Some Statewide Databases Lacking In Privacy Safeguards

By Mindy Moretti, electionline.org
August 10, 2006

Incidents could portend widespread 'compromised security'

This article was published in the electionline.org newsletter. It is reposted here with permission of the author.

When the Denver Election Commission (DEC) moved to new offices in February, a cabinet containing the registration information for 150,000 voters was left behind and ultimately disappeared.

Although the Commission has back-ups of the voter registrations from 1989 to 1995 that disappeared, the missing records contained everything from voters' names and Social Security numbers to birth dates, signatures and addresses, much of what an identity thief would need to cause havoc.

"We still don't have any reason to believe that it was, quote unquote stolen," Alton Dillard, commission spokesman told the Denver Post at the time. But given that the cabinet is missing, Dillard said, "we will be . letting them (voters) know that they probably ought to take that step of placing alerts on their accounts."

In early 2006, a Washington, D.C. television station conducted an investigation into the availability of personal information on voter records at the D.C. Board of Elections and Ethics. The investigation found that the personal information, including Social Security numbers of thousands of voters was easily available to the public. The station was even able to obtain the personal information of Mayor Anthony Williams and members of the city council.

The incidents, while unique to Denver and the District, demonstrated two ways in which voter information can be compromised. With the requirement for statewide, computerized voter registration databases - a federal mandate that took effect on January 1 of this year - maintaining vast voter records and controlling access to protect their personal information is becoming increasingly challenging.

Statewide registration lists allow access to voter records to large numbers of state and local employees, which could lead to unguarded data.

In June, Florida Auditor General William Monroe found that the state did not have enough controls in place to prevent unauthorized access to the state's voter registration database, including entry by former employees of local county election offices. "Without formal procedures for the periodic monitoring of actual access capabilities against what is authorized, the risk is increased that unauthorized access will not be identified and corrected in a timely manner," the report stated.

Even the best computer security system can be "compromised" by poorly-trained or unscrupulous workers - whether its unlocked doors in offices or security software holes, said Lillie Coney (pictured at left), associate director of the Electronic Privacy Information Center in testimony before the U.S. Election Assistance Commission last year.

In the District of Columbia, voter registration forms no longer require full Social Security numbers and the existing records have been altered to limit public view of personal information.

In Colorado, the voter records are still missing.

An investigation into the missing information is ongoing, but in the interim, Denver's election commission has determined that there is no reason to keep archival records on the premises. Once a full inventory of the records available has been conducted, the DEC will move all archival records to a vault at the Clerk and Recorder's Office.

Although these two incidents may be isolated, Coney said securing voter lists is an afterthought in many states. After all, voter records are public information. A recent electionline.org report found that many states have either no regulations regarding information privacy, or allow only victims of some crimes or law enforcement officials to have certain information kept confidential.

In 2004 there were reports of people calling voters saying that they were checking to be sure that they would be able to vote on Election Day and requested a voter's Social Security number. Coney said this is a social engineering attack that most likely done by ID thieves.

"If they would not put driver's license records online or sell them for other purposes, they should not use voter records in this way. They should have an Informatics expert to help create protocols and a system worthy of this democracy. Create penalties for misuse and abuse of voter information that are enforced," Coney said.

An added wrinkle to the security of voter identification is Section 303 of the Help America Vote Act which calls for the creation of the statewide voter registration databases. With statewide (and in some instances multi-state) lists instead of the personal information of one jurisdiction being compromised, the potential exists for millions of records to be compromised at one time.

Coney said some of the provisions of HAVA will prove hard to meet and keep a system secure at the same time. She noted that remote interactive access for local jurisdictions, allowing connection for verification purposes between other state agencies is a grave cause for concern over security.

"After reading the conditions set forth in HAVA," she said, "no one can think that a computer security, information assurance, or database expert had anything to do with drafting this law."