"So Adrian, what are you actually going to do?"
I get asked this question all the time. Rightly so. Anyone can see a problem, but the person who steps up to fix it needs to see a solution.
This past Wednesday, at a forum hosted by the Arizona Women Lawyer's Association, a very direct and specific question was asked about security in the Recorder's Office. I want to partially answer that question here.
Voter Registration System:
Initially, we would want to make certain that we have secure online portals for voter registration.
This requires vulnerability testing, remediation and validation for these input systems (either by staff in office for mail-in registration or voters online). Then, there must also be a significant data encryption (and key management system) instituted.
Voter registration systems are those being targeted by hackers, according to the FBI, and so they are particularly vulnerable. We must work hard to keep all your voter information safe.
Also, the data centers for the voter registration information must be secure, with it's own regiment of vulnerability testing and remediation. Additionally, the storage of the information may also require encryption (including key management) and duplication/redundancies built into the system.
Secure Voting Process:
We want to make sure that the election systems we are using are secure. This will include vulnerability testing and remediation plus validation of those systems. We may also want to seriously consider some form of duplication of data in the case of accident or other emergency (Disaster recovery back-up data is critical when you want to get it right, the first time).
Of course we would make sure that, we also have encryption and key management of that encryption. Secure transportation of the voting data (from the polls to the MCRO) is critical, and has been a problem in the past. We also must then consider security of the data when in storage, again to include vulnerability testing, remediation and validation.
When all is said and done with these systems, the form they take and the type of data protected are as important as the protections themselves.
Last, we must make certain that we protect the privacy not only of the vote, but of the voter's information. Privacy is critical in all aspects of the MCRO, and should be carefully considered at all times.
In closing, I would mention some best practices happening around the Nation. Many States utilize the NIST (National Institute of Standards and Technology) guidelines for their baseline security guidance. Some States undergo annual audits performed by the National Guard of that state to make certain that data and people utilizing the data are properly managed.
We should be willing and able to use any and all resources necessary and available to make our systems secure in order to protect democracy.