The Post’s Aaron Davis reports on a group of technology experts who warned Maryland elections officials last month that the state’s online voter registration system is vulnerable to mischief. Among other things, they warned that wrongdoers with as little as a voter’s full name and birth date could change his or her address or party affiliation. Maryland officials responded that they believed such hacking would be highly unlikely, but the warnings should give some pause to D.C. Council member Tommy Wells (D-Ward 6), who wants to allow D.C. residents to register to vote or change their registration data online. (Currently, you can go to the Board of Elections Web site and create a pre-filled form, but you still have to print it out, put it in a stamped envelope and drop it in the mail.)
The Maryland vulnerability hinged on the fact that the state’s driver ID numbers, which are what the system uses to authenticate registrants, can be derived from a name and birth date. It’s certainly possible to design a system that does not share that vulnerability, but the Maryland incident shows how these systems must be designed with care to protect election integrity. Incidentally, one of the scientists involved in the Maryland warning is familiar to D.C. election officials: J. Alex Halderman of the University of Michigan is the fellow who hacked the city’s trial of online absentee balloting for overseas voters back in 2010, leading to the demise of that effort.