Indiana's Voter Registration Data Is Frighteningly Insecure

You can edit anyone's information you want:

The question, boiled down, was haunting: Want to see how easy it would be to get into someone's voter registration and make changes to it? The offer from Steve Klink -- a Lafayette-based public consultant who works mainly with Indiana public school districts -- was to use my voter registration record as a case study.

Only with my permission, of course.

"I will not require any information from you," he texted. "Which is the problem."

Turns out he didn't need anything from me. He sent screenshots of every step along the way, as he navigated from the "Update My Voter Registration" tab at the Indiana Statewide Voter Registration System maintained since 2010 at www.indianavoters.com to the blank screen that cleared the way for changes to my name, address, age and more.

The only magic involved was my driver's license number, one of two log-in options to make changes online. And that was contained in a copy of every county's voter database, a public record already in the hands of political parties, campaigns, media and, according to Indiana open access laws, just about anyone who wants the beefy spreadsheet.

Posted on October 11, 2016 at 2:04 PM • 32 Comments

Comments

k15October 11, 2016 3:31 PM

Why do states have no 'red team'? Do we have a competence problem? an integrity problem? something else?
In hindsight, how would we have kept it from getting this 'troubled'?

John Wayne's Evil TwinOctober 11, 2016 3:48 PM

"Hackers penetrate state election systems!"

Oh, you mean that vital lynchpin of democracy that, in my state, currently lists among their "registered voters" the 9 -- NINE! -- "people" "living" in the 2BR/1BA suburban house across the street from me?

(You say you want a little bonus goodness with that? Two of them are well under the legal age to vote; one has been dead now for over 12 years; one is doing a state stretch for multiple attempted murders. That's OK, though. The rest are all too busy selling dope from the front porch and running welfare scams to get off their 300-pound asses on election day and cancel out my "sacred" "right".)

It doesn't matter whether you vote with super-crypto'd megamachines or scratch your X on a squirrel hide with a charred stick, IF THE WHOLE VOTE-CASTING SYSTEM IS PERCHED ON TOP OF A MALIGNANT TUMOR.

BTW, as far as driver license numbers go, many states's issuance algorithms are such a joke that 3-7 kb of client-side vanilla JS and a local HTML form will let you input full name, DOB and gender and spit out the actual license/ID number. Then you can go online and check "your" driver license data by entering "your" "secret" DL/ID number.

But don't worry, someone will appoint a special prosecutor to form a factfinding committee to commission a study of the problem and then they'll "vote" on the "best" solution.

And you wondered why you now have a "choice" of handing the launch codes over to either Monty Burns or one of the Stepford Wives?

Standard ArgumentOctober 11, 2016 4:14 PM

We can't change it because that would be (?:racist|sexist|pushing grandma over a cliff|extremist|homophobic|islamophobic|elitist|fascist).

CallMeLateForSupperOctober 11, 2016 4:22 PM

In case some readers here missed the irony, the governor of Indiana is also the Republican candidate for vice-president.

GomezOctober 11, 2016 4:27 PM

Just in case anyone thinks Voter ID laws are what we need to solve this (*cough* Standard Argument *cough*), these are security issues which happen AFTER voters are registered.

So, no, you don't have to be a racist/fascist to change it, you have to be a racist/fascist to want to change it in such a way that it excludes certain demographics.

Fedd UppOctober 11, 2016 5:55 PM

I am cynical enough to think sly politicians want it this way. Makes it easier to buy an election if you can cook the vote. Just hire the right hacker.

Nothing to See HereOctober 11, 2016 6:42 PM

“To my knowledge, I’ve not heard of anyone getting to do that in the online system,” Warycha said. “The driver’s license is the safeguard there, and we don’t have evidence that that isn’t working.”

Joe StalinOctober 11, 2016 6:43 PM

So is this part of the "Rusky Election Hacking" that you were so het up about?
The Rusky Menace will change your voting registration?

More likely the Republicans or Democrats will, along with absentee ballot fraud, spoiling absentee ballots, lack of polling places for opponents, moving polls to confuse voters, tossing "provisional ballots", mass voter challenges with Republican Sec. of State, electronic counting fraud, etc.

Boris and Natasha have come up with better ideas to take over the country.

MA ResidentOctober 11, 2016 8:24 PM

Just updated my voter registration in MA. All I needed was my driver's license number. Now, I'm just checking to see if it's easy to find online.

Seems like this problem isn't limited to Indiana...

ALexOctober 11, 2016 9:05 PM

I question the idea of letting the average person vote, they know little about the issues and are entirely swayed by personality and appearances.

If you doubt this, look at your choices for president.

RIPOctober 11, 2016 9:47 PM

@ALex

What's the "better" alternative? Dictatorship? Or do you have something else in mind... Please enlighten :)

WillOctober 12, 2016 12:22 AM

What happens if someone gets in and corrupts the entire data one second before the voting stations open?

Will we be stuck with a state where nobody can actually successfully vote?

Can anyone hazard an informed guess as to how big a deal this is?

Peter GalbavyOctober 12, 2016 2:36 AM

In the UK, at least in my local council area, they send a form annually asking you to confirm or change voter details - it used to be per household but now it is per registered voter - and the form has two apparently random (and we know how much fun that could be) "security codes" printed next to each other and you have to input the two numbers into the web page or phone system separately. But they are printed on the same page, next to each other. Still don't understand the logic.

First TuesdayOctober 12, 2016 3:39 AM

...export ciphers (RC4), broken transport (SSL3), actual MiTM vulnerability (Poodle) and *not one* "hardening" measure, is a significant achievement these times, but... according to Donald Trump, "maybe there is no hacking" :-)

The Indiana Voters system looks like not being audited for a long time (as several other .gov sites: the overview at goo.gl/yWQlp0 is not changed much from January 2016)

https://www.ssllabs.com/ssltest/analyze.html?d=indianavoters.in.gov

KicksOctober 12, 2016 5:25 AM

"Edit" is misleading, and the linked article is sensationalist. You can submit an application to update or register the voter information for any DLN, but the update isn't live and most likely involves human (yes, real bureaucratic rubber stamps) action. The fields of the update form are blank, so unless you know the corresponding name, DOB, and address, an update to any of those fields will look suspicious in the application, which a simple DMV cross check can validate. Yes, if you know someone's DLN, name, DOB, and address, you can (submit an application to) modify any of those fields in their registration, but if I had your DLN, name, DOB, and address, there'd be plenty worse I could already do.

Frank WilhoitOctober 12, 2016 5:29 AM

This is what the "Singularity" is really going to be: when technology has to be abandoned because no one knows how to build or use it and the stakes get too high.

Wendy M. GrossmanOctober 12, 2016 6:24 AM

For many years, I have voted absentee in NY state. A few years ago, they asked if I'd like to vote by email. I gave them my email address - to which they send an invitation each time to use some system I've never tried - but asked to stay on the postal ballot system.

The usefulness of this turns out to be that when my ballot is received they email me to say they've got it. This is a definite improvement over the old system, which was silence. First good thing I've been able to say about new technology in voting.

wg

Snarki, child of LokiOctober 12, 2016 7:28 AM

It would be TERRIBLE, really TERRIBLE if some vile haxx0r were to change Gov. Pence's voter registration to "American Nazi Partei" and change the age field to "3".

TERRIBLE.

Yet hilarious. And somehow, apropos.

paulOctober 12, 2016 8:15 AM

So a script kiddie could go in and change the address field for a subset of people and make it not match their required Photo ID. How interesting.

David LeppikOctober 12, 2016 10:39 AM

As @Kicks mentioned, the article only says you can submit changes in an online form. It's not clear what happens after that, e.g. if there is human intervention. If so, somebody would notice if a zillion changes came in. And they wouldn't have the staff to handle all the changes!

The bigger question is what happens if there is a change. If you go to vote, and you are listed as being in some other district, do you get to cast a provisional ballot? Or do they fix it right then and there, especially if you have an ID that matches your face and lists your current address? Or do they turn you away?

Finally, according to the article, the penalty for fraud is $10,000 and 2.5 years in jail. If you try to throw the election this way and get caught, you'll end up with life in prison and more debt than Donald Trump.

CallMeLateForSupperOctober 12, 2016 10:54 AM

“The driver’s license is the safeguard there, and we don’t have evidence that that isn’t working.”

Actually, either a driver's license or a state-issued ID is accepted. Each citizen decides which she will use.

But neither form of ID is an effective "safeguard" in online activity IF (as is claimed in the article) the entire voter registration database - which contains every registrant's ID credential - is available to anyone and everyone.

I spent a few minutes searching for Indiana's voter registration database but came up empty. Of course, that's not "evidence that it isn't" out there.

RichardOctober 12, 2016 11:36 AM

@CallMeLateForSupper

I thought they said it wasn't the voter registration database, but the drivers license number database, that was publicly available... It's the classic one department uses some (somewhat not-well-known) information as "secret information" and then another separate department (who actually generated that information) publishing that information publicly because it was never meant to be secret in the first place...

@David Leppik

Yeah, because prison has completely stopped all crime. It NEVER happens in this country! It just can't! immmm-possible!

The questions about whether human review is involved in the changes etc are valid when it comes to HOW MUCH vote tampering is possible with this issue, but they have nothing to do with IF there can be vote tampering... Any amount really should be unacceptable in an election... We shouldn't be just going "meh, you can't change ALL of them at once, so it's fine to be able to do a bunch of them..."

phred14October 12, 2016 2:14 PM

@Will My pet fear is that someone will get in and turn the election results into obvious garbage. Not the kind of results that look like a win is being forced for one candidate or the other, but the kind of results that say, "This election is meaningless because vote tabulations have been blown away."

There are always accusations of voter fraud, but by and large we've managed to get past them and feel that we've elected new leadership. Do we have a way to get past an obvious example of fraud at such a level that results, at least for several states, can only be considered invalid?

FreddyOctober 12, 2016 3:53 PM

@phred14

Yes, we have a way to get past it... it's called openly admitting that the electronic systems are garbage, and trotting out the old fashioned mechanical paper poll counters from storage that were used in past decades... of course it will delay the election by a few months and be such a major scandal that heads will roll (meaning, people will get fired)... but it's a way to "get past it" sure!

CallMeLateForSupperOctober 12, 2016 5:21 PM

@Richard

From the article:
"... my driver’s license number, one of two log-in options to make changes online. And that was contained in a copy of every county’s voter database, a public record already in the hands of political parties, campaigns, media and, according to Indiana open access laws, just about anyone who wants the beefy spreadsheet."

VoterDatabase == VoterRegistrationDatabase ? I think so but I don't *know* so.

(As I said above, I didn't locate any database at all, online.)

brianOctober 13, 2016 4:36 AM

@CallMeLateForSupper

> VoterDatabase == VoterRegistrationDatabase ? I think so but I don't *know* so

How much are you assuming that the implementation is sensible? And with what we know so far, how justified does that assumption feel?

jlOctober 13, 2016 9:23 AM

@John Wayne's Evil Twin
Indeed, I found a website that calculated my Illinois driver's license number with just those inputs. FL, WI, and IL share the same algorithm. I never consider anything printed on the face of my license to be secure.

Standard ArgumentOctober 13, 2016 9:38 AM

@Gomez - You're absolutely correct. I wasn't at all trying to point to Voter ID laws as a way to fix this. My original comment was to poke at the asinine, idiotic arguments that are incessantly brought up in opposition to *any* change to the voting system, even when it's so obviously broken. The 'Standard Argument' doesn't make sense, yet it works.

@Fedd Upp nailed it, but I have to add a slight modification: The *corrupt* politicians want it this way. And as long as they can use it to their advantage (get re-elected), they won't lift a finger to change it. That's not an indictment on any specific politician, though... there are other reasons it doesn't get changed (not their job, woeful ignorance, for example)... but what really grinds my gears is social justice workers standing in the way of the obvious need for change with the asinine, idiotic arguments I noted (among many others) and getting away with it.

A Nonny BunnyOctober 14, 2016 3:39 PM

@RIP

What's the "better" alternative? Dictatorship? Or do you have something else in mind... Please enlighten :)
Maybe we can do a two step process. First have people vote on what constitutes an "informed vote". Then apply that measure of informedness by testing voters on it, and weighing their vote by how well they score.
That should at least weed people out that by a general standard (that they helped decide on themselves) aren't fit for voting.
On the up/down side, it will also make voting take much longer, which will put even more people off that can't be arsed to make an informed decision.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.