If you’re not aware, there are government websites that allow you to change your voter registration details. Which definitely sounds convenient, but these websites are also apparently vulnerable to identity theft. Which, ultimately mean that these sites could be used to manipulate elections. This definitely sounds like something that we’ve discussed before. A team at Harvard found this out, when they took a closer look at these websites for 35 states and Washington, DC. They determined that the websites give hackers an extremely way to mess with election proceedings. Again, something we have seen recently. So why are all these websites so incredibly vulnerable?
You might recall, there were a number of voters in Riverside, California who found themselves unable to cast a ballot during primary day during the 2016 presidential election. Time published a follow up report that said that Russian hackers might have used Riverside as a test in order to determine what they might need to do to hack and rig the 2016 presidential election. What this means is that the hackers could easily change your addresses, or assign you to a different precinct. How exactly? The study’s co-author, Latanya Sweeney, used Delaware as an example. Here’s what she had to say:
“With Delaware, you have a choice. You can either provide the person’s name, date of birth, and zip code; or you can provide the person’s driver license number and date of birth. If you were playing the role of the attacker, the question is where could you get a Delaware voter’s zip code. And the answer is the Delaware voter list.”
What’s scary is that hackers can buy this information for $10. That’s probably less than what you spend on coffee, in a week. If they need additional information about you, they can also find it in some form on the dark web. I mean, this shouldn’t surprise you, considering how much data we give to companies. And frankly, how many cyber attacks that have happened recently.
Sweeney said that one of the few things preventing wide scale attacks on voter registration systems is Captcha, although that technology is becoming easier to attack. Of the 35 states studied, 10 of them kept a record of web access and change logs, so officials can actually go back to the old records to show that tampering actually happened. To ensure that this doesn’t happen in the future, the researchers are holding a workshop for state officials and their IT departments. The intent of this study is not to try to get rid of voter registration websites. But rather to push the conversation to be proactive.
I think that we are only seeing the tip of this ice burg. Not only are we are finding that more and more of these systems are vulnerable from a security perspective, but we are also finding out that these systems are being hacked. And now the information is available for anyone and their brother, literally. What I’m interested to know is whether or not this will give us more information about what happened during the presidential election in terms of hacking? And could this be used as evidence?
There are two things going on here. The first is the idea of cyber security, and I will leave that one alone for now. But the other things that is happening here is the issue of the hacks that took place during the 2016 presidential election. The study that was conducted demonstrates that there are gaps, and I’m happy to see that the folks at Harvard are going to educate State IT Departments. However, I still think that more should be done in order to ensure that these kinds of attacks are minimized. Perhaps that’s through legislation, or through better systems. I’m honestly not sure. But this is definitely a topic that hasn’t been resolved and needs more attention.