Tag Archive

District of Columbia: D.C. makes it shockingly easy to snoop on your fellow voters | The Washington Post

A little-known law in the nation’s capital is leading to complaints over the way it lets anyone on the Internet find out D.C. voters’ names, addresses, voting history and political affiliations, with little more than a click or two. The political list, known as a voter file, was published on the D.C. Board of Elections’ website in the weeks leading up to Tuesday’s Democratic primary. It contains a complete record of every voter who is registered to vote in the contest, as well as whether the voter has cast a ballot in the six elections going back to 2012. The issue underscores a growing tension between the use of data in governance and the need to protect people’s privacy. Surveys by the Pew Research Center show that while most Americans approve of the use of data to evaluate a restaurant’s health and safety record, they are less comfortable when it comes to posting real-estate transactions or individuals’ mortgage data on the Internet.

Full Article: D.C. makes it shockingly easy to snoop on your fellow voters - The Washington Post.

Mexico: Second online leak exposes data for over 2 million Mexicans | Fusion

The personal information of more than 2 million Mexicans was found online last week by the same man who recently discovered a previous data breach exposing the voting registration records of 93.4 million Mexicans. Chris Vickery, an internet data-breach researcher for MacKeeper, told Fusion he found a new database with over 2 million entries through the search engine He said he found the database through a “random search,” similar to the one that previously lead to his March discovery of an open Amazon server hosting addresses, names and other personal information for more than 70% of Mexico’s population. Vickery said the new database was hosted on a server owned by U.S. company Digital Ocean, which offers online storage and transfer solutions to clients. Vickery says he again alerted Mexico’s electoral authority, INE, which launched an inquiry and confirmed that the voting registry for the northern state of Sinaloa had been exposed online. The database was taken down by Digital Ocean last Friday. The company did not immediately respond to Fusion’s request for comment. Mexican officials have launched an investigation into how the breach happened.

Full Article: Second online leak exposes data for over 2 million Mexicans | Fusion.

Mexico: Millions of Mexican voter records leaked to Amazon’s cloud, says infosec expert | Ars Technica

A leaked database containing the voting records of millions of Mexican voters has been discovered by a security researcher. Chris Vickery, who works for MacKeeper, said he first spotted the Mexican voters’ roll—containing the records of 87 million voters in Mexico—on April 14. Vickery told Ars that he found the database with Shodan, a search engine that can find pretty much anything connected to the Internet. “The search term that returned this database was just ‘port:27017’ (the default MongoDB port),” Vickery said. “There really was nothing special about the search terms. It was just a stroke of luck that I saw it and followed up.” He added that the database was not accessible over HTTP: “You had to use a MongoDB client, but all you needed was the IP address. There was nothing protecting it at all.”

Full Article: Millions of Mexican voter records leaked to Amazon’s cloud, says infosec expert | Ars Technica UK.

Mexico: Mexico’s Entire Voter Database Was Leaked to the Internet | Gizmodo

A database containing the personal information of millions Mexican voters was discovered online by a security researcher earlier this month on an unprotected server. The discovery represents a major breach in private information for upwards of 87 million Mexican voters. The database was discovered without even password protection by researcher Chris Vickery on April 14th, (who had previously uncovered breaches for Hello Kitty users and private medical data) who alerted Mexican authorities. The National Electoral Institute verified the list’s authenticity, and had it removed from the Amazon Web Servers it was discovered on.

Full Article: Mexico's Entire Voter Database Was Leaked to the Internet.

Georgia: Lawmakers want proof voter information has been secured after data breach | WSB

State lawmakers say they want more answers about the massive data breach involving millions of Georgia residents. Specifically: What steps organizations that mistakenly got our information took to secure it? From the beginning, the secretary of state has said the data on six million voters is secure. But now lawmakers want proof. … Kemps’ office told Channel 2’s Lori Geary they’re going back to the outlets that received the information to get written assurances no copies of the files exist. That’s not sitting well with Kemp’s critics. “All the pieces of ID theft are in that file. Your name, your birthdate, your Social Security number,” said state Rep. Scott Holcomb.

Full Article: Lawmakers want proof voter information has been secured after... |

Florida: Randolph Calls on DOJ Probe into Florida’s Voter Registration System | WMFE

Susanna Randolph, one of the candidates running for Alan Grayson’s 9th district congressional seat, sent a letter today asking Attorney General Loretta Lynch to launch a Department of Justice probe into the state’s voter system. The request comes less than one month after an independent report by the state auditor general found flaws with the nine-year-old registration database. The audit found the system at risk of a security breach, citing unauthorized access to voter data by Department of State employees. It also labeled the system overdue for upgrades and a disaster recovery plan evaluation.

Full Article: Randolph Calls on DOJ Probe into Florida’s Voter Registration System - 90.7 WMFE.

Editorials: Here’s how to clean up messy voter rolls | Reid Wilson/The Washington Post

When Virginia’s Board of Elections said it would remove tens of thousands of names from its voter rolls this year, voting-rights advocates cried foul, and went to court. But while Republicans criticized Democrats for opening elections to fraud, and Democrats complained Republicans were disenfranchising thousands of voters, the spat brought up a very real concern states across the nation face: Voter rolls are messy, and someone has to clean them up. People move. People die. People get married and re-register under new names. Election administrators across the country face the tightrope of making sure their voter rolls are accurate while avoiding erasing a valid record. Seven states believe they have the answer: The Electronic Registration Information Center, or ERIC. Developed by the Pew Charitable Trusts and IBM, ERIC uses several databases to compare voters across state lines. The system compares voter list data with Department of Motor Vehicle records, Social Security Administration records, the Postal Service’s national change of address registry and other databases to match voters across state lines; if the system concludes with a high degree of confidence that a John Doe on one state’s voter roll is the same John Doe in another state, the record is flagged. “You match enough of [the data points] across records that you have a lot of confidence ,” said David Becker, Pew’s director of election initiatives. “It’s impossible for [states], based only on a name and birth date, to keep their lists up to date and identify when someone has died, for example.”

Full Article: Here’s how to clean up messy voter rolls - The Washington Post.

National: NCSL Launches Elections Administration Research Database | National Conference of State Legislatures

What is the impact of major court rulings on voter ID laws? How are states ensuring voter registration lists are accurate? Which new voting system designs are being developed for the marketplace? Finding these answers and other information about elections policy can quickly eat up the kind of time that a lawmaker, legislative staffer or elections administrator can hardly afford to spend. But that was life before the Elections Administration Research Database, a new tool launched today by the National Conference of State Legislatures. The database brings together more than 1,900 reports that, altogether, address a wide range of elections topics. It is supported by generous funding from The Pew Charitable Trusts.

Full Article: NCSL Launches Elections Administration Research Database > National Conference of State Legislatures.

Oregon: Oregon Secretary of State website breach cost taxpayers $177,000 | The Oregonian

The February breach of the Oregon Secretary of State’s website cost taxpayers about $176,662, including about $4,500 for meals and lodging to allow employees to work through a snowstorm. The breach was detected Feb. 4 and knocked the agency’s elections and business registry databases offline for nearly three weeks. The largest expense — about $72,450 — went to Virtual Security Research for “vulnerability testing,” according to cost figures obtained by The Oregonian through a public records request.

Oregon: Secretary of State website breach: Database users asked to change passwords to personal accounts | OregonLive

The Oregon Secretary of State’s office has deleted all passwords for users of its business and elections databases after a breach of its website Feb. 4. Users are also asked to change their passwords to personal accounts if they used the same passwords for the Secretary of State’s Central Business Registry or ORESTAR, the state’s campaign finance reporting system. It’s unclear if the hackers accessed the passwords, but the agency is recommending that the passwords to personal accounts be changed as a precautionary measures, agency spokesman Tony Green said. “The investigation so far indicates that sensitive personal information was not compromised,” said an agency email sent Thursday night to database users.

Full Article: Oregon Secretary of State website breach: Database users asked to change passwords to personal accounts |

Oregon: Internet voting study approved by Oregon Senate |

Despite concerns about ballot security, the Oregon Senate on Thursday approved 18 to 11 a bill to study the feasibility of Internet voting. Senate Bill 1515 would establish a work group to study the issue and submit a report to the Legislature by Dec. 1. The bill now goes to the House. Opponents brought up the botched rollout of the Cover Oregon health insurance exchange and this month’s data breach of the Oregon Secretary of State’s website that continues to keep elections and business databases offline. The record, they said, made them question the state’s technological ability to ensure ballot security.

Full Article: Internet voting study approved by Oregon Senate |

Utah: Bill advances to prevent posting voter rolls online | The Salt Lake Tribune

The Senate passed a bill Tuesday aiming to prevent the online posting of personal information from Utah’s voter-registration rolls, but it still would allow access by political parties, journalists and researchers. Meanwhile, a tougher bill — which could allow voters to check a box to entirely cut off public access to their data on the rolls such as birth date, address, phone number and party affiliation — has been advancing in the House. The Senate voted 26-0 on Tuesday to pass SB36, the less restrictive bill by Sen. Karen Mayne, D-West Valley City, and sent it to the House.

Full Article: Utah bill advances to prevent posting voter rolls online | The Salt Lake Tribune.

Oregon: Secretary of State Kate Brown modifies elections rules as website breach keeps databases offline | OregonLive

Oregon Secretary of State Kate Brown on Friday made temporary changes to elections rules after a data breach last week continues to keep the state’s campaign finance database offline. Nobody will be fined for missing campaign finance reporting deadlines while the ORESTAR database is down, though final details will be announced when the system returns, a department press release said. A temporary rule will also allow Voters’ Pamphlet filings to be submitted by email until the outage ends. After the site is fixed, filings will need to be submitted through the regular online system, the release said.

Full Article: Oregon Secretary of State Kate Brown modifies elections rules as website breach keeps databases offline |

Oregon: Frustrations mount as secretary of state databases remain offline after website breach | OregonLive

Frustrations are mounting more than a week after a breach of the Oregon secretary of state’s website caused elections and business databases to go offline. State officials say they’re still investigating how the intrusion from a foreign entity occurred and don’t know when the databases will return. The attack “appears to be an orchestrated intrusion from a foreign entity and not the result of any employee activities,” the agency reported on its website this week. The department’s Central Business Registry and ORESTAR, the state’s online campaign finance reporting system, were temporarily taken offline as a precaution after officials detected “an intrusion” around Feb. 4. Since then, business attorneys haven’t been able to look up existing business names, and campaign finance officials have not been able to report transactions.

Full Article: Frustrations mount as Oregon secretary of state databases remain offline after website breach |

Tennessee: Dueling Election Databases Make Tracking Difficult | Memphis Daily News

If ever the political axiom of needing a scorecard to keep up with the players applied to an election cycle, it would be the set of three elections in 2014 across Shelby County. The middle election of the three – the August ballot of county general elections and state and federal primary elections – is expected to be one of the longest in the county’s political history, if not the longest. But the two “scorecards” kept electronically by the Shelby County Election Commission don’t match up, making it hard to know who has a qualifying petition out and who has filed their petition, and even more difficult to know some of the basic information like a candidate’s address on their qualifying petition.

Full Article: Dueling Election Databases Make Tracking Difficult - Memphis Daily News.

Oregon: Voter info for sale in Oregon | Statesman Journal

The Oregon Secretary of State’s Office has made nearly $90,000 off fees during the past five years by selling voter information to political parties or campaigns and, sometimes, to private corporations who turn around and sell the data for a profit. The state charges $500 for the database, which includes full names, addresses, phone numbers, date of birth, party registration and voter history. It does not include how anyone voted. The people who buy the database are not supposed to use it for commercial purposes, said Tony Green, a spokesman for Secretary of State Kate Brown. In fact, they must sign a form agreeing not to do so. Records show that many for-profit companies have purchased the entire database during the past five years.

Full Article: Voter info for sale in Oregon | Statesman Journal |

Pakistan: Nadra develops electronic voting machine | The Nation (pk)

In the wake of ongoing thumb print verification controversy, National Database and Registration Authority (Nadra) has taken proactive initiative by developing electronic voting machine (EVM) solution proposed to be placed on all polling stations across the country. The Nadra claims that the system aims at ensuring transparency and rigging-free elections because each voter will be able to cast only one vote. An official press release issued by the authority says that electronic thumb verification of each voter shall be done at the respective polling station before casting the vote without the use of magnetized ink. The new EVM solution will incur only 40 per cent of total cost of magnetized ink that amounts to Rs 2.5 billion.

Full Article: Nadra develops electronic voting machine.

India: Biometric ID project faces court hurdle | PCWorld

A controversial biometric project in India, which could require people to produce their biometric IDs to collect government subsidies, has received a significant setback from the country’s Supreme Court. The court ruled this week in an interim order that people cannot be required to have the controversial Aadhaar identification to collect state subsidies, even as the Unique Identification Authority of India (UIDAI), the government agency that manages the project, has been trying to promote the Aadhaar number as proof of identity for a variety of services including banking. The UIDAI has said that the scheme is voluntary, but some states and agencies have attempted to link the identification to the implementation of programs such as cash subsidies for cooking gas that benefit even the middle and richer classes. “I signed up for Aadhaar only to ensure that I continue to get a gas cylinder at reasonable rates,” said an executive in Bangalore who had queued up a few months ago for an Aadhaar number. The state of Maharashtra, for example, aims to be the first state in the country to roll out Aadhaar-linked subsidy transfers to LPG (liquified petroleum gas) consumers across all the districts in the state. Pending a final order, the court ruled that “….no person should suffer for not getting the Adhaar card inspite of the fact that some authority had issued a circular making it mandatory….” UIDAI Chairman Nandan Nilekani did not immediately agree to discuss the court order.

Full Article: Indian biometric ID project faces court hurdle | PCWorld.

Mali: First election since coup threatened by massive problems in voter list | Associated Press

Oumou Sangare is used to getting what she wants. Unlike most of the people lined up outside the election office here, the wife of Mali’s former ambassador to the United Nations is not accustomed to hearing the word ‘no.’ Yet that’s exactly what the elegant, middle-aged woman heard earlier this week after making her way to the front of the line of would-be voters who, due to a technical glitch, don’t appear on the voter list for the upcoming presidential election. Clutching her designer handbag, she stood on tiptoes in her petite heels, straining to peer through the open window of the election headquarters, where a clerk typed her name into a database. “I’m the wife of the ambassador,” she pleaded after the screen came back blank. “I’ve been voting for years,” she said. “Am I not going to be able to vote?”

Full Article: Mali's 1st election since coup threatened by massive problems in voter list.

Wyoming: Voting fraud reports, cases rare in state | Powell Tribune

Despite at least two pending cases, reports and prosecutions of illegal voting in Wyoming are rare, state and local elections officials say. By state Elections Director Peggy Nighswonger’s recollection, you’d have to go back to 2000 to find the previous cases. That was when a former small-town mayor tried voting in both Wyoming and Utah and when some Colorado residents, who owned property in Wyoming, tried voting in a municipal election, Nighswonger said. Because the cases generally are handled at the local level, Nighswonger said there may be other instances she’s unaware of. A search of Circuit Court records dating back more than a decade turned up no prior prosecutions of voter fraud in Park County prior to the recent charges against David D. Koch of Cody. Koch, 38, is facing four felony counts for allegedly registering to vote and then voting in 2010 and 2012 despite two 1996 felony convictions in Alaska.

Full Article: Voting fraud reports, cases rare in state.