Warnings on voter databases

With the creation of centralized computerized databases of voter registrations mandated by the federal Help America Vote Act of 2002 (HAVA), many states have failed to institute necessary safeguards to protect their data against fraud, according to a new report from the Association for Computing Machinery.

"Nobody's done this kind of analysis," Barbara Simons, an author of the report and past president of the ACM, told News.com. "We're not out to criticize anyone. We're out to try to provide information."

The 60-page report (click here for PDF) recounts security and usability techniques known to computer scientists for decades, but often not well-understood by state election officials and bureaucrats who have been tasked with designing massive databases of millions of registered voters.

Unless proper authentication practices are followed, security flaws could permit hackers to insert fraudulent names into voter databases or delete names of eligible voters. "Since there are many ways that an attacker might try to subvert the system, one needs processes that encourage secure system design and detect and close significant vulnerabilities," the ACM report says.

Privacy is another topic that ACM singles out for attention. Although laws may vary, all states permit voter registration data to be sold for political purposes such as campaigning and direct mail. But 20 states and the District of Columbia also allow unrestricted access for commercial purposes such as marketing, according to the California Voter Foundation.