Blogged from the road by Brad Friedman
Another stunning security breach has been exposed in our nation's electoral system, The BRAD BLOG has learned, as the online voter registration database --- containing the personal information of some 1.5 million voters in Chicago --- has been found to be vulnerable to both downloading and hacking.
The flawed electronic database which allowed the retrieval and modification of personal voter information --- including social security numbers and birthdates of Chicago voters --- was discovered recently by members of the Illinois Ballot Integrity Project (IBIP), a non-partisan group of Election Integrity advocates.
IBIP members say they were not only able to get full editing access to the online database, they also found they could modify the records for registered voters, setting them to inactive and otherwise changing addresses and other key information fields.
The ability to gain access and hack the system, said by IBIP to be covered on the front page of tomorrow's Chicago Sun-Times, was documented by the group on video-tape. (UPDATE 10/24/06: As promised, the Sun-Times story is now here...)
An exclusive version of that video-taped hack has been made available to The BRAD BLOG.
Cook County elections officials are said to be scrambling to plug the hole in what has become an ever-increasingly unsecured system of voting in America in light of new regulations, encouraging the use of electronic voting systems, and state-wide registration databases, as set forth by Congress's Help America Vote Act (HAVA) after the 2000 Election Debacle.
In a news release sent to The BRAD BLOG earlier today (complete release posted at the end of this article), Bob Wilson, the Cook County chair of IBIP, says that the vulnerability would allow a malicous hacker to change voter registration status for thousands of Chicago voters.
"For example, you could change the status of all the voters in a precinct to inactive after the registration deadline so that when one of those voters checked their online status they might believe they were ineligible and wouldn't attempt to vote," Wilson says.
"Or, you could change their polling place information," he added, "so they would show up at the wrong precinct on election day . . . the possibilities are nearly endless and could cause election day havoc."
The problem was discovered by IBIP weeks ago, and the group immediately notified the appropriate authorities. "We had hoped that the Chicago Board of Election Commissioners would take quick action to plug this hole, but apparently that's not the case," IBIP member Peter Zelchenko is quoted as saying.
He estimates it would have taken little more than five minutes to fix the problem originally, but late last week IBIP and Zelchenko became aware that the security breach was significantly more severe than first thought. The Board was immediately notified again and finally began taking action over the weekend to install a new web interface for the system.
Zelchenko, an information technology expert who originally discovered the flaw, says the latest alarming discovery underscores the vulnerability of our new electronic system of voting in America. As reported by the news release:
Since the vulnerability reportedly affects only the online version of the voter registration database, as opposed to the master copy, it is hoped that the damage may be controlled and that any tampering might now be minimized. Such tampering --- either the collection of personal information for political, or more nefarious purposes, or legally registered voters having their online records deleted or otherwise set as inactive --- may have already occurred before the problem was discovered.
Whether the problem has been corrected by now or not, the remarkable security breach may have already given some voters incorrect or misleading information concerning the status of their registration or the correct location of their polling place when checking the online system for information.
We'll try to update this story when new information is available from the Sun-Times as we continue to be on the road and are unable to keep up and/or follow-up as much as usual.
The complete news release from the Illinois Ballot Integrity Project follows in full...
UPDATE, Posted by John Gideon 4:45pm PT: ABC News has now picked-up this story...
UPDATE by Brad, 8:09pm PT: Though we gave this story to ABC, having spoken to them earlier today, they didn't see fit to credit us. And yet, we always give them proper attribution for their stories. Sigh...Still always the bridesmaid I guess.
UPDATE 9:34pm PT: Chicago Tribune reports (and attempts to slightly downplay, as expected from the conservative Trib) "Voter information open to hackers". Associated Press reports "Group says data vulnerable, election officials investigating".