Master Cryptographic Keys Stored in Plain Text – Complete Tabulator Configuration and CVR Manipulation Enabled Without Detection (GA)

Forensic examination of the Dominion election database in Fulton County and multiple additional Georgia counties discovered that master cryptographic encryption keys – the core secrets protecting the integrity of tabulator configurations and Cast Vote Records (CVRs) – were stored unprotected in plain text within the election database files. A cryptographic key is only as secure as its storage: a key stored in plain text is, by definition, accessible to any person with database read access, which in these systems included vendor personnel, IT administrators, and anyone who exploited the open SQL Server port (port 1433, confirmed open to any IP address worldwide in the Mesa County forensic analysis of an identical system version). With the master cryptographic key, an attacker can: (1) decrypt and modify tabulator configuration files before or during an election; (2) alter Cast Vote Records without triggering integrity checks; and (3) reconfigure tabulators to shift vote allocations between candidates. Georgia’s entire statewide election infrastructure – 30,050 Ballot Marking Devices deployed across all 159 counties – used the same Dominion Democracy Suite platform where this vulnerability was documented. No public disclosure to voters, the legislature, or CISA was made before the 2020 election; CISA acknowledged nine Dominion vulnerabilities only in a June 2022 advisory, 22 months after Election Day.