Audit: State voter system left information vulnerable

March 18, 2005

LANSING, Mich. (AP) -- State databases with confidential information from registered voters and driver's licenses in Michigan were not adequately secure and were vulnerable to computer hackers, state auditors said in a report released Friday.

The state elections and technology departments agreed that the systems were vulnerable, but they told the Office of the Auditor General they are not aware of any time information in the Digital Driver's License System and the Qualified Voter File was compromised.

State auditors said the departments of state and information technology did not ensure that an outside contractor effectively secured the Digital Driver's License System, which may lead to identity theft. The system included information from about 7.2 million driver's licenses and 1 million personal identification cards in January 2004.

Auditors had similar security concerns with the Qualified Voter File, according to the report that covers records from Sept. 30, 1997 to June 30, 2004.

The Qualified Voter File was one of the first systems in the country to compile accurate, up-to-date voter information. It ties 468 local jurisdictions and 83 counties in Michigan to a database that has the names and addresses of about 6.8 million registered voters.

"We identified numerous and, in some cases, very significant vulnerabilities in the configuration of the QVF operating system and database that preclude management from preventing or detecting unauthorized access," auditors said in their report.

Auditors said similar security problems with the Qualified Voter File were discovered in an October 2002 assessment by a private contractor at the request of the Department of State.

State strategies and the federal Help America Vote Act of 2002 call for a secure confidential voter information database, but the state and technology departments were concerned that more security measures would hurt the performance and function of the system, auditors said.

The state audit was released as lawmakers are trying to clamp down on the sale of Social Security numbers by private companies after a few large information brokers reported security breaches that resulted in scores of stolen identities.

The departments told auditors they have developed a security plan and have corrected significant areas of vulnerability.

Kelly Chesney, spokeswoman for Secretary of State Terri Lynn Land, said most of the security issues raised in the audit were addressed before the report was released.

The Department of State has limited access to the Qualified Voter File to only those individuals who need it, Chesney said. It is not available online and information is encrypted when it is transmitted, she said.

"It's not like this is available online. It's a closed system," Chesney said. "This system is considered one of the best in the nation. Michigan was used as a model in the Help America Vote Act."

A telephone message seeking additional comment on the audit was left Friday afternoon with Kurt Weiss, spokesman for the Department of Information Technology.

main page ATTRITION feedback