3) Check this box for cases remanded to the district court for further action Use the date of remand as the filing
date
Reinstated or Reopened (4) Check this box tor cases reinstated or reopened in the district court Use the reopening date as the filing date
Transferred from Another District (5) For cases transferred under Title 28 U S C Section 1404(a) Do not use this for within district transfers or
multidistrict litigation transfers
Multidistrict Litigation - Transfer (6) Check this box when a multidistrict case is transferred into the district under authority of Title 28 U S C
Section 1407
Multidistrict Litigation - Direct File (8) Check this box when a multidistrict case is filed in the same district as the Master MDL docket
PLEASE NOTE THAT THERE IS NOT AN ORIGIN CODE 7 Origin Code 7 was used for historical records and is no longer relevant due to
changes in statue
VI C ause of Action. Report the civil statute directly related to the cause of action and give a brief description of the cause Do not cite jurisdictional
statutes unless diversity Example U S Civil Statute 47 USC 553 Brief Description Unauthorized reception of cable service
VII Requested in Complaint Class Action Place an "X" in this box if you are filing a class action undei Rule 23, F R C\ P
Demand In this space enter the actual dollar amount being demanded or indicate other demand such as a preliminary in|unction
Jury Demand Check the appropriate box to indicate whether or not a |un is being demanded
VIII Related Cases This section of the IS 44 is used to reference related pending cases if any If there are related pending cases insert the docket
numbers and the corresponding |udge names for such cases
Date and Attorney Signature. Date and sign the ci\il co\er sheet
Case 1:18-cv-05102-AT Document 1 Filed 11/05/18 Page 1 of 26
IN THE UNITED STATES DISTRICT COURT

FOR THE NORTHERN DISTRICT OF GEORGIA
COMMON CAUSE GEORGIA, as an

organization,
Plaintiff,
v. Case No. 18-cv-

COMPLAINT
BRIAN KEMP, in his official capacity as

Secretary of State of Georgia,
Defendant.
INTRODUCTION
1. This is an action seeking to protect against the denial of Georgia
citizens' fundamental right to vote as a result of malfeasance or tampering with
Georgia's voter registration database—a threat made more acute in the last few
days by the actions of Defendant. Plaintiff Common Cause Georgia, a non-partisan
voter advocacy organization that is a part of Common Cause, a national
organization, asks this Court to issue declaratory and injunctive relief to ensure that
the provisional ballots cast by affected voters are properly counted. Specifically,
Plaintiff seeks an Order requiring that provisional ballots be counted in Georgia in
a manner consistent with federal and state constitutional and statutory law. As
there is no way to investigate in a timely manner how many voters have been
affected by the security vulnerabilities the Defendant has chosen not to address—
and in recent days exacerbated—Plaintiff respectfully submits that provisional
ballots are the only practical proxy for identifying affected voters and ensuring
they do not lose their votes as a result of Defendant's reckless conduct.
JURISDICTION AND VENUE
2. This case arises under the Constitution and laws of the United States
and the State of Georgia. This Court has subject matter jurisdiction over this action
pursuant to 28 U.S.C. §§ 1331, 1343, and 1367. This Court has jurisdiction to
grant declaratory and injunctive relief pursuant to 28 U.S.C. §§ 2201 and 2202.
3. Venue is proper in this district pursuant to 28 U.S.C. § 1391, because
Defendant resides in this district and a substantial part of the events or omissions
giving rise to Plaintiffs claims occurred in this district.
PARTIES
4. Plaintiff COMMON CAUSE GEORGIA is a chapter of Common
Cause, a non-partisan citizen lobby organized as a not-for-profit corporation under

the laws of the District of Columbia, and devoted to electoral reform, ethics in
government and to the protection and preservation of the rights of all citizens to
vote in national, state and local elections, including the education of voters about
voting rights and procedures. Common Cause is one of the nation's leading
grassroots, democracy-focused organizations and has over 1.2 million members
nationwide and chapters in 30 states. Common Cause Georgia has 18,785 members
and supporters in Georgia. Since its founding, Common Cause has been dedicated
to the promotion and protection of the democratic process, including the right of all
citizens to vote in fair, open, and honest elections. Common Cause conducts
significant non-partisan voter-protection, advocacy, education, and outreach
activities to ensure that voters are registered and have their ballots counted as cast.
In addition, Common Cause offers online tools to assist voters in registering to
vote and checking their registration status.
5. Common Cause Georgia has increased its efforts in the areas of
election protection, voter education, and grassroots mobilization around voting
rights in the state. As of 2017, Common Cause Georgia, alongside its partners at
New Georgia Project, Asian Americans Advancing Justice, ACLU of Georgia, and
Spread the Vote, created a program to help recruit volunteers to monitor local
board of elections meetings through the Peanut Gallery program. Common Cause
also works with these partners, and others, in election protection efforts during
both midterm and presidential elections. Through its volunteer recruitment for poll
monitors, Common Cause Georgia is on track to help monitor an average of five
polling locations in 22 counties for a total of 110 polling places. Common Cause
Georgia additionally engages in online petition drives, soliciting signatures from its
members and supporters urging government officials to take certain actions.
Furthermore, Common Cause Georgia participates in voter registration
events. Defendant's actions with respect to the State voter registration database
impact Common Cause Georgia's work, as its election protection program focuses
on providing resources that enable voters to participate in the election and be
educated on the questions they should ask to confirm their registration status.
Common Cause Georgia now must redouble its efforts to counter this latest
challenge to Georgia citizens' fundamental right to vote. As a result, Common
Cause Georgia has, and will continue to have, fewer resources to devote to its other
organizational activities unless the state's provisional balloting process is modified
to permit qualified and duly registered voters to have their ballots counted.
6. Defendant BRIAN KEMP is the Secretary of State of Georgia and the
State's chief election official.

STATEMENT OF FACTS
The Georgia My Voter Page System is Vulnerable to Attack and Threatens to

Cause Confusion and Potentially Improperly Restrict Voters' Right to Vote
7. My Voter Page, a website of the Georgia State Government, is a
public interface where voters can check their voter registration status, poll
locations, and view sample ballots for upcoming elections. The registration
records used at the polls to determine whether voters are eligible to vote are
created from data in the My Voter Page system.
8. As Secretary of State, Brian Kemp is responsible for the security of
voter information, including information on the My Voter Page.
9. On information and belief, My Voter Page and the state's voter
registration server are vulnerable to multiple security breaches.
10. For example, on information and belief, at least as of November 4,
2018, an individual can access My Voter Page and click on a link to get to an
insecure page, which allows the individual to view any file on the My Voter Page
server simply by typing the file name into the web browser.1 An individual can
then access any document, configuration files for the network, or cryptographic
1
See Jordan Wilkie & Timothy Pratt, Kemp's Aggressive Gambit to Distract From
Election Security Crisis, Who. What. Why. (Nov. 4, 2018),
https://whowhatwhy.org/2018/11 /04/kei'nps-aggressive-gambit-to-distract-from-
election-security-crisis/.
keys.2 An attacker can also take advantage of this vulnerability and download
every Georgia voter's personally identifiable information and change or cancel the
voter registrations and data housed on the system.3 It is believed that an attacker
could potentially automate this process to change the registration of multiple voters
at once.4
11. Because voter history, absentee voting data, and early voting data are
public records available on the Secretary of State's website, this publicly available
information can be used to target certain demographic groups and manipulate their
data and change or cancel their registrations.
12. Not only could this eliminate an individual's ability to vote, but it also
could cause significant confusion at the polls. For example, Georgia voters have,
throughout this election season, reported being assigned to the wrong precinct,
being issued the wrong ballot, and not showing up in the poll books. While it is
not known how long the vulnerabilities described above have been in place or
2
Id.
3
M
4
Matt Bernhard, Serious Vulnerabilities in Georgia's Online Voter Registration
System, Medium (Nov. 4, 2018), https://medium.com/@mattbernhard/serious-
vulnerabilities-in-georgias-online-voter-registration-system-cc319cbbe3d8.
whether they have been exploited in any way, these mistakes could possibly be the
result of vulnerabilities being exploited to change or delete voter information.5
13. On information and belief, several computer security and election
system experts looked at the code underlying the My Voter Page website and
concluded that voter data could be easily accessed and changed. The My Voter
Page system does not have the capability to track changes made to voter data so it
is not possible to determine the extent to which voter information has been
changed.6
The Secretary of State Has Long Known About these Vulnerabilities and Has
Politicized and Exacerbated, Rather than Remedied, Them.
14. On information and belief, multiple parties notified both the Georgia
Secretary of State and national intelligence officials of the security vulnerabilities.
15. As early as 2015, one of Defendant's own employees sent out
personally identifiable information to twelve news media and political
organizations.7 Defendant was aware of this breach at the time, and claimed that
5
Jordan Wilkie & Timothy Pratt, Georgia's Voter Registration System Like 'Open
Bank Safe Door,' Who. What. Why. (Nov. 4, 2018),
https://whowhatwhy.org/2018/11 /04/exclusive-georgias-voter-registration-system-
1 ike-open-bank-safe-door/.
6
Id.
7
Jordan Wilkie & Timothy Pratt, Kemp's Aggressive Gambit to Distract From
"all voter information is secure and safe."8 Defendant also claimed to be engaging
Ernst & Young to review the Secretary of State's information technology policies
and procedures.9
16. In August 2016, on information and belief, a computer researcher
named Logan Lamb accessed the entire Georgia voter registration database and all
personally identifiable information on the database. Lamb found that the system
was not password protected and could be rewritten. The State was notified.10
17. It was also reported in August 2016 that Defendant rejected the
federal government's efforts to assist states with election security, and said that a
hack of Georgia's voting system "is not probable at all, the way our systems are set
up." 11
https://whowhatwhy.org/2018/11 /04/kemps-aggressive-gambit-to-distract-from-
8
M
9
Id.
10
Id.
11
Eric Geller, Elections security: Federal help or power grab?, Politico (Aug. 28,
2016), https://www.politico.com/story/2016/08/election-cvber-securitv-georgia-
227475.
18. In February 2017, on information and belief, a security engineer
named Christopher Grayson joined Lamb in finding that the problem persisted and
that voter information remained unprotected.12
19. These security breaches were the basis for a lawsuit filed against
Defendant in 2017 by the Coalition for Good Governance.13
20. Despite these continued warnings and the clear indications that
Georgia's voting system was vulnerable, Defendant continued to reject federal
election security assistance.14
21. In the last week, the Defendant has been specifically alerted to these
vulnerabilities and rather than using the resource of the State to address and fix the
problems, the Defendant has instead waged a political counter attack against the
Democratic Party.15 In so doing, he has not only failed to remedy the problem, but
12
https://whowhatwhy.Org/2018/l lAM/kemps-aggressive-gambit-to-distract-from-
13
Verified Amended Election Contest and Compliant for Declaratory Relief,
Injunctive Relief, Damages, and Writs of Mandamus, Curling v. Kemp, No.
2017CV292233 (Fulton Cty. Ga. Super. Ct. Aug. 18, 2017).
14
Johnny Kauffman, Georgia Says No Thanks To In-Depth Election Security Help
From Feds, WABE 90.1FM (Feb. 14, 2018), https://www.wabe.org/georgia-says-
no-thanks-election-security-help-feds/.
15
Richard Fausset & Alan Blinder, Brian Kemp's Office, Without Citing Evidence,
Investigates Georgia Democrats Over Alleged 'Hack, 'New York Times (Nov. 4,
he has advertised the vulnerability of the system to those who may want to
interfere with voters' exercise of their right to vote.
22. On Saturday, November 3, 2018, on information and belief, David
Cross, a lawyer at Morrison Foerster, notified John Salter, a lawyer who represents
Defendant and the Secretary of State's office, of potential vulnerabilities in the
Georgia election system website.16 Cross had been contacted on Friday by a
Georgia resident with concerns about the state's My Voter Page website.17 The
resident had been looking at his information on the My Voter Page site and
realized that he was able to access, and not just view, files on his voter information
page.18 In addition to Salter, Cross also reached out to the FBI to inform them of
this potential vulnerability.19
23. On information and belief, Bruce Brown, a lawyer for the non-profit
Coalition for Good Governance, also notified Defendant's lawyers of the security
2018), https://www.nytimes.eom/2018/l 1/04/us/politics/georgia-elections-kemp-

voters-hack.html.
16
https://whowhatwhy.Org/2018/l 1/04/kemps-aggressive-gambit-to-distract-from-
17
Id.
18
Id.
x9
Id.
10
vulnerabilities on Saturday, November 3, 2018 "in confidence.. .so that something
could be done about it without exposing the vulnerability to the public." 20
24. Separately, on Saturday, November 3, 2018, the Georgia Democratic
Party was informed that the state's voter registration system possessed security
vulnerabilities.21 The Georgia Democratic Party received an email containing data
that allegedly demonstrated the system vulnerabilities.22 Sara Tindall Ghazal,
Voter Protection Director for the Democratic Party of Georgia, reached out to
cybersecurity experts, who confirmed the problems with the system.23 Ms. Ghazal
forwarded an email that the Georgia Democratic Party received to the
cybersecurity experts after receiving confirmation of the security vulnerabilities.24
On information and belief, by mid-day Saturday, those experts notified Georgia
officials of the issue.25
20
Jordan Wilkie & Timothy Pratt, Georgia's Voter Registration System Like
'Open Bank Safe Door,' Who. What. Why. (Nov. 4, 2018),
https://whowhatwhy.Org/2018/l 1/04/exclusive-georgias-voter-registration-system-
1 ike-open-bank-safe-door/.
21
Election Security Crisis, Who. What. Why., Nov. 4, 2018.
22
Id.
23
Id.
2
Ud.
25
Jack Gillum, Jessica Huseman, Mike Tigas, Jeff Kao, & Stephen Fowler,
Georgia Officials Quietly Patched Security Hole They Said Didn 't Exist,
ProPublica (Nov. 5, 2018), https://www.propublica.org/article/georgia-officials-
quietly-patched-security-holes-they-said-did-not-exist.
25. On Sunday, November 4, 2018, Defendant's office reacted to that
weekend's news by issuing a political press release, announcing that the office had
opened an investigation on Saturday, November 3, 2018, into the Georgia
Democratic Party for potential criminal cyber activity. The statement read:
AFTER FAILED HACKING ATTEMPT, SOS LAUNCHES

INVESTIGATION INTO GEORGIA DEMOCRATIC PARTY
ATLANTA - After a failed attempt to hack the state's voter

registration system, the Secretary of State's office opened an
investigation into the Democratic Party of Georgia on the
evening of Saturday, November 3, 2018. Federal partners,
including the Department of Homeland Security and Federal
Bureau of Investigation, were immediately alerted.
"While we cannot comment on the specifics of an ongoing

investigation, I can confirm that the Democratic Party of Georgia is
under investigation for possible cyber crimes," said Candice Broce,
Press Secretary. "We can also confirm that no personal data was
breached and our system remains secure."
26. Later on Sunday, November 4, 2018, Defendant's office released
another statement on the investigation. The statement read:
SOS RELEASES MORE DETAILS OVER FAILED

CYBERATTACK, OFFICIALLY REQUESTS FBI TO
INVESTIGATE
ATLANTA - The Secretary of State's Office issues the

following update:
"We opened an investigation into the Democratic Party of Georgia

after receiving information from our legal team about failed efforts to
breach the online voter registration system and My Voter Page. We
are working with our private sector vendors and investigators to
12
review data logs. We have contacted our federal partners and formally
requested the Federal Bureau of Investigation to investigate these
possible cyber crimes. The Secretary of State's office will release
more information as it becomes available."
27. On that same day, Defendant addressed the allegations and the
investigation, and a spokeswoman for Defendant, Candice Broce, alleged that
Democrats possessed software that could pull personal voter data from the voter
registration sites.26 The Georgia Democratic Party maintains, however, that the
email in question came from someone outside of the organization and that the
Party only forwarded it to cyber security experts.27
28. The accusations from Defendant brought greater national (and likely
international) attention to the vulnerabilities on the state's My Voter Page and
voter registration sites.28
26
Amy Gardner, Concerns About Voter Access Dominate Final Stretch Before
Election Day, Washington Post (Nov. 4, 2018),
https://www.washingtonpost.com/politics/concerns-about-voter-access-doiTiinate-
fmal-stretch-befoi-e-election-day/2018/11 /04/b660c216-dece-11 e8-b732-
3c72cbfl31f2 storv.html?utm term=.29e8db7bl623.
27
Id.
28
See, e.g.. Security experts say Georgia's voter database vulnerable to hackers.
Associated Press (Nov. 5, 2018),
https://www.nbcnews.com/politics/elections/security-experts-say-georgia-s-yoter-
database-vulnerable-hackers-n931266; Richard Fausset & Alan Blinder, Brian
Kemp's Office, Without Citing Evidence, Investigates Georgia Democrats Over
Alleged 'Hack,' New York Times (Nov. 4, 2018),
https://www.nytimes.eom/2018/l 1/04/us/politics/georgia-elections-kemp-voters-
hack.html; Rick Hasen, Brian Kemp Just Engaged in a Last-Minute Act of
13
29. Defendant's decision to publicize the vulnerabilities of Georgia's
election system by attacking the Georgia Democratic Party, while the
vulnerabilities persisted, marked a continuation of Defendant's past denials that
Georgia's voting system was exploitable.
30. Furthermore, the statement by Defendant's spokeswoman that the
"system remains secure"29 was belied by revelations that, hours later, State
officials attempted to fix the very problems that had been exposed.30
31. On information and belief, there were no fixes to these vulnerabilities
for several hours after this national publicity. On information and belief,
vulnerabilities in the system persisted at least throughout Sunday, November 4.
COUNT I
Violation of the Due Process Clause of the Fourteenth Amendment of the U.S.
Constitution
32. Plaintiff repeats the allegations in the foregoing paragraphs and
incorporates them as though fully set forth herein.
Banana-Republic Level Voter Manipulation in Georgia, Slate (Nov. 4, 2018),

https://slate.eom/news-and-politics/2018/l 1/georgia-governor-candidate-brian-
kemp-attempts-last-minute-banana-republic-style-voter-manipulation.html.
29
See supra \ 19.
30
Jack Gillum, Jessica Huseman, Mike Tigas, Jeff Kao, & Stephen Fowler,
Georgia Officials Quietly Patched Security Hole They Said Didn't Exist,
ProPublica (Nov. 5, 2018), https://www.propublica.org/article/georgia-officials-
quietly-patched-security-holes-they-said-did-not-exist.
14
33. The Fourteenth Amendment protects an individual's right to vote
from deprivation without due process of law.
34. In the circumstances alleged here, Defendant's knowing maintenance
of an unsecure voter registration database and his amplification of public attention
to the security vulnerabilities of the voter registration database just prior to the
election have recklessly exposed voters to potential tampering with their voter
registration records. The increased risk to voters coupled with the State's existing
provisional ballot counting scheme, see Ga. Code §§ 21-2-418, 419, under which
provisional ballots will not be counted for voters whose names are not found on the
voter registration list, risk denying the right of eligible Georgia citizens to vote in
violation of the Fourteenth Amendment's Due Process Clause.
35. Defendant, and his agents and employees, have materially increased
the risk that eligible voters have been and will be unlawfully removed from the
State voter registration database or will have their voter registration information
unlawfully manipulated in a manner that prevents them from casting a regular
ballot, by knowingly maintaining an unsecure voter registration database and then
exacerbating the security risk by exposing the vulnerabilities in the State voter
registration database to increased publicity just prior to the election.
15
36. As a result of Defendant's actions, eligible voters who have taken the
required steps to register and maintain their registrations may—through no fault of
their own—arrive at the polls on Election Day and not be permitted to cast a
regular ballot.
37. Defendant's actions have created a situation that is fundamentally
unfair to voters whose registrations are altered or removed. Those voters
reasonably relied on the procedures and systems established by Defendant and the
State and should not be deprived of their votes in violation of the Due Process
Clause.
38. Georgia's provisional ballot counting scheme fails to provide
adequate process here. A voter's provisional ballot is not counted unless elections
officials affirmatively determine that the voter is duly registered and the State's
information may not be accurate at the time the provisional ballots are counted, as
a result of Secretary Kemp's reckless maintenance of the State voter registration
database and his publication of its vulnerability just before the election.
COUNT II
Undue Burden on the Right to Vote in Violation of the Fourteenth
Amendment of the U.S. Constitution

16
40. The Fourteenth Amendments protects individuals' right to vote from
unreasonable burdens imposed by the State. See generally Burdick v. Takushi, 504
U.S. 428, 434 (1992); Anderson v. Celebrezze, 460 U.S. 780, 789 (1983).
41. In the circumstances alleged here, Defendant's maintenance of an
unsecure voter registration database, his exposure of the security vulnerabilities of
the voter registration database to further publicity just prior to the election, and the
State's provisional ballot counting scheme impose a severe burden on individuals'
right to vote.
42. Defendant, and his agents and employees, have materially increased
the risk that eligible voters have been and will be unlawfully removed from the
State voter registration database or will have their voter registration information
unlawfully manipulated in a manner that prevents them from casting a regular
ballot, by maintaining an unsecure voter registration database and then
exacerbating the security risk by publicizing the vulnerabilities in the State voter
registration database just prior to the election. Preventing eligible, properly
registered voters from casting regular ballots constitutes a severe burden on their
right to vote.
43. Georgia's provisional ballot counting scheme exacerbates the severe
burden on the right to vote of individuals who were prevented from casting ballots
17
as a result of Defendant's actions. A voter's provisional ballot is not counted
unless election officials affirmatively determine that the voter is duly registered.
The State's voter registration information may not be accurate at the time the
provisional ballots are counted, as a result of Defendant's reckless maintenance of
the State voter registration database and his publication of its vulnerability just
before the election.
44. Furthermore, under the current provisional ballot system, it may be
impossible for voters to provide adequate proof of their registration, because the
information in the State voter registration database may have been manipulated at
the time the provisional ballots are counted.
COUNT HI
Violation of the Help America Vote Act, 52 U.S.C. § 21082
46. The Help America Vote Act (HAVA) requires the State to provide an
individual who is not on the voter registration list or whom an election official
asserts is not eligible to vote with a provisional ballot, and the statute requires the
State to count the ballot if the voter is eligible to vote. See 52 U.S.C. 21082(a).
47. In light of Defendant's maintenance of an unsecure voter registration
database and his publication of the vulnerability of the database just before an
18
election, the State's provisional ballot counting scheme violates HAVA.
Specifically, the process by which the State determines whether a provisional
ballot is valid, and the fact that the voter registration database may have been
manipulated, violates HAVA's requirement that the State count eligible voters'
provisional ballots.
COUNT IV
Violation of Art. II, Sec. 1 of the Georgia Constitution
49. Article II, Section 1 of the Georgia Constitution provides that every
person who is qualified to vote "shall be entitled to vote at any election by the
people." A "qualified elector is guaranteed the fundamental right to vote provided
he or she uses one of the procedures put forth by the legislature...." Democratic
Party of Georgia, Inc. v. Perdue, 288 Ga. 720, 727 (2011).
50. As a result of Defendant's maintenance of an unsecure voter
registration database and his publication of the vulnerability of the database just
before an election, qualified voters who have duly registered and attempted to cast
a ballot in compliance with the procedures put forth by the legislature may be
deprived of their fundamental right to vote.
19
51. Defendant's actions and his implementation of state law therefore
violate the Georgia Constitution.
COUNT V
Violation of Ga. Code § 21-2-211
52. Plaintiffs repeat the allegations in the foregoing paragraphs and
incorporate them as though fully set forth herein.
53. The Georgia Code requires the Secretary of State to "maintain a list of
all eligible and qualified registered electors" in the State. Ga. Code § 21-2-211.
54. As a result of Defendant's maintenance of an unsecure voter
registration database and his publication of the vulnerability of the database just
before an election, the State voter registration list may not contain all eligible and
qualified registered electors.
55. Defendant's actions and his implementation of state law therefore
violate Section 21-2-211 of the Georgia Code.
PRAYER FOR RELIEF
WHEREFORE, Plaintiff respectfully requests that the Court issue declaratory and
injunctive relief if there is a statistically significant31 increase in the percentage of
31
A simple and commonplace statistical method called regression analysis could determine
whether the provisional ballot rate is higher in the 2018 election than in the last three federal
elections, to a level where the Court could be confident to a 95% level (an accepted standard for
academic research) that the variation was not due to natural fluctuation.
20
provisional ballots cast (relative to the total number of votes) in the 2018 elections
as compared to the 2012, 2014, and 2016 elections: (1) statewide, (2) in counties
where the percentage of minority or African American voters is greater than the
statewide percentage, or (3) in Fulton, Gwinnett, Cobb, and DeKalb counties (the
only counties with at least 700 thousand residents).
If these conditions are met, Plaintiff requests that the Court:
(l)Declare that Defendant's maintenance of the State voter registration
database, his publication of its security vulnerabilities, and his
implementation of the State's provisional ballot laws violate the Due
Process Clause and impose a severe burden on the right to vote in
violation of the Fourteenth Amendment;
(2) Declare that Defendant's maintenance of the State voter registration
implementation of the State's provisional ballot laws violate HAVA;
(3) Declare that Defendant's maintenance of the State voter registration
implementation of the State's provisional ballot laws violate the Georgia
Constitution and the Georgia Code;
21
(4) Issue a temporary restraining order, preliminary injunction, and
permanent injunction, enjoining Defendant from enforcing the State's
provisional ballot laws, to the extent such enforcement violates federal
law. Specifically, Plaintiffs ask:
a. Defendant shall issue an Order to the election superintendent of each
county or municipality directing that the superintendent generate a list
(hereafter, "the List") of individuals who cast a provisional ballot
during early voting period between October 15, 2018 and November
5, 2018, and during regular voting on November 6, 2018 within his or
her county or municipality on the basis that the voter's name was not
found on the official list of registered voters. The List shall be
transmitted electronically to each clerk and counsel for Plaintiff by
9:00 a.m. November 9, 2018.
b. Defendant shall issue an Order to the board of registrars of each
county or municipality stating, at a minimum, as follows:
i. Voters on the List who voted by provisional ballot shall be
verified before other provisional ballots,
ii. Voters on the List who fill out a provisional ballot shall be
presumed to be validly registered and eligible and entitled to
22
vote. Only upon a showing by clear and convincing evidence
that a voter is not eligible and entitled to vote or was not
registered shall the registrars reject that voter's provisional
ballot.
iii. No ballot shall be rejected based solely on information in the
My Voter database. Information that can be considered as
evidence that a voter is ineligible or not properly registered
includes, but is not limited to: a copy of the voter's registration
application demonstrating that it was not timely or that the
voter was ineligible, information from the Georgia Secretary of
State or law enforcement agencies showing that the individual
is disqualified from voting because he or she is serving a
sentence of confinement or parole for a felony conviction, and
information from the Division of Motor Vehicles motor voter
database showing that the individual moved out of the voting
jurisdiction or has not attained voting age.
iv. For any voter on the List whose provisional ballot has been
rejected, the board of registrars shall, no later than 4 business
days after the election, contact the voter in writing by
23
forwardable mail and by telephone, where provided, stating his
or her ballot has been rejected at the county level and the reason
for the rejection and provide Defendant with a copy of the
writing. Plaintiffs' counsel shall have input into the language of
the written notice.
v. For each ballot rejected at the county level of a voter on the
List, the registrars shall provide Defendant with a copy of the
provisional ballot affidavit no later than the end of the 3-day
provisional ballot review period, along with the evidence used
to make the determination of ineligibility,
c. Defendant shall conduct an independent review of each ballot rejected
at the county level and order the superintendent to count the ballot of
any voter whose ballot was rejected in violation of this clear and
convincing evidence standard no later than 1 week prior to the
certification of the statewide results. If Defendant affirms the
rejection, then Defendant shall inform the designated representative of
Plaintiffs counsel and provide access to the evidence upon which the
determination was made within 1 business day and in no event later
than 4 business days prior to the certification of the statewide results.
24
d. The Parties shall enter into a protective order to preserve the
confidentiality of any personally identifiable information.
e. The Court shall retain continuing jurisdiction over any disputes over
voter eligibility arising after Defendant's review.
(5) Award Plaintiff the costs of this proceeding, including reasonable attorneys'
fees and other litigation costs reasonably incurred in this action, pursuant to
42 U.S.C. § 1988; and
(6) Grant Plaintiff such other relief as the Court deems just and proper.
Dated: November 5, 2018
DLA PIPER LLP
By: I si Christopher Campbell
Christopher G. Campbell
One Atlantic Center
1201 West Peachtree Street, Suite 2800
Atlanta, GA 30309-3450
(404) 736-7808
christopher.campbell@dlapiper.com
PAUL, WEISS, RIFKIND, WHARTON

& GARRISON LLP
Robert A. Atkins
{pro hac vice application to be filed)
NY Bar No. 2210771
Farrah R. Berse
25
NY Bar No. 4129706

Makiko Hiromi
NY Bar No. 5376165
William E. Freeland
NY Bar No. 5450648
1285 Avenue of the Americas
New York, NY 10019-6064
(212)373-3000
ratkins@paulweiss.com
fberse@paulweiss.com
mhiromi@paulweiss.com
wfreeland@paulweiss.com
BRENNAN CENTER FOR JUSTICE AT

NEW YORK UNIVERSITY SCHOOL OF LAW
Myrna Perez
NY Bar No. 4874095
Lawrence D. Norden
NY Bar No. 2881464
Wendy R. Weiser
NY Bar No. 2919595
Maximillian Feldman
NY Bar No. 5237276
120 Broadway, Suite 1750
New York, NY 10271
(646)292-8310
perezm@brennan.law.nyu.edu
nordenl@brennan.law.nyu.edu
weiserw@brennan.law.nyu.edu
feldmanm@brennan.law.nyu.edu
Attorneys for Plaintiff

26

ATLANTA DIVISION
COMMON CAUSE GEORGIA, as an )

organization, )
)
Plaintiff, )
) Civil Action
v. )
) File No. 1:18-CV-05102-AT
BRIAN KEMP, in his official capacity as )
Secretary of State of Georgia, )
)
Defendant. )
NOTICE OF FILING OF DECLARATION OF CHRIS HARVEY
COMES NOW Defendant Brian Kemp and hereby files the attached
Declaration of Chris Harvey in support of Defendant’s Brief in Opposition to
Plaintiff’s Motion for a Temporary Restraining Order and Expedited Discovery.
This 8th day of November, 2018.
/s/ Josh Belinfante

Josh Belinfante
Georgia Bar No. 047399
jbelinfante@robbinsfirm.com
Ryan Teague
rteague@robbinsfirm.com
Kimberly Anderson
kanderson@robbinsfirm.com
Robbins Ross Alloy Belinfante Littlefield LLC

500 14th Street, NW,
Atlanta, Georgia 30318
Telephone: (678) 701-9381
Facsimile: (404) 856-3250
Attorneys for Defendant
-2-
L.R. 7.1(D) CERTIFICATION
I certify that this Notice has been prepared with one of the font and point
selections approved by the Court in Local Rule 5.1(C). Specifically, this Notice
has been prepared using 14-pt Times New Roman Font.
/s/ Josh Belinfante

Josh Belinfante

ATLANTA DIVISION
COMMON CAUSE GEORGIA, )

as an organization, ) CIVIL ACTION FILE
)
Plaintiff, ) NO. 1:18-CV-05102-AT
)
v. )
)
BRIAN KEMP, in his official )
capacity as Secretary of State of )
Georgia, )
)
Defendant. )
DECLARATION OF CHRIS HARVEY
Pursuant to 28 U.S.C. § 1746, CHRIS HARVEY, Elections Director in
the office of the Secretary of State for the State of Georgia, declares as follows:
1. I make this Declaration in support of a response by Secretary of State
Brian Kemp to a motion for a temporary restraining order in the above-styled
matter of Common Cause Georgia, v. Brian Kemp (Civil Action No. 1:18-cv-
05102-AT).
2. I have been the State of Georgia’s Elections Director since July 2015.
From August 2007 to July 2015, I was the Chief Investigator and Deputy
Inspector General for the Secretary of State’s office, investigating, amongst
-1-
other things, potential violation of state election law. For over a decade, I have
acquired first-hand knowledge of Georgia’s election processes at both the state
and county level.
3. As soon as provisional ballots are submitted, county boards of
registration begin the process of reviewing provisional ballots, examining
information provided on documents with provisional ballots, and make a good
faith effort to determine if the person was entitled to vote in the election.
O.C.G.A. § 21-2-419(b).
4. County registrars have to make the determination on whether to count
the provisional ballot no later than three days after the election. O.C.G.A. § 21-
2-419(c)(1). UOCAVA ballots that are postmarked by election day must be
returned by the same deadline to be counted. O.C.G.A. § 21-2-386(a)(1)(G).
5. If the county registrars determine the provisional ballots should be
counted, they communicate that determination to the election superintendent
who includes the vote in the election returns to be certified. O.C.G.A. § 21-2-
419(c)(1).
6. County registrars also notify the election superintendent of provisional
ballots that should not be counted because the person who submitted the
provisional ballot was not timely registered and not eligible to vote in the
election. O.C.G.A. § 21-2-419(c)(3).

-2-
7. What resources county registrars use to determine whether to count
provisional ballots depends on the reason the provisional ballot was necessary.
The primary resource for most reasons for rejection is Georgia’s voter
registration system (“ENET”). Registrars can also use other resources such as
paper voter registration applications and supplement documents from paper
voter files. Registrars sometimes use external resources like Department of
Driver’s Services records and those records are accessible to registrars.
8. In no circumstance would county registrars use Georgia’s My Voter Page
(“MVP”) to assist in the provisional ballot counting process. MVP is merely a
website to provide information to voters.
9. ENET is separate and not connected to Georgia’s electronic poll books or
DRE voting machines. Several days before an election, a voter registration list
is extracted from ENET and loaded onto memory cards. These memory cards
are hand-delivered to county election offices and inserted into electronic poll
books for election day voter check-in operations. After the election, the memory
cards are removed from the electronic poll books and hand-delivered to the
Secretary of State’s office. The memory cards are uploaded into ENET so that
voter participation will be reflected in voters’ ENET records.
10. On November 7, 2018, I requested all of the counties report to me how
many provisional ballots were submitted to them in the November 6 2018

-3-
General Election. They reported that 21,190 provisional ballots were
submitted throughout the state. I have prepared a report of provisional ballots
from 2014, 2016, and 2018 and attached that report as Exhibit A to this
Declaration.
11. Once all provisional and UOCAVA ballots have been reviewed and a
determination made whether they should count or not, the results are
presented to the county superintendent for certification.
12. The county superintendent then certifies the returns, no later than by
the Monday following the election, and immediately transmits the returns to
the Secretary of State. O.C.G.A. § 21-2-493(k). See also O.C.G.A. § 21-2-
497(a)(4). This year, since Monday, November 12, 2018 is a federal holiday,
the deadline for certification is Tuesday, November 13, 2018.
13. Timely certification is critically important because a number of other
processes cannot happen until counties certify their election results. The
Secretary of State cannot certify results until all of the counties certify first.
Election challenges and recount requests also require the county
superintendent’s to certify first. See O.C.G.A. §§ 21-2-495(c) and 21-2-524(a).
Finally, with any potential run-off election set by law for 28 days after the
election, certified results are needed in order for ballots and voting machine
databases to be built for any run-off. O.C.G.A. § 21-2-501(a).

-4-
EXHIBIT A
2018 Provisional Ballots 2016 Provisional Ballots 2014 Provisional Ballots

APPLING COUNTY 13 3 4
ATKINSON COUNTY 2 7 9
BACON COUNTY 11 19 4
BAKER COUNTY 10 14 9
BALDWIN COUNTY 16 22 10
BANKS COUNTY 4 5 1
BARROW COUNTY 9 1 9
BARTOW COUNTY 86 91 74
BEN HILL COUNTY 50 36 3
BERRIEN COUNTY 10 50 11
BIBB COUNTY 419 354 112
BLECKLEY COUNTY 5 12 5
BRANTLEY COUNTY 29 9 6
BROOKS COUNTY 69 87 31
BRYAN COUNTY 24 13 6
BULLOCH COUNTY 224 130 19
BURKE COUNTY 6 2 0
BUTTS COUNTY 0 4 0
CALHOUN COUNTY 0 1 4
CAMDEN COUNTY 11 48 9
CANDLER COUNTY 3 15 9
CARROLL COUNTY 291 319 96
CATOOSA COUNTY 40 24 16
CHARLTON COUNTY 13 13 5
CHATHAM COUNTY 329 224 100
CHATTAHOOCHEE
COUNTY 34 6 2
CHATTOOGA COUNTY 34 24 7
CHEROKEE COUNTY 144 45 64
CLARKE COUNTY 198 239 186
CLAY COUNTY 2 4 1
CLAYTON COUNTY 888 433 139
CLINCH COUNTY 5 7 2
COBB COUNTY 2202 1565 1656
COFFEE COUNTY 10 21 7
COLQUITT COUNTY 17 21 6
COLUMBIA COUNTY 89 53 14
COOK COUNTY 0 2 1
COWETA COUNTY 38 27 20
CRAWFORD COUNTY 3 11 8
CRISP COUNTY 35 27 6
DADE COUNTY 13 5 13
DAWSON COUNTY 11 26 18
DECATUR COUNTY 188 129 10

DEKALB COUNTY 3008 1159 1002
DODGE COUNTY 8 3 0
DOOLY COUNTY 6 25 1
DOUGHERTY COUNTY 355 419 106
DOUGLAS COUNTY 145 84 47
EARLY COUNTY 4 1 3
ECHOLS COUNTY 0 0 0
EFFINGHAM COUNTY 8 13 17
ELBERT COUNTY 79 80 14
EMANUEL COUNTY 15 38 6
EVANS COUNTY 2 0 1
FANNIN COUNTY 23 24 8
FAYETTE COUNTY 81 85 31
FLOYD COUNTY 200 200 119
FORSYTH COUNTY 90 207 83
FRANKLIN COUNTY 3 1 2
FULTON COUNTY 3670 2528 3573
GILMER COUNTY 39 15 16
GLASCOCK COUNTY 2 0 0
GLYNN COUNTY 183 163 56
GORDON COUNTY 127 104 44
GRADY COUNTY 20 33 9
GREENE COUNTY 15 30 24
GWINNETT COUNTY 2427 2347 1702
HABERSHAM COUNTY 9 14 50
HALL COUNTY 370 136 71
HANCOCK COUNTY 14 14 20
HARALSON COUNTY 4 21 5
HARRIS COUNTY 47 34 33
HART COUNTY 14 6 0
HEARD COUNTY 8 2 1
HENRY COUNTY 339 446 136
HOUSTON COUNTY 150 301 89
IRWIN COUNTY 22 26 3
JACKSON COUNTY 59 68 44
JASPER COUNTY 62 6 2
JEFF DAVIS COUNTY 0 2 1
JEFFERSON COUNTY 45 58 26
JENKINS COUNTY 26 38 3
JOHNSON COUNTY 0 0 1
JONES COUNTY 16 3 8
LAMAR COUNTY 64 48 14
LANIER COUNTY 5 9 4
LAURENS COUNTY 41 9 15
LEE COUNTY 19 13 11
LIBERTY COUNTY 10 34 6
LINCOLN COUNTY 4 5 15
LONG COUNTY 10 26 12
LOWNDES COUNTY 1174 1387 746
LUMPKIN COUNTY 47 41 30
MACON COUNTY 0 0 0
MADISON COUNTY 4 8 7
MARION COUNTY 0 2 0
MCDUFFIE COUNTY 3 0 11
MCINTOSH COUNTY 3 15 12
MERIWETHER COUNTY 26 8 2
MILLER COUNTY 23 8 1
MITCHELL COUNTY 18 21 7
MONROE COUNTY 10 18 23
MONTGOMERY COUNTY 0 0 0
MORGAN COUNTY 14 7 9
MURRAY COUNTY 0 0 0
MUSCOGEE COUNTY 352 364 169
NEWTON COUNTY 16 12 3
OCONEE COUNTY 23 25 14
OGLETHORPE COUNTY 2 8 9
PAULDING COUNTY 105 49 44
PEACH COUNTY 90 9 14
PICKENS COUNTY 1 3 1
PIERCE COUNTY 1 1 0
PIKE COUNTY 13 8 9
POLK COUNTY 4 11 5
PULASKI COUNTY 0 8 2
PUTNAM COUNTY 18 17 9
QUITMAN COUNTY 1 4 1
RABUN COUNTY 0 4 2
RANDOLPH COUNTY 2 2 7
RICHMOND COUNTY 272 252 108
ROCKDALE COUNTY 140 149 132
SCHLEY COUNTY 4 1 4
SCREVEN COUNTY 16 9 12
SEMINOLE COUNTY 36 18 17
SPALDING COUNTY 47 31 40
STEPHENS COUNTY 39 17 4
STEWART COUNTY 40 5 18
SUMTER COUNTY 0 1 5
TALBOT COUNTY 4 0 2
TALIAFERRO COUNTY 6 1 1
TATTNALL COUNTY 18 14 13
TAYLOR COUNTY 30 5 0
TELFAIR COUNTY 2 1 3
TERRELL COUNTY 1 2 2
THOMAS COUNTY 7 9 2
TIFT COUNTY 14 42 101
TOOMBS COUNTY 13 2 11
TOWNS COUNTY 9 19 83
TREUTLEN COUNTY 4 18 7
TROUP COUNTY 685 667 112
TURNER COUNTY 11 14 9
TWIGGS COUNTY 6 6 1
UNION COUNTY 2 13 4
UPSON COUNTY 20 11 6
WALKER COUNTY 71 21 0
WALTON COUNTY 106 70 24
WARE COUNTY 14 14 1
WARREN COUNTY 4 3 3
WASHINGTON COUNTY 16 26 9
WAYNE COUNTY 15 17 2
WEBSTER COUNTY 8 12 3
WHEELER COUNTY 5 16 14
WHITE COUNTY 40 52 16
WHITFIELD COUNTY 70 86 64
WILCOX COUNTY 0 1 7
WILKES COUNTY 11 16 4
WILKINSON COUNTY 1 4 7
WORTH COUNTY 20 28 17
Total Provisional Ballots 21,190 16,739 12,151
Active Registered Voters 6,428,581 5,443,046 5,047,420

Ballots Cast 3,930,890 4,165,405 2,596,947
Turnout 61.1% 76.5% 51.5%
Provisional Ballots
Compared to Ballots Cast 0.54% 0.40% 0.47%
CERTIFICATE OF SERVICE
I hereby certify that I have this day filed the within and foregoing
NOTICE OF FILING OF DECLARATION OF CHRIS HARVEY with the
Clerk of Court using the CM/ECF system, which automatically sent counsel of
record e-mail notification of such filing.
This 8h day of November, 2018.
/s/Josh Belinfante

ATLANTA DIVISION

organization, )
)
Plaintiff, )
) Civil Action
v. )
) File No. 1:18-CV-05102-AT
)
Defendant. )
NOTICE OF FILING OF DECLARATION OF MERRITT BEAVER
COMES NOW Defendant Brian Kemp and hereby files the attached
Declaration of Merritt Beaver in support of Defendant’s Brief in Opposition to
Plaintiff’s Motion for a Temporary Restraining Order and Expedited Discovery.
/s/ Josh Belinfante

Josh Belinfante
Ryan Teague
Kimberly Anderson

500 14th Street, NW,
Telephone: (678) 701-9381
Facsimile: (404) 856-3250
-2-
I certify that this Notice has been prepared with one of the font and point
selections approved by the Court in Local Rule 5.1(C). Specifically, this Notice
/s/ Josh Belinfante

Josh Belinfante
NOTICE OF FILING OF DECLARATION OF MERRITT BEAVER with
the Clerk of Court using the CM/ECF system, which automatically sent counsel
of record e-mail notification of such filing.
This 8h day of November, 2018.
/s/Josh Belinfante

)
organization, )
)
Plaintiff, )
)
)
)
)
)
v. ) Case No. 18-cv-05102-AT
)
Secretary of State of Georgia )
)
)
Defendant. )
)
DECLARATION OF DAN S. WALLACH
I, Dan S. Wallach, declare as follows under penalty of perjury:
1. I submit this declaration in support of Plaintiff’s Emergency Motion for a
Temporary Restraining Order and Expedited Discovery.
2. I am an expert in computer security, with a particular focus on election
systems like electronic voting machines and voter registration systems. I am

currently employed as Professor of Computer Science at Rice University
(Houston, Texas). I also hold a courtesy appointment in the Electrical and
Computer Engineering department and I am a Rice Scholar at the Baker
Institute of Public Policy.
3. After graduating high school at J. J. Pearce (Richardson, Texas) in 1989, I
earned my BSEE/CS at the University of California, at Berkeley, in 1993,
and a MA and PhD at Princeton University in 1995 and 1999, respectively.
Since the fall of 1998, I have been at Rice University, being promoted to
Associate Professor in 2005 and to Professor in 2012. In 2007, when I was
on sabbatical, I held joint appointments as a visiting professor at Stanford
University and as a visiting researcher at SRI International. Among other
awards and responsibilities, I was elected to the Board of Directors of the
USENIX Association (serving 2012-2013) and I also served on the Air
Force Science Advisory Board (2011-2015). A true and correct copy of my
full curriculum vitae, which includes a full list of my publications, is
attached hereto as Exhibit A.
4. I have also served as an expert witness in a number of election-related
lawsuits. Most recently, I worked on behalf of the Department of Labor in a
pair of lawsuits related to online voting by labor unions (Secretary of Labor

v. Allied Pilots Association (4:14-CV-997-0); and Secretary of Labor v.
Association of Professional Flight Attendants (4:16-CV-1057)). I also wrote
a declaration on behalf of Jill Stein’s recount efforts in 2016. I have also
given testimony to a number of government bodies concerning election
security. Most recently, I testified before the U.S. House Space, Science, and
Technology Committee (September 2016) and the Texas Senate Select
Committee on Election Security (February 2018).
5. In my recent testimonies, both in Washington D.C. and Austin, Texas, I
considered our nation-state adversaries, including but not limited to Russia,
and the possible risks they might pose to our elections. My conclusion then,
as now, was that our biggest vulnerabilities are our voter registration
databases, typically maintained online, so therefore reachable by our
adversaries. Web sites with databases are ubiquitous and their vulnerabilities
are well-understood to cyber threat actors. Every university computer
security class has its students learn to attack and defend these sorts of
systems. While a defender must eliminate all possible attacks, an attacker
needs only find a single weakness, so it’s reasonable to expect these
weaknesses exist in our voter registration systems.

6. We can and should expect our adversaries to go after voter registration
systems, and there’s evidence of this already having happened in Arizona
and Illinois, among other states. A true and correct copy of an article
describing the Federal Bureau of Investigation’s finding of breaches in
Illinois and Arizona’s voter registration databases in 2016, downloaded from
the Reuters’ website, is attached hereto as Exhibit B.
7. The partisan impacts are easy to envision. You can selectively
disenfranchise voters by deleting them from the database or otherwise
introducing errors. Political campaign managers use a variety of predictive
models for targeted mailings, get-out-the-vote campaigns, and so forth to
determine partisanship; we can expect adversaries to do the same.
8. Georgia offers an online web-based tool (“My Voter Page”, hereafter
“MVP”) for voters to verify their voter registration status. Recently, a
number of security experts have determined that MVP was improperly
engineered from a security perspective. News articles concerning these
vulnerabilities appeared only a few days prior to this week’s election. A true
and correct copy of a November 4, 2018 article describing security
vulnerabilities in MVP downloaded from the WhoWhatWhy website, is
attached hereto as Exhibit C.

9. One specific MVP vulnerability concerns “URL manipulation”, where an
attacker can log in as one voter and then manipulate the underlying web
requests to change their identifying number and successfully fetch data
belonging to other voters. A more serious version of this attack apparently
allows an attacker to read every file stored on the web server. These URL
manipulations, themselves, are very simple and obvious; any “penetration
testing” team should have discovered them and they would have been easy
to repair. A true and correct copy of computer scientist Matt Bernhard’s
explanation of this vulnerability downloaded from Medium’s website, is
attached hereto as Exhibit D.
10.I have not personally verified these attacks, but the reports that I have
reviewed appear credible.
11.Based on this information, we can make a number of inferences. In
particular, if it is possible for an attacker to easily extract the full contents of
the MVP server, then the attacker will have access to the voter registration
status of every voter, which includes information that may not be available
to the general public (e.g., the voter’s driver’s license number and the last
four numbers of a voter’s social security number).

12.More worrisome, an attack which grants the attacker the ability to read each
and every file on a computer gives that attacker further opportunities to
discover and exploit other vulnerabilities. It’s highly likely that the
vulnerabilities we currently know about represent a “tip of the iceberg” of
other problems. Their presence on the MVP system implies a broad lack of
attention to computer security issues.
13.MVP is part of a suite of software from PCC Technology, Inc called
“ElectioNet” (also commonly known as “eNet”).1 Data from eNet is fed
directly to the “ExpressPoll” electronic poll books used when voters arrive at
their polling places. A true and correct copy of the declaration of Colin
McRae, Chair of the Chatham County Board of Registrars, downloaded
from the WhoWhatWhy website, is attached hereto as Exhibit E.
14.The MVP home-page currently states “My Voter Page provides a web-based
search of data extracted from Georgia’s statewide voter registration
database. It is NOT the official record of your registration, which is retained
1
“PCC’s ElectioNet is the Voter Registration and Election Administration suite used by more states than any other
solution to ensure the integrity of voter and election related data. Voter Registration, Online Voter Registration,
Election Management, My Voter Portal, and Election Night Reporting modules are fully integrated, feature rich, and
real-world tested, enabling PCC to maintain its position as the premier organization in the election administration
industry.” https://pcctechnologyinc.com/electionet/
by the voter registration office in the county of your residence.” This
suggests that there is some degree of separation between the MVP server
and other eNet servers.
15.Given that MVP is part of the broader eNet suite, and MVP has significant
software vulnerabilities, it’s reasonable to expect that other eNet
components have been engineered, installed, and configured similarly. An
attacker who can compromise the MVP server can likely also compromise
other eNet servers.
16.Given that eNet is directly responsible for voter registration data, all the way
from state-level web services to the electronic pollbooks, this implies that a
compromise of eNet would allow the attacker complete control over voter
registration data in Georgia, including tampering or deleting registration
records.
17.This sort of attacker modality corresponds with a standard practice for
sophisticated nation-state adversaries (often referred to euphemistically as
“Advanced Persistent Threats” or APTs), whereby the attacker first breaks
into any available system, and then spreads their footprint laterally to
encompass additional targets. In this regard, the process of defending against

APT adversaries is quite difficult, because the APT adversary must find only
one hole, after which they can expand out and fully compromise their
target’s network. Conversely, the defenders must close every hole. The MVP
system appears to be a glaring hole in Georgia’s voter registration systems,
and it’s likely that the rest of eNet is similarly vulnerable.
18.While we don’t know whether an adversary, APT or otherwise, has
compromised or tampered with Georgia’s voter registration databases, we do
know that 22,000 Georgia voters, statewide, have cast provisional ballots,
far higher than the numbers in recent federal elections. Given the poor state
of security engineering of MVP, and by inference the rest of Georgia’s voter
registration systems, we cannot rule out the actions of adversaries to tamper
with Georgia’s voter registration systems. A true and correct copy of a
November 7, 2018 article describing outstanding provisional and absentee
ballots downloaded from USA Today’s website, is attached hereto as Exhibit
F.
19.If necessary, I would do my best to make myself available to the Court and
the parties in the case to elaborate on the opinions stated herein.

My name is Daniel Wallach; my date of birth is September 14, 1971; my office
address is 6100 Main Street, Houston, Texas 77005-1892; and I declare under
penalty of perjury that the foregoing is true and correct.
Executed in Houston, Texas on the 8th day of November 2018.
__________________________
DANIEL WALLACH
Exhibit A
Home: 713-662-3331
Dan Seth Wallach Work: 713-348-6155
Fax: 713-348-5930
dwallach@cs.rice.edu Department of Computer Science

Rice University
Duncan Hall 3122
http://www.cs.rice.edu/~dwallach/ 6100 Main Street
Houston, TX 77005
Education Princeton University (Princeton, NJ), Department of Computer Science,

Ph.D. Computer Science, January 1999.
M.A. Computer Science, May 1995.
U.C. Berkeley (Berkeley, CA), College of Engineering,
B.S. Electrical Engineering/Computer Science, May 1993.
Publications [1] D. S. Wallach. We need to protect against vote tampering. Fort Worth
Star-Telegram, Mar. 2018. [ bib | .html ]
[2] D. S. Wallach. Testimony for the Texas Senate Select Committee on
Election Security, Feb. 2018. [ bib | .pdf ]
[3] J. Lee and D. S. Wallach. Removing secrets from Android's TLS.
In Network and Distributed Systems Security Symposium (NDSS '18),
San Diego, CA, Feb. 2018. [ bib | .pdf ]
[4] M. Bernhard, J. A. Halderman, R. Rivest, P. Vora, P. Ryan, V. Teague,
J. Benaloh, P. Stark, and D. S. Wallach. Public evidence from secret
ballots. In The International Conference for Electronic Voting (E-Vote-
ID '17), Bregenz, Austria, Oct. 2017. [ bib ]
[5] O. Pereira and D. S. Wallach. Clash attacks and the STAR-Vote system.
In The International Conference for Electronic Voting (E-Vote-ID '17),
Bregenz, Austria, Oct. 2017. [ bib ]
[6] M. Moran and D. S. Wallach. Verification of STAR-Vote and
evaluation of FDR and ProVerif. In 13th International Conference on
Integrated Formal Methods (iFM 2017), Torino, Italy, Sept. 2017.
[ bib ]
[7] R. Tanash, Z. Chen, D. S. Wallach, and M. Marschall. The decline of
social media censorship and the rise of self-censorship after the 2016
failed Turkish coup. In 7th USENIX Workshop on Free and Open
Communications on the Internet (FOCI '17), Vancouver, B.C., Canada,

Aug. 2017. [ bib ]
[8] D. S. Wallach. Up for debate: Is Harris County's vote safe from the
Russians? Houston Chronicle, July 2017. [ bib | http ]
[9] A. Pridgen, S. Garfinkel, and D. S. Wallach. Picking up the trash:
exploiting generational GC for memory analysis. In Proceedings of the
Fourth Annual DFRWS Europe (DFWRS-EU '17), Lake Constance,
Germany, Mar. 2017. [ bib | .pdf ]
[10] D. S. Wallach and J. Talbot-Zorn. Want secure elections? then maybe
don't cut security funding. Wired, Feb. 2017. [ bib | http ]
[11] A. Pridgen, S. Garfinkel, and D. S. Wallach. Present but unreachable:
reducing persistent latent secrets in HotSpot JVM. In Hawaii
International Conference on System Sciences (HICSS-50), Jan. 2017.
[ bib | .pdf ]
[12] S. Bell, J. Benaloh, M. D. Byrne, D. DeBeauvoir, B. Eakin, G. Fisher,
P. Kortum, N. McBurnett, J. M. M. Parker, O. Pereira, P. B. Stark, D. S.
Wallach, and M. Winn. Star-vote: A secure, transparent, auditable, and
reliable voting system. In F. Hao and P. Y. A. Ryan, editors, Real-World
Electronic Voting: Design, Analysis, and Deployment. CRC Press, Dec.
2016. [ bib | http ]
[13] D. S. Wallach. Testimony before the House Committee on Space,
Science & Technology hearing, “Protecting the 2016 Elections from
Cyber and Voting Machine Attacks”, Sept. 2016. [ bib | .pdf ]
[14] Z. Tao, A. Kokas, R. Zhang, D. S. Cohan, and D. S. Wallach. Inferring
atmospheric particulate matter concentrations from Chinese social
media data. PLOS One, Sept. 2016. [ bib | http ]
[15] M. S. Riazi, B. Chen, A. Shrivastava, D. S. Wallach, and F. Koushanfar.
Sub-linear privacy-preserving search with untrusted server and semi-
honest parties. CoRR, abs/1612.01835, 2016. [ bib | arXiv | http ]
[16] R. S. Tanash, A. Aydoga, Z. Chen, D. S. Wallach, M. Marschall,
D. Subramanian, and C. Bronk. Detecting influential users and
communities in censored tweets using data-flow graphs. In Proceedings
of the 33rd Annual Meeting of the Society for Political Methodology
(POLMETH 2016), Houston, TX, 2016. [ bib | .pdf ]
[17] R. S. Tanash, A. Aydoga, Z. Chen, D. S. Wallach, M. Marschall,
D. Subramanian, and C. Bronk. The dynamics of social media
censorship in transitioning democracies. In The 2016 APSA Conference
(Divison of Political Elites and Social Media, and Information
Technology and Politics), Philadelphia, PA, 2016. [ bib | http ]
[18] J. C. Dressler, C. Bronk, and D. S. Wallach. Exploiting military opsec
through open-source vulnerabilities. In 2015 IEEE Military
Communications Conference (MILCOM '15), Tampa, FL, Oct. 2015.

[ bib | .pdf ]
[19] R. S. Tanash, Z. Chen, T. Thakur, D. S. Wallach, and D. Subramanian.
Known unknowns: An analysis of Twitter censorship in Turkey.
In Workshop on Privacy in the Electronic Society, Denver, CO, Oct.
2015. [ bib ]
[20] C. Z. Acemyan, P. Kortum, M. D. Byrne, and D. S. Wallach. From error
to error: Why voters could not cast a ballot and verify their vote with
Helios, Prêt à Voter, and Scantegrity II. USENIX Journal of Election
Technology and Systems (JETS), 3(2), Aug. 2015. [ bib | .pdf ]
[21] Y. Liu, D. R. Bild, D. Adrian, G. Singh, R. P. Dick, D. S. Wallach, and
Z. M. Mao. Performance and energy consumption analysis of a delay-
tolerant network for censorship-resistant communications. In 16th ACM
International Symposium on Mobile Ad Hoc Networking and Computing
(MobiHoc '15), June 2015. [ bib | http ]
[22] D. R. Bild, Y. Liu, R. P. Dick, Z. M. Mao, and D. S. Wallach.
Aggregate characterization of user behavior in Twitter and analysis of
the retweet graph. ACM Transactions on Internet Technologies, 15(1),
Feb. 2015. [ bib | http ]
[23] A. Bates, K. Butler, M. Sherr, C. Shields, P. Traynor, and D. Wallach.
Accountable Wiretapping -or- I Know They Can Hear You
Now. Journal of Computer Security, 23:167--195, 2015. [ bib | .pdf ]
[24] Y. Liu, D. R. Bild, R. P. Dick, Z. M. Mao, and D. S. Wallach. The
mason test: A defense against sybil attacks in wireless networks without
trusted authorities. IEEE Transactions on Mobile Computing, 2015. in
press. [ bib | .pdf ]
[25] C. Z. Acemyan, P. Kortum, M. D. Byrne, and D. S. Wallach. Users'
mental models for three end-to-end voting systems: Helios, Prêt à Voter,
and Scantegrity II. In Human Aspects of Information Security, Privacy,
and Trust, volume 9190 of Lecture Notes in Computer Science. Springer
International Publishing, 2015. [ bib | DOI | http ]
[26] T. Book and D. S. Wallach. An empirical study of mobile ad
targeting. CoRR, abs/1502.06577, 2015. [ bib | http ]
[27] C. Z. Acemyan, P. Kortum, M. D. Byrne, and D. S. Wallach. Usability
of voter verifiable, end-to-end voting systems: Baseline data for Helios,
Prêt à Voter, and Scantegrity II. USENIX Journal of Election
Technology and Systems (JETS), 2(3), July 2014. [ bib | http ]
[28] M. Dietz and D. S. Wallach. Hardening Persona: Improving federated
web login. In Network and Distributed Systems Symposium (NDSS '14),
San Diego, CA, Feb. 2014. [ bib | .pdf ]
[29] M. Rostami, M. Majzoobi, F. Koushanfar, D. S. Wallach, and

S. Devadas. Robust and reverse-engineering resilient PUF
authentication and key-exchange by substring matching. IEEE
Transactions on Emerging Topics in Computing, 2014. [ bib | .pdf ]
[30] A. A. Sani, L. Zhong, and D. S. Wallach. Glider: A GPU library driver
for improved system security. CoRR, abs/1411.3777, 2014. [ bib | http ]
[31] T. Book and D. S. Wallach. A case of collusion: a study of the interface
between ad libraries and their apps. In Proceedings of the Third ACM
Workshop on Security and Privacy in Smartphones & Mobile Devices
(SPSM '13), Berlin, Germany, Nov. 2013. [ bib | .pdf ]
[32] S. Bell, J. Benaloh, M. D. Byrne, D. DeBeauvoir, B. Eakin, G. Fisher,
P. Kortum, N. McBurnett, J. M. M. Parker, O. Pereira, P. B. Stark, D. S.
Wallach, and M. Winn. Star-vote: A secure, transparent, auditable, and
reliable voting system. USENIX Journal of Election Technology and
Systems (JETS), 1(1), Aug. 2013. [ bib | http ]
[33] T. Zhu, D. Phipps, A. Pridgen, J. Crandall, and D. S. Wallach. The
velocity of censorship: High-fidelity detection of microblog post
deletions. In USENIX Security Symposium, Washington, DC, Aug. 2013.
[ bib | http ]
[34] T. Book, A. Pridgen, and D. S. Wallach. Longitudinal analysis of
Android ad library permissions. In Mobile Security Technologies
Workshop (MOST), San Francisco, CA, May 2013. [ bib | .pdf ]
[35] P. Song, A. Shu, D. Phipps, D. S. Wallach, M. Tiwari, J. Crandall, and
G. Lugar. Language without words: A pointillist model for natural
language processing. In 6th International Conference on Soft Computing
and Intelligent Systems (SCIS-ISIS 2012), Kobe, Japan, Dec. 2012.
[ bib | .pdf ]
[36] A. Czeskis, M. Dietz, T. Kohno, D. S. Wallach, and D. Balfanz.
Strengthening user authentication through opportunistic cryptographic
identity assertions. In 19th ACM Conference on Computer and
Communications Security (CCS '12), Raleigh, NC, Oct. 2012.
[ bib | http ]
[37] P. Song, A. Shu, A. Zhou, D. S. Wallach, and J. R. Crandall. A
pointillism approach for natural language processing of social media.
In Proceedings of the 2012 International Conference on Natural
Language Processing and Knowledge Engineering (NLP-KE'12), Hefei,
China, Sept. 2012. best paper award. [ bib | .pdf ]
[38] M. Dietz, A. Czeskis, D. Balfanz, and D. S. Wallach. Origin-bound
certificates: a fresh approach to strong client authentication for the web.
In USENIX Security Symposium, Bellevue, WA, Aug. 2012. [ bib | http ]
[39] S. Shekhar, M. Dietz, and D. S. Wallach. Adsplit: Separating

smartphone advertising from applications. In USENIX Security
Symposium, Bellevue, WA, Aug. 2012. [ bib | http ]
[40] M. Majzoobi, M. Rostami, F. Koushanfar, D. S. Wallach, and
S. Devadas. Slender PUF protocol: A lightweight, robust, and secure
authentication by substring matching. In International Workshop on
Trustworthy Embedded Devices, May 2012. [ bib | DOI | .pdf ]
[41] A. Bates, K. Butler, M. Sherr, C. Shields, P. Traynor, and D. S. Wallach.
Accountable wiretapping -or- I know they can hear you now. In 19th
ISOC Network and Distributed System Security Symposium (NDSS
2012), San Diego, CA, Feb. 2012. [ bib | http ]
[42] N. Aase, J. R. Crandall, A. Diaz, J. Knockel, J. O. Molinero, J. Saia,
D. Wallach, and T. Zhu. Whiskey, weed, and wukan on the World Wide
Web: On measuring censors' resources and motivations. In FOCI 12:
Proceedings of the 2nd USENIX Workshop on Free and Open
Communications on the Internet, 2012. [ bib | http ]
[43] D. S. Wallach. Viewpoint: Rebooting the cs publication
process. Communications of the ACM, 54(10), Oct. 2011. [ bib | .pdf ]
[44] S. A. Crosby and D. S. Wallach. Authenticated dictionaries: Real-world
costs and trade-offs. ACM Transactions on Information Systems Security
(TISSEC), 14(2):17:1--17:30, Sept. 2011. [ bib | DOI | http ]
[45] M. Dietz, S. Shekhar, Y. Pisetsky, A. Shu, and D. S. Wallach. Quire:
Lightweight provenance for smart phone operating systems. In 21st
USENIX Security Symposium, San Francisco, CA, Aug. 2011.
[ bib | .html ]
[46] D. R. Bild, Y. Liu, R. P. Dick, Z. M. Mao, and D. S. Wallach. Using
predictable mobility patterns to support scalable and secure MANETs of
handheld devices. In Sixth International Workshop on Mobility in the
Evolving Internet Architecture (MobiArch '11), June 2011. [ bib | http ]
[47] D. S. Wallach. Smartphone security: Trends and predictions. In Secure
Application Development (SecAppDev 2011), Leuven, Belgium, Feb.
2011. [ bib | .pdf ]
[48] T. Zhu, C. Bronk, and D. S. Wallach. An analysis of chinese search
engine filtering. CoRR, abs/1107.3794, 2011. [ bib | http ]
[49] D. Bachrach, C. Nunu, D. S. Wallach, and M. K. Wright. #h00t:
Censorship resistant microblogging. CoRR, abs/1109.6874, 2011.
[ bib | http ]
[50] S. J. Nielson and D. S. Wallach. The bittorrent anonymity
marketplace. CoRR, abs/1108.2718, 2011. [ bib | http ]
[51] S. J. Nielson, C. E. Spare, and D. S. Wallach. Building better incentives
for robustness in bittorrent. CoRR, abs/1108.2716, 2011. [ bib | http ]
[52] S. A. Crosby and D. S. Wallach. High throughput asynchronous

algorithms for message authentication. Technical Report CS TR10-15,
Rice University, Houston, TX, Dec. 2010. [ bib | .pdf ]
[53] T.-W. J. Ngan, R. Dingledine, and D. S. Wallach. Building incentives
into Tor. In Proceedings of Financial Cryptography (FC '10), Tenerife,
Canary Islands, Jan. 2010. best paper award. [ bib | .pdf ]
[54] S. A. Crosby and D. S. Wallach. Encyclopedia of Cryptography and
Security, chapter Algorithmic Denial of Service. Springer-Verlag, 2
edition, 2010. [ bib ]
[55] D. S. Wallach. Native client: A clever alternative. Communications of
the ACM, 53(1), Jan. 2010. [ bib | http ]
[56] D. S. Wallach. Polling place burglary raises specter of fraud. Houston
Chronicle, Dec. 2009. [ bib | http ]
[57] S. A. Crosby and D. S. Wallach. Super-efficient aggregating history-
independent persistent authenticated dictionaries. In Proceedings of
ESORICS 2009, Saint Malo, France, Sept. 2009. [ bib | .pdf ]
[58] S. A. Crosby and D. S. Wallach. Efficient data structures for tamper-
evident logging. In Proceedings of the 18th USENIX Security
Symposium, Montreal, Canada, Aug. 2009. [ bib | .pdf ]
[59] E. Öksüzoğlu and D. S. Wallach. VoteBox Nano: A smaller, stronger,
FPGA-based voting machine. In Electronic Voting
Technology/Workshop on Trustworthy Elections 2009, Montreal,
Canada, Aug. 2009. [ bib | .pdf ]
[60] C. Bronk, D. Castro, and D. S. Wallach. Group effort needed to secure
cyberspace. Houston Chronicle, June 2009. [ bib | .pdf ]
[61] D. R. Sandler and D. S. Wallach. Birds of a FETHR: Open,
decentralized micropublishing. In 8th International Workshop on Peer-
to-Peer Systems (IPTPS '09), Boston, MA, Apr. 2009. [ bib | .pdf ]
[62] D. S. Wallach. Technical perspective: Tools for information to flow
securely and swift-ly. Communications of the ACM, 52(2), Feb. 2009.
[ bib | .pdf ]
[63] S. A. Crosby, R. H. Riedi, and D. S. Wallach. Opportunities and limits
of remote timing attacks. ACM Transactions on Information and
Systems Security (TISSEC), 12(3), Jan. 2009. [ bib | .pdf ]
[64] D. S. Wallach. Voting system risk assessment via computational
complexity analysis. William and Mary Bill of Rights Journal, 17, Dec.
2008. [ bib | .pdf ]
[65] D. R. Sandler and D. S. Wallach. The case for networked remote voting
precincts. In 3rd USENIX/ACCURATE Electronic Voting Technology
Workshop (EVT '08), San Jose, CA, Aug. 2008. [ bib | .pdf ]
[66] D. R. Sandler, K. Derr, and D. S. Wallach. VoteBox: A tamper-evident,

verifiable electronic voting system. In Proceedings of the 17th USENIX
Security Symposium (Security '08), San Jose, CA, July 2008.
[ bib | .pdf ]
[67] D. R. Sandler and D. S. Wallach. <input type=“password”> must die!
In Web 2.0 Security & Privacy (W2SP 2008), Oakland, CA, May 2008.
[ bib | .pdf ]
[68] S. Everett, K. Greene, M. Byrne, D. Wallach, K. Derr, D. Sandler, and
T. Torous. Is newer always better? The usability of electronic voting
machines versus traditional methods. In Proceedings of CHI 2008,
Florence, Italy, Apr. 2008. [ bib | .html ]
[69] R. M. Stein, G. Vonnahme, M. Byrne, and D. S. Wallach. Voting
technology, election administration, and voter performance. Election
Law Journal, 7(2), Apr. 2008. [ bib | .pdf ]
[70] D. Sandler, K. Derr, S. Crosby, and D. S. Wallach. Finding the evidence
in tamper-evident logs. In Proceedings of the 2008 Third International
Workshop on Systematic Approaches to Digital Forensic Engineering
(SADFE '08), pages 69--75, 2008. [ bib | DOI | http ]
[71] D. R. Sandler and D. S. Wallach. Casting votes in the Auditorium.
In Proceedings of the 2nd USENIX/ACCURATE Electronic Voting
Technology Workshop (EVT '07), Boston, MA, Aug. 2007. [ bib | .pdf ]
[72] S. Inguva, E. Rescorla, H. Shacham, and D. S. Wallach. Source Code
Review of the Hart InterCivic Voting System. California Secretary of
State's “Top to Bottom” Review, July 2007. [ bib | .pdf ]
[73] D. L. Dill and D. S. Wallach. Stones Unturned: Gaps in the
Investigation of Sarasota's Disputed Congressional Election, Apr. 2007.
[ bib | .html ]
[74] D. S. Wallach. Security and Reliability of Webb County's ES&S Voting
System and the March '06 Primary Election. Expert Report in Flores v.
Lopez, May 2006. [ bib | .pdf ]
[75] A. Singh, T.-W. J. Ngan, P. Druschel, and D. S. Wallach. Eclipse
attacks on overlay networks: Threats and defenses. In IEEE INFOCOM
'06, Barcelona, Spain, Apr. 2006. [ bib | .pdf ]
[76] C. Coarfa, P. Druschel, and D. S. Wallach. Performance analysis of tls
web servers. ACM Transactions on Computer Systems, 24(1), Feb. 2006.
[ bib | .pdf ]
[77] A. Nandi, T.-W. J. Ngan, A. Singh, P. Druschel, and D. S. Wallach.
Scrivener: Providing incentives in cooperative content distribution
systems,. In ACM/IFIP/USENIX 6th International Middleware
Conference (Middleware 2005), Grenoble, France, Nov. 2005.
[ bib | .html ]
[78] E. de Lara, Y. Chopra, R. Kumar, N. Vaghela, D. S. Wallach, and

W. Zwaenepoel. Iterative adaptation for mobile clients using existing
APIs. IEEE Transactions on Parallel and Distributed Systems (TPDS),
16(10), Oct. 2005. [ bib | .html ]
[79] S. J. Nielson, S. A. Crosby, and D. S. Wallach. A taxonomy of rational
attacks. In 4th International Workshop on Peer-to-Peer Systems (IPTPS
'05), Ithaca, NY, Feb. 2005. [ bib | .html ]
[80] A. B. Stubblefield, A. D. Rubin, and D. S. Wallach. Managing the
performance impact of web security. Electronic Commerce Research
Journal, 5(1), Feb. 2005. [ bib | .pdf ]
[81] A. M. Ladd, K. E. Bekris, A. Rudys, L. E. Kavraki, and D. S. Wallach.
Robotics-based location sensing using wireless Ethernet. Wireless
Networks, 11(1-2), Jan. 2005. [ bib | http ]
[82] A. Haeberlen, E. Flannery, A. M. Ladd, A. Rudys, D. S. Wallach, and
L. E. Kavraki. Practical robust localization over large-scale wireless
Ethernet networks. In Tenth ACM International Conference on Mobile
Computing and Networking (MOBICOM 2004), Philadelphia, PA, Sept.
2004. [ bib | .pdf ]
[83] A. Mislove, G. Oberoi, A. Post, C. Reis, P. Druschel, and D. S. Wallach.
AP3: Cooperative, decentralized anonymous communication. In 11th
ACM SIGOPS European Workshop, Leuven, Belgium, Sept. 2004.
[ bib | .html ]
[84] D. S. Wallach. Texas must confront voting systems' flaws. Austin
American-Statesman, Sept. 2004. [ bib | .pdf ]
[85] T.-W. J. Ngan, A. Nandi, A. Singh, D. S. Wallach, and P. Druschel.
Designing incentives-compatible peer-to-peer systems. In 2nd Bertinoro
Workshop on Future Directions in Distributed Computing (FuDiCo
2004), Bertinoro, Italy, June 2004. [ bib | .html ]
[86] A. M. Ladd, K. E. Bekris, A. Rudys, D. S. Wallach, and L. E. Kavraki.
On the feasibility of using wireless Ethernet for localization. IEEE
Transactions on Robotics and Automation, 20(3):555--559, June 2004.
[ bib | .pdf ]
[87] T.-W. J. Ngan, D. S. Wallach, and P. Druschel. Incentives-compatible
peer-to-peer multicast. In 2nd Workshop on Economics of Peer-to-Peer
Systems, Cambridge, MA, June 2004. [ bib | .html ]
[88] D. S. Wallach. Testimony for the Texas Senate Committee on State
Affairs, May 2004. [ bib | .pdf ]
[89] D. S. Wallach. Testimony for the Texas House Committee on Elections,
Mar. 2004. [ bib | .pdf ]
[90] D. S. Wallach. Testimony for the Ohio Joint Committee on Ballot
Security, Mar. 2004. [ bib | .pdf ]
[91] T. Kohno, A. Stubblefield, A. D. Rubin, and D. S. Wallach. Analysis of

an electronic voting system. In Proceedings of the 2004 IEEE
Symposium on Security and Privacy, Oakland, CA, 2004. [ bib | http ]
[92] J. Bannet, D. W. Price, A. Rudys, J. Singer, and D. S. Wallach. Hack-a-
Vote: Demonstrating security issues with electronic voting
systems. IEEE Security and Privacy Magazine, 2(1):32--37, January /
February 2004. Also reprinted by ComputerUser, March 2004.
[ bib | .pdf ]
[93] P. Tao, A. Rudys, A. Ladd, and D. S. Wallach. Wireless LAN location
sensing for security applications. In ACM Workshop on Wireless
Security (WiSe 2003), San Diego, CA, Sept. 2003. [ bib | .html ]
[94] S. Crosby and D. S. Wallach. Denial of service via algorithmic
complexity attacks. In 12th Usenix Security Symposium, Washington,
D.C., Aug. 2003. [ bib | .pdf ]
[95] A. C. Fuqua, T.-W. J. Ngan, and D. S. Wallach. Economic behavior of
peer-to-peer storage networks. In Workshop on Economics of Peer-to-
Peer Systems, Berkeley, CA, June 2003. [ bib | .html ]
[96] D. W. Price, A. Rudys, and D. S. Wallach. Garbage collector memory
accounting in language-based systems. In Proceedings of the 2003 IEEE
Symposium on Security and Privacy, Oakland, CA, May 2003.
[ bib | .html ]
[97] A. Mislove, A. Post, C. Reis, P. Willmann, P. Druschel, D. S. Wallach,
X. Bonnaire, P. Sens, J.-M. Busca, and L. Arantes-Bezerra. POST: A
secure, resilient, cooperative messaging system. In 9th Workshop on Hot
Topics in Operating Systems (HotOS IX), Lihue, Hawaii, May 2003.
[ bib | .html ]
[98] E. de Lara, R. Kumar, D. S. Wallach, and W. Zwaenepoel.
Collaboration and multimedia authoring on mobile devices. In First
International Conference on Mobile Systems, Applications, and Services
(MobiSys '03), San Francisco, CA, May 2003. [ bib | .pdf ]
[99] N. Paul, D. Evans, A. D. Rubin, and D. S. Wallach. Authentication for
remote voting. In Workshop on Human-Computer Interaction and
Security Systems, Fort Lauderdale, FL, Apr. 2003. [ bib | .html ]
[100] T.-W. J. Ngan, D. S. Wallach, and P. Druschel. Enforcing fair sharing of
peer-to-peer resources. In Proceedings of the Second International
Workshop on Peer-to-Peer Systems, Berkeley, CA, Feb. 2003.
[ bib | .html ]
[101] Y. C. Hu, W. Yu, A. L. Cox, D. S. Wallach, and W. Zwaenepoel.
Runtime support for distributed sharing in safe languages. ACM
Transactions on Computer Systems, 21(1), 2003. [ bib | .pdf ]
[102] M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach.

Security for structured peer-to-peer overlay networks. In Fifth
Symposium on Operating Systems Design and Implementation (OSDI
'02), Boston, MA, Dec. 2002. [ bib | .html ]
[103] A. Rudys and D. S. Wallach. Enforcing Java run-time properties using
bytecode rewriting. In International Symposium on Software Security,
Tokyo, Japan, Nov. 2002. [ bib | .html ]
[104] D. S. Wallach. A survey of peer-to-peer security issues. In International
Symposium on Software Security, Tokyo, Japan, Nov. 2002.
[ bib | .html ]
[105] A. M. Ladd, K. E. Bekris, G. Marceau, A. Rudys, D. S. Wallach, and
L. E. Kavraki. Using wireless Ethernet for localization. In 2002
IEEE/RSJ International Conference on Intelligent Robots and Systems
(IROS 2002), Lausanne, Switzerland, Oct. 2002. [ bib | .pdf ]
[106] A. M. Ladd, K. E. Bekris, G. Marceau, A. Rudys, L. E. Kavraki, and
D. S. Wallach. Robotics-based location sensing using wireless Ethernet.
In Eighth ACM International Conference on Mobile Computing and
Networking (MOBICOM 2002), Atlanta, Georgia, Sept. 2002.
[ bib | .pdf ]
[107] Y. Dotsenko, E. de Lara, D. S. Wallach, and W. Zwaenepoel. Extensible
adaptation via constraint solving. In Proceedings of the 4th IEEE
Worwshop on Mobile Computing Systems and Applications, Callicoon,
NY, June 2002. [ bib | http ]
[108] A. Rudys and D. S. Wallach. Transactional rollback for language-based
systems. In 2002 International Conference on Dependable Systems and
Networks, Washington, D.C., June 2002. [ bib | .html ]
[109] A. Rudys and D. S. Wallach. Termination in language-based
systems. ACM Transactions on Information and System Security, 5(2),
May 2002. [ bib | .html ]
[110] C. Coarfa, P. Druschel, and D. S. Wallach. Performance analysis of TLS
Web servers. In Proceedings of the 2002 Network and Distributed
System Security Symposium, San Diego, CA, Feb. 2002. [ bib | .html ]
[111] E. de Lara, D. S. Wallach, and W. Zwaenepoel. HATS: Hierarchical
adaptive transmission scheduling. In Proceedings of the 2002
Multimedia Computing and Networking Conference (MMCN'02), San
Jose, CA, Jan. 2002. [ bib | http ]
[112] J. Flinn, E. de Lara, M. Satyanarayanan, D. S. Wallach, and
W. Zwaenepoel. Reducing the energy usage of Office applications.
In Proceedings of IFIP/ACM International Conference on Distributed
Systems Platforms (Middleware), Heidelberg, Germany, Nov. 2001.
[ bib | http ]
[113] D. S. Wallach. Copy protection technology is doomed. IEEE Computer,

34(10):48--49, Oct. 2001. [ bib | .pdf ]
[114] S. A. Craver, M. Wu, B. Liu, A. Stubblefield, B. Swartzlander, D. S.
Wallach, D. Dean, and E. W. Felten. Reading between the lines:
Lessons from the SDMI challenge. In 10th Usenix Security Symposium,
Washington, D.C., Aug. 2001. [ bib | .pdf ]
[115] A. Stubblefield and D. S. Wallach. Dagster: Censorship-resistant
publishing without replication. Technical Report TR01-380, Rice
University, July 2001. [ bib | .pdf ]
[116] E. de Lara, D. S. Wallach, and W. Zwaenepoel. Puppeteer: Component-
based adaptation for mobile computing. In Proceedings of the 3rd
USENIX Symposium on Internet Technologies and Systems (USITS),
San Francisco, CA, Mar. 2001. [ bib | http ]
[117] A. Rudys, J. Clements, and D. S. Wallach. Termination in language-
based systems. In Network and Distributed Systems Security
Symposium, San Diego, CA, Feb. 2001. [ bib | .html ]
[118] D. S. Wallach, E. W. Felten, and A. W. Appel. The security architecture
formerly known as stack inspection: A security mechanism for
language-based systems. ACM Transactions on Software Engineering
and Methodology, 9(4):341--378, Oct. 2000. [ bib | .html ]
[119] E. de Lara, D. S. Wallach, and W. Zwaenepoel. Opportunities for
bandwidth adaptation in Microsoft Office documents. In Proceedings of
the Fourth USENIX Windows Symposium, Seattle, Washington, Aug.
2000. [ bib | http ]
[120] A. Grosul and D. S. Wallach. A related-key cryptanalysis of RC4.
Technical Report TR-00-358, Department of Computer Science, Rice
University, Houston, TX, June 2000. [ bib | .pdf ]
[121] A. B. Stublefield and D. S. Wallach. A security analysis of
My.MP3.com and the Beam-it protocol. Technical Report TR-00-353,
Department of Computer Science, Rice University, Houston, TX, Feb.
2000. [ bib | .html ]
[122] D. S. Wallach. A New Approach to Mobile Code Security. PhD thesis,
Princeton University, Princeton, NJ, Jan. 1999. [ bib | .html ]
[123] D. S. Wallach and E. W. Felten. Understanding Java stack inspection.
In Proceedings of the 1998 IEEE Symposium on Security and Privacy,
pages 52--63, Oakland, CA, May 1998. [ bib | .html ]
[124] E. W. Felten, D. Balfanz, D. Dean, and D. S. Wallach. Web spoofing:
An Internet con game. In 20th National Information Systems Security
Conference, Baltimore, Maryland, Oct. 1997. [ bib | .html ]
[125] D. Dean, E. W. Felten, D. S. Wallach, and D. Balfanz. Java security:
Web browsers and beyond. In D. E. Denning and P. J. Denning,
editors, Internet Besieged: Countering Cyberspace Scofflaws, pages

241--269. ACM Press, New York, NY, Oct. 1997. [ bib | .html ]
[126] D. S. Wallach, D. Balfanz, D. Dean, and E. W. Felten. Extensible
security architectures for Java. In Proceedings of the Sixteenth ACM
Symposium on Operating System Principles, Saint-Malo, France, Oct.
1997. outstanding paper award. [ bib | .html ]
[127] D. S. Wallach, J. A. Roskind, and E. W. Felten. Flexible, extensible Java
security using digital signatures. In DIMACS Workshop on Network
Threats, DIMACS Series in Discrete Mathematics and Theoretical
Computer Science. American Mathematical Society, Dec. 1996. [ bib ]
[128] D. Dean, E. W. Felten, and D. S. Wallach. Java security: From HotJava
to Netscape and beyond. In Proceedings of the 1996 IEEE Symposium
on Security and Privacy, pages 190--200, Oakland, CA, May 1996.
[ bib | .html ]
[129] D. S. Wallach, S. Kunapalli, and M. F. Cohen. Accelerated MPEG
compression of dynamic polygonal scenes. In Computer Graphics
(Proceedings of SIGGRAPH 1994), Orlando, FL, July 1994. [ bib | http ]
Teaching Courses at Rice:
Comp215: Introduction to Program Design (Fall 2014-2017)
Comp327 / 427: Introduction to Computer Security (Spring 2011-2017)
Comp527: Computer Systems Security (Spring 1999, Fall and Spring
2000, Fall 2001-2006, 2008-2013)
Comp435: Election Systems, Technology, and Administration (Fall
2006, Fall 2008, Fall 2012, Fall 2016)
Comp314: Applied Algorithms and Data Structures (Fall 1999, Spring
2001, 2002, 2004-2006, 2008-2010)
Comp620: Seminar in Secure Systems (Fall 1998)
Short courses and tutorials:
Dan S. Wallach, SecVote Summer School (Schloss Dagstühl, Germany),
July 2012.
Dan S. Wallach, Software Engineering for Security (a one-week
intensive short course), presented at Secure Application
Development (Leuven, Belgium), February 2016, (also February 2011
and February 2007).
Dan S. Wallach, Software Engineering for Security (lectures), presented
at 4th International School: Network Security Impact on Quality
Software Engineering (Viña del Mar & Valparaíso, Chile), October

2007.
Dan S. Wallach, Language-Based Security (a one-week intensive short
course), presented at The ACM Summer School on Foundations of
Internet Security (Duszniki Zdrój, Poland), June 2002.
Dan S. Wallach and Drew Dean, Java and Security (a one-week
intensive short course), Katholieke Universiteit Leuven (Leuven,
Belgium), March 1997.
Teaching assistant positions at Princeton:
Introduction to Computer Systems (Spring 1996)
Computer Graphics (Fall 1993, Fall 1994, and Fall 1995)
Advanced Programming Techniques (Spring 1994)
Professional Research management:

Service
Associate Director, ACCURATE (NSF-funded research center), 2005-
2010
Acting Director (ACCURATE), 2010-2011
National service / advisory boards:
Army Research Laboratory, Technical Assessment Board (2018)
Air Force Science Advisory Board (2011-2015)
USENIX Association, Board of Directors (2012-2013)
USENIX Security, Steering Committee (2014-present)
Program committees:
ACM Conference on Computer and Communications Security (CCS)
2004, 2005, 2008, 2009
ACM Conference on Electronic Commerce 2007
ACM International Systems and Storage Conference (SYSTOR) 2017
ACM Role-Based Access Control Workshop 1999 and 2000
ACM SIGPLAN Third Workshop on Programming Languages and
Analysis for Security (PLAS) 2008
Applied Cryptography and Network Security (ACNS) 2005
Cybersecurity Applications and Technologies Conference for Homeland
Security (CATCH) 2008
European Symposium on Research in Computer Security (ESORICS)
2009
Google Native Client (NaCl) Security Contest 2009
HotOS Workshop 2003, 2009, 2011
HotSec Workshop 2006
IEEE International Conference on Distributed Computing Systems

(ICDCS) 2007
IEEE Security and Privacy 1999, 2004, 2005, 2007-2012, 2018
IEEE Workshop on Mobile Computing Systems and Applications
(WMCSA) 2002 and 2004
3rd International Conference on Electronic Voting 2008
Second International Joint Conference on Electronic Voting (E-Vote-ID)
2017
International Peer-to-Peer Symposium (IPTPS) 2004 and 2006
International Symposium on Engineering Secure Software and Systems
(ESSoS) 2010
Network and Distributed Systems Security Symposium (NDSS) 2002-
2004, 2006, and 2012
NSF grant panels 2002, 2004, 2005, 2006, 2007, 2010, 2013
South Central Information Security Symposium (SCISS) 2003-2006
USENIX Electronic Voting Technology Workshop/Workshop on
Technology for Elections (EVT/WOTE) 2006-2010
USENIX Annual Technical Conference 2001
USENIX Security Symposium 1999-2003, 2005, 2011, 2012, 2014, 2018
USENIX Symposium on Internet Technologies and Systems (USITS)
2003
VOTE-ID / E-Vote-ID 2009, 2016, 2017
Workshop on Economics in Peer-to-Peer Systems 2004
Workshop on Secure Execution of Untrusted Code (SecuCode) 2009
Workshop on Technology for Elections (WOTE) 2008
Workshop on Web 2.0 Security & Privacy (W2SP) 2007-2010
WWW Conference 1999, 2000, 2003, 2004, 2006-2008, 2011, 2014
Program committee chair / journal editorship:
(ESSoS) 2010
USENIX Security Symposium 2001
USENIX Journal of Election Technology and Systems (JETS) (2013-
2015)
WWW Conference, Co-Chair of Security, Privacy, Reliability, and
Ethics Track 2007 and 2008
Invited talks committee:
USENIX Security Symposium 2002 and 2011
Panel moderator/organizer (electronic voting security):
USENIX Security Symposium 2003
IEEE Symposium on Security and Privacy 2004
Workshop organizer / co-chair:

(ESSoS) 2010
South Central Information Security Symposium (SCISS) 2003-2006
USENIX/ACCURATE Electronic Voting Technology Workshop (EVT)
2006
Workshop on Web 2.0 Security & Privacy (W2SP) 2007-2011
Editorial and advisory board memberships:
Election Assistance Commission - Voting System Risk Analysis (EAC
VSRA) panel (2008-2009)
Election Science Institute (VoteWatch)
IEEE Internet Computing (2004-2006)
International Journal of Information Security
International Journal of Information and Computer Security
International Journal for Infonomics
National Committee for Voting Integrity
SAFECode
Verified Voting Foundation / VerifiedVoting.org
University committees:
Search committee, dean of undergraduates (2018)
Advisor for MCS Students (2000-2001)
CS Graduate Admissions (1998-2005, 2014-present)
CS Curriculum Committee (occasional involvement)
CS Facilities (occasional involvement)
KTRU (Rice Radio) Friendly Committee (2005-dissolution of
committee)
Rice Childcare Advisory Committee (2005-2006)
University IT Security Committee (2002-dissolution of committee)
Distinguished Alumni Award Selection Commitee (2009)
University Benefits Committee (2011-present)
University Graduate Honor Council (2016-present)
Other university service:
Divisional advisor and faculty associate, Martel College (2001-present)
Rice Social Dance Society: faculty sponsor, instructor, workshop
organizer, etc. (2001-present)
External university service:
University of Cyprus, CS faculty search, external commitee member
(2015)
Honors and 2013 Microsoft SEIF Faculty Research Award

Awards
2012 Best Paper Award (Natural Language Processing and Knowledge
Engineering)
2011 National Centers of Academic Excellence in Information Assurance
Research (CAE-R)
2010 Best Paper Award (Financial Cryptography)
2009 Google Research Award
2008 Kavli Frontiers of Science Fellow
2008 VoteRescue "Champion of Election Integrity" Award
2008 Defense Science Study Group (DSSG), class of 2008-2009
2007 ComputerWorld "40 Under 40" Award
2000 NSF CAREER Award
2000 IBM University Partnership Award
1997 Outstanding Paper Award (Symposium on Operating Systems
Principles)
Related student awards
2011 National Physical Sciences Consortium (NPSC) Fellowship - Adam
Pridgen
2009 Usenix Security Grand Challenge (Capture the Flag) Contest - Mike
Dietz
2002 CRA Outstanding Undergraduate Award - Adam Stubblefield
Grants Dan S. Wallach and Phil Kortum, TWC: TTP Option: Medium: Voting
Systems Architectures for Security and Usability, NSF CNS-1409401 (March
2014).
Dan S. Wallach and Jedidiah R. Crandall, TWC: Medium: Collaborative:
Measurement and Analysis Techniques for Internet Freedom on IP and Social
Networks, NSF CNS-1314492 (July 2013).
Dan S. Wallach, TC: Small: Security Architectures for Smartphones, NSF
CNS-1117943 (July 2011).
Robert Dick, Z. Morley Mao, and Dan S. Wallach, TC: Medium:
Collaborative Research: WHISPER - Wireless Handheld Infrastructureless,
Secure Communications System for the Prevention of Eavesdropping and

Reprisal, NSF CNS-0964566 (February 2010).
Aviel D. Rubin, Dan S. Wallach, Michael Byrne, Douglas W. Jones, David
Dill, Dan Boneh, David A. Wagner, Dierdre Mulligan, Drew Dean, and Peter
G. Neumann, CT-CS: A Center for Correct, Usable, Reliable, Auditable, and
Transparent Elections (ACCURATE), NSF CNS-0524211 (October 2005).
Dan S. Wallach and Peter Druschel, CSR/PDOS: Security and Incentives for
Overlay Network Infrastructure, NSF CNS-0509297 (August 2005).
Dan S. Wallach and Mike Dahlin, Resource Management for Safe
Deployment of Edge Services, Texas Advanced Technology Program
#003604-0053-2001 (October 2001).
Dan S. Wallach, Security and Resource Management in Type-Safe Language
Environments, NSF CAREER CCR-9985332 (March 2000).
Behnaam Aazhang, Richard G. Baraniuk, Joseph R. Cavallaro, Edward W.
Knightly, and Dan S. Wallach, Seamless Multitier Wireless Networks for
Multimedia Applications, NSF Special Projects ANI-9979465 (April 1999).
Industrial gifts and support:
Samsung research contract (September 2012)
Houston Infraguard (September 2010)
Google gift (November 2009)
Microsoft gift (November 2002)
Schlumberger gift (February 2002)
IBM University Partnership Program (June 2000)
Microsoft gift (July 2000)
Related support:
2011 National Physical Sciences Consortium (NPSC) Fellowship -
Adam Pridgen
USENIX Student Scholarship for Adam Stubblefield (May 2001)
Invited Talks 1. Roger Dingledine, Simson L. Garfinkel, Phillipa Gill, Daniela

and Panels Oliveria and Dan Wallach, Security and Privacy for Democracy
Panel, Computing Research: Addressing National Priorities and
Societal Needs, Computing Research Association (Washington,
D.C.), October 2017.
2. Dan S. Wallach, STAR-Vote: A Secure, Transaprent, Auditable, and
Reliable Voting System.Summer Research Institute (SuRI) (École
Polytechnic Fédérale de Lausanne, Lausanne, Switzerland), June
2017.
3. Dan S. Wallach, What, exactly, is different or new about mobile

security? Kenote speech, Workshop on Mobile Security
Technologies (MoST), San Jose, CA, May 2017.
Reliable Voting System. Jersey Village High School (Houston, TX),
May 2017.
Reliable Voting System. League of Women Voters (Houston, TX),
May 2017.
Reliable Voting System. Dartmouth College (Hannover, NH), April
2017.
Reliable Voting System. Scientia Privacy Lecture Series, Rice
University (Houston, TX), March 2017.
Reliable Voting System. Two Sigma (Houston, TX), October 2016.
9. Dan S. Wallach, Testimony before the House Committee on Space,
Science & Technology hearing, "Protecting the 2016 elections from
cyber and voting machine attacks", Washington, DC, Sept. 2016.
10. Dan S. Wallach, Internet Application Censorship: Studies of Weibo
in China and Twitter in Turkey, Houston Kiwanis (Houston, TX),
July 2016.
in China and Twitter in Turkey, Stanford University (Stanford, CA),
June 2016.
in China and Twitter in Turkey, OWASP Meeting, K.U. Leuven
(Leuven, Belgium), February 2016.
13. Dan S. Wallach, Security Architectures for Smartphones, University
of Texas, at Dallas (Dallas, TX), October 2015.
14. Dan S. Wallach, Tracking, Privacy, and Network Neutrality,
Houston Kiwanis (Houston, TX), September 2015.
15. Harley Geiger, Andrew Napolitano, David Leebron, and Dan S.
Wallach, Privacy in the Digital Age, Baker Institute for Public
Policy, Rice University (Houston, TX), April 2015.
16. Dan S. Wallach, Android WebView security and the mobile
advertising marketplace, Google Security Summit (Mountain View,
CA), March 2015..
17. Dan S. Wallach, Rice Tizen Analysis for Security, Tizen Developers
Conference (San Francisco, CA), June 2014.
Reliable Voting System. National Science Foundation (Arlington,
VA), May 2014.
Reliable Voting System. Electronic Voting Network Conference
(San Diego, CA), March 2014.
20. Dan S. Wallach, Security Architectures for Smartphones, Korea
Advanced Institute for Science and Technology (KAIST) (Daejeon,
South Korea), August 2013.
21. Dan S. Wallach, Security Analysis of LLVM Bitcode Files for
Mobile Platforms, Tizen Developers Conference (San Francisco,
CA), May 2013.
Reliable Voting System. Mid-Atlantic Collegiate Cyber Defense
Competition (Laurel, MD), April 2013.
Reliable Voting System. Verifiable Voting Schemes Workshop
(Luxembourg), March 2013.
24. Dan S. Wallach, Privacy and Tracking on the Internet, FTC
Workshop on The Big Picture: Comprehensive Data
Collection (Washington, D.C.), December 2012.
25. Dan S. Wallach, David Wagner, Philip B. Stark, and Philip
Kortum. The Future of E-Voting - Remote, Internet-Based, and
Secure? E-Voting: Risk and Opportunity (Center for Information
Technology Policy at Princeton University - Webcast Seminar),
November 2012.
of Luxembourg, November 2012.
27. Dan S. Wallach, The USENIX Association: A Financial Case Study
for Open Access.Perspectives Workshop: Publication Culture in
Computing Research (Schloss Dagstühl, Germany), November
2012.
28. Dan S. Wallach, Security Architectures for Smartphones, National
Security Agency (Ft. Meade, Maryland), June 2012.
29. Dana DeBeauvoir, Dan S. Wallach, et al. Future of Voting Systems,
International Association of Clerks, Recorders, Election Officials,
and Treasurers, Annual Conference (Albuquerque, New Mexico),
June 2012.

of California, at Berkeley (Berkeley, California), May 2012.
31. Jonathan Blow, Adam Glass, Piaw Na, and Dan S. Wallach. CS
Alumni Panel, University of California, at Berkeley (Berkeley,
California), May 2012.
of New Mexico (Albequerque, New Mexico), April 2012.
33. Dan S. Wallach, Thoughts on Travis County's Next-Generation
Voting System, Travis County Election Study Group (Austin,
Texas), October 2011.
34. Pamela Smith, Dan S. Wallach, Ian S. Piper, and Carolyn
Crnich, Panel: The Present, Election Integrity: Past, Present, and
Future - Caltech/MIT Voting Technology Project (Cambridge,
Massachusetts), October 2011.
35. Dan S. Wallach, Quire: Lightweight Provenance for Smart Phone
Operating Systems, Technischen Universität Darmstadt (Darmstadt,
Germany), July 2011.
36. Dan S. Wallach, VoteBox: A Verifiable, Tamper-Evident, Electronic
Voting System, Distinguished Lecture, Université du Luxembourg,
July 2011.
37. Dan S. Wallach, Crypto and e-Voting: Homomorphisms, Zero-
Knowledge Proofs, and Other Tricks of the Trade, Leuven Center on
Information Communication and Technology (LICT) Distinguished
Lecture (Leuven, Belgium), March 2011.
38. Dan S. Wallach, Seguridad Informática, Tendencias y Aplicaciones
(Information Security Trends and Applications), Technology,
Connectivity and Internet Workshop, Consejo Federal de
Inversiones (Buenos Aires, Argentina), February 2011.
39. Dan S. Wallach, Electronic Voting Systems: Failures and Research
Opportunities, Rice University - Sciencia Lecture Series (Houston,
40. Ann Harris Bennett, Don Cook, Stan Stanart, Harris County Clerk
Debate, sponsored by the Houston League of Women Voters and
Rice University, moderated by Dan S. Wallach, October 2010.
41. Dan S. Wallach, The Wørd, 4th Electronic Voting Technology
Workshop / Worshop on Trusted Elections (EVT/WOTE
'10) (Washington, D.C.), August 2010.
42. Dan S. Wallach, Adventures in Electronic Voting Research, Texas
A&M University (College Station, Texas), October 2009.
43. Dan S. Wallach, Adventures in Electronic Voting Research, Swiss

Federal Institute of Technology (ETH) (Zürich, Switzerland), May
2009.
44. Jeremy Epstein, Douglas W. Jones, E. John Sebes, David Wagner,
Dan Wallach, Electronic Voting Panel, RSA Conference (San
Francisco, California), May 2009.
45. Dan S. Wallach, Adventures in Electronic Voting Research, Bay
Area Association of Democratic Women (Clear Lake, Texas), April
2009.
46. Dan S. Wallach, Testimony Before the Colorado Election Reform
Commission (Denver, Colorado), December 2008.
47. Dan S. Wallach, Adventures in Electronic Voting Research, National
Academy of Science - Kavli Frontiers of Science Symposium
(Irvine, California), November 2008.
48. Dan S. Wallach, Adventures in Electronic Voting Research, Duke
University, October 2008.
49. Dan S. Wallach, Testimony Before the Texas Senate Committee on
State Affairs (Austin, Texas), October 2008.
50. Dan S. Wallach et al., Experts Meeting – E-voting in the 2008 U.S.
Elections. The Carter Center (Atlanta, Georgia), September 2008.
51. David Beirne, Doug Chapin, Dana DeBeauvoir, Anne McGeehan,
Rosemary Rodriguez, Dan S. Wallach. Voting System Integrity: Can
We Be Confident in the Accuracy of the Results? LBJ School of
Public Affairs, UT Austin (Austin, Texas), September 2008.
52. Chandler Davidson, Bob Stein, Dan S. Wallach, Tova
Wang. Democracy, Disenfranchisement, and November 2008
(Constitution Day Panel). Rice University (Houston, Texas),
September 2008.
53. Dan S. Wallach, Testimony Before the Texas House Committee on
Elections (Austin, Texas), June 2008.
54. Dan S. Wallach, Adventures in Electronic Voting Research, Invited
Talk,West University Democrats, April 2008.
Talk, How We Vote Conference, Institute of the Bill of Rights,
College of William & Mary (Williamsburg, Virginia), March 2008.
Talk, Hanzen-Martel Lecture Series, Rice University (Houston,
Texas), February 2008.

Talk, Alumni College Weekend, Rice University (Houston, Texas),
February 2008.
Talk, Google (Mountain View, California), December 2007.
59. Dan S. Wallach, Real-world Electronic Voting, National Lawyers
Council: National Leadership Convention (Washington, D.C.),
November 2007.
60. Dan S. Wallach, Real-world Electronic Voting, Claim Democracy
Conference (Washington, D.C.), November 2007.
61. Dan S. Wallach, Testimony Before the Tennessee Advisory
Commission on Intergovernmental Relations (Nashville, Tennessee),
September 2007.
62. Dan S. Wallach and J. Alex Halderman, Results from the California
Top-to-Bottom Voting Systems Review, Presentation at Schloss
Dagstuhl's Frontiers of Electronic Voting (Wadern, Germany),
August 2007.
63. Michael E. Clark, Joseph E. Savage, Peter Toren, and Dan S.
Wallach, Trade Secret and Confidential Information, Panel at the
ABA National Institute on Computing and the Law (San Francisco,
California), June 2007.
64. Dan S. Wallach, Testimony Before the Senate Committee on Rules
and Administration, Hearing on Electronic Election
Reform (Washington, D.C.), February 2007.
65. Dan S. Wallach, Electronic Voting: Risks and Research, Institute for
Security Technology Studies Distinguished Speaker Series,
Dartmouth College (Hannover, New Hampshire), October 2006.
66. Dan S. Wallach, Electronic Voting: Risks and Research, Max
Planck Institute for Software Systems (Saarbrücken, Germany),
October 2006.
67. Dan S. Wallach, Electronic Voting: Risks and Research, , Chaire
Internationale en Sécurité Informatique, Institut Eurécom (Sophia
Antipolis, France), October 2006.
68. Dan S. Wallach, Electronic Voting: Risks and Research, University
of Texas at Austin (Austin, TX), September 2006.
69. Dan S. Wallach, The Risks of Electronic Voting, Election Protection
Summit (Washington, D.C.), June 2006.
70. Dan S. Wallach, Computer Security Education at Rice, Workshop
on Information Assurance Education (Houston, Texas), May 2006.
71. Dan S. Wallach, The Risks of Electronic Voting, Georgia Institute of

Technology (Atlanta, Georgia), March 2006.
72. Dan S. Wallach, Testimony for the California Senate Elections,
Reapportionment & Constitutional Amendments Committee (Menlo
Park, California), February 2006.
73. Elizabeth Hanshaw Winn and Dan S Wallach, Panel: Electronic
Voting Technology, First Annual Legislative and Public Policy
Conference, TSU Thurgood Marshall School of Law (Houston,
74. Paul Craft, Douglas Jones, John Kelsey, Ronald Rivest, Michael
Shamos, Dan Tokaji, Dan S. Wallach, Panel: Threat Discussion on
Trojan Horses, Backdoors, and Other Voting System Software-
Related Problems, NIST Workshop on Threats to Voting Systems
(Gaithersburg, Maryland), October 2005.
75. Dan S. Wallach, The Risks of Electronic Voting, Virginia Joint
Committee Studying Voting Equipment (Richmond, Virginia),
August 2005.
76. Dan S. Wallach, The Risks of Electronic Voting, Tarrant County
Democratic Party Meeting (Hurst, Texas), July 2005.
77. Dan S. Wallach, Electronic Voting Machine / Registration Systems,
Testimony for the Carter-Baker Commission on Federal Election
Reform (Houston, Texas), June 2005.
78. Dan S. Wallach, The Risks of Electronic Voting, NSF Workshop on
Cyberinfrastructure and the Social Sciences (Arlington, Virginia),
March 2005.
79. Dan S. Wallach, The Risks of Electronic Voting, CASSIS:
Construction and Analysis of Safe, Secure, and Interoperable Smart
Devices (Nice, France), March 2005.
80. Dan S. Wallach, The Risks of Electronic Voting, University of
Massachusetts, Amherst, Five Colleges Information Assurance
Lecture Series (Ahmerst, Massachusetts), December 2004.
81. Dan S. Wallach, The Risks of Electronic Voting, University of Iowa,
Department of Computer Science (Iowa City, Iowa), December
2004.
82. Dan S. Wallach, The Risks of Electronic Voting, CSI's 31st Annual
Computer Security Conference (Washington, D.C.), November
2004.
83. Hans Klein, Eugene Spafford, Donald Moynihan, Dan S. Wallach,
and Jim Reis, Panel: E-Voting Policies and Perils, Association for
Public Policy Analysis and Management (APPAM) (Atlanta,

Georgia), October 2004.
84. Dan S. Wallach, The Risks of Electronic Voting, Seventh Workshop
on Languages, Compilers, and Run-time Support for Scalable
Systems (Houston, Texas), October 2004.
85. Dan S. Wallach, The Risks of Electronic Voting, Symposium on the
2004 Presidential Election, John J. Marshall Law School (Chicago,
Illinois), October 2004.
86. Chris Bell, Dan S. Wallach, and Tony J. Servello III, Panel:
Electronic Voting, Science Café (Houston, Texas), October 2004.
87. Dan S. Wallach, The Risks of Electronic Voting, The Integrity of the
Electrion Process, U. of Toledo Law School (Toledo, Ohio),
October 2004.
88. Dan S. Wallach, The Risks of Electronic Voting, Princeton
University, Department of Computer Science (Princeton, New
Jersey), October 2004.
89. Dan S. Wallach, The Risks of Electronic Voting, DIMACS
Workshop on Cryptography: Theory Meets Practice (Piscataway,
New Jersey), October 2004.
90. Dan S. Wallach, Michael I. Shamos, Eugene Spafford, and Michael
E. Lavelle, Panel: Who Can Plug Into E-Voting Machines?, E-
lection 2004: Is E-Voting Ready for Prime Time?, John Marshall
Law School (Chicago, Illinois), October 2004.
91. Dan S. Wallach, Testimony for the NIST/EAC Technical Guidelines
Development Committee (Gaithersburg, Maryland), September
2004.
92. Dan S. Wallach, The Risks of Electronic Voting, DiverseWorks: The
Voting Machine (Houston, Texas), September 2004.
93. Dan S. Wallach, The Risks of Electronic Voting, Baker Institute
Forum on Electronic Voting (Houston, Texas), September 2004.
94. Dan S. Wallach, The Risks of Electronic Voting, League of Women
Voters General Meeting (Houston, Texas), September 2004.
95. Dan S. Wallach, The Risks of Electronic Voting, Simposio acerca de
Urnas Electrónicas para la Emisión del Voto Ciudadano (Mexico
City, Mexico), September 2004.
96. Dan S. Wallach, The Risks of Electronic Voting, Fermi National
Accelerator Lab (Batavia, Illinois), August 2004.
97. Dan S. Wallach, The Risks of Electronic Voting, TrueMajority
"National Day of Action" (Austin, Texas), July 2004.
98. Dan S. Wallach, The Risks of Electronic Voting, 10th Annual

County and District Clerks' Association of Texas Conference (Lake
Conroe, Texas), June 2004.
99. Dan S. Wallach, The Risks of Electronic Voting, Texas State
Democratic Party Convention, Progressive Populist Caucus
(Houston, Texas), June 2004.
100. Dan S. Wallach, Hack-a-Vote: Demonstrating Security Issues
with Electronic Voting Machines, DIMACS Workshop on
Electronic Voting - Theory and Practice (Piscataway, New Jersey),
May 2004.
101. Dan S. Wallach, Testimony for the Texas Senate Committee
on State Affairs (Austin, Texas), May 2004.
102. Josh Benaloh, Dana DeBeauvoir, and Dan S. Wallach. Panel:
Electronic Voting Security, IEEE Symposium on Security and
Privacy (Oakland, California), May 2004.
103. Dan S. Wallach, The Risks of Electronic Voting, Harris County
Democrats (Houston, Texas), April 2004.
104. Dan S. Wallach, The Risks of Electronic Voting, North
Brazoria County Democrats (Pearland, Texas), April 2004.
105. Dana DeBeauvoir, Ann McGeehan, Dan S. Wallach, Panel on
the Security of Electronic Voting, League of Women Voters (Austin,
Texas), April 2004.
106. Dan S. Wallach, The Risks of Electronic Voting, Guest lecture
in "Texas Political Parties and Elections" (Government 335N,
University of Texas, Austin), March 2004.
107. Dan S. Wallach, Testimony for the Texas House Elections
Committee (Austin, Texas), March 2004.
108. Dan S. Wallach, The Risks of Electronic Voting, Bell County
Republican Convention (Belton, Texas), March 2004.
109. Dan S. Wallach, Testimony for the Ohio Joint Committee on
Ballot Security (Columbus, Ohio), March 2004.
110. Dan S. Wallach, The Risks of Electronic Voting, Houston
Peace Forum (First Unitarian Universalist Church, Houston, Texas),
March 2004.
111. Ben Cohen and Dan S. Wallach, TrueMajority Press
Event (Washington, D.C.) February, 2004.
112. Dan S. Wallach, The Risks of Electronic Voting, European
Commision eDemocracy Seminar (Brussels, Belgium), February,
2004.
113. Dana DeBeauvoir, Dan S. Wallach, Ann McGeehan, Bill

Stotesbery, Adina Levin, Electronic Voting: Benefits & Risks, First
Unitarian Universalist Church of Austin (panel co-sponsored by
Travis County Green Party and Austin Democracy Coalition)
(Austin, Texas), January 2004.
114. Dan S. Wallach, The Risks of Electronic Voting, Texas
IMPACT / United Methodist Women (Austin, Texas), January 2004.
115. Dan S. Wallach, The Risks of Electronic Voting, River Oaks
Democratic Women (Houston, Texas), January 2004.
Michigan, Department of Computer Science (Ann Arbor,
Michigan), January 2004.
117. Dan S. Wallach, The Risks of Electronic Voting, EFF-Austin
Policy Roundtable (Austin, Texas), December 2003.
118. Dan S. Wallach, O.S. Security Semantics for Language-based
Systems, Katholieke Universiteit Leuven (Leuven, Belgium),
December 2003.
119. Dan S. Wallach, O.S. Security Semantics for Language-based
Systems, Belgium Java User's Group: JavaPolis (Antwerp, Belgium),
December 2003.
120. Dan S. Wallach, The Risks of Electronic Voting, Austin
Pastoral Center (Austin, Texas), November 2003.
121. Dan S. Wallach, Peer-to-Peer Security, Cornell University,
Department of Computer Science (Ithaca, New York), November
2003.
122. Dan S. Wallach, The Risks of Electronic Voting, Duke
University, Department of Computer Science (Durham, North
Carolina), October 2003.
Arizona, Department of Computer Science (Tucson, Arizona),
September 2003.
124. Dan S. Wallach, Peer-to-Peer Security, UW/MSR/CMU
Software Security Summer Institute (Stevenson, Washington), June
2003.
125. Dan S. Wallach, Peer-to-Peer Security, Stanford University,
Department of Computer Science (Stanford, California), May 2003.
126. Dan S. Wallach, Adventures in Copy Protection Research, The
Hockaday School (Dallas, Texas), April 2003.
127. Dan S. Wallach, Adventures in Copy Protection Research,

Formal Techniques for Networked and Distributed Systems
(Houston, Texas), November 2002.
128. Dan S. Wallach, Peer-to-Peer Security, Oregon Graduate
Institute (Portland, Oregon), March 2002.
129. Dan S. Wallach, Mobile Code Security Through Program
Transformations, Mathematical Foundations of Programming
Semantics (New Orleans, Louisiana), March 2002.
130. Dan S. Wallach, The Risks of E-Voting Machines, Bay Area
New Democrats (Houston, Texas), November 2001.
131. Dan S. Wallach, Testimony before the Houston City Council
on the risks of electronic voting systems, July 2001.
Open Group Meeting (Austin, Texas), July 2001.
Houston Copyright Town Hall Meeting (Houston, Texas), April,
2001.
Transformations, U.C. Berkeley (Berkeley, California), March
2001.
Transformations, University of Texas (Austin, Texas), November
2000.
Transformations, International Workshop on Mobile Objects/Code
and Security (Tokyo, Japan), October 2000.
137. Dan S. Wallach and John DeRose, The Security of
My.MP3.com and Other ``Beaming'' Technologies, MP3
Summit (San Diego, California), June 2000.
138. Dan S. Wallach, An Overview of Computer Security, Law
Practice Management Section of the Houston Bar Association
(Houston, Texas), May 2000.
139. - Wallach has also spoken to visiting groups of high school
students via a Rice outreach program organized by Jen Overton.
Advisees Completed PhDs:
Theodore Book (Square)
Scott Crosby (Two Sigma)
Mike Dietz (Google)
Judson Dressler (USAF)
Eyal de Lara (University of Toronto) (Prof. Willy Zwaenepoel was de

Lara's advisor of record)
Tsuen Wan "Johnny" Ngan (Google)
Seth Nielson (Crimson Vista)
Adam Pridgen (Visa International)
Algis Rudys (Google)
Daniel Sandler (Google)
Anhei Shu (Google)
Rima Tanash (Amazon)
Completed Postdocs:
Murat Moran (Giresun University, Turkey)
Peiyou Song (Google)
Completed Masters:
Anwis Das (Google)
Ersin Öksüzoğlu (Intel)
Shashi Shekhar (Google)
Ping Tao (TI)
Current graduate & post-doctoral researcher collaborators:
Bumjin Im
Jaeho Lee
Jonathan Sharman
Daniel Song
Consulting Private Consulting:

SRI International (June 2016, May-July 2018, computer security
research)
Solve Media (March 2012, security architecture review)
Authus (May 2009, security architecture review)
State of California (Summer 2007, "Top to Bottom" Voting System
Review)
AT&T Research (Fall 2001, collaborating with Avi Rubin on security
research)
GalleryFurniture (August 2001, post-attack web site audit and reinstall)
Curl (December 2000, security architecture review)
Quaadros Technologies (October 2000, design review)
Cloakware (September 2000 and August 2001, design review)
Coral Technologies (December 1999, security audit)
MetaCreations (March 2000, security audit)
CenterPoint Ventures (occasional, technical evaluations of startups)

Rho Ventures (occasional, technical evaluations of startups)
Legal Consulting (Election-related):
Secretary of Labor vs. Association of Professional Flight Attendants
(June 2017, expert for plaintiffs)
Secretary of Labor vs. Allied Pilots Association (September 2015, expert
for plaintiffs)
Jennings v. Buchanan (November 2006, expert for plaintiffs)
Conroy et al. v. Dennis (Colorado Sec. of State) (September 2006, expert
for plaintiffs)
Santana et al. v. Williams (Texas Sec. of State) and DeBeauvoir (Travis
County Clerk) (July 2006, expert for plaintiffs)
Taylor et al. v. Cortés (Pennsylvania Sec. of Commonwealth) (April
2006, expert for plaintiffs)
Bruni v. Valdes and Benavides (April 2006, expert for Bruni)
Flores v. Lopez (April 2006, expert for Flores)
ACLU v. Connor (Texas Sec. of State) (February 2005, expert for the
ACLU)
Legal Consulting (Other):
Federal Trade Commission (July 2013)
Eolas v. Perot Systems (March 2011, expert for Perot Systems)
Bedrock v. Google (November 2010, consultant for Google)
TiVo v. AT&T (June 2010, expert for AT&T)
Finjan v. Secure Computing (August 2007, expert for Secure
Computing)
Autobytel v. Dealix (May 2005, expert for Dealix)
Soverain v. Amazon.com (April 2005, expert for Amazon.com)
Uniloc v. Microsoft (November 2004, expert witness for Microsoft)
Nash v. Microsoft (May 2004, expert witness for Microsoft)
Recruitsoft v. Hire.com (August 2003, expert witness for Hire.com)
DirecTV v. NDS (April 2003, expert witness for DirecTV)
RIAA v. MP3.com (February 2000, wrote declaration for MP3.com)
Employment Rice University, Professor, Department of Computer Science, beginning

History October 1998. (Promoted from assistant professor in May 2005; promoted from
associate professor in 2012.)
1/07 - 12/07 Stanford University, Department of Computer Science, visiting professor
/ SRI Computer Science Laboratory, visiting researcher
9/93 - 10/98 Princeton University, Graduate student, Department of Computer Science.
Supported by grants from NSF, Sun Microsystems, Intel, Microsoft, and others.
6/97 - 8/97 Netscape Communications Corporation, Mountain View, California.
Integrated Java with SSL. Audited the CORBA and RMI implementations for
security bugs. Wrote a CORBA demonstration (a chat server).
6/96 - 8/96 Netscape Communications Corporation, Mountain View, California.
Designed and implemented a privilege-based security mechanism and user
interface to enable digitally-signed Java applets. Participated in design reviews
of several Netscape and JavaSoft technologies.
6/95 - 8/95 Microsoft Corporation, Redmond, Washington.
Wrote a converter from Softimage to a RenderMorphics-based system (V-
Chat). Designed and implemented a polygonal model compression system for
virtual reality applications.
6/94 - 8/94 David Sarnoff Research Center, Princeton, New Jersey.
Wrote a microcode-level simulator for parallel video processing engine. Wrote
design documents for the client side of a future video-on-demand system.
6/93 - 8/93 Berkeley Systems, Berkeley, California.
Ported a screen-reading system (allowing blind people to use graphical user
interfaces) from Microsoft Windows to X.
9/92 - 6/93 U.C. Berkeley, Research Assistant for Dr. Larry Rowe.
Implemented parts of a MPEG-1 video encoder. Wrote the audio support for a
real-time distributed media-on-demand system.
Exhibit B
FBI detects breaches against two state voter systems
Dustin Volz, Jim Finkle
WASHINGTON (Reuters) - The Federal Bureau of Investigation has found

breaches in Illinois and Arizona’s voter registration databases and is urging states
to increase computer security ahead of the Nov. 8 presidential election, according
to a U.S. official familiar with the probe.
The official, speaking on condition of anonymity, said on Monday that

investigators were also seeking evidence of whether other states may have been
targeted.
The FBI warning in an Aug. 18 flash alert from the agency’s Cyber Division did
not identify the intruders or the two states targeted.
Reuters obtained a copy of the document after Yahoo News first reported the story
Monday.
Accessing information in a voter database, much of which is publicly accessible,

does not necessarily suggest an effort to manipulate the votes themselves. When
registering, voters typically provide their names, home addresses, driver’s license
or identification numbers, and party affiliations.
But U.S. intelligence officials have become increasingly worried that hackers
sponsored by Russia or other countries may attempt to disrupt the presidential
election.
Officials and cyber security experts say recent breaches at the Democratic National
Committee and elsewhere in the Democratic Party were likely carried out by
people within the Russian government. Kremlin officials have denied that.
An FBI spokeswoman would not comment on the alerts but said the agency
“routinely advises” on “various cyber threat indicators observed during the course
of our investigations.”
The intrusions come amid repeated unsubstantiated claims by Republican

presidential candidate Donald Trump that the U.S. election system is “rigged.”
Trump has cited emails leaked from the DNC that indicated the party leadership
favored Hillary Clinton over rival candidate Bernie Sanders as reason to cast doubt
on the electoral process in general.
‘LARGER ATTACK’?
David Kennedy, chief executive officer of information security consulting

company TrustedSec, said the attacks referenced in the FBI alert appeared to be
largely exploratory and not especially sophisticated.
“It could be a precursor to a larger attack,” he added.
Citing a state election board official, Yahoo News said the Illinois voter
registration system was shut down for 10 days in late July after hackers
downloaded personal data on up to 200,000 voters.
Dems see mixed results in governor races
State voter systems are often targeted by hackers, and 200,000 is a relatively small
number compared to other recent incidents. An independent computer security
researcher uncovered in December of last year a database on 191 million voters
that was exposed on the open Internet due to an incorrect configuration.
The Arizona attack was more limited and involved introducing malicious software
into one state employee’s computer, said Matt Roberts, communications director
for the Arizona secretary of state’s office.
That office publicly reported a cyber incident in June after being contacted by the
FBI, which led to it temporarily shutting down its election site to deal with the
potential threat.
Roberts said he was uncertain if the FBI advisory was in reference to that same
June incident, during which investigators found no evidence of any data
exfiltration. In that episode, the FBI told Arizona officials the hackers were
believed to be Russian and described it as an “eight out of 10” on a threat severity

scale, Roberts said.
Arizona will hold Republican and Democratic primaries for congressional races on
Tuesday.
Exhibit C
KEMP’S AGGRESSIVE GAMBIT TO DISTRACT FROM ELECTION

SECURITY CRISIS
When Georgia Democrats were alerted to what they believe to be major

vulnerabilities in the state’s voter registration system Saturday, they contacted
computer security experts who verified the problems. They then notified Secretary
of State Brian Kemp’s lawyers and national intelligence officials in the hope of
getting the problems fixed.
Instead of addressing the security issues, Kemp’s office put out a statement Sunday
saying he had opened an investigation that targets the Democrats for hacking.
Kemp’s statement has become top news nationwide, but the context and
background have yet to be reported — so we are providing it below.
The Backstory and Detail
By the time Democrats reached out to the experts, Kemp’s office and the Federal
Bureau of Investigation had already been alerted to the problem on Saturday
morning by David Cross of the Morrison Foerster law firm. Cross is an attorney for
one of the plaintiffs in a lawsuit against Kemp and other elections officials
concerning cyber weaknesses in Georgia’s election system.
A man who claims to be a Georgia resident said he stumbled upon files in his My
Voter Page on the secretary of state’s website. He realized the files were
accessible. That man then reached out to one of Cross’s clients, who then put the
source and Cross in touch on Friday.
The next morning, Cross called John Salter, a lawyer who represents Kemp and the
secretary of state’s office. Cross also notified the FBI.
WhoWhatWhy, which exclusively reported on these vulnerabilities Sunday

morning, had consulted with five computer security experts on Saturday to verify
the seriousness of the situation. They confirmed that these security gaps would
allow even a low-skilled hacker to compromise Georgia’s voter registration system
and, in turn, the election itself. It is not known how long these vulnerabilities have
existed or whether they have been exploited.
Just before noon on Saturday, a third party provided WhoWhatWhy with an email
and document sent from the Democratic Party of Georgia to election security
experts that highlighted these potential vulnerabilities within the state’s My Voter
Page and online voter registration system.
According to the document, it would not be difficult for almost anyone with
minimal computer expertise to access millions of voters’ private information and
potentially make changes to their registrations — including canceling them.
In this election and during the primaries, voters have reported not showing up in
the poll books, being assigned to the wrong precinct, and being issued the wrong
ballot.
All of that could be explained by a bad actor changing voter registration data.
In the email that sparked this controversy, Sara Tindall Ghazal, the voter protection
director for the Democratic Party of Georgia, alerted two computer experts of a
potential problem that she said might constitute a “massive
vulnerability.” WhoWhatWhy is not publishing the document describing the
problem, as it provides a roadmap to exploiting the security weaknesses.
None of the cyber security experts WhoWhatWhy then contacted tested the
vulnerabilities described, downloaded any files, altered any data, or searched the
My Voter Page by altering the website address.
All five noted that testing these vulnerabilities without permission would be illegal.
Instead, several logged onto the My Voter Page to look at the code used to build
the site — something any Georgian voter could do with a little instruction — and
confirmed the voter registration system’s vulnerabilities.
They then alerted a national intelligence agency and reached out to the Coalition
for Good Governance, an election security advocacy group that has sued
Georgia multiple times over the vulnerability of its systems.
Bruce Brown, a lawyer for the group, then reached out to Kemp’s attorneys to alert
them of the problem. At 7:03 PM Saturday night, he emailed John Salter and Roy
Barnes, former governor of Georgia, in their capacities as counsel to Secretary of
State Kemp, to notify them of the serious potential cyber vulnerability in the
registration files that had been discovered without any hacking at all, and that
national intelligence officials had already been notified.
WhoWhatWhy published its first story on the subject shortly after 6:00 AM Sunday
morning.
Instead of addressing the problem, however, Kemp put out the statement an hour
later saying his office has launched a hacking investigation.
“While we cannot comment on the specifics of an ongoing investigation, I can

confirm that the Democratic Party of Georgia is under investigation for possible
cyber crimes,” press secretary Candice Broce stated. “We can also confirm that no
personal data was breached and our system remains secure.”
Kemp’s office is being disingenuous, Brown asserted.
“We have seen, unfortunately, that we were too correct in our allegations and
Judge [Amy] Totenberg was too prescient in her concerns about the system,”
Brown said. “That Kemp would turn this around and blame other people for his
failures is reflective of his complete failure as Secretary of State.”
Judge Totenberg had recently ruled that there was not enough time for Georgia to
switch to paper ballots — widely seen as a more secure voting method — but
expressed grave concerns over the security of the state’s elections.
“What is particularly outrageous about this, is that I gave this information in

confidence to Kemp’s lawyers so that something could be done about it without
exposing the vulnerability to the public,” Brown told WhoWhatWhy. “Putting his
own political agenda over the security of the election, Kemp is ignoring his
responsibility to the people of Georgia.”
It is not clear what impact — if any — the vulnerabilities identified will have on
Tuesday’s elections, or how they might have affected early voting. Voters should
still go to the polls and, if they are encountering problems, ask to cast a provisional
ballot as is their right.
The computer security experts with whom WhoWhatWhy spoke were all baffled by
what they found when they reviewed the problem.
“For such an easy and low hanging vulnerability to exist, it gives me zero
confidence in the capabilities of the system administrator, software developer, and
the data custodian,” Kris Constable, who runs a privacy law and data security
consulting firm, told WhoWhatWhy. “They should not be trusted with personally
identifiable information again. They have shown incompetence in proper privacy-
protecting data custodian capabilities.”
As Secretary of State, Kemp is the data custodian, meaning he is responsible for

the security of voter information. The system administrator works for Kemp and
the software developer is a private contractor hired by Kemp’s office.
Kemp is also the Republican candidate for governor in Tuesday’s election, where
he is locked in a close race with Democrat Stacey Abrams.
The first vulnerability identified in the email is on the My Voter Page, where
voters can check their registration, the status of their mail-in or provisional ballots,
or change their voter information. After following a commonly used link, one
arrives at a page that is not secure. To view any file on the server that runs the My
Voter Page nothing more is needed than typing any file name into the web
browser, the experts said.
In addition to documents, files include things like network configuration files,

cryptographic keys, and possibly even code that could be used to break into the
server.
Because it would be illegal to explore what is available on the site, the extent of the
vulnerability is still not known.
“Holy shit,” Duncan Buell told WhoWhatWhy when he logged onto the website.
“Presumably, you could just hit the backspace button on the file, put in a new file
name, and it would let you download that.”
Even if someone didn’t know the name of the document they were trying to access,
they could instead find it by writing a code to probe the My Voter Page, said Buell,
a computer science professor at the University of South Carolina and elections and
voting technology expert.
The second vulnerability described in the email is found in the state’s online voter
registration system.
In the code of the website — which anybody can access using their internet
browser — there is a series of numbers that represent voters in a county. By
changing a number in the web browser’s interface and then changing the county, it
appears that anybody could download every single Georgia voter’s personally
identifiable information and possibly modify voter data en masse.
In addition, voter history, absentee voting, and early voting data are all public
record on the secretary of state’s website. If a bad actor wanted to target a certain
voting group, all of the information needed is available for download.
“It’s so juvenile from an information security perspective that it’s crazy this is part
of a live system,” Constable said.
What’s more, there don’t seem to be any security measures that could detect these
changes or trace them back to a source, according to several of the experts.
Worse yet, a bad actor could easily pretend to be someone else, according to
Constable. “In theory you could copy and paste that session ID or cookie — that
unique string — and put it in your browser to emulate that person,” Constable said.
“So not only could you access that person’s information and act as that person, you
could then make changes under that person’s identity.”
Changes to voter registration information could create chaos on Election Day: long
lines to vote, voters going to the wrong precinct, voters being given the wrong
ballot, or not showing up on the polls at all.
Georgia may not be alone. These security flaws may well exist in other states.
A Connecticut-based private contractor, PCC Technologies Inc., has contracts to

manage voter registration systems for Georgia and 14 other states. PCC also runs
online voter registration for six of them, including Georgia. If these vulnerabilities
exist in Georgia, they could also be present in other states where PCC operates.
Matt Bernhard, a Ph.D. student in computer science at the University of Michigan

focusing on voting technology, found that personally identifiable information
could also be accessed through North Carolina’s voter page, which PCC also
manages.
As Georgia’s system has not been audited — if it had, these problems would have
been found and fixed, presumably — there are likely other vulnerabilities that
could impact the midterm election, according to Constable.
PCC also runs the ElectioNet system, which is used by every county in Georgia to
manage the state’s voter rolls. If voter registration data was changed, it would
show up in the ElectioNet system. In a declaration as part of a recent lawsuit
against the state, Colin McRae, chair of the Chatham County Board of Registrars,
disclosed that the ElectioNetsystem is also responsible for populating the data in
the pollbooks of every state.
The pollbooks are used to encode the voters’ yellow access cards on Election Day.
Those cards have voters’ ballot style numbers, which are then brought up by the
voting machine. The connection between ElectioNet and the pollbooks draws a
straight line between how security gaps on the My Voter Page and voter
registration site could impact the election, including giving voters the wrong
ballots or removing them from the rolls.
If the assessment of these vulnerabilities is accurate, it would be the fourth time in

as many years that the private information of every voter in Georgia, as well as
other information related to voting, has been exposed.
In 2015, an employee at the secretary of state’s office sent out personally

identifiable information to 12 news media and political party organizations.
At the time, Kemp said that “all 12 discs have been recovered or confirmed they
were destroyed by the recipients. I am confident that all voter information is secure
and safe.”
The press release also said that Kemp was “in the process of engaging Ernst &
Young, a top professional services firm with specialization in IT security, to
conduct a thorough, top to bottom review of our IT policies and procedures.”
In August, 2016, computer researcher Logan Lamb, formerly of Oak Ridge

National Laboratory, was able to access Georgia’s entire voter registration
database, including all personally identifiable information. The system was not
password protected and was vulnerable to being rewritten. He notified the state of
the problem.
Then in February, 2017, Christopher Grayson — a Los Angeles-based security

engineer — and Lamb found that the problem had not been fixed and that the same
information was still unprotected.
The Coalition for Good Governance sued Kemp in July of 2017 in an attempt to
replace the electronic voting system with paper ballots and to secure the electronic
poll books, citing the previous security breaches.
Kemp is also the Republican candidate for governor, running against Democrat
Stacey Abrams. Kemp has ignored calls to step down as secretary of state — most
recently by former President Jimmy Carter — opting instead to both run the
election and be a participant.
In a statement made to NPR’s Atlanta affiliate WABE in July of this year, a

spokesperson for the secretary of state said, “There has never been a breach in the
Secretary of State’s office. We have never been hacked, and according to President
Trump and the Department Of Homeland Security, we have never been targeted.
Georgia has secure, accessible, and fair elections because Kemp has leveraged
private sector solutions for robust cyber security, well before any of those options
were offered by the federal government.”
According to three experts who reviewed the security features of the My Voter
Page and voter registration website — not just its vulnerabilities — Kemp would
have no way of knowing if the site had ever been hacked or by whom. PCC, the
private-sector company responsible for managing Georgia’s voter registration and
online voter registration systems, seems to be at fault for the poorly designed site.
“Not only could anybody in the world access it, but there’s not even any indication
that there are protections built in to detect an intrusion, otherwise this would have
been discovered and corrected already,” Constable said.
Harri Hursti, a world-renowned data security expert who has studied election
cybersecurity in five countries, including the US, is familiar with a different
weakness in Georgia’s voting infrastructure. In a series of tests that became known
as the “Hursti Hacks,” the researcher hacked the Diebold voting system — the
same type of voting machines used in Georgia.
But even he was stunned by the vulnerabilities in Georgia’s My Voter Page and
voter registration system.
“This is the equivalent of having the bank safe door open,” Hursti said. “And while
it’s open, you have the bank safe code posted on the door. People who have built
this have no idea what they’re doing.”
Exhibit D
Serious Vulnerabilities in Georgia’s Online Voter Registration System
Yesterday afternoon, Marilyn Marks sent an email thread to me and several other
election security experts. The email was seeking to confirm two serious
vulnerabilities in Georgia’s online voter registration system. It contained a
technical description of the problems, apparently reported by a party volunteer.
Without exploiting the vulnerabilities, I confirmed that the description appeared to
be technically accurate, and that the problems were very serious. Around 7 PM
yesterday, the information was reported to the Georgia Secretary of State by Bruce
Brown, an attorney for the plaintiffs in Curling v. Kemp, in which I am serving as a
technical expert.
The first vulnerability lets users access and change other voters’ records. The Voter
Registration server has a trivial “URL manipulation” vulnerability that allows any
logged-in voter to access other voters’ registration pages (here’s an explainer for
URL manipulation).These pages contain sensitive personally identifiable
information, including the voter’s address and date of birth. The initial technical
description also indicated that driver’s license information and the last four digits
of a voter’s social security number were available through this vulnerability, but I
could not confirm that without exploiting the vulnerability. With this information,
an attacker can log into Georgia’s online voter registration system as that other
voter and change their registration information. In the worst case, an attacker could
automate this process to change the registrations of many voters, resulting in their
not being able to vote on election day.
The second vulnerability is a “URL manipulation” vulnerability in the My Voter

Page server. An incorrectly implemented function allows anyone to read arbitrary
files from the server’s internal filesystem, simply by changing a URL. This
exposes sensitive information — including the server-side application program
files, as well as system and network configuration files — that would help an
attacker break farther into the server, and potentially into other parts of the voter
registration computer systems.
Georgia’s voter registration is handled by a system called ElectioNet, a voter

registration suite that is sold by PCC Technologies. ElectioNet is used in 15 states
for voter registration functions, and the issues with Georgia’s system may also
apply to those states. PCC also produces software for other election functions,
including for election-night reporting, and that software should be carefully
scrutinized.
The State of Georgia, other affected states, and PCC Technologies need to take
action immediately to remedy these vulnerabilities and assess whether voter
registration records have already been changed.
Exhibit E
Case 1:18-cv-04789-LMM Document 37-1 Filed 10/28/18 Page 1 of 12
Exhibit F
Brian Kemp declares victory in Georgia governor race as Stacey Abrams

waits for results
ATLANTA – Republican Brian Kemp has declared victory in the Georgia

governor’s race with election results showing him with a narrow lead over
Democrat Stacey Abrams and all but a few precincts reporting complete results.
But the Abrams campaign said Wednesday it would not concede and hopes that
thousands of absentee and provisional ballots yet to be counted contained enough
votes to force a runoff election or recount.
A spokesman for the Kemp campaign said in a statement Wednesday evening that
with Kemp ahead 64,000 votes, outstanding provisional and overseas ballots would
not make a difference.
“Simply put, it is mathematically impossible for Stacey Abrams to win or force a

run-off election,” Kemp spokesman Cody Hall said in a statement. "Peach State
voters made a clear decision at the ballot box. Brian Kemp will now begin his
transition as governor-elect of Georgia. He will work every day to keep our state
moving in the right direction."
Kemp holds a two-point lead over Abrams with all precincts

reporting. Abrams' hope was to close the gap by some 15,000 votes, enough to
deny Kemp an outright majority and force a head-to-head runoff on Dec. 4.
Abrams campaign manager Lauren Groh-Wargo said Wednesday evening the

campaign was working to ensure every vote was counted, even if that leads to a
lawsuit.
"We know our opponent has had the secretary of state's office declare he is the
winner. We are here to say we don't accept that," she said, adding the campaign
was examining "every option" to ensure the race was fair.
Groh-Wargo said while the secretary of state has released numbers, the campaign
has asked for the proof behind the data and received silence from the office, which
Kemp heads.
She called his overseeing of the election a "conflict of interest" and said Kemp was
using his position as secretary of state as "an arm of his campaign apparatus."
Groh-Wargo said they were blindsided by Kemp's claim of victory when she says
there are at least 25,000 provisional and mail-in ballots remain uncounted. They
said they were unsure of how many absentee ballots remain but the Georgia
Secretary of State’s Office said Wednesday afternoon that less than 3,000 “non-
provisional” ballots were outstanding.
Clarke, Fulton, Hall and Gwinnett counties completed their absentee ballot
tabulations today. Cobb and Chatham were expected to also finish their counts by
the end of the day.
According to the statement, county officials reported less than 22,000 provisional
ballots cast statewide.
Provisional ballots must be verified by Friday. All counties in Georgia are required
to certify their election results by 5 p.m. Tuesday.
Poll watchers reported problems and irregularities at several sites. A Fulton County
judge ordered hours extended at some polling places Tuesday to give voters who
might have been affected more opportunity to cast ballots.
Groh-Wargo said there has been confusion in DeKalb County over how to count
provisional ballots because they haven't been tabulated in prior elections.
And she said Hurricane Michael, which caused mail to Dougherty County to be
rerouted through Tallahassee, Florida, could have delayed some absentee ballots.
Craig Albert, a political scientist at Augusta University, said the chance the
outstanding ballots would close the gap was slim.
“I think it’s mathematically possible,” he said. “But it doesn’t seem probable that
that’s going to happen. Everything would have to happen perfectly in her way for
this to occur right now.”
Groh-Wargo said Abrams will not concede the race until every vote is tallied.
"We feel that Georgia voters deserve to have those votes counted," Groh-Wargo
told reporters on Wednesday.
In one of the nation's highest-profile gubernatorial elections this year,

the candidates are competing to succeed Republican Gov. Nathan Deal. Deal has
reached his two-term limit.
Abrams, 44, a former state House minority leader, is trying to become the first
Democrat elected governor in Georgia in 20 years and the first black woman
governor in the nation.
Kemp, 55, Georgia's secretary of state, is trying to keep the office in Republican
hands.
With polls showing a tight race in the days before the election, President Donald
Trump and Vice President Mike Pence came to Georgia to rally for Kemp. Former
President Barack Obama and Oprah Winfrey appeared for Abrams.
Albert said Abrams was smart to stay in the race for now. No matter the final
result, he said, her performance exceeded expectations.
He called voter turnout this year "remarkable” for a midterm election.
The Abrams campaign released data Wednesday showing 3.9 million voters cast
ballots in the gubernatorial race. That was 56 percent more than the 2.5 million
who voted in 2014.
As secretary of state, Kemp is Georgia's top election official.
Abrams and her supporters have accused Kemp and other Republicans
of attempting to suppress the Democratic vote.
Kemp's office on Sunday announced an investigation of the state Democratic Party

over an alleged hack of the state's voter registration system.
Both sides condemned a racist robocall that targeted Abrams and Winfrey.
A group of Georgia voters filed a lawsuit in U.S. District Court in Atlanta on

Tuesday seeking to stop Kemp from presiding over the election.
Groh-Wargo said the fight for votes could last until the election is certified in each
county.
That typically happens on the Monday after an election. But it was unclear whether
that would be delayed by Veterans Day on Monday.

ATLANTA DIVISION
COMMON CAUSE GEORGIA, as an :

organization, :
:
Plaintiff, :
:
v. : CIVIL ACTION NO.
: 1:18-cv-5102-AT
BRIAN KEMP, in his official capacity :
as Secretary of State of Georgia, :
:
Defendant. :
ORDER
The Court DIRECTS Plaintiff to file an affidavit from a qualified
statistician, NO LATER THAN 3:00 PM TODAY, based on the election data
provided by Defendant in the Affidavit of Chris Harvey, regarding whether or not
there is a statistically significant increase in the percentage of provisional ballots
cast, relative to the total number of ballots cast, as follows:
● between the 2018 election and the 2016 election; and
● between the 2018 election and the 2014 election.
Defendant may also submit an affidavit NO LATER THAN 3:00 PM TODAY
IT IS SO ORDERED this 9th day of November, 2018.
_____________________________
Amy Totenberg
United States District Judge

ATLANTA DIVISION
Common Cause Georgia, as an )
organization, )
)
Plaintiff, )
) Case No. 1:18-CV-05012-AT
v. )
) The Honorable Amy Totenberg
Brian Kemp, in his official capacity as )
)
Defendant. )
DECLARATION OF MICHAEL McDONALD

My name is Michael P. McDonald. I am Associate Professor of Political
Science at the University of Florida. I am widely regarded as a leading expert on
United States elections. I have published extensively on elections in peer-reviewed
journals and I produce what many consider to be the most reliable turnout rates of
the nation and the states. 1 In the course of my election work, I have consulted for the
United States Election Assistance Commission, the Department of Defense’s
Federal Voting Assistance Program, the media’s National Exit Poll consortium, the
Associated Press, ABC News, and NBC News. I have testified or produced reports
1
Michael P. McDonald and Samuel Popkin. 2001. "The Myth of the Vanishing Voter." American Political Science
Review 95(4): 963-974
1
in my capacity as an expert witness in seventeen election-related lawsuits, both for
plaintiffs and defendants. Please see my curriculum vitae, attached hereto as Exhibit
A, for more information.
I. Data Sources
I analyze a spreadsheet called “annual_prov_ballots.csv” provided to me by
Plaintiff’s counsel, which contains data produced by the Georgia Secretary of State’s
office in the Exhibit A to the Declaration of Chris Harvey (Doc. 33), and on the
Secretary of State’s website. The data includes the total number of ballots and the
number of provisional ballots cast in Georgia’s counties and statewide in the 2014,
2016, and 2018 general elections. The share of a county’s total ballots that were cast
as provisional ballots (hereinafter “the provisional ballot rate”) in a given election is
provided in the spreadsheet, which I verified is computed by dividing the number of
provisional ballots by the total number of ballots.
2
2018 2016 2014 Change Change

Prov 2018 Total 2018 % Prov 2016 Total 2016 % Prov 2014 Total 2014 % 2016 to 2014 to
Ballots Ballots Prov Ballots Ballots Prov Ballots Ballots Prov 2018 2018
Statewide 21,190 3,930,897 0.54% 16,739 4,165,405 0.40% 12,151 2,596,947 0.47% 0.14% 0.07%
Chattahoochee 34 1,104 3.08% 6 1,409 0.43% 2 715 0.28% 2.65% 2.80%
Troup 685 23,726 2.89% 667 26,334 2.53% 112 16,028 0.70% 0.35% 2.19%
Decatur 188 9,068 2.07% 129 10,355 1.25% 10 6,223 0.16% 0.83% 1.91%
Jasper 62 5,911 1.05% 6 6,082 0.10% 2 3,911 0.05% 0.95% 1.00%
Miller 23 2,319 0.99% 8 2,563 0.31% 1 1,471 0.07% 0.68% 0.92%
Taylor 30 3,272 0.92% 5 3,432 0.15% 0 2,247 0.00% 0.77% 0.92%
Stewart 40 1,794 2.23% 5 2,084 0.24% 18 1,274 1.41% 1.99% 0.82%
Ben Hill 50 5,551 0.90% 36 5,994 0.60% 3 3,565 0.08% 0.30% 0.82%
Bulloch 224 23,602 0.95% 130 25,695 0.51% 19 14,125 0.13% 0.44% 0.81%
Elbert 79 7,348 1.08% 80 8,073 0.99% 14 4,842 0.29% 0.08% 0.79%
Table 1. Georgia 2018, 2016, and 2014 Provisional Ballot Activity, Statewide and in Selected Counties
3
II. Analysis
In Table 1, I provide statistics on provisional ballot activity in Georgia
statewide and in selected counties in the 2018, 2016, and 2014 general elections. In
additional to the statistics provided in the spreadsheet, I compute two simple
differences in the percentage of provisional ballots cast in the 2018 and 2016
elections and the 2018 and 2014 election. I sort the counties by the 2018 and 2014
difference and report the top ten counties in the spreadsheet.
Statewide, the Georgia Secretary of State’s Office reports that in the 2018
election there are 21,190 provisional ballots cast out of 3,930,897 total ballots cast,
for a provisional ballot rate of 0.54 percent. In 2016, there were 16,739 provisional
ballots cast out of 4,165,405 total ballots cast for a provisional ballot rate of 0.40
percent. In 2014 there were 12,151 provisional ballots cast out of 2,596,947 total
ballots cast for a provisional ballot rate of 0.47 percent. Statewide, provisional ballot
rate has been increasing over time and there were 4,451 more provisional ballots cast
in 2018 than in 2016, which had a higher turnout rate. As a consequence, the change
in the provisional ballot rate from 2016 to 2018 increased by 0.14 percentage points
and the provisional ballot rate from 2014 to 2018 increased by 0.07 percentage
points.
I compute similar statistics the counties and list the top ten counties by the
change in the difference from 2014 to 2018 general elections. All of these counties
4
have a change in the provisional ballot rate from 2014 to 2018 that is at least ten
times greater than the statewide change of 0.07 percentage points. Chattahoochee
County has a change of 2.80 percentage points. Troup County has a change of 2.19
percentage points. Decatur County has a change of 1.91 percentage points. Jasper
has a change of 1.00 percentage points. Miller County has a change of 0.92
percentage points. Taylor County has a change of 0.92 percentage points. Stewart
County has a change of 0.82 percentage points. Ben Hill has a change of 0.82
percentage points. Bulloch County has a change of 0.81 percentage points. Elbert
County has a change of 0.79 percentage points.
This increase in provisional ballot rate is also evident in one of the state’s
biggest counties, DeKalb County. In the 2014 and 2016 general elections, the
provisional ballot rate in DeKalb county was 0.469 percent and 0.363 percent,
respectively. In the 2018 election, that number more than doubled to 0.97 percent.
Notably, DeKalb county was not one of the counties that had extended hours on
election day.
These are the universe of total ballots cast and provisional ballots cast, so from
a statistical standpoint these changes are significant in that they describe the actual
observed changes, and are not a function of random sampling. It is my opinion that
these changes from 2014 to 2018 are unusually high given the overall statewide
change and indicate systematic issues within these counties.
5
I also employ a simple regression model in order to test whether the variation
between 2018 and previous years could be a result of random variation in provisional
ballot usage across counties. I understand that the Court has asked for two separate
comparisons: (1) a comparison between the provisional ballot rates in 2014 and
2018; and (2) a comparison between the provisional ballot rates in 2016 and 2018. I
test for statistically significant differences, as requested. It is a best practice to
include all available data in an analysis, so I analyze a model that includes all three
election years and interpret the patterns I observe to answer the court’s requests.
I report the estimates from a regression model in Table 2. The year variable
identifies the year of a county’s provisional ballot rate. By omitting 2018, the
estimated coefficients in the model can be directly interpreted as the difference in
2018 compared to 2016 and 2014.
Std. p-
Variable Coefficient Err. t-Stat Value
2016 -0.00058 0.00050 -1.17 0.244
2014 -0.00101 0.00050 -2.01 0.045
Constant 0.00360 0.00035 10.18 0.000
Table 2. Regression Analysis of Provisional Ballots Rates Across Georgia
Counties in the 2018, 2016, and 2014 General Elections.
Examining the estimated coefficients, I observe that the provisional ballot rate
was 0.1 percentage points lower in 2014 than in 2018. This estimated is statistically
significant at conventional levels of statistical significance, i.e., the p-value for this
coefficient is 0.045, which is less than the widely accepted .05 critical value.
6
The provisional ballot rate is also 0.05 percentage points lower in 2016 than
in 2018. While this is in the same expected direction as 2014, it is not statistically
significant at conventional levels, the p-value for this coefficient is 0.244, which is
greater than the widely accepted .05 critical value.
Since midterm elections are the most comparable elections, the balance of the
evidence suggests the provisional ballot rate across Georgia counties was higher in
2018 compared to 2014 or 2016. Furthermore, the raw count data of total ballots cast
and provisional ballots cast indicates that these increases were primarily located
within a handful of counties that experienced large increases relative to these past
elections.
I declare under penalty of perjury that the foregoing is true and correct.
Executed on November 9, 2018.
(electronically signed)
Michael McDonald
7
Exhibit A
Dr. Michael P. McDonald

Associate Professor, University of Florida
Department of Political Science
222 Anderson Hall
P.O. Box 117325
Gainesville, FL 32611
Office: 352-273-2371
Fax: 352-392-8127
Email: michael.mcdonald@ufl.edu
Education
Post-Doctoral Fellow. Harvard University. August 1998 – August 1999.
Ph.D. Political Science. University of California, San Diego. February, 1999.
BS Economics. California Institute of Technology. June, 1989.
Awards
Brown Democracy Medal, McCourtney Institute for Democracy at Penn State University. 2018.
Positive impact on democracy for the Public Mapping Project.
Tides Pizzigati Prize. 2013. Public interest software for DistrictBuilder.
Strata Innovation Award. 2012. Data Used for Social Impact for DistrictBuilder.
American Political Science Association, Information and Technology Politics Section. 2012.
Software of the Year for DistrictBuilder.
Politico. 2011. Top Ten Political Innovations for DistrictBuilder.
GovFresh. 2011. 2nd Place, Best Use of Open Source for DistrictBuilder.
Virginia Senate. 2010. Commendation for Virginia Redistricting Competition.
American Political Science Association, Information and Technology Politics Section. 2009.
Software of the Year for BARD.
1
Publications
Books
Michael P. McDonald. Under Contract. The Art of Voting. New York, NY: Oxford University
Press.
Michael P. McDonald and Micah Altman. 2018. The Public Mapping Project: How Public
Participation Can Revolutionize Redistricting. Ithaca, NY: Cornell University Press.
Michael P. McDonald and John Samples, eds. 2006. The Marketplace of Democracy: Electoral
Competition and American Politics. Washington DC: Brookings Press.
Micah Altman, Jeff Gill, and Michael P. McDonald. 2003. Numerical Issues in Statistical
Computing for the Social Scientist. Hoboken, NJ: Wiley and Sons.
Peer-Reviewed Articles
Tyler Culberson, Suzanne Robbins, and Michael P. McDonald. Forthcoming. “Small Donors in
Congressional Elections.” American Politics Research.
Matthew DeBell, Jon A. Krosnick, Katie Gera, David Yeager, and Michael McDonald.
Forthcoming. “The Turnout Gap in Surveys: Explanations and Solutions.” Sociological
Methods and Research.
Micah Altman and Michael P. McDonald. 2017. “Redistricting by Formula: The Case of Ohio.”
American Politics Research 46(1): 103-31.
Micah Altman, Eric Magar, Michael P. McDonald, and Alejandro Trelles. 2017. “Measuring
Partisan Bias in a Multi-Party Setting: the Case of Mexico.” Political Geography 57(1): 1-12.
Brian Amos, Michael P. McDonald, and Russell Watkins. 2017. “When Boundaries Collide:
Constructing a Database of Election and Census Data.” Public Opinion Quarterly 81(S1):
385-400.
Trelles, Alejandro, Micah Altman, Eric Magar, and Michael P. McDonald. 2016. "Datos
abiertos, transparencia y redistritación en México." Política y Gobierno 23(2): 331-364.
Michael P. McDonald. 2014. “Calculating Presidential Vote for Legislative Districts.” State
Politics and Policy Quarterly 14(2): 196-204.
Micah Altman and Michael P. McDonald. 2014. “Public Participation GIS: The Case of
Redistricting.” Proceedings of the 47th Annual Hawaii International Conference on System
Sciences, Computer Society Press.
Michael P. McDonald and Caroline Tolbert. 2012. “Perceptions vs. Actual Exposure to Electoral
Competition and Political Participation.” Public Opinion Quarterly 76(3): 538-54.
2
Michael P. McDonald and Matthew Thornburg. 2012. “Evidence for Mode of Interview Effects:
The Case of Supplementing Exit Polls with Early Voter Phone Surveys.” Public Opinion
Quarterly 76(2): 326-63.
Micah Altman and Michael P. McDonald. 2011. “BARD: Better Automated Redistricting.”
Journal of Statistical Software 42(5): 1-28.
Michael P. McDonald. 2011. “The 2010 Election: Signs and Portents for Redistricting.” PS:
Political Science and Politics 44(2): 311-15.
Richard Engstrom and Michael P. McDonald. 2011. “The Political Scientist as Expert Witness.”
PS: Political Science and Politics 44(2): 285-89.
Michael P. McDonald. 2008. “Portable Voter Registration.” Political Behavior 30(4): 491–501.
Michael P. McDonald and Justin Levitt. 2008. “Seeing Double Voting: An Extension of the
Birthday Problem.” Election Law Journal 7(2): 111-22.
Michael P. McDonald. 2007. “The True Electorate: A Cross-Validation of Voter File and
Election Poll Demographics.” Public Opinion Quarterly 71(4): 588-602.
Michael P. McDonald. 2007. “Regulating Redistricting.” PS: Political Science and Politics
40(4): 675-9.
Micah Altman, Jeff Gill, and Michael P. McDonald. 2007. “Accuracy: Tools for Accurate and
Reliable Statistical Computing.” Journal of Statistical Software 21(1).
David Lublin and Michael P. McDonald. 2006. “Is It Time to Draw the Line? The Impact of
Redistricting on Competition in State House Elections.” Election Law Journal 5(2): 144-57.
Michael P. McDonald. 2006. “Drawing the Line on District Competition.” PS: Political Science
and Politics 39(1): 91-94.
Michael P. McDonald. 2006. “Re-Drawing the Line on District Competition.” PS: Political
Science and Politics 39(1): 99-102.
Micah Altman, Karin MacDonald, and Michael P. McDonald. 2005. “From Crayons to
Computers: The Evolution of Computer Use in Redistricting.” Social Science Computing
Review 23(2) 334-46.
Michael P. McDonald. 2004. “A Comparative Analysis of U.S. State Redistricting Institutions.”

State Politics and Policy Quarterly 4(4): 371-396.
Michael P. McDonald. 2003. “On the Over-Report Bias of the National Election Study.”
Political Analysis 11(2): 180-186.
3
Micah Altman and Michael P. McDonald. 2003. “Replication with Attention to Numerical
Accuracy.” Political Analysis 11(3): 302-307.
Michael P. McDonald. 2002. “The Turnout Rate Among Eligible Voters for U.S. States, 1980-
2000.” State Politics and Policy Quarterly 2(2): 199-212.
Michael P. McDonald and Samuel Popkin. 2001. “The Myth of the Vanishing Voter.” American
Political Science Review 95(4): 963-974. Reprinted 2006 in Classic Ideas and Current Issues
in American Government, Bose and DiIulio, eds.
Micah Altman and Michael P. McDonald. 2001. “Choosing Reliable Statistical Software.” PS:
Political Science and Politics. 43(3): 681-687.
Bernard Grofman, William Koetzel, Michael P. McDonald, and Thomas Brunell. 2000. “A New
Look at Ticket Splitting: The Comparative Midpoints Model.” Journal of Politics 62(1): 24-
50.
Samuel Kernell and Michael P. McDonald. 1999. “Congress and America's Political
Development: Political Strategy and the Transformation of the Post Office from Patronage to
Service.” American Journal of Political Science 43(3): 792-811.
Law Review Articles
Micah Altman and Michael P. McDonald. 2013. “A Half-Century of Virginia Redistricting

Battles: Shifting from Rural Malapportionment to Voting Rights and Participation.”
University of Richmond Law Review 47: 771-831.
Micah Altman and Michael P. McDonald. 2012. "Redistricting Principles for the 21st Century."
Case Western Law Review 62(4): 1179-1204.
Michael P. McDonald and Matthew Thornburg. 2010. “Registering the Youth: Preregistration
Programs.” New York University Journal of Legislation and Public Policy 13(3): 551-72.
Micah Altman and Michael P. McDonald. 2010. “The Promise and Perils of Computers in
Redistricting.” Duke J. Constitutional Law and Public Policy 5: 69-112.
Justin Levitt and Michael P. McDonald. 2007. “Taking the 'Re' out of Redistricting: State
Constitutional Provisions on Redistricting Timing.” Georgetown Law Review 95(4): 1247-86.
Peer-Reviewed Book Chapters
Michael P. McDonald. 2014. “Contextual Income Inequality and Political Behavior.” in Political
Trust and Disenchantment with Politics: Comparative Perspectives from around the Globe,
Christina Eder, Ingvill Mochmann, Markus Quandt eds. Leiden, Netherlands: Brill Publishers.
Michael P. McDonald. 2010. “Income Inequality and Participation in the United States.” in
United in Diversity? Comparing Social Models in European and America, Jens Alber and
Neil Gilbert, eds. New York, NY: Oxford University Press.
4
Michael P. McDonald. 2008. “Redistricting and the Decline of Competitive Congressional

Districts.” in Mobilizing Democracy: A Comparative Perspective on Institutional Barriers
and Political Obstacles, Margaret Levi, James Johnson, Jack Knight, and Susan Stokes, eds.
New York, NY: Russell Sage Publications.
Michael P. McDonald. 2008. “Reforming Redistricting.” in Democracy in the States:

Experiments in Elections Reform, Bruce Cain, Todd Donovan, and Caroline Tolbert, eds.
Washington, DC: Brookings Press.
Michael P. McDonald. 2006. “Who's Covered? Section 4 Coverage Formula and Bailout” in The
Future of the Voting Rights Act, David Epstein, Richard H. Pildes, Rodolfo O. de la Garza,
and Sharyn O'Halloran, eds. New York, NY: Russell Sage Publications.
Micah Altman, Jeff Gill, and Michael P. McDonald. 2004. “A Comparison of the Numerical
Properties of EI Methods” in Ecological Inference: New Methods and Strategies, Gary King,
Ori Rosen, and Martin Tanner, eds. New York, NY: Cambridge University Press.
Non-Peer-Reviewed Book Chapters
Michael P. McDonald. 2018. “Challenges and Opportunities in Collecting Election

Administration Data” in The Palgrave Handbook of Survey Research, David L. Vannette and
Jon A. Krosnick, eds. New York, NY: Palgrave MacMillan.
Michael P. McDonald. 2018. “History and Promise and Blending Survey Data with Government
Records on Turnout” in The Palgrave Handbook of Survey Research, David L. Vannette and
Jon A. Krosnick, eds. New York, NY: Palgrave MacMillan.
Micah Altman and Michael P. McDonald. 2015. “Redistricting and Polarization” in American
Gridlock: The Sources, Character, and Impact of Political Polarization, James Thurber and
Antonie Yoshinaka, eds. Cambridge.
Micah Altman and Michael P. McDonald. 2015. "Florida Congressional Redistricting." Jigsaw
Politics in the Sunshine State, Seth McKee, ed. Gainesville, FL: University Press of Florida.
Michael P. McDonald. 2013. "State Legislative Districting." Guide to State Politics and Policy,
Richard Niemi and Joshua Dyck, eds. Washington, DC: CQ Press.
Michael P. McDonald. 2013. “Democracy in American Elections” in Imperfect Democracies:

The Democracy Deficit in Canada and the United States, Richard Simeon and Patti Lenard,
eds. Vancouver, BC: University of British Columbia Press.
Micah Altman and Michael P. McDonald. 2012. “Technology for Public Participation in
Redistricting” in Redistricting in the West, Gary Moncrief, ed. Lanham, MD: Lexington Press.
Michael P. McDonald and Thomas Schaller. 2011. “Voter Mobilization in the 2008 Presidential
Election” in The Change Election: Money, Mobilization and Persuasion in the 2008 Federal
5
Elections, David Magleby, ed. Philadelphia, PA: Temple University Press. (previously
published as a Pew Charitable Trusts monograph).
Michael P. McDonald. 2011. “Congressional Redistricting” in Oxford Handbook of Congress,

Frances Lee and Eric Schickler, eds. Cambridge, UK: Oxford University Press.
Michael P. McDonald. 2011. “Voter Turnout: Eligibility Has Its Benefits” in Controversies in
Voting Behavior, 2nd Edition, Richard G. Niemi, Herbert F. Weisberg, and David Kimball,
eds. Washington, DC: CQ Press.
Michael P. McDonald. 2010. “In Support of Non-Partisan Redistricting.” in Debating Reform:

Conflicting Perspectives on How to Mend American Government and Politics, Richard Ellis
and Mike Nelson, eds. Washington, DC: Congressional Quarterly Press.
Michael P. McDonald. 2010. “American Voter Turnout in Historical Perspective.” in Oxford

Handbook of American Elections and Political Behavior, Jan Leighley, ed. Cambridge, UK:
Oxford University Press.
Michael P. McDonald. 2009. “Mechanical Effects of Duverger’s Law in the USA.” in

Duverger’s Law of Plurality Voting: The Logic of Party Competition in Canada, India, the
United Kingdom and the United States, Bernard Grofman, André Blais and Shaun Bowler,
eds. New York, NY: Springer.
Michael P. McDonald. 2008. "United States Redistricting: A Comparative Look at the 50

States." in Redistricting in Comparative Perspective, Lisa Handley and Bernard Grofman,
eds. Oxford, U.K.: Oxford University Press.
Michael P. McDonald and Matthew Thornburg. 2008. “State and Local Redistricting” in
Political Encyclopedia of U.S. States and Regions, Donald Haider-Markel, ed. New York,
NY: MTM Publishing.
Michael P. McDonald. 2006. “Redistricting and District Competition” in The Marketplace of

Democracy, Michael P. McDonald and John Samples, eds. Washington, DC: Brookings
Press.
Micah Altman, Karin Mac Donald, and Michael P. McDonald. 2005. “Pushbutton
Gerrymanders? How Computing Has Changed Redistricting” in Party Lines: Competition,
Partisanship and Congressional Redistricting, Bruce Cain and Thomas Mann,
eds. Washington, DC: Brookings Press.
Bruce Cain, Karin Mac Donald, and Michael P. McDonald. 2005. “From Equality to Fairness:
The Path of Political Reform Since Baker v Carr” in Party Lines: Competition, Partisanship
and Congressional Redistricting, Bruce Cain and Thomas Mann, eds. Washington, DC:
Brookings Press.
Michael P. McDonald. 2005. “Validity, Data Sources” in Encyclopedia of Social Measurement,

Vol. 3. Kimberly Kempf-Leonard, ed. San Deigo, CA: Elsevier Inc.
6
Michael P. McDonald. 2005. “Reporting Bias” in Polling in America: An Encyclopedia of Public

Opinion. Benjamin Radcliff and Samuel Best, eds. Westport, CT: Greenwood Press.
Other Non-Peer Reviewed Academic Publications (Book Reviews, Invited Articles, etc.)
Michael P. McDonald and Thessalia Merivaki. 2015. “Voter Participation in Presidential

Nomination Contests.” The Forum 13(4).
Michael P. McDonald. 2011. “Redistricting Developments of the Last Decade—and What's on

the Table in This One.” Election Law Journal 10(3): 313-318.
Michael P. McDonald and Chrisopher Z. Mooney. 2011. “‘Pracademics’: Mixing an Academic

Career with Practical Politics.” PS: Political Science and Politics 44(2): 251-53.
Michael P. McDonald. 2011. “Voter Turnout in the 2010 Midterm Election.” The Forum 8(4).
Michael P. McDonald. 2011. “Redistricting: The Most Political Activity in America by Charles
S. Bullock III (book review).” American Review of Politics (Fall 2010/Spring 2011).
Michael P. McDonald. 2009. “'A Magnificent Catastrophe' Retold by Edward Larson (book
review).” The Election Law Journal 8(3): 234-47.
Michael P. McDonald. 2008. “The Return of the Voter: Voter Turnout in the 2008 Presidential
Election.” The Forum 6(4).
Michael P. McDonald. 2006. “American Voter Turnout: An Institutional Perspective by David

Hill (book review).” Political Science Quarterly 121(3): 516-7.
Michael P. McDonald. 2006. "Rocking the House: Competition and Turnout in the 2006
Midterm Election." The Forum 4(3).
Micah Altman and Michael P. McDonald. 2006. "How to Set a Random Clock (Remarks on
Earnest 2006)." PS: Political Science and Politics 39(4): 795.
Michael P. McDonald. 2004. "Up, Up, and Away! Turnout in the 2004 Presidential
Election." The Forum (2):4. Dec. 2004.
Michael P. McDonald. 2004. "Drawing the Line on the 2004 Congressional

Elections." Legislative Studies Section Newsletter (Fall): 14-18.
Michael P. McDonald. 2004. "2001: A Redistricting Odyssey." State Politics and Policy
Quarterly 4(4): 369-370.
Micah Altman and Michael P. McDonald. 1999. "Resources for Testing and Enhancement of
Statistical Software" in The Political Methodologist 9(1).
7
Michael P. McDonald. 1999. "Representational Theories of the Polarization of the House of

Representatives" in Legislative Studies Section Newsletter, Extension of Remarks 22(2): 8-10.
Michael P. McDonald. 2003. "California Recall Voting: Nuggets of California Gold for Political
Behavior." The Forum (1) 4.
Reports
Michael P. McDonald. 2009. "Voter Preregistration Programs." Fairfax, VA: George Mason
University.
Michael P. McDonald. 2009. Midwest Mapping Project. Fairfax, VA: George Mason University.
Michael P. McDonald and Matthew Thornburg. 2008. "The 2008 Virginia Election
Administration Survey." Fairfax, VA: George Mason University.
Kimball Brace and Michael P. McDonald. 2005. "Report to the Election Assistance Commission
on the Election Day Survey." Sept. 27, 2005.
Opinion Editorials
Michael P. McDonald. 2018. "I agree with Donald Trump, we should have voter ID. Here's how
and why." USA Today. Jan. 15, 2018.
Michael P. McDonald. 2017. “The Russians are hacking. Luckily the Trump voter fraud
commission isn't in charge.” USA Today. Sept. 23, 2017.
Michael P. McDonald. 2016. “Better Hope the Election is Not Close.” USA Today. Nov. 2, 2016.
Michael P. McDonald. 2016. “Blame Government for Voting Crisis.” USA Today. March 24,
2016.
Michael P. McDonald, Peter Licari and Lia Merivaki. 2015. "The Big Cost of Using Big Data in
Elections." The Washington Post. Oct. 18, 2015.
Michael P. McDonald 2013. "Truths and Uncertainties that Surround the 2014 Midterms." The
Hill. November 5, 2013.
Michael P. McDonald. 2011. “The Shape of Things to Come: New Software May Help the
Public Have a Crucial Redrawing of Voting Districts.” Sojouners. April 2011: 11-12.
Micah Altman and Michael P. McDonald. 2011. "Computers: Redistricting Super Hero or Evil
Mastermind?" Campaigns and Elections Magazine. January 2011.
Michael P. McDonald. 2010. "Who Voted in 2010, and Why It Matters for 2012." AOL News.
Nov. 4, 2010.
8
Michael P. McDonald and Seth McKee. "The Revenge of the Moderates." The Politico. Oct. 10,
2010.
Michael P. McDonald and Micah Altman. 2010. "Pulling Back the Curtain on Redistricting."
The Washington Post. July 9, 2010.
Michael P. McDonald. 2008. "This May Be the Election of the Century." The Politico. Sept. 9,
2008.
Michael P. McDonald. 2008. "Super Tuesday Turned into a Super Flop." Roll Call. Feb. 11,
2008.
Michael P. McDonald. 2006. "5 Myths About Turning Out the Vote." The Washington
Post. Oct. 29, 2006, p. B3.
Michael P. McDonald. 2006. "Supreme Court Lets the Politicians Run Wild." Roll Call. June
29, 2006.
Michael P. McDonald. 2006. "Re-Redistricting Redux." The American Prospect. March 6, 2006.
Michael P. McDonald and Kimball Brace. "EAC Survey Sheds Light on Election
Administration." Roll Call. Oct. 27, 2005.
Michael P. McDonald. 2004. “The Numbers Prove that 2004 May Signal More Voter
Interest.” Milwaukee Journal Sentinel. Milwaukee, WI.
Michael P. McDonald. 2004. "Democracy in America?" La Vanguardia. Barcelona, Spain.
Michael P. McDonald. 2003. "Enhancing Democracy in Virginia." Connection Newspapers.

March 24.
Michael P. McDonald. 2001. "Piecing Together the Illinois Redistricting Puzzle." Illinois
Issues. March, 2001.
Samuel Popkin and Michael P. McDonald. 2000. "Turnout's Not as Bad as You Think." The
Washington Post. Nov. 5: B-1.
Samuel Popkin and Michael P. McDonald. 1998. "Who Votes? A Comparison of NES, CPS, and
VNS Polls." Democratic Leadership Council Bluebook. Sept., 1998.
Software Packages
Micah Altman, Michael P. McDonald, and Azavea. 2012. “DistrictBuilder.” Open source
software to enable public participation in redistricting. Source code available at Github.
Project website, http://www.districtbuilder.org.
9
Micah Altman and Michael P. McDonald. 2007. "BARD: Better Automated Redistricting." R
package available through CRAN. Source code available at Sourceforge.
Micah Altman, Jeff Gill, and Michael P. McDonald. 2004. "Accuracy: Tools for testing and
improving accuracy of statistical results." R package available through CRAN.
Grants and Contracts

Pilot Study for Election Data Administrative Data Research Facility. ($125,000) Sloan
Foundation grant to collect precinct election results and boundary data and to upgrade
DistrictBuilder software.
Improving Integrity of Voter File Addresses. ($20,000) Colorado Secretary of State support to
develop methods to improve voter file addresses.
Fabricating Precinct Boundaries. ($17,000). MIT Election Science and Data Lab support to
explore fabricating precinct boundaries from geocoded voter files.
UF Informatics Post-Doc Top-Off Award. 2017. ($16,000). Funding from the UF Informatics
Institute to provide additional post-doc funding in support of Hewlett Foundation grant.
U.S. Election Project. 2016. ($50,000). Hewlett Foundation support for U.S. Election Project
Activities.
UF Informatics Institute Seed Fund Award. 2016. ($48,000). Project funded by the UF
Informatics Institute to explore the reliability of Florida’s voter registration file.
Election Forum. 2016. ($20,000). Project funded by the Pew Charitable Trusts for an election
forum held at the University of Florida.
Survey of Voter File Accessibility. 2016. ($1,650). Contract from the Institute for Money in
State Politics to survey costs and accessibility of states’ voter files.
Florida Election Reform. 2015. ($13,000). Project funded by Democracy Fund for an election
reform forum held in Tallahassee, FL. Pew Charitable Trusts independently provided travel
support for some speakers.
New York Redistricting. 2011. ($379,000). Project funded by the Sloan Foundation to provide
for public redistricting in New York and continued software development.
Citizen Redistricting Education, Software Supplemental. 2011. ($50,000). Project funded by

Joyce Foundation to provide continued redistricting software development for use by
advocacy groups in six Midwestern states.
National Redistricting Reform Coordination. 2009-10. ($100,000). With Thomas Mann and
Norman Ornstein. Project funded by Joyce Foundation to support coordination of national
redistricting reform efforts by the Brookings Institution and the American Enterprise Institute.
10
Citizen Mapping Project. 2009-10. ($124,000 & $98,000). With Micah Altman, Thomas Mann,
and Norman Ornstein. Project funded by the Sloan Foundation. An award to George Mason
University enables development of software that, essentially, permits on-line redistricting
through commonly used internet mapping programs. A second award to the Brookings
Institution and American Enterprise Institute provides organizational support, including the
convening of an advisory board.
Citizen Redistricting Education. 2010. ($104,000). Project funded by the Joyce Foundation.
Provides for redistricting education forums in five Midwestern state capitals in 2010 and other
continuing education efforts.
Pre-Registration Programs. 2008-9. ($86,000). Project funded by the Pew Charitable Trusts'
Make Voting Work Initiative to examine pre-registration programs (voter registration for
persons under age 18) in Florida and Hawaii.
Sound Redistricting Reform. 2006-9. ($405,000). Project funded by the Joyce Foundation,
conducted jointly with the Brennan Center for Justice at NYU to investigate impacts of
redistricting reform in Midwestern states.
Electoral Competition Project. 2005-6. ($200,000) Project funded by The Armstrong

Foundation, the Carnegie Corporation of New York, the JEHT Foundation, The Joyce
Foundation, The Kerr Foundation, Inc., and anonymous donors. Jointly conducted by the
Brookings Institution and Cato Institute to investigate the state of electoral competition in the
United States.
George Mason University Provost Summer Research Grant. 2004. ($5,000).
ICPSR Data Document Initiative. 1999. Awarded beta test grant. Member, advisory committee
on creation of electronic codebook standards.
Academic Experience
Courses Taught: Public Opinion and Voting Behavior, Parties and Campaigns, Comparative
Electoral Institutions, Intro to American Politics, American Politics Graduate Field Seminar,
Congress, Legislative Politics, Research Methods (undergraduate), Advanced Research
Methods (graduate), Freshman Seminar: Topics in Race and Gender Policies, and Legislative
Staff Internship Program.
University of Florida
• Associate Professor. August 2014- Present.
George Mason University
• Associate Professor. May 2007 – May, 2014.
11
• Assistant Professor. Aug 2002 – May, 2007.
The Brookings Institution
• Non-Resident Senior Fellow. January 2006 – June 2016.

• Visiting Fellow. June 2004 – December 2006.
University of Illinois, Springfield. Assistant Professor. Aug 2000 – June 2002.

Joint appointment in Political Studies Department and Legislative Studies Center.
Vanderbilt University. Assistant Professor. Aug 1999 – Aug 2000.
Harvard-MIT Data Center. Post-Doctoral Research Fellow. Sept. 1998 – Aug 1999.
Developed Virtual Data Center, a web-based data sharing system for academics. Maintained
Record of American Democracy (U.S. precinct-level election data).
University of California-San Diego
• Assistant to the Director for University of California, Washington DC program. Sept

1997 – June 1998.
• Instructor for research methods seminar for UCSD Washington interns.
• Visiting Assistant Professor. Spring Quarter 1997.
• Visiting Assistant Professor. Summer Session, Aug 1996 and Aug 1997.
• Teaching Assistant/Grader. Aug 1991 – March 1997.
Professional Service
Election Sciences Conference-in-a-conference at the 207 Southern Political Science Association
Conference. Organizer. 2016.
State Politics and Policy Quarterly, Editorial Board Member 2004-2011
State Politics and Policy Quarterly, Guest Editor. Dec 2004 issue.
Non-Profit Voter Engagement Network, Member, Advisory Board. 2007 – present.
Overseas Vote Foundation, Member, Advisory Board. 2005 – 2013.
National Capital Area Political Science Association, Member, Council, 2010 – 2012.
Virginia Public Access Project, Member, Board of Directors. 2004 – 2006.
Fairfax County School Board Adult and Community Education Advisory Committee,
Member. 2004 – 2005.
Related Professional Experience

Media Consultant
• Associated Press. Nov. 2016 and Nov. 2010. Worked “Decision Desk.”
• Edison Media Research/Mitofsky International. Nov. 2018; Nov. 2004; Nov. 2006; Feb.
2008; Nov. 2008. Worked national exit polling organization's “Decision Desk.”
12
• ABC News. Nov. 2002. Worked “Decision Desk.”

• NBC News. Aug 1996. Analyzed polls during the Republican National Convention.
Redistricting/Elections Consultant.
• Expert Witness. 2018. Martin v. Kemp. Civil Action No. 1:18-cv-04776-LMM.

• Expert Witness. 2018. Georgia Coalition for the Peoples’ Agenda, Inc. v. Kemp. Civil
Action No. 1:18-cv-04727-ELR.
• Expert Witness. 2018. Common Cause Indiana v. Lawson. Case No. 1:17-cv-3936-TWP-
MPB (Indiana).
• Expert Witness. 2017-18. Benisek v. Lamone. Case No. 13-cv-3233 (Maryland).
• Expert Witness. 2016-2017. Vesilind v. Virginia State Board of Elections. Case No.
CL15003886 (Virginia).
• Expert Witness. 2016-2017. Fish v. Kobach. Case No. 2:16-cv-02105 (Kansas).
• Expert Witness. 2016. Arizona Libertarian Party v. Reagan. Case No.: 2:16-cv-01019-
DGC (Arizona).
• Expert Witness. 2016. Georgia State Conf. of the NAACP, et al. v. Brian Kemp. Cas No.
2:16-cv-00219-WCO (Georgia).
• Consultant. Federal Voting Assistance Program. 2014-2015. Analyzed voting experience
of military and overseas voters.
• Expert Witness. 2013-2014. Page v. Virginia State Board of Elections. No. 3:13-cv-678
(E.D.VA).
• Expert Witness. 2013-2014. Delgado v. Galvin. (D. MA).
• Beaumont Independent School District. 2013. Prepared response to DOJ data request.
• Federal Voting Assistance Program. 2012-13. Analyzed voting experience of military and
overseas voters.
• Gerson Lehrman Group. 2012. Provided election analysis to corporate clients.
• Expert Witness. 2011-2012. Backus v. South Carolina. No. 3:11-cv-03120 (D.S.C.).
• Expert Witness. 2012. Wilson v. Kasich. No. 2012-0019 (Ohio Sup. Ct.).
• Consulting Expert. 2011-2012. Bondurant, Mixson, and Elmore, LLP. (Review of
Georgia's state legislative and congressional redistricting Section 5 submission).
• Consultant. 2012. New Jersey Congressional Redistricting Commission.
• Expert Witness. 2011. Perez v. Texas. No. 5:11-cv-00360 (W.D. Tex.).
• Expert Witness. 2011. Wilson v. Fallin. No. O-109652 (Okla. Sup. Ct.).
• Consultant. 2011. United States Federal Voting Assistance Program.
• Consultant. 2011. Virginia Governor’s Independent Bipartisan Advisory Redistricting
Commission.
• Consultant. 2011. New Jersey State Legislative Redistricting Commission.
• Expert Witness. 2010. Healey v. State, et al. C.A. No. 10-316--S (USDC-RI).
• Research Triangle Institute. 2008-2009. Consultant for Election Assistance Commission,
2008 Election Day Survey.
• U.S. State Department. 2008. Briefed visiting foreign nationals on U.S. elections.
• Expert Witness. 2008. League of Women Voters of Florida v. Browning (08-21243-CV-
ALTONAGA/BROWN)
13
• Pew Center for the States. 2007. Consultant for Trends to Watch project.
• Expert Witness. 2007. Washington Association of Churches v. Reed (CV06-0726).
• Electoral Assistance Commission. 2005. Analyzed election administration surveys.
• Arizona Independent Redistricting Commission. 2001-2003. Consultant.
• Expert Witness. 2003. Minority Coalition for Fair Redistricting, et al. v. Arizona
Independent Redistricting Commission CV2002-004380 (2003).
• Expert Witness. 2003. Rodriguez v. Pataki 308 F. Supp. 2d 346 (S.D.N.Y 2004).
• Consulting Expert. 2002. O'Lear v. Miller No. 222 F. Supp. 2d 850 (E.D. Mich.).
• Expert Witness. 2001-2002. In Re 2001 Redistricting Cases (Case No. S-10504).
• Expert Witness. 2001. United States v. Upper San Gabriel Valley Municipal Water
District (C.D. Cal. 2000).
• California State Assembly. 1991. Consultant.
• Pactech Data and Research. Research Associate. Aug 1989 - June 1991.
Campaign/Political Consultant.
• Ron Christian for Virginia State Senate. June – November, 2003.

• Theresa Martinez for Virginia House of Delegates. May, 2003.
• Senior Consultant. California State Assembly. Nov. – Dec 1998.
• California Assembly Democrats. June – November 1998.
• Susan Davis & Howard Wayne for CA State Assembly ‘96. 1996.
• Intern. June – Sept 1995. UC-San Diego, Science and Technology Policy and Projects.
Polling Consultant.
• Hickman-Brown. July, 2000. Analyzed national and state level exit and CPS polls for
use in various campaigns. Analyzed surveys for congressional, state, and local political
campaigns.
• Decision Research. Aug 1994 – Dec 1994. Conducted and analyzes surveys for
congressional and statewide campaigns.
• Speaker Jose de Venecia of the Philippines. Feb, 1997.
• Joong-Ang Ilbo/RAND. Oct, 1996. Analyzed survey of Korean attitudes on national
security issues.
• UCSD. Nov. 1991. Conducted and analyzed survey of student attitudes.
14

ATLANTA DIVISION

organization, )
)
Plaintiff, )
) Civil Action
v. )
) File No. 1:18-CV-05102-AT
Secretary of State of Georgia,1 )
)
Defendant. )
DEFENDANT’S MOTION TO STRIKE THE DECLARATIONS OF

MICHAEL MCDONALD [DOC. 46], EDGARDO CORTÉS [DOC. 48] AND
KEVIN MORRIS [DOC. 50]
COMES NOW, Defendant Robyn Crittenden and files this Motion to Strike
the Declarations of Michael McDonald [Doc. 46], Edgardo Cortés [Doc. 48] and
Kevin Morris [Doc. 50] (collectively “the Declarations”) and all referenced
exhibits for failure to comply with the specific instructions of the Court’s Order
directing Plaintiff to file an affidavit from a qualified statistician “based on the
election data provided by Defendant in the Affidavit of Chris Harvey.” [Doc. 41.]
1
Defendant Kemp resigned from his position as Secretary of State, effective
yesterday. Governor Deal has appointed Robyn A. Crittenden as the new
Secretary of State for the State of Georgia.
Plaintiff ignored this clear instruction and its strategic decision renders the
contents of the Declarations irrelevant to the case at hand. The Declarations are
clear that, contrary to this Court’s directive, they are based on either independently
obtained data or a combination of data from Mr. Harvey and other sources. [See
Doc. 46 at 2; Doc. 48 at ¶¶ 5, 14; Doc. 50 at ¶ 4.] This is not what the Court
ordered.
Plaintiff bears the burden of providing evidence sufficient to warrant the
imposition of extraordinary relief. It failed to do so at the hearing. When this
Court gave it another opportunity, Plaintiff failed to follow this Court’s limiting
instruction. This Court should disregard the latest set of declarations and strike
them from the record.
Argument and Citation to Authority
“The court may strike from a pleading . . . any redundant, immaterial,
impertinent, or scandalous matter.” Fed. R. Civ. P. 12(f). “The purpose of a motion
to strike is to clean up the pleadings, remove irrelevant or otherwise confusing
materials, and avoid unnecessary forays into immaterial matters.” Blake v.
Batmasian, 318 F.R.D. 698, 700 (S.D. Fla. 2017). “A motion to strike will be
granted if the disputed matter is irrelevant under any state of facts which could be
-2-
proved in support of the claims being advanced.” Allen v. Life Ins. Co. of N. Am.,
267 F.R.D. 407, 410 (N.D. Ga. 2009) (quotations omitted) (emphasis added).
The Court’s directions were clear that the data from which a qualified
statistician could draw their conclusions was limited to the data presented at the
hearing on November 8, 2018:
ORDER: The Court DIRECTS Plaintiff to file an

affidavit from a qualified statistician, NO LATER THAN
3:00 PM TODAY, based on the election data provided
by Defendant in the Affidavit of Chris Harvey,
regarding whether or not there is a statistically significant
increase in the percentage of provisional ballots cast,
relative to the total number of ballots cast, as follows: (a)
between the 2018 election and the 2016 election; and (b)
between the 2018 election and the 2014 election.
Defendant may also submit an affidavit NO LATER
THAN 3:00 PM TODAY. Signed by Judge Amy
Totenberg on 11/9/19. (hfm)
[Doc. No. 41] (emphasis added). Each declaration filed by Plaintiff considered not
only the data provided by Mr. Harvey, but also its own data in order for the
Declarants to reach Plaintiff’s desired conclusions. Specifically, Mr. McDonald
“analyze[d] a spreadsheet called ‘annual_prov_ballots.csv’ provided…by
Plaintiff’s counsel, which contains data produced by the Georgia Secretary of
State’s office in Exhibit A to the Declaration of Chris Harvey (Doc. 33), and on
the Secretary of State’s website.” [Doc. 46 at 2.]
-3-
Mr. Cortés took a similar approach. He opined for several paragraphs
(without any data analysis whatsoever) on why there could be mistakes in the
provisional ballot tallies as well as the overall vote reporting in the State of
Georgia. (See Doc. 48 at ¶¶ 4-6.) Mr. Cortés cites to the “unofficial results page”
on the Georgia Secretary of State’s website and the “unofficial results page for
Fulton County” on the Georgia Secretary of State’s website but fails to rely on the
Harvey data to reach his conclusion that “uncounted provisional ballots could
prove pivotal in determining whether the contest for governor…might be forced
into a runoff.” (Doc. 48 at ¶ 3.)
Finally, Mr. Morris admits that, contrary to the Court’s directive to solely
use the Harvey data, he combined data for the other declarants to help them reach
their opinion.2 [Doc. 50 at ¶ 4.] He also based his opinions on what “his
colleague, Myrna Pérez, told” him about the presentation of evidence at the
hearing. [Doc. 50 at ¶ 7.] Finally, Mr. Morris admits that the source of the
combination of data is not limited to the Secretary of State’s office – whether
through Mr. Harvey’s declaration or its website – but “press reports.” [Doc. 50 at ¶
2
Mr. Morris’s employment at the Brennan Center, which represents Plaintiff,
clearly calls into question his ability to render an objective, nonbiased opinion.
Despite his employer being present at the hearing on November 8, 2018, Mr.
Morris was not present and did not present his opinion testimony, preventing
Defendant from cross-examination.
-4-
8.] This “combination” of data goes in direct contradiction to this Court’s order,
and as such, it should be stricken from the record and not considered.
CONCLUSION
For the reasons set forth herein above, Defendant respectfully requests that
the Court grant this Motion to Strike the Declarations filed by Michael McDonald
[Doc. 46], Edgardo Cortés [Doc. 48] and Kevin Morris [Doc. 50] as immaterial.
Respectfully submitted this 9th Day of November 2018.
Christopher M. Carr
Attorney General
Dennis R. Dunn
Deputy Attorney General
Russell D. Willard
Senior Assistant Attorney General
State Law Department

40 Capitol Square, S.W.
Telephone: (404) 656-3357
/s/ Josh B. Belinfante

Josh Belinfante
-5-
Ryan Teague
Kimberly Anderson
500 14th Street, NW
Atlanta, GA 30318
Telephone: (678) 701-9381
Bryan P. Tyson
Special Assistant Attorney General
STRICKLAND BROCKINGTON
LEWIS LLP
Midtown Proscenium Suite 2200
1170 Peachtree Street NE
Atlanta, GA 30309
678-347-2200
Special Assistant Attorneys General
-6-
I certify that this Motion has been prepared with one of the font and point
selections approved by the Court in Local Rule 5.1(C). Specifically, this Motion
/s/ Josh B. Belinfante

Josh Belinfante
-7-
DEFENDANT’S MOTION TO STRIKE THE DECLARATIONS OF
MICHAEL MCDONALD [DOC. 46], EDGARDO CORTÉS [DOC. 48] AND
KEVIN MORRIS [DOC. 50] with the Clerk of Court using the CM/ECF system,
which automatically sent counsel of record e-mail notification of such filing.
/s/ Josh Belinfante

Common Cause Georgia v. Kemp

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Common Cause Georgia v. Kemp

Enviado por

Direitos autorais:

Formatos disponíveis

Case 1:18-cv-05102-AT Document 1-1 Filed 11/05/18 Page 1 of 2

JS44 (Re\ 08/18

( c ) A t t o r n e y s (hum Name, Addiess, and lelephone Number) A t t o r n e y s (If Know n)

0 2 U S Government O 4 Diversity Citizen of Anothei State O 2 D 2 Incorpoiated am/Piincipal Place 0 5 G 5

Citizen 01 Sub|ect of a • 3 O 3 Foieign Nation O 6 D 6

V. O R I G I N (Place an X" in One Box Only)

RECEIPT # AMOUNT APPLYING IFP JUDGE MAG JUDGE

INSTRUCTIONS FOR ATTORNEYS COMPLETING CIVIL COVER SHEET F O R M JS 44

V. Origin Place an "X" in one ot the seven boxes

IN THE UNITED STATES DISTRICT COURT

COMMON CAUSE GEORGIA, as an

v. Case No. 18-cv-

BRIAN KEMP, in his official capacity as

1. This is an action seeking to protect against the denial of Georgia

citizens' fundamental right to vote as a result of malfeasance or tampering with

days by the actions of Defendant. Plaintiff Common Cause Georgia, a non-partisan

voter advocacy organization that is a part of Common Cause, a national

Plaintiff seeks an Order requiring that provisional ballots be counted in Georgia in

and in recent days exacerbated—Plaintiff respectfully submits that provisional

they do not lose their votes as a result of Defendant's reckless conduct.

JURISDICTION AND VENUE

3. Venue is proper in this district pursuant to 28 U.S.C. § 1391, because

giving rise to Plaintiffs claims occurred in this district.

4. Plaintiff COMMON CAUSE GEORGIA is a chapter of Common

Cause, a non-partisan citizen lobby organized as a not-for-profit corporation under

grassroots, democracy-focused organizations and has over 1.2 million members

significant non-partisan voter-protection, advocacy, education, and outreach

In addition, Common Cause offers online tools to assist voters in registering to

vote and checking their registration status.

5. Common Cause Georgia has increased its efforts in the areas of

election protection, voter education, and grassroots mobilization around voting

monitors, Common Cause Georgia is on track to help monitor an average of five

members and supporters urging government officials to take certain actions.

Furthermore, Common Cause Georgia participates in voter registration

on providing resources that enable voters to participate in the election and be

challenge to Georgia citizens' fundamental right to vote. As a result, Common

organizational activities unless the state's provisional balloting process is modified

6. Defendant BRIAN KEMP is the Secretary of State of Georgia and the

State's chief election official.

The Georgia My Voter Page System is Vulnerable to Attack and Threatens to

7. My Voter Page, a website of the Georgia State Government, is a

created from data in the My Voter Page system.

8. As Secretary of State, Brian Kemp is responsible for the security of

voter information, including information on the My Voter Page.

9. On information and belief, My Voter Page and the state's voter

registration server are vulnerable to multiple security breaches.

10. For example, on information and belief, at least as of November 4,

data and change or cancel their registrations.

result of vulnerabilities being exploited to change or delete voter information.5

13. On information and belief, several computer security and election

Secretary of State and national intelligence officials of the security vulnerabilities.

15. As early as 2015, one of Defendant's own employees sent out

personally identifiable information to twelve news media and political

16. In August 2016, on information and belief, a computer researcher

18. In February 2017, on information and belief, a security engineer

that voter information remained unprotected.12

Defendant in 2017 by the Coalition for Good Governance.13

Georgia's voting system was vulnerable, Defendant continued to reject federal

election security assistance.14

interfere with voters' exercise of their right to vote.

22. On Saturday, November 3, 2018, on information and belief, David

Defendant and the Secretary of State's office, of potential vulnerabilities in the

Georgia election system website.16 Cross had been contacted on Friday by a

this potential vulnerability.19