Mexico: Second online leak exposes data for over 2 million Mexicans | Fusion

The personal information of more than 2 million Mexicans was found online last week by the same man who recently discovered a previous data breach exposing the voting registration records of 93.4 million Mexicans. Chris Vickery, an internet data-breach researcher for MacKeeper, told Fusion he found a new database with over 2 million entries through the search engine He said he found the database through a “random search,” similar to the one that previously lead to his March discovery of an open Amazon server hosting addresses, names and other personal information for more than 70% of Mexico’s population. Vickery said the new database was hosted on a server owned by U.S. company Digital Ocean, which offers online storage and transfer solutions to clients. Vickery says he again alerted Mexico’s electoral authority, INE, which launched an inquiry and confirmed that the voting registry for the northern state of Sinaloa had been exposed online. The database was taken down by Digital Ocean last Friday. The company did not immediately respond to Fusion’s request for comment. Mexican officials have launched an investigation into how the breach happened.

Mexico: Millions of Mexican voter records leaked to Amazon’s cloud, says infosec expert | Ars Technica

A leaked database containing the voting records of millions of Mexican voters has been discovered by a security researcher. Chris Vickery, who works for MacKeeper, said he first spotted the Mexican voters’ roll—containing the records of 87 million voters in Mexico—on April 14. Vickery told Ars that he found the database with Shodan, a search engine that can find pretty much anything connected to the Internet. “The search term that returned this database was just ‘port:27017’ (the default MongoDB port),” Vickery said. “There really was nothing special about the search terms. It was just a stroke of luck that I saw it and followed up.” He added that the database was not accessible over HTTP: “You had to use a MongoDB client, but all you needed was the IP address. There was nothing protecting it at all.”

Mexico: Mexico’s Entire Voter Database Was Leaked to the Internet | Gizmodo

Every modern presidential election is at least in part defined by the cool new media breakthrough of its moment. In 2000, there was email, and by golly was that a big change from the fax. The campaigns could get their messages in front of print and cable news reporters — who could still dominate the campaign narrative — at will, reducing what had been a 24-hour news cycle to an hourly one. The 2004 campaign was the year of the “Web log,” or blog, when mainstream reporters and campaigns officially began losing any control they may have had over political news. Anyone with a computer could weigh in with commentary, news and, often, searing criticism of mainstream reporters and politicians — “Media Gatekeepers be damned!” Then 2008: Facebook made it that much easier for campaigns to reach millions of people directly, further reducing the influence of newspaper, magazine and television journalists. In 2012, Twitter shrank the political news cycle to minutes if not seconds, exponentially adding to the churn of campaign news.

Georgia: Lawmakers want proof voter information has been secured after data breach | WSB

State lawmakers say they want more answers about the massive data breach involving millions of Georgia residents. Specifically: What steps organizations that mistakenly got our information took to secure it? From the beginning, the secretary of state has said the data on six million voters is secure. But now lawmakers want proof. … Kemps’ office told Channel 2’s Lori Geary they’re going back to the outlets that received the information to get written assurances no copies of the files exist. That’s not sitting well with Kemp’s critics. “All the pieces of ID theft are in that file. Your name, your birthdate, your Social Security number,” said state Rep. Scott Holcomb.

Florida: Randolph Calls on DOJ Probe into Florida’s Voter Registration System | WMFE

Susanna Randolph, one of the candidates running for Alan Grayson’s 9th district congressional seat, sent a letter today asking Attorney General Loretta Lynch to launch a Department of Justice probe into the state’s voter system. The request comes less than one month after an independent report by the state auditor general found flaws with the nine-year-old registration database. The audit found the system at risk of a security breach, citing unauthorized access to voter data by Department of State employees. It also labeled the system overdue for upgrades and a disaster recovery plan evaluation

Editorials: Here’s how to clean up messy voter rolls | Reid Wilson/The Washington Post

When Virginia’s Board of Elections said it would remove tens of thousands of names from its voter rolls this year, voting-rights advocates cried foul, and went to court. But while Republicans criticized Democrats for opening elections to fraud, and Democrats complained Republicans were disenfranchising thousands of voters, the spat brought up a very real concern states across the nation face: Voter rolls are messy, and someone has to clean them up. People move. People die. People get married and re-register under new names. Election administrators across the country face the tightrope of making sure their voter rolls are accurate while avoiding erasing a valid record. Seven states believe they have the answer: The Electronic Registration Information Center, or ERIC. Developed by the Pew Charitable Trusts and IBM, ERIC uses several databases to compare voters across state lines. The system compares voter list data with Department of Motor Vehicle records, Social Security Administration records, the Postal Service’s national change of address registry and other databases to match voters across state lines; if the system concludes with a high degree of confidence that a John Doe on one state’s voter roll is the same John Doe in another state, the record is flagged. “You match enough of [the data points] across records that you have a lot of confidence ,” said David Becker, Pew’s director of election initiatives. “It’s impossible for [states], based only on a name and birth date, to keep their lists up to date and identify when someone has died, for example.”

National: NCSL Launches Elections Administration Research Database | National Conference of State Legislatures

What is the impact of major court rulings on voter ID laws? How are states ensuring voter registration lists are accurate? Which new voting system designs are being developed for the marketplace? Finding these answers and other information about elections policy can quickly eat up the kind of time that a lawmaker, legislative staffer or elections administrator can hardly afford to spend. But that was life before the Elections Administration Research Database, a new tool launched today by the National Conference of State Legislatures. The database brings together more than 1,900 reports that, altogether, address a wide range of elections topics. It is supported by generous funding from The Pew Charitable Trusts.

Oregon: Oregon Secretary of State website breach cost taxpayers $177,000 | The Oregonian

The February breach of the Oregon Secretary of State’s website cost taxpayers about $176,662, including about $4,500 for meals and lodging to allow employees to work through a snowstorm. The breach was detected Feb. 4 and knocked the agency’s elections and business registry databases offline for nearly three weeks. The largest expense — about $72,450 — went to Virtual Security Research for “vulnerability testing,” according to cost figures obtained by The Oregonian through a public records request

Oregon: Secretary of State website breach: Database users asked to change passwords to personal accounts | OregonLive

The Oregon Secretary of State’s office has deleted all passwords for users of its business and elections databases after a breach of its website Feb. 4. Users are also asked to change their passwords to personal accounts if they used the same passwords for the Secretary of State’s Central Business Registry or ORESTAR, the state’s campaign finance reporting system. It’s unclear if the hackers accessed the passwords, but the agency is recommending that the passwords to personal accounts be changed as a precautionary measures, agency spokesman Tony Green said. “The investigation so far indicates that sensitive personal information was not compromised,” said an agency email sent Thursday night to database users.

Oregon: Internet voting study approved by Oregon Senate |

Despite concerns about ballot security, the Oregon Senate on Thursday approved 18 to 11 a bill to study the feasibility of Internet voting. Senate Bill 1515 would establish a work group to study the issue and submit a report to the Legislature by Dec. 1. The bill now goes to the House. Opponents brought up the botched rollout of the Cover Oregon health insurance exchange and this month’s data breach of the Oregon Secretary of State’s website that continues to keep elections and business databases offline. The record, they said, made them question the state’s technological ability to ensure ballot security.

Utah: Bill advances to prevent posting voter rolls online | The Salt Lake Tribune

The Senate passed a bill Tuesday aiming to prevent the online posting of personal information from Utah’s voter-registration rolls, but it still would allow access by political parties, journalists and researchers. Meanwhile, a tougher bill — which could allow voters to check a box to entirely cut off public access to their data on the rolls such as birth date, address, phone number and party affiliation — has been advancing in the House. The Senate voted 26-0 on Tuesday to pass SB36, the less restrictive bill by Sen. Karen Mayne, D-West Valley City, and sent it to the House.

Oregon: Secretary of State Kate Brown modifies elections rules as website breach keeps databases offline | OregonLive

Oregon Secretary of State Kate Brown on Friday made temporary changes to elections rules after a data breach last week continues to keep the state’s campaign finance database offline. Nobody will be fined for missing campaign finance reporting deadlines while the ORESTAR database is down, though final details will be announced when the system returns, a department press release said. A temporary rule will also allow Voters’ Pamphlet filings to be submitted by email until the outage ends. After the site is fixed, filings will need to be submitted through the regular online system, the release said.

Oregon: Frustrations mount as secretary of state databases remain offline after website breach | OregonLive

Frustrations are mounting more than a week after a breach of the Oregon secretary of state’s website caused elections and business databases to go offline. State officials say they’re still investigating how the intrusion from a foreign entity occurred and don’t know when the databases will return. The attack “appears to be an orchestrated intrusion from a foreign entity and not the result of any employee activities,” the agency reported on its website this week. The department’s Central Business Registry and ORESTAR, the state’s online campaign finance reporting system, were temporarily taken offline as a precaution after officials detected “an intrusion” around Feb. 4. Since then, business attorneys haven’t been able to look up existing business names, and campaign finance officials have not been able to report transactions.

Tennessee: Dueling Election Databases Make Tracking Difficult | Memphis Daily News

If ever the political axiom of needing a scorecard to keep up with the players applied to an election cycle, it would be the set of three elections in 2014 across Shelby County. The middle election of the three – the August ballot of county general elections and state and federal primary elections – is expected to be one of the longest in the county’s political history, if not the longest. But the two “scorecards” kept electronically by the Shelby County Election Commission don’t match up, making it hard to know who has a qualifying petition out and who has filed their petition, and even more difficult to know some of the basic information like a candidate’s address on their qualifying petition.

Oregon: Voter info for sale in Oregon | Statesman Journal

The Oregon Secretary of State’s Office has made nearly $90,000 off fees during the past five years by selling voter information to political parties or campaigns and, sometimes, to private corporations who turn around and sell the data for a profit. The state charges $500 for the database, which includes full names, addresses, phone numbers, date of birth, party registration and voter history. It does not include how anyone voted. The people who buy the database are not supposed to use it for commercial purposes, said Tony Green, a spokesman for Secretary of State Kate Brown. In fact, they must sign a form agreeing not to do so. Records show that many for-profit companies have purchased the entire database during the past five years.

Pakistan: Nadra develops electronic voting machine | The Nation (pk)

In the wake of ongoing thumb print verification controversy, National Database and Registration Authority (Nadra) has taken proactive initiative by developing electronic voting machine (EVM) solution proposed to be placed on all polling stations across the country. The Nadra claims that the system aims at ensuring transparency and rigging-free elections because each voter will be able to cast only one vote. An official press release issued by the authority says that electronic thumb verification of each voter shall be done at the respective polling station before casting the vote without the use of magnetized ink. The new EVM solution will incur only 40 per cent of total cost of magnetized ink that amounts to Rs 2.5 billion.

India: Biometric ID project faces court hurdle | PCWorld

A controversial biometric project in India, which could require people to produce their biometric IDs to collect government subsidies, has received a significant setback from the country’s Supreme Court. The court ruled this week in an interim order that people cannot be required to have the controversial Aadhaar identification to collect state subsidies, even as the Unique Identification Authority of India (UIDAI), the government agency that manages the project, has been trying to promote the Aadhaar number as proof of identity for a variety of services including banking. The UIDAI has said that the scheme is voluntary, but some states and agencies have attempted to link the identification to the implementation of programs such as cash subsidies for cooking gas that benefit even the middle and richer classes. “I signed up for Aadhaar only to ensure that I continue to get a gas cylinder at reasonable rates,” said an executive in Bangalore who had queued up a few months ago for an Aadhaar number. The state of Maharashtra, for example, aims to be the first state in the country to roll out Aadhaar-linked subsidy transfers to LPG (liquified petroleum gas) consumers across all the districts in the state. Pending a final order, the court ruled that “….no person should suffer for not getting the Adhaar card inspite of the fact that some authority had issued a circular making it mandatory….” UIDAI Chairman Nandan Nilekani did not immediately agree to discuss the court order.

Mali: First election since coup threatened by massive problems in voter list | Associated Press

Oumou Sangare is used to getting what she wants. Unlike most of the people lined up outside the election office here, the wife of Mali’s former ambassador to the United Nations is not accustomed to hearing the word ‘no.’ Yet that’s exactly what the elegant, middle-aged woman heard earlier this week after making her way to the front of the line of would-be voters who, due to a technical glitch, don’t appear on the voter list for the upcoming presidential election. Clutching her designer handbag, she stood on tiptoes in her petite heels, straining to peer through the open window of the election headquarters, where a clerk typed her name into a database. “I’m the wife of the ambassador,” she pleaded after the screen came back blank. “I’ve been voting for years,” she said. “Am I not going to be able to vote?”

Wyoming: Voting fraud reports, cases rare in state | Powell Tribune

Despite at least two pending cases, reports and prosecutions of illegal voting in Wyoming are rare, state and local elections officials say. By state Elections Director Peggy Nighswonger’s recollection, you’d have to go back to 2000 to find the previous cases. That was when a former small-town mayor tried voting in both Wyoming and Utah and when some Colorado residents, who owned property in Wyoming, tried voting in a municipal election, Nighswonger said. Because the cases generally are handled at the local level, Nighswonger said there may be other instances she’s unaware of. A search of Circuit Court records dating back more than a decade turned up no prior prosecutions of voter fraud in Park County prior to the recent charges against David D. Koch of Cody. Koch, 38, is facing four felony counts for allegedly registering to vote and then voting in 2010 and 2012 despite two 1996 felony convictions in Alaska.

Kenya: A Clear Definition of the IEBC Tech Failure | IEBC Tech Kenya

This information comes from members of a team that worked with the RTS system.  The following is in his words:

RTS As you stated – RTS was a slick design, it was a system that was to run on 339 servers across the country and over 33k phones and at least 26k users logged in to the production system. It was a shame that issues outside the main RTS software denied it the limelight. The visualization and transmission aspects were not part of the RTS system and thus the RTS system comprised of:
mobile phone software – a J2ME application
the web service processing the request – a Servlet running on Glassfish
Memcache to cache data that was not changing
the database – running on Mysql
All of which were based on tried and tested open technologies.
The Failure
The truth is that around 8PM Monday is that the /var partition on the provisioning server (running CentOS not Windows) got filled and thus the underlying RDBMS failed. It was a shame because there was so much space on that server but not in the correct (needed place). I can state that there was no hacking (nothing points to it).  I can also state that RTS was not creating files and thus the partition was not filled by RTS data but rather by Mysql binary logs that were being generated in situ due to database replication which was switch on. Thus this meant that if the provision server went down – no new logins and requests for candidate data for that polling station could not be serviced. However, those individuals who had logged in at least once before in accordance to the procedure were able to send results to the other servers that were up.  This explains the “slow down” experienced after the provisioning server went down.

Connecticut: Connecticut Working Out Voter Registration Computer Kinks | CT News

Last week, the Centralized Voter Registration system — a computer program that contains the names, addresses and party affiliation of all registered voters in the state — failed a stress test. Another test was conducted on Sunday and preliminary reports from the Secretary of the State’s office indicated that things went well. But the real test will come on Thursday when 100 registrars throughout the state will try to log onto the system at the same time and print out their voter lists or do other pre-election tasks. Mark Raymond, the state’s chief information officer, said last week that they were continuing to “fine tune” the system and believe that they would be able to ensure that the database is accessible in the lead-up to the Nov. 6 election. The deadline to register by mail is Oct. 23, but you can register in person until Oct. 30.

Colorado: Lack of evidence doesn’t stop Colorado from going after voter fraud |

Colorado Secretary of State Scott Gessler has been investigating voter fraud for over a year even though concern over ballots being cast by thousands of voters who aren’t U.S. citizens has been founded on myth, not math. “It’s created an atmosphere where voters, even ones who are entitled to vote, fear their registration may not be valid or that they’ll be challenged at the polls,” said Elena Nunez, executive director of Common Cause, a liberal group that has tangled with Gessler over election issues. More than a year ago Gessler said there could be in excess of 11,000 noncitizens registered to vote in Colorado. Earlier this month, the Republican Secretary of State announced that his office had found only 141 people who were noncitizens registered to vote out of 1,416 names run through a federal database, and of those 141, only 35 who had cast ballots. That number represents 0.001 percent of Colorado’s 3.5 million registered voters.

Louisiana: Secretary of State defends inactive-voter list |

Louisiana Secretary of State Tom Schedler is disputing Democratic allegations that state residents are being stripped from voting rolls without adequate notice. He said the state, as required by state and federal law, checks voting rolls against other databases and puts people who have moved outside their parishes on an inactive list. The state sends two separate postcards to the address listed on the voting rolls, allowing a voter who was incorrectly made inactive to correct the record and return to active voting status, Schedler said. Voters can also correct the record by filling out an online form. Even if inactive voters don’t respond to the postcards and show up to vote on Election Day, they can still cast ballots by certifying they still live at their original addresses.

National: New database of US voter fraud finds no evidence that photo ID laws are needed | News21

A new nationwide analysis of 2,068 alleged election-fraud cases since 2000 shows that while fraud has occurred, the rate is infinitesimal, and in-person voter impersonation on Election Day, which prompted 37 state legislatures to enact or consider tough voter ID laws, is virtually non-existent. In an exhaustive public records search, reporters from the investigative reporting projecdt News21 sent thousands of requests to elections officers in all 50 states, asking for every case of fraudulent activity including registration fraud, absentee ballot fraud, vote buying, false election counts, campaign fraud, casting an ineligible vote, voting twice, voter impersonation fraud and intimidation.

Click to search the national database of voter fraud cases compiled by News21.

Pennsylvania: The Startling Urban Dynamic in Pennsylvania’s Voter ID Law | The Atlantic Cities

Something big is happening in Philadelphia ahead of this fall’s presidential election – the first in the state since a stringent new Voter ID law was passed earlier this year – although people there concerned about it are having a maddeningly hard time putting their finger on the precise size of the problem. The city has just over 1 million registered voters. About 800,000 of them are considered “active.” “And about a third of them are on one of these two lists as potentially having ID problems,” says Tom Boyer. He’s a former journalist and computer scientist living in Philadelphia who has gotten involved in analyzing the potential impacts of Pennsylvania’s controversial law, which is now in the throes of a legal challenge. Boyer suspects that something historically bad could happen if the law isn’t overturned, and not enough people are talking about it. The Pennsylvania Department of State recently released two lists of the Pennsylvania residents whose state IDs have expired since last November (and thus can’t be used to verify their identity at the polls this fall), as well as a list of the active voters whose names don’t match up with the PennDOT database as currently having an ID. This second list is terribly sloppy (one database spells names like McCormack as “Mc Cormack,” and there’s all kinds of chaos with hyphens and apostrophes). But nonetheless, the best official data available suggests that as many as 280,000 voters in Philadelphia may need to get an ID between now and November to have their votes counted.

Tennessee: Shelby County Election Commission Admits Ballot Problems | Memphis Daily News

Challenges to the conduct of the Aug. 2 election may have reached a peak Tuesday, July 24. The Shelby County Election Commission admitted a “limited number” of voters in some precincts got early voting ballots that included the wrong district races. Their work on their voter database to include the new boundaries for state legislative and congressional districts approved in Nashville in February began just four days before the end of the early voting period in advance of the Aug. 2 election day. And sometime during the day Tuesday, City Attorney Herman Morris filed a lawsuit in Nashville Federal Court challenging state election officials on their decision not to honor photo library cards as a legal form of photo identification required by state law to vote. The lawsuit alleges violations of the U.S. Constitution including the equal protection clause.

Florida: State won’t release larger list of possible noncitizen voters | Tampa Bay Times

Gov. Rick Scott insists Florida’s voter rolls must be scrubbed carefully to remove any non-U.S. citizens, but his administration is keeping secret a list of more than 180,000 voters whose citizenship may be in question. Scott’s elections agency is refusing numerous requests from voter advocacy groups and news outlets to release the list, months after the state released an initial list targeting 2,625 potential noncitizens. Many people on the first list turned out to be citizens. The larger list has the potential to cause a bigger political controversy than the smaller one. “I want to be very careful,” said Scott’s chief elections official, Secretary of State Ken Detzner. “It’s individuals’ names on there, and I want to make sure that people are treated respectfully. I want to be abundantly cautious about that.”

Florida: 58 percent of voters targeted in Florida noncitizen hunt are Hispanic. Whites, GOP least likely to face purge | Miami Herald

Hispanic, Democratic and independent-minded voters are the most likely to be targeted in a state hunt to remove thousands of noncitizens from Florida’s voting rolls, a Miami Herald computer analysis of elections records has found. Whites and Republicans are disproportionately the least-likely to face the threat of removal, the analysis of a list of more than 2,600 potential noncitizens shows. The list was first compiled by the state and furnished to county election supervisors and then The Herald. The numbers change by the day. The state’s Division of Elections says it initially identified roughly 180,000 potential noncitizens by performing a search of a computer database that doesn’t have the most-updated information.

Texas: Attorney General accidentally released personal data in voter I.D. case | The Dallas Morning News

The state attorney general’s office accidently provided the Social Security numbers of Texas voters to opposing lawyers as part of a voter ID case, but none of the data leaked out, a top state attorney said Wednesday. The Social Security numbers were part of a database of 13.1 million Texas voters turned over to attorneys challenging a new law requiring voters to show state-issued photo identification. The list was supposed to include only the last four digits of the voters’ Social Security numbers, to allow groups to analyze whether the law would disproportionately keep minorities from voting. But when two groups opened encrypted discs supplied to them by the attorney general’s office, they discovered some entries included the full nine-digit number, said First Assistant Attorney General Daniel Hodge. The problem came about because the information was supplied by 254 county registrars using different forms over several decades and in some cases the full number was entered, he said.