ATLANTA _ Brian Kemp, the Republican candidate for governor, had a problem. As did Brian Kemp, Georgia's secretary of state.
It was Nov. 3, a Saturday, 72 hours to Election Day. Virtually tied in the polls with Democrat Stacey Abrams, Kemp was in danger of becoming the first Georgia Republican to lose a statewide election since 2006. And, now, a new threat. The secretary of state's office had left its voter registration system exposed online, opening Kemp to criticism that he couldn't secure an election that featured him in the dual roles of candidate and overseer.
But by the next day, Kemp and his aides had devised one solution for both problems, an investigation by The Atlanta Journal-Constitution shows.
They publicly accused the Democratic Party of Georgia of trying to hack into the voter database in a failed attempt to steal the election. The announcement added last-minute drama to an already contentious campaign. More important, it also pre-empted scrutiny of the secretary of state's own missteps while initiating a highly unusual criminal investigation into his political rivals.
But no evidence supported the allegations against the Democrats at the time, and none has emerged in the six weeks since, the Journal-Constitution found. It appears unlikely that any crime occurred.
"There was no way a reasonable person would conclude this was an attempted attack," said Matthew Bernhard, a computer scientist at the University of Michigan who has consulted with plaintiffs in a lawsuit challenging Georgia's use of outdated touch-screen voting machines.
To reconstruct the campaign's final weekend, the Journal-Constitution interviewed more than 15 people _ computer security experts, political operatives, lawyers and others _ and reviewed court filings and other public records. That examination suggests Kemp and his aides used his elected office to protect his political campaign from a potentially devastating embarrassment.
Their unsubstantiated claims came at a pivotal moment, as voters were making their final decisions in an election that had attracted intense national attention.
The race seemed to turn on whether rapid demographic changes _ coupled with dislike of Kemp's most prominent supporter, President Donald Trump _ would help break the Republicans' hold on political power in Georgia. Kemp was a typical Georgia Republican standard bearer: conservative, business-oriented, an abortion-rights opponent and a gun-rights advocate. Abrams was different: the first African-American and the first woman nominated for the state's highest office, an unapologetic progressive appealing to young and minority voters who felt disenfranchised.
Ultimately, Kemp won with 50.2 percent of the nearly 4 million votes cast. In Georgia's closest race for governor since 1968, any voters swayed by a purported Democratic cyberattack could have tipped the election.
The episode highlighted the inherent conflicts that Kemp straddled throughout this election. He rejected calls to resign as secretary of state or to step away from election-related duties, despite concerns that he could use his elected office to his campaign's advantage. When he assigned his own staff to investigate his opponents, Democrats say, Kemp proved their point.
"He was doing anything he could do to win," said Rebecca DeHart, executive director of the Democratic Party of Georgia. "It was an extraordinary abuse of power."
In his only public statement on the investigation, Kemp said his office handled the case like any other. "Because I can assure you if I hadn't done anything and the story came out that something was going on, you'd be going, 'Why didn't you act?'" Kemp said on the election's eve.
"I'm not worried about how it looks," he said. "I'm doing my job."
The secretary of state's office declined to release documents concerning its investigation, including more than 80 internal emails from the weekend before Election Day. The agency said that because its lawyers were part of the email chains, the documents were subject to attorney-client privilege.
Candice Broce, a spokeswoman for the secretary of state's office, said in an email Thursday that the agency notified law enforcement after "expert cybersecurity vendors" analyzed the alleged intrusion. She did not identify the vendors.
"Their unanimous opinion was that ... someone had spent a great deal of time and effort, utilizing specialized equipment, to attempt to infiltrate the secretary of state's systems and that this attempt was potentially illegal," Broce wrote. Unlike in earlier statements, she did not allege involvement by the Democrats.
However, Richard DeMillo, the Charlotte B. and Roger C. Warren Chair in Computer Science at Georgia Tech, said accessing unsecured files required no sophisticated skills or knowledge.
"There are millions of people who know how to do this," he said _ for instance, anyone with the book "Cybersecurity for Dummies."
Announcing an investigation before compiling evidence was, DeMillo said, "a knee jerk, defensive reaction on the part of people who don't know what's going on with their own systems."
That reaction was consistent with how Kemp handled other computer security issues, real and imagined.
"The pattern," DeMillo said, "has been to either ignore or to attack the person who exposed the vulnerability."
