A voting rights group and some of the nation’s leading researchers on election technology are urging Maryland voters to check the accuracy of their online voter registration files after warning that the data had been left vulnerable to tampering. Researchers at the University of Michigan, the Lawrence Livermore National Laboratory and a former president of the Association for Computing Machinery wrote to Maryland officials late last month urging them to take immediate steps to better protect a new system that allows Marylanders to update their voter registration online. The letter warned that anyone with access to a Maryland voter’s full name and birth date could exploit a simple online tool to change the voter’s address, party affiliation or other information. Such changes, especially a change of address, could lead to a voter’s ballot not being counted normally on Election Day.
… According to the researchers, the crux of the problem is that Maryland linked its voter registration files to the state’s database of driver’s license numbers. That move was designed to add a layer of security and to weed out suspicious voter files. But in Maryland, driver’s license numbers are derived from a resident’s name and birth date. Several Web sites can decode a driver’s license number using the latter two pieces of information. The researchers discovered Maryland’s problem after finding a similar vulnerability in Washington state’s new online voter registration system. “It means if you know someone’s full legal name and birth date, you know their driver’s license number and you have all the information needed to tamper with their voter registration,” said Rebecca Wilson, a chief elections judge in Prince George’s County and co-director of the nonprofit Save Our Votes. Wilson said that could be done easily in Maryland because the state sells voter rolls to campaigns seeking to canvass for votes.
Researchers said that with a relatively simple code, a computer attack could change the voter registration files of thousands of Maryland residents, and probably do so in a way that could avoid detection. “These problems leave the system open to large-scale, automated fraud, and make the Maryland system among the most vulnerable of all the states’ new online voter registration systems,” wrote Michigan professor J. Alex Halderman, Lawrence Livermore cybersecurity expert David R. Jefferson and former IBM researcher Barbara Simons.
Full Article: Maryland’s online voter registration vulnerable to attack, researchers say – The Washington Post.