Voter data security lapses call federal data protection, encryption practices into question

By Steve Brachmann
January 12, 2016

voter-id-binary-335Much of the data security world has been abuzz since a blog post at the digital privacy website DataBreaches.net reported the disconcerting news that the personal information of 191 million voters participating in U.S. elections going back to the year 2000 was made available on the Internet by a party who is yet unknown. These records include voter information which is requested at the time of registration, which in many cases includes home addresses, date of birth, telephone number and state voter identification. Making these voter records available online violates confidentiality restrictions on accessing records put in place by California and other states.

Although the database has since been taken down, this recent gaffe in voter record security highlights an issue that is becoming a growing concern as we inch closer to the 2016 U.S. presidential election. Despite some states mandating a higher level of security for access of voter records, this data is largely treated as publicly available information in the U.S. Campaign consultants and marketing firms often access voter data records, much of which is freely available, although this recent database offered much more highly concentrated data which ran afoul of state regulations on access.

Much of the voting technology used in America has been in use for about a decade or longer, spurred on in large part by passage of the Help America Vote Act of 2002, which was passed in response to the voting controversies of the 2000 presidential election. Cyber security risks have evolved greatly since then, however, and the American political system has found it difficult to keep up where voter data security is concerned. A May 2013 audit of the U.S. Election Assistance Commission (EAC), America’s clearinghouse for election administration information, found that the EAC had not employed effective encryption techniques for protecting data stored on employee computers, techniques which were mandated by Section 522 of the Consolidated Appropriations Act of 2005. The audit also found that backup tapes containing voter information and being sent off-site also weren’t being properly encrypted.

Although the database containing 191 million voter records has been receiving a greater deal of media focus, it isn’t the only voter record database not intended for Internet publication which has been found online in recent weeks. Another database containing the records of 18 million voters was discovered online around the same time as the larger breach. Fewer people may have been affected by this breach, but it’s been reported that these records include a greater amount of voter information including income level, occupation, recreational interests as well as their views on issues like religion or gun ownership.

Government data breaches leaking even more sensitive information, including Social Security numbers and bank account information, have continued in recent years, albeit at a slower clip; data breach information made available by the Privacy Rights Clearinghouse indicates that government data breaches of any kind have decreased from 103 attacks in 2010 down to 19 attacks in 2015.

The Author

Steve Brachmann

Steve Brachmann is a writer located in Buffalo, New York. He has worked professionally as a freelancer for more than seven years. He has become a regular contributor to IPWatchdog.com, writing about technology, innovation and is the primary author of the Companies We Follow series. His work has been published by The Buffalo News, The Hamburg Sun, USAToday.com, Chron.com, Motley Fool and OpenLettersMonthly.com. Steve also provides website copy and documents for various business clients.

Warning & Disclaimer: The pages, articles and comments on IPWatchdog.com do not constitute legal advice, nor do they create any attorney-client relationship. The articles published express the personal opinion and views of the author and should not be attributed to the author’s employer, clients or the sponsors of IPWatchdog.com. Read more.

Discuss this

There are currently 1 Comment comments.

  1. tim January 13, 2016 9:55 am

    Of course breaches have gone down. One doesn’t need to breach anything when some yahooo puts the info out there for anyone to see. Probably someone running for office had made this available. No less on a Home E-Mail System. A little something to ponder with breakfast?