Category Archives: Voter fraud

Governments and Companies Struggle With Data Security

There’s an interesting story in the Washington Post, “Companies Struggle to Keep Data Safe.” The lead paragraph in the story notes: “A staggering 94 percent of companies admit that they are powerless to prevent confidential data from leaving their company by e-mail, according to a new study from Mimecast.”

But it’s not just corporations that are having trouble with data security, especially data leaks through email:

“Most leaks occur via e-mail,” confirmed James Blake, Mimecast’s chief product strategist. “Two thirds of data leaks occur via e-mail.” He highlighted an Infowatch survey, which said that 95 percent of leaks are accidental. “I would go along with that figure,” he said. “From what I have seen most leaks are accidental.”

Yet e-mail leaks are nothing new. Back in May this year, the Conservative party accidentally e-mailed the voting intentions of 8,000 voters in the Crewe and Nantwhich by election, to a journalist at a local radio station. It was thought that the automated completion of an e-mail address was to blame for the mistake.

Government agencies — including election officials — might want to take a look at this article and some of the information it reports regarding data security issues.

The survey was conducted by Mimecast. Here’s the interesting content from the press release:

LONDON 29 July, 2008 – An independent survey commissioned by email management company Mimecast has revealed that an alarming 94% of companies are powerless to stop confidential information from leaving their organisation by email. The survey revealed that just 6% of all respondents were confident that anyone attempting to send confidential company information by email out of the organisation would be prevented from doing so.

The independent survey, conducted amongst a sample of 125 IT managers, revealed that 32% of companies would not even be aware that confidential information had been leaked so would be unable to take steps to minimise the damage or track down the source of the information. However, 62% would be able to retrospectively identify the email leak once the information had been sent, but confessed to being unable to prevent its disclosure.

According to Dr James Blake, security expert at Mimecast, “The picture revealed by this survey points to fundamental security issues with protecting not only a company’s own data but also customer data like patient records or credit card numbers.” He adds, “With the blurring of boundaries between company employees and external consultants, contractors, outsourcers and other third parties, it is now much more difficult to ensure the appropriate flow of information outside the organisation. Especially since the majority of employees are now knowledge workers with access to significant amounts of confidential data.”

According to Bob Tarzey, security analyst at Quo Circa, “These figures do not surprise me – on the whole employees are not sending stuff out maliciously, but through carelessness or lack of fore-thought. Education can help to some extent, but many employees are using communications tools all day, every day and mistakes will happen, so having checks in place makes sense. Affordability of available technology to tackle the problem is also a problem, as most businesses are unable to invest in the high end, on-premise Data Leak Prevention (DLP) products that large business can, so the availability of on-demand services like those offered by Mimecast to achieve the same end is welcome providing performance is not adversely affected.”

A few items from the newswire

Doug Chapin and I have been asked about this before–if you cast an early ballot and then die, is your ballot still counted?  I think we’ve agreed on a standard reply.  While everyone thinks this is an issue that can be dealt with using absentee ballots, what about early in person voting?  It seems to me that once you cast a ballot, that’s it.  (Of course, I’ve written before about the odd few states that have “do-over” provisions.

Am I the only one who does not see a problem with a private firm charging a small fee ($9.95) to process your voter registration?  Sure, it’s not necessary, but people pay for all kinds of things that they can get for free or low cost.

Enough about the professional skepticism–this story out of California does raise a point of concern.  If online voter registration is legalized, how do they check signatures on absentee ballots (as high as 40% in some California counties)?  The bill has a provision for capturing the digital signature from the DMV, but the Butte County recorder thinks these are badly out of date.  (Full disclosure: Pew and JEHT are funding a few studies of online voter registration systems.)

Two additional reports of voter fraud

In addition to the reports of fraud that I wrote about in the past few days, there are two additional ones that I ran across this morning.

The first comes from New York, from a report in the Daily News:

An aide to former Queens Assemblyman Jimmy Meng was charged yesterday with rigging voter addresses during a primary battle in 2004.

Simon Ting, 42, who was registering voters for the Flushing Democrat, whited out the addresses of Asian-American voters who lived outside the district and replaced them with addresses inside the district, according to Queens prosecutors.

The fraud wasn’t hard to detect: dozens of legitimate addresses were replaced with one of two addresses – either Ting’s former home or a bookstore Meng owns in Flushing, prosecutors said.

The second comes from Virginia, as reported in the Richmond Times-Dispatch:

A former Gate City mayor who used absentee ballots as if they were marked cards to deal himself a 2004 re-election victory will spend 196 days in jail.

Charles Dougherty, convicted of 29 felony counts of vote fraud in two separate trials last year, was also ordered by the court yesterday to pay $51,500 in fines.

The sentence, handed down in Scott County Circuit Court, brings to an end an election scandal that rocked the town of 2,300, upset the political order and exposed an election process that may have been corrupt for years. During one of Dougherty’s trials, one woman testified she had always been paid a bottle of liquor for her vote.

A panel of judges agreed the election results were suspicious, threw out the votes and appointed a new Town Council. The council then appointed Jenkins mayor, and a judge appointed Botetourt County Commonwealth’s Attorney Joel Branscom as special prosecutor.

Branscom charged Dougherty with more than three-dozen counts of election fraud. In two trials, jurors agreed with Branscom that Dougherty had duped voters, many of them elderly and residents of an assisted-living complex, into applying for absentee ballots even though they didn’t qualify for them.

Woman working for voter registration drive in Missouri accused of fraud and identity theft

This has circulated the past few days, here’s an AP report on the allegations:

She worked in August and September as a voter registration recruiter for the Association of Community Organizations for Reform Now, known as ACORN. She is accused of using another woman’s Social Security number to get hired by ACORN and Project Vote.

Davis also is charged with causing three voter registration applications with false addresses to be filed with the Kansas City Board of Elections Commissioners.