The Chairman of the Dekalb County GOP Marci McCarthy has asked the Dekalb County Board of Registration and Elections to withdraw the contract with Konnech, the election management corporation selected for use by Dekalb in early September, after the CEO was arrested for housing American election worker data on a server in China, making it available to the Chinese Communist Party.
Dekalb County reported it will continue using Konnech despite the threat to national security and election integrity.
In light of Konnech Corporation Chief Executive Officer Eugene Yu’s arrest by Los Angeles’ District Attorney George Gascón for alleging failing to securely maintain the County’s Poll Worker Personal Identifiable Information (PII) and that only United States citizens and permanent residents have access to it, The DeKalb Republican Party has formally requested that the DeKalb Board of Registration & Elections and Office immediately withdraw its’ contract negotiations to purchase PollChief® Election Management System, declared McCarthy.
While DA Gascón has regularly disregarded the rule of law for murderers, rapists and other violent criminals, it is stunning that he chose to arrest a Tech CEO who allegedly stole Poll Worker PII and found that in contradiction to the contract, information was stored on servers in the People’s Republic of China. This was in violation to The California Consumer Privacy Act of 2018 (CCPA) gives consumers more control over the personal information that businesses collect about them. It is my hope that DeKalb County does the right thing in proactively severing its’ ties to Konnech to ensure FITness - Faith, Integrity & Trust in our elections as well as to securely protect the information of our election workers instead of bashing its’ citizen concerns in the media.
You can read McCarthy's letter to the board below, and her follow-on letter below that.
Hello, I am writing to all of you today to inform you that Eugene Yu, who is the CEO of Konnech was arrested yesterday by Los Angeles District Attorney George Gascón, and to ask that DeKalb Board of Voter Registration and Elections Board and Office immediately withdraw its contract with Konnech. The arrest alleges that under its $2.9 million, five-year contract with the county, Konnech was supposed to securely maintain the data and that only United States citizens and permanent residents have access to it. Furthermore, District Attorney investigators found that in contradiction to the contract, information was stored on servers in the People’s Republic of China. The East Lansing Police Department and Ingham County Sheriff’s Office in Michigan also assisted in the investigation.
In recent days, I was interviewed by The New York Times regarding my public commentary at the DeKalb Board of Registration and Election Meeting which was held on Sept. 8, 2022 and where I sited concerns regarding the proposal submitted to the DeKalb Voter Registration Elections Office by Konnech for their PollChief® Election Management System. The proposal was presented at the DeKalb Board of Voter Registration and Elections Board Retreat held on August 20, 2022.
In the original article “ How a Tiny Elections Company Became a Conspiracy Theory Target” they said I was peddling conspiracy theories. (Article is attached).
“After the conspiracy theorists discovered that DeKalb County in Georgia was close to signing a contract with Konnech, officials there received emails and comments about the company, claiming it had “foreign ties.” The county Republican Party chairwoman, Marci McCarthy, heard from so many members about Konnech that she echoed parts of the conspiracy theory at a public comment period during the county’s elections board meeting.”
In the same article, Chairman Dele Lowman Smith cited: “It’s a completely fabricated issue,” Dele Lowman Smith, the elections board chair, said in an interview. “It’s absolutely bizarre, but it’s part of the tone and tenor of what we’re having to deal with leading up to the elections.”
Fast forward to an updated story with an apology from Stuart A. Thompson (NYT Reporter) after I informed him of the arrest. In an email to me on October 4, 2022, Thompson said, “We are working on a story right now that updates readers with all this new information. In that story, we're including a passage that addresses how you questioned both the company's data storage and password management at the meeting in September. I believe that this will demonstrate that your concerns matched the information that was available later.”
Election Software Executive Arrested on Suspicion of Theft - (Article is attached.)
The executive, Eugene Yu, and his firm, Konnech, have been a focus of attention among election deniers.
Claims about Konnech reached Dekalb County in Georgia, which was close to signing a contract with the company. The county’s Republican Party chairwoman, Marci McCarthy, raised concerns during a public comment period at the county’s elections board meeting on Sept. 8, questioning where the company stored and secured its data.
In light of recent events, it is quite disappointing that I was abruptly cut off from my public comments regarding the Konnech PollChief® Election Worker Management System. A system that could cost our tax payers $144,200 over three years. We have a right to ask our questions and thoroughly vet a vendor before our elected officials proceed with a major technology purchase. I will also remind all of you that each of you are also representatives of the legal voters of DeKalb County and four of you were appointed by a major political party and the at-large member who is also a Democrat (Not Non-Partisan) was appointed by Superior Court Judge Asha Jackson. At the end of the day, you are all accountable to the people that you represent. Nevertheless, it is my understanding that Ms. Keisha Smith and Ms. Nancy Jester requested the contract to be updated to address the legitimate concerns that I raised about the security of data and where data would be stored. I appreciate the willingness to listen, despite being cut off at the meeting or bashed by the Chairman in The New York Times. So respectively, we also deserve to be heard and would appreciate the Chairman refraining from bashing citizen concerns in the media.
Finally, Los Angeles District Attorney George Gascón is a Democrat DA that has pro-criminal agenda has turned Los Angeles into a NIGHTMARE. Criminals feel emboldened, residents unsafe, and victims abandoned. While Gascón has regularly disregarded the rule of law for murderers, rapists and other violent criminals, he chose to arrest a Tech CEO who allegedly stole Poll Workers Personal Identifiable Information (PII) and found that in contradiction to the contract. Additionally, that same information was stored on servers in the People’s Republic of China. The same supposed “conspiracy theory” that I brought forth to the DeKalb Board of Registration and Elections Meeting. Let that sink in for a moment.
I look forward to hearing from you regarding this matter and will be happy to be available for additional inquiries. Thank you.
Dear Chairwoman Lowman Smith,
Thank you for personally responding to my October 5, 2022 letter “Requesting that the DeKalb Board of Voter Registration and Elections Board and Office Immediately Withdraw its Contract with Konnech”. I am also in receipt of the DeKalb County Poll Officials Memo which was issued also on Oct 5, 2022 at 7:12 PM ET. Despite your request to remove Director Keisha Smith and Deputy Director Julietta Henry, I have included them back in these conversations as their office has direct responsibility for the management of DeKalb’s election workers and operations. Responsibilities that you have previously clarified for me. Additionally, I have added to my communications DeKalb’s CEO Michael Thurmond, all of our County Commissioners and the Georgia Secretary of State’s Office as this is an urgent matter that pertains to all of DeKalb County if not all of Georgia.
Since my earlier communications were sent, I have learned that Fairfax County, Virginia has also discontinued their use of Konnech for its’ election management, citing similar concerns that I have expressed herein. Additionally, it is my understanding that there will be a special DeKalb Board of Registration & Elections Meeting to be held on Monday, October 10, 2022 at 1:30 PM EST. In light of recent events, I am once again requesting that the DeKalb Board of Voter Registration and Elections Board and Office immediately withdraw its contract with Konnech.
As you can imagine since the news broke of Konnech CEO Eugene Yu’s arrest on Tuesday by Los Angeles District Attorney’s office and his extradition from Michigan there has been a firestorm of national and local press. I have been contacted by a flood of Poll Workers, Poll Watchers, concerned Georgians, DeKalb Voters/Taxpayers and Candidates alike asking a plethora of questions to include:
To ensure that we are all on the same page with our terminology, the cyber security industry defines Personal Identifiable Information (PII) to be Name, Email, Home Address and Phone Number. And Sensitive PII to include: Date of Birth, Social Security numbers (SSNs) and/or Last Four digits of SSNs. In the DeKalb County Poll Officials Memo, it is stated:
“DeKalb County poll workers can be assured that the department will take every precaution to safeguard their personal data. We are closely monitoring this matter as it develops, and we will determine our next steps as we learn more. In the meantime, DeKalb VRE team members will continue their preparations for Advance Voting, which begins on October 17.
Rest assured, personal information was never shared with the vendor, such as Social Security numbers or date of birth.”
While incorrectly stated in the memo, indeed our election workers’ personal information is at risk because in order to schedule the poll workers and communicate their work schedules, the DeKalb VRE office would have to store the PII in Konnech as DeKalb County does not issue work email addresses for poll workers. Additionally this information, inclusive of the aforementioned memo was communicated to our poll workers’ personal email addresses.
By continuing forward with the Konnech contract for election management, the DeKalb Board of Registration and Elections is exposing County taxpayers to extraordinary legal risks and financial liability if it cannot enforce the terms of its contract with Konnech. Furthermore, if PII belonging to election staff and poll monitors has been or could be transferred to China, as alleged in California, the risk and cost of a class action lawsuit could be devastating to DeKalb County’s finances. This represents a clear, avoidable and unnecessary risk to the County. Additionally in recent communications, it has been asked that the public-at-large to patience and to have trust in a vendor that has already misrepresented itself. While we do not know that magnitude of the data breach at this time, the Los Angeles County District Attorney George Gascón cites that under its $2.9 million, five-year contract with the county, Konnech was supposed to securely maintain the data and that only United States citizens and permanent residents have access to it.
As we continue to assess the situation, it is important for us to keep in mind that a similar contractual obligation is in place in DeKalb County but was allegedly violated in Los Angeles County. We also cannot ignore that Los Angeles County was Konnech’s flagship customer and touted its’ success in the DeKalb VRE’s Konnech proposal. So one has to ask whether their customer references were even verified before entering into an agreement with Konnech? We also have to consider that rather than sue Konnech in a civil court for a breach of contract, DA Gascón had Konnech’s CEO indicted by a grand jury, arrested and then extradited to California from Michigan with the cooperation of multiple law enforcement agencies.In nearly 30 years of being a technology and cyber security executive, I have never seen a CEO of a technology vendor arrested for a data breach, data theft or a breach of a contract for the aforementioned reasons. In most instances following a forensic investigation, there is a contract termination, endless class action lawsuits, fines, data breach notifications and financial reparations to those victims that have been harmed. With the arrest of Mr. Yu, Konnech’s future viability also comes into question.
To date despite numerous requests and verbal assurances, DeKalb County’s BVRE has failed to articulate what type of governance process is in place where a Chief Information Security Officer (CISO) or a CISO team can go straight to legal and/or the Board of Elections. As concerned citizens, we are respectfully asking for written answers to the following questions:
(1) As the DeKalb VRE has implemented Konnech, please confirm where our data has been stored and whether it has been protected and secured?
(2) Please provide a written plan on how the internet traffic has been monitored across platforms, products and the network.
(3) Ongoing, how is DeKalb County ensuring that Konnech’s contractual obligations to securely maintain and store the data resides in the continental United States citizens being enforced?
(3a) Are you using a Data Loss Prevention (DLP) program? If so, what solution?
(3b) Who has (Privileged Access Management – PAM rights)? If so and whom?
(4) How is Konnech being monitored for abnormal activity? And to date have there been any irregularities or data leakage? And how will this be reported to the residents of DeKalb County.
As DeKalb taxpayers and registered voters, we have every right to ask questions and ensure that there is proper due diligence with all of our technology vendors. We look forward to receiving your detailed responses.
As my original communications did not include condition of DeKalb’s Voter Rolls nor reference the recent voter challenges as well as the recruitment of our poll watchers, I will address your comments separately.
In closing, I would like to commend Mr. Lewis’ comments regarding the continuance of communicating my concerns to this board and the department leadership as well as encouraging others to participate. Regardless of political affiliations, citizens have a right to ask questions. The chairperson of the DeKalb BVRE (a public authority) has a responsibility and obligation to answer these questions and address our concerns...and not demean or attempt to silence those asking questions. If the DeKalb BVRE is truly committed to physical safety of its’ poll workers and its’ election staff than it should do the right thing and extend their cyber safety into the digital world and safeguard their PII by canceling the contract with Konnech. Thank you.