Digital Insurgency

Where Surveillance, Encryption & Privacy Collide

Recent news reports that the election databases in Arizona and Illinois have a whole lot of people up in arms, and have caused numerous publications that have precious little understanding of election systems to proclaim that the US election in November could be hacked. For instance, there is this from the Daily Signal:

“If it’s an organized effort, and someone hacks into a system and falsely registers bogus voters, you could hire a crew of people to vote multiple times under different names,” von Spakovsky told The Daily Signal. “That’s a problem for states with no voter ID laws. There is no way to prevent that.”

Guess what, there is nothing that prevents that currently. You can fill in a ton of false registrations in a state and hire a crew of people to vote multiple times. Yet it doesn’t happen. Just about every major study of voter fraud has found that when it does occur, it is a) generally on a very small scale and b) frequently caught. Why? Several reasons:

  • The sudden appearance of a large number of extra voter registrations would be noticed. Most states publish the number of registered voters publicly and there are people who look at the numbers, literally, on a daily or weekly basis to see how they have changed, and how the change tracks against changes over time. A sudden shift in the number would stand out.
  • The size of the “crew” required to throw an election is significant. Few states decide Presidential or Congressional elections by a few votes and rigging them is VERY difficult. The Florida results in 2000 are the rare exception, not the rule in Presidential elections. To swing a state like Ohio in 2004, you would have needed 60,000 votes. The size of the crew that could pull that off is so large it is unlikely that somebody wouldn’t brag about it to a friend. Occasionally you have a down ballot race for something like dog catcher that is decided by a handful of votes. Those are frequently fixed and very frequently caught.
  • The decentralization of American election systems would make a large scale hack almost impossible. Typically each county in a state is responsible for providing their own election systems. You vote, the aggregate vote from your precinct/ward/division is sent to the county election official, who then sends it along to the state. To “hack” an election in a single state, you may have to compromise dozens or even hundreds of individual polling systems in a state, and quite frequently a mix of different systems is in use. So you may have to compromise dozens of different types of machines. You could possibly hack the secretary of state’s central computer, but all the counties have to reconcile their votes, then meet with the state election officials to certify that what the state shows is correct. So the hack at the state would eventually be revealed.

The biggest threat to our election systems is not the hacking of an election, but the workaday hacking of our personal information. That, however, is something that threatens every major database – be it commercial, private or government. In just the last few years, an alphabet soup of government agencies has been hacked. The IRS, NSA, and OPM, to name just a few, compromised the personal information of millions of citizens. Corporate hacks on everything from Target to porn sites have resulted in even more.

Election agencies maintain huge databases of information about voters. In many states the use of a voter ID number is prohibited, so they often use your Social Security Number to identify you. When the database gets hacked, the attackers will often get your name, address, date of birth, driver’s license number and SSN. That’s all the ingredients needed for identity theft. What’s worse, is the leak of that information happens all to frequently.

A lawsuit filed this week revealed what Kemp said his office learned on Friday — that Social Security numbers, dates of birth and driver’s license numbers for 6.1 million registered voters was included in a voter file provided last month to 12 organizations.

That’s among the largest breaches affecting states, if not the largest, according to a timeline kept since 2005 by the Privacy Rights Clearinghouse. South Carolina in 2012 discovered that unencrypted data from tax returns was hacked from its Department of Revenue, affecting 3.8 million adults, 1.9 million dependents and 700,000 businesses.

Despite that danger not only existing, but coming to fruition, Georgia’s elections director refused help in securing their systems, claiming a fear that the federal government was using it to get their nose under the tent to take over elections.

The reality is there is precious little chance that elections can be hacked, unless and until we centralize and standardize our election systems. While some have called for that as a way to provide better oversight and protection, it is actually quite likely that would create worse problems. Instead, the real election reform we need as voters is the creation of a national voter ID number that could keep track of voters without compromising their social security and drivers license information. Many on both the left and the right oppose a voter ID number though for different reasons. The left is generally opposed to voter IDs because they feel they suppress minority and low-income voters. The right fears them as a way for government to track individuals’. Both are likely justified in those complaints.

However, we already have ID numbers that are frequently surrendered on registering to vote, but those IDs are tied to everything else we do in life, and our system, currently, is ill-equipped to protect them.

So sleep well tonight knowing that our election systems will likely keep our democracy safe, but not your personal information.

You Might Also Like

No Comments

Leave a Reply

No, Sharing Your Netflix Password Hasn’t Been Made Illegal

The FBI Gets Election Security, the NSA Clearly Doesn’t