Print
Return to online version

July 13, 2012

The Board of Elections and Confidential Information

Patrick Laverty

On Tuesday, Andrew wrote about the "imminent peril" that the Board of Elections (BoE) felt that voters' information was in.

Then Justin live-blogged the actual BoE meeting where they voted to put off the issue of making this data confidential.

What they are concerned about is some radical NH citizen posted the RI voter information to a web site and made it easy to search for people by various criteria.

So what's the real issue here? Well, the first issue that rankled so many people was the way the BoE went about this, calling an "emergency meeting", with the minimum 48 hours notice (actually closer to 50 hours) and no public vetting or opinion.

But what the BoE wanted to do was to make confidential was the voters' voluntarily-supplied email address and telephone number. Not the name, not the address, not the party designation, not the date of birth. None of those are optional information and none of those were going to be protected. Should that information get out to the public? Well for one, the 4th Circuit Court of Appeals has already decided that all voter registration information, with the exception of social security number, must be made and kept public. (h/t Ken Block)

Why do they ask for email and phone number? I don't know. What do they do with it? I don't know. One thing that is known is even though the voter registration card says that the phone and email are optional, they don't say what they'll do with the info or who it will be given to. I think at the very least, that should be fixed. Somehow explain to people that all of their information will be given out to campaigns and candidates and anyone else who asks for it. At least let them know.

But for now, they do have the data. So what should the BoE do? Nothing and let people continue to have public access to it and let people put it up on a searchable web site? Well, that's one option, seeing as how all the information is usually findable on the internet anyway.

As an example, I did a quick search for BoE Executive Director Robert Kando. Using no subscription services or anything underhanded, in just a few seconds, I was able to find his home address, home phone number, his age, and people who also live in his home. I'm suspecting if I cared enough and did a little more digging, an email address could also be located. It's all information that is already public. Some have mentioned how it's creepy to see their name and address posted so publicly. My thought on that is "how quickly we forget." Your name and address and phone number has been publicly posted for decades. We depended on that for a long time. It was called a "phone book." The information was available to everyone and once a year the phone company dropped off a free copy at your house. Now that information pops up on a web site and people get freaked out? If you're really worried about your privacy, stop using "password" as your password to services and stop posting on Facebook that you're "on vacation in Florida!" Those would seem to both be bigger privacy and security concerns than someone being able to find your address.

The BoE will convene again to specifically discuss whether to make the phone number and email address confidential (remember, according to the 4th Circuit Court, they can't). My suggestion is that if they don't want the public to have that information, then delete it from their databases, stop entering it in for new registrations and remove those lines from the voter registration cards. Problem solved. You can't give out what you don't have.

Comments

I must provide a h/t to John Marion of Common Cause who dug up the 4th Circuit Court of Appeals decision.

Posted by: Ken Block at July 13, 2012 11:13 AM

Patrick,
If you have an unlisted telephone number there will be no reference to you in the public telephone books also you can request Google and Yahoo to decouple your name from any search references do to privacy concerns and they will decouple search information.

If you are careful about how much personally identifiable information you dole out on the Internet and social media sites you can maintain a reasonable amount of privacy and block any possible identity theft attempts.

You have to realize there is “no security” on the Internet and no matter how many banks or transaction sites tell you they are secure and can protect confidential personally identifiable information they are not secure because every item used to transmit you information including your computer and all software used to the same security standard. Leave one item out and you’ve broken the security. The Internet is like the old wild west; wide open and lawless!

Posted by: KenW at July 13, 2012 5:25 PM

"If you have an unlisted telephone number there will be no reference to you in the public telephone books also you can request Google and Yahoo to decouple your name from any search references do to privacy concerns and they will decouple search information."

I'm fully aware of what an unlisted phone number is, but I don't see what it has to do with this conversation. The phone number on a voter record is given up voluntarily. So if you make your phone number unlisted in the phone book, I'm going to guess that you don't give it out to the Board of Elections either.

As for getting Yahoo or Google to decouple, you ever tried that? Good luck with that.

"because every item used to transmit you information including your computer and all software used to the same security standard. Leave one item out and you’ve broken the security."

Huh? All software uses the same security standard so that makes it insecure? Are you referring to SSL? Or is this a reference to the hashing algorithms like SHA-1 or MD5?

What one item can you leave out to "break security"?

Posted by: Patrick at July 14, 2012 12:12 AM

Patrick,

You said; “My thought on that is "how quickly we forget." Your name and address and phone number has been publicly posted for decades. We depended on that for a long time. It was called a "phone book." The information was available to everyone and once a year the phone company dropped off a free copy at your house. Now that information pops up on a web site and people get freaked out?”

In Hawaii we still have telephone books and public telephones on the streets and in public spaces in business with the telephone books fully intact. I've never had a listed telephone number.

I had the search on my name delisted by Yahoo and Google and all it took was an email to both of them.

As for computer security, I worked with National Institute of Standards and Technology(NIST), was called Bureau of Standards, First Federal Bank, NY, National Security Agency (NSA), all military services, Defense Information Systems Agency, Department of Defense, taught a computer security course at Naval War University, Newport, managed military computer and telecommunications security across 11 states, military video teleconferencing world-wide which included NASA International Space Station and designed the prototype for the current federal-wide and military-wide computer security system.

If you don’t utilize security evaluated, tested and certified to basic minimal security standards off the shelf hardware, firmware and software across the whole communications or telecommunications data path and certified NIST encryption methodology for the sensitivity working level (everything must be tested to the encryption level also) you will not be secured. Only the military uses NSA encryption methodology.

Because of my employment and work ethics, I was able to fully retire early.

The big problem that currently exists with computers used in public systems, the manufactures have not submitted their computer systems and operating system to NIST for security testing and then everyone throws all sorts of software on their computers not knowing what is going on in the background or surfs the net picking up all sorts of cookies not knowing what they do or accepts any incoming email on the computer they need to do sensitive work on and writes sensitive information to their hard drives for covert worms to transmit out without their knowledge

I have 2 computers with a KVM switch. One is a dirty playtime cheap Internet computer and the other is a clean NIST tested and certified virgin OS sensitive certified computer for connection to trusted systems via a certified commercial firewall and VPN. My condo does not use Wi-Fi because of security but each room and deck is fully wired in wall certified CAT6 back to my certified router. I also do not use MS Outlook email but a certified email client that hates HTML email, review my email on POP3 before download and scan all incoming email, Internet connections and websites for covert code or malware with certified software.

Posted by: KenW at July 14, 2012 2:48 AM

The key issue is that the voter registration form does not indicate what happens to your information. As you indicated, that should be fixed. I'll add that it should be fixed as soon as possible.

Also, there should be a way to opt out of the BoE sharing this information. That is, I may be happy to share my info with the BoE, but I do not want it published publicly.

Posted by: Bill at July 14, 2012 3:24 PM

Mr. Tom Alciere of Nashua, N.H., a Republican who in 2001 was forced to resign from his seat in the New Hampshire House of Representatives after it emerged he'd expressed support for killing policemen, writing online "nobody will ever be safe until the last cop is dead."

Mr. Tom Alciere has created the website: //rivoters.com/

On this website is posted the full RI Board of Elections voter list which can be searched by name, address, zip code, telephone number, email address plus is downloadable in zip form and is linked to the Social Security death SSN database.

Thank you Republican Tom Alciere of Nashua, N.H. for placing all RI voters at risk for identity theft!

Posted by: KenW at July 16, 2012 6:41 PM