Security Breach Found and Fixed in PA Online Voter Registration Service
BY Alan Rosenblatt | Tuesday, March 18 2008
Pennsylvania Voter Services just fixed a serious security breach in their online voter registration process. As recently as 5:00 pm this afternoon, anyone downloading a blank voter registration card was provided a URL that included an ID number at the end which could be edited to access thousands of filled out voter registration cards. The PA authorities were alerted to this problem, and within about 30 minutes, the problem was fixed. URLs that previously accessed filled out (but not signed) .pdf's of voter registration cards (see redacted image) now return an "invalid request" message.
It is unknown how long this security breach existed, nor how many people figured it out. Whether it was an accident or intentional also is unknown.
What is known is that Pennsylvania is a crucial state in the Democratic primaries and any security breaches raises a host of concerns. Not to mention, these forms included addresses and drivers license numbers, opening up the possibility of identity theft.
Why can't the officials in these states keep on top of these security issues when the stakes are so high?