Election Security: Voter Registration System Policy Issues V. 1

1 1 (August 7, 2019)

handle is hein.crs/govbarp0001 and id is 1 raw text is:

kI
, , Congressional Research Service
Inftfo rming th e lsative debate since 1914

0

August 7, 2019

Election Security: Voter Registration System Policy Issues

Discussions about federal election security often focus on
protecting voting machines and ensuring the integrity of
election results, but voter registration processes may also be
vulnerable to interference. Real or perceived threats to voter
registration data could undermine public confidence in the
electoral system. Altered voter registration data could
potentially prevent eligible individuals from voting or allow
ineligible individuals to vote in many states and territories.
Voter data may also be a target for identity thieves or others
seeking access to individuals' personal information.

For each state and territory (except North Dakota, which
does not require voter registration), voter registration can be
thought of as a system, organized around a centralized voter
registration database (VRDB) containing individuals'
names, addresses, and other information. The other
components of a voter registration system can vary,
depending upon state law and practices. Typically, a VRDB
receives inputs from various sources (e.g., individual
voters, local registrars, or other databases) to update its
records. During an election, the VRDB is used to verify the
eligibility of those who turn out to vote and is shared with
local election administrators as poll books (or lists of
eligible voters). Database information may also be shared
with various sources for data verification, list maintenance
purposes, or in the interest of public availability.

The VRDB and the ways in which it connects to other
offices or entities involved in election administration
(including vendors who provide software or equipment) can
present security vulnerabilities. Some security
vulnerabilities are related to cybersecurity or technology
and others are related to human errors or actions. A state
must generally ensure that its VRDB maintains (1) accurate
records; (2) privacy for individual data; (3) accessibility for
relevant actors; and (4) reliability during an election.

States have different policies regarding registration and the
management of voter data, and some state or local practices
may present bigger security challenges than others. Yet by
having a variety of voter registration systems across states,
potential problems that could arise may be limited to a few
states or localities, rather than affecting a nationwide
database or system.

Registration Security Issues in 2016
A July 2019 report from the Senate Select Committee on
Intelligence (SSCI) on Russian interference in the 2016
election noted that VRDBs were not as secure as they
could have been, and detailed instances in at least seven
states where voter registration systems were targeted for
access, either directly or through connections between the
central database and other governmental or election
systems. In two of those states, the report found that

VRDBs were inappropriately accessed. Although the
committee found no evidence that registration data had
been deleted or changed in 2016, its report notes that data
obtained in the breaches may be held for use at a later date.
The report also noted that the committee had limited
information on the extent to which state and local election
authorities carried out forensic evaluation of registration
databases.

Centralized State Databases
VRDBs may be targets for those seeking to interfere in
elections or to access personal data on individuals. Each
state with voter registration maintains a centralized,
interactive computerized statewide voter registration list,
under Section 303 of the Help America Vote Act of 2002
(HAVA). According to the SSCI and other government
reports, Illinois's VRDB was breached by cyber actors in
2016, resulting in exposure of voter registration data. These
reports also note that another state's registration database
may have been accessed in 2016 using a state employee's
credentials obtained via email phishing.

Under HAVA, the required centralized VRDB must at least
contain the name, registration information, and a unique
identifier for every legally registered voter in each state.
Other features of a state's database can vary, and it may
include additional personal data about individuals. States
also vary in their technical and administrative policies
related to registration database management, such as the
level of access granted to the database; what backup
systems or audit trails are used; the degree of connectivity
to other election systems or sources of registration-related
data; and the process for removing inactive or ineligible
voters from the database.

Sources for Updates or Verification
State VRDBs often receive or share data with other sources
in order to verify new registrations, make changes to
records, or to remove ineligible voters. Unauthorized actors
may seek to access the VRDB or other election systems
through these connections between the database and other
sources. The SSCI report included three such examples
from 2016. In one state, the committee noted that at least
one other government system connected to the voter
registration system was being scanned by outside actors.
In another state, the committee found that the website for a
district attorney's office had been targeted, possibly
because its most wanted list may have in some way been
connected to the voter registration system. The committee
also stated that multiple attempts were made to illegally
access Vermont's online voter registration application,
which was connected to the state's database.

https:!crsreports cong --ssqg

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.

Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Contact us for annual subscription options:

Contact Us

Already a HeinOnline Subscriber?

Log In

profiles profiles most

What Is HeinOnline?

Purchase Access

Contact Us

Log In

NEED HELP?

CONTACT US

Get started

Subscribe to our Newsletter