Friday, January 4, 2008

This Doesn’t Smell Right

Last night, NBC Nightly News aired Lisa Meyers’ story on identity theft (video clip here). The piece talks about how state and county governments make identity theft easy by making personal information like Social Security numbers readily available.

I daresay none of them make it as easy as the Davidson County Election Commission, which apparently just hands out laptops containing unencrypted personal information on every registered voter in the county. (Last night WSMV’s Dan Miller reminded us that information on every Davidson County voter was stolen--including Vince Gill and Gov. Bredesen. Oh, my. Because, you know, it’s not like anyone knows who they are.)


Anyway, there’s just so much that’s not right about this story. Coverage from The Tennessean, WSMV, Nashville City Paper, and other local news outlets have revealed some rather implausible patterns that make me question the “just thieves looking for computers to steal” story:

• In a breach of protocol, all 81 laptops were locked up, save two.
• Those two computers’ hard drives were not encrypted.
• Passwords and user IDs were taped to the computers.
• The digital video recording system providing surveillance of the Election Commission office had been unplugged well before the break-in.
• The incident occured on a long holiday weekend, when security is provided just part-time.
• The security guard on duty (since fired), “listened to Christmas music, ordered food and visited the break room, failing to make his hourly rounds.”
• This all happened one month before our presidential primary, and eleven months before our presidential election.

I’m glad the security guard was fired, but I want them to aim a little higher as far as accountability goes. I’m thinking Election Administrator Ray Barrett should be dusting off his resume right now. I understand Barrett started his Election Commission career working in the warehouse that stores all of the county's voting machines. You’d think he’d know something about security.

As I’ve written before, if anyone wants to hack our elections we have no back-up. No paper trail, no way of recounting votes, except to ask a computer to spit out its data again. If you’re worried about hacked computers, and the ES&S iVotronic has proven to be vulnerable, then this is not reassuring.