Could a hacker alter your voter registration to disrupt an election? According to a study by Harvard researchers out Wednesday, the answer is yes.
The study says voter registration websites for 35 states, including Washington and Oregon, as well as the District of Columbia were vulnerable to voter identity theft in the 2016 election. That’s because those states allow voters to make changes online to their voter registration.
Potentially so could hackers. The study says they could impersonate voters to delete registrations, change voter addresses or request absentee ballots.
The Harvard researchers say an automated attack on vulnerable voter registrations could sew chaos and mistrust in elections or even change the outcome of a close race.
The Washington and Oregon Secretary of State offices respond that they have numerous security measures in place to guard against cyberattacks.
The Washington Secretary of State’s office says it’s already compliant with a list of security measures recommended in the report. That includes monitoring for unusual activity in the online voter registration database and sending postcards to voters to notify them of any changes made.
Other security measures include:
Log and store all voter registration address changes
Daily reviews of change logs to identify unusual activity
Monitor for changes over time (hackers may try to cover their tracks by reversing changes after an election)
Require voters to describe the reason for the change in registration
Allow voters access to a provisional ballot if their ballot doesn’t arrive
Washington’s elections division also “locks out” any IP address that makes repeated attempts to access the voter registration system in a short amount of time.
In addition, a member of the elections staff reviews changes to voter registrations before they are made permanent.
“We are constantly striving to increase accessibility and promote participation, but without compromising security,” said Secretary of State Kim Wyman in a statement. “I am confident that Washington’s election system is safe, secure and accurate.”
The Oregon Secretary of State’s office declined to discuss specific security measures. But a spokeswoman said the office seeks to balance the benefit to voters of being able to access their registration online and the risks of a cyber intrusion.
“We agree that all systems are vulnerable–paper and online–but I know that we are confident in the tools that we use to overcome those vulnerabilities,” said Debra Royal, chief of staff to Secretary of State Dennis Richardson.