IBM Security Audits Los Angeles County Election System
If the 2016 U.S. presidential election taught us anything it’s that stuff happens in the electoral process, some of it more far heinous than others. The most recent question marks surfaced in California’s June 5 primary election — when nearly 120,000 voters were left off election rosters in what’s been blamed on a printing error.
Los Angeles County has subsequently hired IBM Security Services to perform an independent audit to find out exactly what went wrong. About two percent of L.A. County’s five million registered voters and 35 percent of the area’s 4,357 precincts were affected by the gaffe, according to the local registrar-recorder/county clerk’s office, the Los Angeles Times reported. At this point, what caused the snafu hasn’t been determined.
Now, IBM Security is digging to determine how and why the production and printing of voter rosters for the elections went haywire. Rex Marzke, an IBM Global Services application architect, confirmed in a June 21 Twitter post that L.A. County has engaged the vendor to conduct the review. IBM will work with the county’s CIO and auditor-controller on the project, which began on June 18 and is expected to take four weeks, reports said.
The vendor will complete a full incident assessment and root cause analysis including a forensic review of the systems, procedures and agencies used in preparing and producing precinct rosters, SCV News reported. The investigation will reportedly cover testing networks, servers and databases for weaknesses and an evaluation of security controls, policies and quality control processes. From there, county officials will report the review’s finding to the board of supervisors along with a plan to implement IBM’s recommendations.
“The magnitude of this situation and the impact on public trust and confidence in the elections process is of great concern,” said Dean Logan, the county’s registrar of voters, when the incident occurred. “I believe it is critical to have an independent third-party assessment of the incidents and a comprehensive analysis with reported findings, recommendations and evaluation to bolster the security protocols employed in future elections and to provide a full explanation to our electorate, Board of Supervisors and stakeholders.”
While there’s no evidence so far of foul play in the L.A. voter episode, it can’t be dismissed just yet. Late last year, cyber criminals stole perhaps 19 million California voter registration records from an Amazon Web Services server left exposed by user error and subsequently turned it into a ransom demand. The exposed voter data included the addresses, full names, phone numbers, birth dates and voting precincts of California citizens but did not appear to contain social security numbers or financial information.