Computer security experts have identified vulnerabilities in the voter registration databases in two states, raising concerns about the ability of hackers and others to disenfranchise voters. In the last five years, Maryland and Washington State have set up voter registration systems that make it easy for people to register to vote and update their address information online. The problem is that in both states, all the information required from voters to log in to the system is publicly available. It took The New York Times less than three minutes to track down the information online needed to update the registrations of several prominent executives in Washington State. Complete voter lists, which include a name, birth date, addresses and party affiliation, can be easily bought — and are, right now, in the hands of thousands of campaign volunteers.
Computer security experts and voting rights activists argue that a hacker could use that information to, say, change a person’s address online to ensure that the voter never receives a ballot in Washington, where voting is now done entirely by mail. In Maryland, hackers could ensure that a voter is not listed on the precinct register at a designated polling station. In that case, the voter would be redirected to another precinct, or asked to fill out a provisional ballot. In both cases, the person would not be able to vote in local, or possibly, Congressional races. But the real concern, critics say, is that large numbers of voters from one political party, or demographic, could have their information changed by automated computer programs. A program that could change tens of thousands of voter records at once, they say, would require only a dozen lines of code.
… “They could influence an election with 20,000 votes for less than a penny a head,” said J. Alex Halderman, one of the computer scientists who first discovered Washington’s loophole. “That would be a great return on investment for them.” … Last week, Mr. Halderman, David Jefferson, a computer scientist at Lawrence Livermore National Laboratories, and Barbara Simons, a retired IBM computer scientist, sent a letter to Washington and Maryland election officials with seven recommendations for security, including authenticating voters with nonpublic information like the last four digits of their Social Security numbers and setting up disaster plans that would let them shut down their systems during an attack.