MD Board of Elections audit finds unprotected voter data, ballot security concerns

Officials say all concerns have been addressed
Posted at 11:16 PM, May 03, 2017
and last updated 2017-05-03 23:16:47-04

The audit looked at a roughly three-year period between 2012 and 2015.  The document lists nine separate findings the State Board of Elections should address.

Internal control and book keeping deficiencies, unprotected voter data, and ballot security are some of the issues flagged in the newly-released audit.

"They collect a lot of data about voters and that data, according to the audit, is not carefully watched," said Michael Greenberger, Professor at the University Of Maryland Carey School Of Law.

One critical finding outlines how the state voter database contained names and full nine-digit social security numbers for nearly 600,000 people, when only the last four digits are required.  Sensitive, personal information that is a frequent target of criminals.

"I think the General Assembly and the Governor should pass legislation that creates a bipartisan commission of computer science experts to examine how data is collected and maintained in the board," Greenberger said.

ABC 2 News reached out to Governor Larry Hogan's office about the audit, and a spokesperson released a statement that says "The Governor has long held deep concerns about the lack of appropriate executive oversight with this agency and this is a perfect example of why those concerns are valid. Properly securing Maryland’s election data is critically important and needs to be given the utmost priority."

The State Board of Elections says protections are in place to make sure data is secure and protected.

"There's absolutely no evidence whatsoever that any personal, identifiable information of our voters was ever released to anyone,” said Administrator of Elections, Linda Lamone.  “And that their information that we have is secured, safe, encrypted."

She says all of the recommendations in the report have already been addressed, or the board is in the process of taking steps to correct the findings.  Including needlessly retaining social-security numbers.

"Full social security numbers are no longer in the database,” Lamone said.  “And you have to realize the reason they were there was because people gave them to us, it isn't that we asked for them."

The audit also brought up concerns about absentee voting and how people could request ballots simply by providing public information like name, address and date of birth.  Auditors recommend requiring more data to authenticate voters like social security numbers.

Lamone says the board is exploring the legality.