The Washington Post reports that the Maryland governor’s bill to expand early voting has a provision for electronic voting that lacks safe guards. In addition to fraud, the provisions could pose cybersecurity threats as well:
The provision, sought for more than a year by Maryland’s State Board of Elections, would allow any Marylander to receive a password by e-mail to download and mark a ballot at home before mailing it back to elections officials. But the problem, critics warn, is that the e-mail system lacks basic protections and there would be no signature verification or other means to ensure that the person for whom the ballot is intended is actually the person who casts it.
Experts have also warned that the proposed online ballot delivery system could be hacked on a massive scale because of a second and related vulnerability that still exists with the state’s new online voter registration system.
Maryland residents can register to vote online with a driver’s license number. But in Maryland, that number is a formula of a resident’s name and birth date that can be found online.
Rebecca Wilson, co-director of the nonprofit SAVE Our Votes, testified before state lawmakers Thursday that any hacker who pays $125 for Maryland’s publicly available database of voter records and who is adept at scouring Facebook or other social media sites for birthdays could easily assume voters’ identities and compromise a state election.
“By taking the voter history file, it’s pretty easy to see who votes and who doesn’t. A hacker could target those who don’t vote and request absentee ballots on the behalf of tens of thousands, and there would be no way for the State Board of Elections to determine that,” said Wilson, a chief elections judge in Prince George’s County.
Asked by lawmakers about such a scenario, Ross K. Goldstein, deputy administrator of the elections board, acknowledged an ongoing vulnerability in the state’s new online voter registration system because of its reliance on driver’s license numbers.
But he said the board was monitoring the system for suspicious behavior and in coming months would begin requiring registrants to answer additional questions with personal information to confirm their identities before creating or altering a voter registration file.