A report released by legislative auditors Friday says the State Board of Elections needlessly exposed the full Social Security numbers of almost 600,000 voters to potential hacking, risking theft of those voters’ identities. The determination that election officials did not fully protect voters’ personal information was one of several highly critical findings in the report. The audit also faulted state election officials’ handling of issues including ballot security, disaster preparedness, contracting and balancing its books. State lawmakers called for a hearing in response to the Office of Legislative Audits report, which prompted strong reaction from critics of the board and its longtime administrator, Linda H. Lamone.
“This audit is an A-to-Z criticism of the way the board operates,” said Michael Greenberger, director of the Center for Health and Homeland Security at the University of Maryland School of Law. He said the “damning” findings call for the establishment of an independent, bipartisan commission of computer experts to examine the board’s handling of information technology issues.
… Aviel Rubin, a computer science professor at Johns Hopkins University who has frequently sounded alarms about election security, said the report “exposes a lack of best practices in the area of securing personal voter data and protecting the information in their databases.”
“This report tells me that the [elections board] is way behind the high-tech industry in maintaining the availability and security of their information,” Rubin said. He said the board “needs to get its act together and catch up with best practices in the industry.”