Auditor report critical of Florida voter database

Florida Voter registration data can be vulnerable to theft,corruption, unauthorized access and alteration, despite the bestefforts of elections officials, indicated a report by the Floridaauditor general.

The report, released earlier this month by Auditor GeneralWilliam Monroe, found several IT security problems with the state’scentral voter registration database. “There were some proceduresthat were missing we felt needed to be in place,” noted Jon Ingram,an IT audit manager in the Florida auditor general’s office and acontributor to the report.

For instance, Ingram noted that the review of the system foundthat a state worker was erroneously given access to the databaseand that a worker whose contract was finished mistakenly retainedaccess.

The Florida Voter Registration System (FVRS) database wascreated by Secretary of State Sue Cobb’s office to comply with thefederal Help America Vote Act. HAVA mandates that every statecreate a centralized voter information repository to, among otherthings, protect against election fraud. Work on the project startedin 2003, and the database was rolled out in January.

The auditor’s report recommends that Cobb’s office create a setof security procedures to help county elections officials ensurethat FVRS data is protected from unauthorized access. The reportalso calls on the state to establish virus-protection, patchmanagement, maintenance and system recovery policies.

“A critical system could be secure today and vulnerable tomorrowbecause of software changes, and the vulnerability goes down evento the workstation level, which could have an impact on the wholenetwork,” said Ingram.

Dawn Roberts, head of the Florida Division of Elections, saidthat the report shouldn’t cause undue concern among the state’svoters. She noted that the division requested the audit to helpensure the system’s security. “There’s nothing in the audit tosuggest that FVRS is compromised,” she noted.

Roberts added that a risk- assessment effort is slated to becompleted by the end of June and that a governance model is alsobeing developed by her division.

One county elections official said that some of the problemsunearthed in the audit may be more serious than state officialsbelieve.

Leon County Elections Supervisor Ion Sancho said that theauditor’s report indicates “serious problems” with the security andintegrity of the system that could take significant time to fix.”The first election is around the corner, and they have not beenable to iron the bugs out of this. I’m getting very concerned,”Sancho said.

Consultant Paula Hawthorn, a former database executive atHewlett-Packard Co.and other vendors, said potential security anddata-integrity problems with voter registration databases arehardly unique to Florida.

Earlier this year, Hawthorn chaired anAssociation for ComputingMachinery committee that examined the state of voter registrationdatabases. The group concluded that the voter registration databaseplans of a number of states lack adequate security measures.

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now