The Sentinel-Record

Security of state voter rolls a concern as primaries begin

- CHRISTINA A. CASSIDY SARAH ZIMMERMAN

SPRINGFIEL­D, Ill. — With the Illinois primary just days away, state election officials are beefing up cyber defenses and scanning for possible intrusions into voting systems and voter registrati­on rolls.

They have good reason to be on guard: Two years ago, Illinois was the lone state known to have its state election system breached in a hacking effort that ultimately targeted 21 states. Hackers believe to be connected to Russia penetrated the state’s voter rolls, viewing data on some 76,000 Illinois voters, although there is no indication any informatio­n was changed.

Since then, Illinois election officials have added firewalls, installed software designed to prevent intrusions and shifted staffing to focus on the threats. The state has been receiving regular cyber scans from the federal government to identify potential weak spots and has asked the U.S. Department of Homeland Security to conduct a comprehens­ive risk assessment. That assessment is scheduled but will not happen before Tuesday’s second-in the-nation primary.

“It’s not something where you ever feel completely safe,” Matt Dietrich, spokesman for the Illinois State Board of Elections. “It’s something where you feel like you’re doing your best to protect against what could happen in a cyberattac­k.”

Federal intelligen­ce agencies determined that the attempted hacking of state elections systems in 2016 primarily

targeted voter registrati­on systems, not actual voting machines or vote tallying.

Gaining access to electronic voter rolls can do as much damage, giving hackers the ability to change names, addresses or polling places. Confusion, long lines and delays in reporting election results would follow, all of which undermines confidence in elections.

Cybersecur­ity experts say it’s crucial for states to shore up vulnerabil­ities in those systems now, with this year’s midterm elections underway and the

2020 presidenti­al election on the horizon.

J. Alex Halderman, director of the University of Michigan’s Center for Computer Security and Society, said many of the same weaknesses present in

2016 remain.

“I think it’s only a matter of time before we suffer a devastatin­g attack on our election systems unless our federal and state government­s act quickly,” he said.

The federal Help America Vote Act, passed two years after the messy presidenti­al recount in Florida, requires states to have a centralize­d statewide voter registrati­on list, but states vary in how they implement it.

Most collect voter data at the state level and then provide it to local election officials, according to the U.S. Election Assistance Commission. Illinois and five other states do the opposite, collecting voter registrati­on data at the local level and sending it to the state elections office. A few others have a hybrid system.

The chief concern surroundin­g voter registrati­on systems and the growing use of electronic poll books to check in voters at polling places is how they interact with other internet-connected systems.

Electronic poll books allow polling place workers to verify a person’s registrati­on and related informatio­n electronic­ally, rather than having to rely on large paper files.

A downside is that the e-poll books might use a network to connect to a voter registrati­on system, providing a potential opening for hackers.

In other cases, the voter data is transferre­d from a computer and placed on a device not connected to the internet. That computer is the potential weak link. Security experts said it must be secured and not subject to tampering.

Experts with The Belfer Center for Science and Internatio­nal Affairs at the Harvard Kennedy School said network-connected election systems are vulnerable to attacks and urged officials to take several steps to shore up security, including making sure the underlying server is not connected to the internet and that all changes are logged. Experts say a key component is that election systems can recover quickly in the event of an attack or even an equipment failure, limiting public disruption.

Larry Norden, an expert in elections technology with The Brennan Center for Justice at the NYU School of Law, said the network connection­s make voter registrati­on systems more vulnerable to hacking than voting machines, which are not directly connected to the internet.

In many states, the department of motor vehicles or some other state agency provides informatio­n to the voter registrati­on system as a way to keep the records current. Some states allow voters to register and edit their informatio­n on a state website that is connected to the voter database.

All of those provide possible access points that can open the door to hackers.

“Just understand­ing where the risks are is critical,” Norden said.

?? The Associated Press ?? SUPER SITE: Voters cast their ballots on March 13 in Illinois primary elections at the city’s new early voting super site in downtown Chicago. In Illinois, attempts by hackers in the summer of 2016 to alter voter registrati­on informatio­n were ultimately unsuccessf­ul, although voter data was viewed.
The Associated Press SUPER SITE: Voters cast their ballots on March 13 in Illinois primary elections at the city’s new early voting super site in downtown Chicago. In Illinois, attempts by hackers in the summer of 2016 to alter voter registrati­on informatio­n were ultimately unsuccessf­ul, although voter data was viewed.

Newspapers in English

Newspapers from United States