After this post was published, Brian Kemp won the primary. He will be the Republican candidate for governor.

Last week, when Donald Trump endorsed Brian Kemp over Casey Cagle in Georgia’s Republican-gubernatorial-primary runoff election—which takes place on Tuesday—it looked like the President was simply choosing the candidate who was running as the self-proclaimed “politically incorrect conservative.” But, in fact, there is very little political distance between Kemp, Georgia’s secretary of state, and Cagle, the lieutenant governor: both are avowed right-wing Christians who extol the blessed trinity of school choice, the elimination of abortion rights, and the primacy of the Second Amendment, and both are vocal supporters of Trump. They are so closely aligned politically that the New York Times called the President’s endorsement “unexpected.” And, though it’s possible that Trump split the difference by focussing on the candidates’ most significant policy disagreement—Kemp is a vociferous critic of the Affordable Care Act, and Cagle wants to expand Medicaid in Georgia—he also happened to endorse a candidate whose views on election hacking and Russian meddling most reflect his own.

This issue of election security became newly relevant for Georgia on July 13th, five days before Trump tweeted his endorsement of Kemp, when Robert Mueller, the special counsel, issued an indictment accusing twelve Russian military-intelligence officers of hacking the computers and e-mail accounts of Hillary Clinton’s campaign staff and Democratic Party operatives during the 2016 election. The indictment also revealed—for the first time—that the Russians had targeted county Web sites in Georgia, looking for election-related vulnerabilities. (The indictment said that the hackers also looked at county Web sites in Iowa and Florida.) In one sense, this was an unremarkable fact: the top cybersecurity official in the Department of Homeland Security, Jeanette Manfra, told Congress in April that Russians hackers had likely targeted every state’s systems in 2016. But, for the past two years, Kemp has been contemptuous of efforts by the D.H.S. to shore up election systems nationally. And, though not going so far as to say that Russian interference is “all a big hoax,” as Trump has, Kemp has been an outspoken advocate of not taking the whole thing so seriously.

In August, 2016, when the scope of the Russian hacking effort was becoming clear to President Obama—and as he and his advisers struggled to find a response that would not undermine the legitimacy of the upcoming elections, or provoke the Russians to do more damage, or appear to confirm Trump’s assertion that the election was rigged—Jeh Johnson, the Secretary of Homeland Security at the time, suggested designating the American election system as “critical infrastructure,” a category that includes bridges and the power grid. This designation would enable D.H.S. to offer cybersecurity support to individual states. And this inflamed Brian Kemp.

Labelling elections as critical infrastructure, Kemp declared, opened the door for the federal government to “subvert the Constitution to achieve the goal of federalizing elections under the guise of security.” Georgia is one of only five states that uses voting machines that create no paper record, and thus cannot be audited, and the Center for American Progress has given it a D grade for election security. But, when D.H.S. offered cybersecurity assistance, Kemp spoke out against it. (Georgia has since accepted some help from D.H.S.)

“It seems like now it’s just the D.C. media and the bureaucrats, because of the D.N.C. getting hacked—they now think our whole system is on the verge of disaster because some Russian’s going to tap into the voting system,” Kemp said at the time. “And that’s just not—I mean, anything is possible, but it is not probable at all, the way our systems are set up.”

And yet, as it turned out, that was exactly the way the system in Georgia was set up. We know this because, a few days before Kemp blasted the D.H.S. and dismissed the D.N.C. hack, a young security researcher in Georgia named Logan Lamb began poking around the Web site of Kennesaw State University’s Center for Election Systems, looking for vulnerabilities. The Center was under contract with the Georgia secretary of state’s office—Kemp’s office—to program and test all the voting machines in the state, train state election workers, and distribute the state’s electronic voter-registration database to the counties. With the entire state election system housed in one place, the Center was a high-value, potentially vulnerable target. Lamb, who worked for an Internet-security company called Bastille, wanted to find out how vulnerable.

On the Center’s Web site, Lamb quickly discovered a trove of unsecured files—fifteen gigabytes’ worth. Among the files were lists of passwords that would allow election workers to sign into a central server on Election Day, and the systems that prepared ballots and tabulated votes. He also found software for the state’s “poll books,” electronic databases that are often used to verify people’s eligibility to vote, as well as a security hole through which he could download the entire database of the state’s 6.7 million registered voters. The files had been publicly exposed for so long that they were cached on Google. He also saw that the Center had failed to fix a well-known glitch in its content-management system through which hackers could take control of the site. A patch for this issue had been publicly available for two years.

Having discovered all of this, Lamb alerted the Center’s executive director, Merle King, first by e-mail, and then by phone. According to a subsequent legal filing, King warned Lamb to keep quiet about the compromised server or risk being “crushed” by the politicians “downtown.” King also told Lamb that “the issues would be remediated.” Satisfied that he had done due diligence, Lamb walked away—temporarily. In February, 2017, he and another researcher, Chris Grayson, reinvestigated the case, and found that all the files Lamb had stumbled upon six months earlier still hadn’t been secured. And this time they also found information from the 2016 election and a training video that showed election workers how to download files from the Election Center Web site, put them on a memory card, and insert that card into their local voting machines. This is the same series of steps that would enable a hacker to install malware on a voting machine that is not connected to the Internet.

If Kemp did not know in August, 2016, that his state’s centralized, unauditable election system was vulnerable to hacking, and if he wasn’t aware from Lamb’s investigation that it was riddled with holes, any one of which could compromise an election, he certainly knew by March, 2017, when Lamb’s findings were made public. Georgia was three months away from the runoff in a special election to replace Congressman Tom Price, who had joined the Trump Administration as the Secretary of Health and Human Services. Grayson notified a professor at Kennesaw State, and the F.B.I. was called in—not to look into the state’s election system but to determine whether Lamb and Grayson had broken the law. (They hadn’t.) The F.B.I. then undertook a cursory investigation to see if anyone besides Lamb and Grayson had gained access to the system prior to the Presidential election.

It took F.B.I. investigators less than a month to determine that no other unauthorized persons had accessed the Center for Election Systems’ servers. This got the attention of more than a dozen computer-security researchers from, among other institutions, Yale, Stanford, M.I.T., Berkeley, Brown, and the Lawrence Livermore National Laboratory. In a letter written to Kemp on May 24, 2017, they pointed out that “a truly comprehensive, thorough and meaningful forensic computer security investigation likely would not be completed in just a few weeks, and it could take many months to know the extent of all vulnerabilities at KSU, if any have been exploited and if those exploits extended to the voting systems. Time and again cyber breaches are found to have been far more extensive than initially reported.” Then they asked Kemp to replace Georgia’s paperless voting machines with paper ballots and to implement post-election audits before the special election.