The following report is part of a 50 state survey related to issues which demonstrate characteristics of hacking in the 2016 election.

The experience in California indicating the hacking election systems and how those might have been compromised appear to be largely concentrated in Riverside County as far as media reports are concerned.  However, it is important to note that Riverside County depended upon the State’s voter registration system in order to ensure its voters are properly registered — this being the primary issue discussed here. This information is described in greater detailed below.

In California, there has been great controversy related to the Democratic primary, potential exit polling discrepancies and how the media called a victory for Hillary Clinton over Bernie Sanders  hours prior to the polls closing.

There was also a larger problem with voter registration confusion, whereby voters may have inadvertently registered for the conservative leaning, American Independent Party instead of “No Party Preference,” and thus disenfranchised themselves from voting in the primary in many cases.


These topics are not discussed at length, but rather, the focus here is on the issues related to the voting systems and/or machines themselves and characteristics of hacking.

On April 11, 2016 Riverside Community College District Trustee Nathan Miller went online and found that his voter registration had been switched from Republican to Democrat. The Secretary of State’s office verified that his information had been changed online, although he denies ever making such a change.

On June 7, 2016, more Riverside County Republican voters found themselves disenfranchised since their voter registration status had been changed to Democrat or “declined to state.” There were additional reports that Democrats had their registration changed as well.

Additionally, some voters were not found in the poll books and thus not eligible to vote without having to cast a provisional ballot. An online survey on a local news site found that 37% of voters reported their party registration changed on election day.

On June 11, 2016, Riverside District Attorney Mike Hestrin, who investigated the hacking situation, made the following comments at the Temecula Valley Republican Headquarters:

Hackers are going on and changing (online) voter registrations… we know hackers are doing it, but we don’t know who they are… We are so far behind any hacker can get into it… We need to upgrade our voter technology.

Hestrin also remarked that voters also had their personal information, such as addresses, birth dates and race changed.
Hestrin had previously reported that he contacted the Secretary of State’s office to find the IP Addresses of those who might have done the hacking only to be told that the state did not retain such information. If this was truly the case, surely needs to be rectified as it would be irresponsible not to keep such logs. IP Addresses would help to track who might have accessed the Secretary of State’s website and changed data.
The Secretary of State’s office explained that an unauthorized person could change another person’s voter registration party affiliation if they had access to their personal information — to later enter into the online system. This seems relatively easy if a hacker has such information readily available. The Secretary of State’s office also did not address the IP Address issue or claims of hacking, but explained that most of the problems were probably voter error.
On November 8, 2016, Election Day, there were various reports throughout the state of broken voting machines and voters who were missing from the voter rolls.

It is not unusual for voting machines to break down, but such occurrences are important to notate when looking for possible system compromise.

Analysis

The issues related in the Riverside County experience are quite concerning to us all and are not merely isolated to Riverside County because voters rely on the Secretary of State’s website in order to change party affiliation. The District Attorney claimed that particular system was hacked and if this is the case, that would mean that all Californians are potentially at risk.

The problem with the State’s voter registration website is that it needs to be less prone to simple hacking or penetration attempts. The fact that so many people reported unusual issues with their voter registration, that nearly half of all U.S. states, according to the FBI, had their voter registration scanned or hacked, and the fact that District Attorney was certain regarding hacking claims after a thorough investigation, lend great credibility to the claim that the voter registration system was actually hacked.

Whether the attack was by a foreign entity is irrelevant, the fact remains that if voter registrations are able to be changed on a massive scale, it can manipulate the ultimate candidate decisions to be made in the general election. Therefore, additional safeguards need to be put into place, such as IP Address tracking/logging (if not being done already), proper firewall systems, and better confirmation of changes to be made to voter data. Perhaps email confirmation or two factor authentication should be required to secure the systems better. There are a variety of options available and there is no reason such changes cannot be made. The integrity of our vote — and indeed our democracy — depends upon it.