Cast ballot for tighter security on voter data

U.S. should always think of election websites as critical infrastructure to be protected

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

The FBI has issued a warn­ing that state board of elec­tion web­sites are being tar­get­ed by hack­ers, and in at least one case, vot­er data has been stolen. Yahoo News reporter Michael Isikoff first wrote about the attack and post­ed the FBI warn­ing online (against the FBI’s wish­es).

Clear­ly the FBI is tak­ing it seri­ous­ly. The agency has warned oth­ers states to scan their logs for attacks and offered to help them secure their sys­tems just a few months before a major nation­al elec­tion.

Relat­ed sto­ry: Trump is spam­mers’ best friend

As with all such hack­ing sto­ries, it’s always chal­leng­ing to put the scare into per­spec­tive, how­ev­er.

Isikoff reported—outside of the bulletin—that the state of Illi­nois’ sys­tem was suc­cess­ful­ly attacked and hack­ers stole data on 200,000 res­i­dents through the state’s vot­er reg­is­tra­tion sys­tem.

On the sur­face, it’s not that scary, though it sounds like it. Vot­er reg­is­tra­tion records are for sale in most places. And they have found their way online before. A report last Decem­ber described the expo­sure of 190 mil­lion vot­er records.

Many states now have “check your vot­ing reg­is­tra­tion record” por­tals online. All I need­ed was a name and a birth­day to find mine, so that’s eas­i­ly “hack­able.” But all you get when you “hack” me is my street address and a list of elec­tions I’ve vot­ed in (not who I’ve vot­ed for, just when I vot­ed.)

So “hack­ing” a few hun­dred thou­sand such records isn’t that scary.

On the oth­er hand, there could very well be more going on. For starters, the notion that some­one is prob­ing state elec­tion web­sites for holes is scary enough, let alone find­ing holes. Maybe it’s some­one just look­ing for birth­days. But it’s easy to imag­ine it’s some­one look­ing to use those com­put­ers as a jump­ing-off point—to esca­late priv­i­leges.

It’s not hard to con­jure the pos­si­bil­i­ty that a hack­er could impact votes them­selves, and pos­si­bly change an elec­tion out­come. You might imag­ine a hack­er esca­lat­ing from board of elec­tions servers to vote tab­u­la­tion machines. That’s a pret­ty big leap, how­ev­er. Very few states use elec­tron­ic vot­ing machines, so paper records are avail­able to dou­ble-check elec­tion results.

More alarm­ing, how­ev­er, is the servers those board of elec­tions com­put­ers talk to. In most states, vot­ers can be required to pro­vide some kind of authen­ti­ca­tion doc­u­ment, like a driver’s license. How are licens­es squared with vot­er records? The data­bas­es have to talk some­how. And that’s where you can start to imag­ine all kinds of chaos. Can board of elec­tions hack­ers find their way to driver’s license num­bers? Pho­tographs? Oth­er data that would be a trea­sure to ID thieves?

For guid­ance on this, I turned to Har­ri Hursti and Mag­gie MacAlpine. The duo rou­tine­ly per­form audits on vot­ing sys­tems in the Unit­ed States and around the world. Hursti also is the cre­ator of the famous “Hursti Hack,” which was the first doc­u­ment­ed attack on Diebold elec­tron­ic vot­ing machines that man­aged to actu­al­ly change votes.

For starters, both con­firmed that in states they’ve audit­ed, vot­er reg­is­tra­tion lists main­tained by states could con­tain data beyond what’s typ­i­cal­ly con­sid­ered vot­er reg­is­tra­tion data—name, address and par­ty affil­i­a­tion.

MacAlpine offered up this list of poten­tial hav­oc hack­ers could accom­plish with stolen reg­is­tra­tion data:

• Wipe vot­ers in order to cause hav­oc

• Send peo­ple to imper­son­ate vot­ers

• Wipe peo­ple strate­gi­cal­ly

• Intim­i­date vot­ers if they’ve got the “wrong” vot­ing record

• Engen­der dis­trust in the demo­c­ra­t­ic sys­tems’ abil­i­ty to pro­tect people’s infor­ma­tion. Peo­ple may choose not to reg­is­ter or main­tain their reg­is­tra­tion if this became a wide­spread threat.

Hursti adds that even a small theft could cause chaos in a spe­cif­ic vot­ing area. “With 200,000 records you can throw an elec­tion into chaos,” he said.

But he was even more wor­ried about an often-over­looked attack plan—adding records. Cre­at­ing fake vot­ers. “Is there a field in this data­base where you can insert records?” he asked. “Peo­ple are always look­ing at what is stolen, but some­times you steal things to dis­tract peo­ple from what you are adding.”

There are plen­ty of steps in the U.S. elec­tion process—clunky as it is—that would mit­i­gate such an attack. Should vot­ers be erased from reg­is­tra­tion records, they can still fill out pro­vi­sion­al bal­lots at polling places, for exam­ple. So again, it’s impor­tant to tem­per the fear here.

To answer the ques­tion still hanging—it would be dif­fi­cult for Russ­ian hack­ers to flat-out steal a pres­i­den­tial elec­tion elec­tron­i­cal­ly. (It would be much eas­i­er in an elec­tion like 2000, where a few votes in pre­dictable places could cause a swing. But those prob­lems go far beyond Russ­ian hack­ers, as I’m sure you know.)

On the oth­er hand, it’s not hard to imag­ine a local elec­tion being wrecked by hack­ers, and already-skep­ti­cal vot­ers becom­ing even more dis­il­lu­sioned with our demo­c­ra­t­ic process, which might be the biggest hack of all.

That’s why MacAlpine says this inci­dent is an impor­tant reminder that the Unit­ed States needs to invest a lot more in elec­tion integri­ty.

This rein­forces the impor­tance of treat­ing vot­ing as crit­i­cal infra­struc­ture,” she said. “There are small coun­ties where they would nev­er dis­cov­er this kind of attack. They don’t have infra­struc­ture or bud­get to do a cyber audit. We only care about this because it’s a pres­i­den­tial elec­tion year. But we can’t care about elec­tri­on secu­ri­ty only once every four years.”

More sto­ries relat­ed to elec­tions and hack­ing:
Nov­el rais­es ques­tion of whether elec­tion could be hacked
How hack­ers could influ­ence the pres­i­den­tial elec­tion
Your cam­paign con­tri­bu­tion could expose you to iden­ti­ty theft


Posted in Data Privacy, Data Security, Featured Story