|
FOR IMMEDIATE RELEASE
August 1, 2018
Independent review identifies software problems, not cyberattack, as cause of widespread voter roster omissions in June 5 election
An extensive independent review by information technology leader IBM Security Services identified software misconfigurations—not a cyberattack—as the root cause of the omission of 118,509 names from printed voter rosters in precincts across Los Angeles County for the June 5 Primary Election.
No voters were removed from voting rolls because of the roster error, and their right to vote was never at issue. The Registrar-Recorder/County Clerk said the roster print problem ultimately affected approximately 12,000 voters who went to the polls and cast provisional ballots, which were processed immediately and counted as part of the official election results.
The independent review verified that there was no pattern of voters being excluded from the printed roster due to demographic characteristics or geographic boundaries.
In its investigation of the omissions, IBM found that formatting changes in the statewide voter database made it incompatible with the software the County uses to generate the printed lists for polling places.
According to IBM, the County’s Voter Information Management System application had not been updated to process this state format change, so the system generated voter records with empty spaces for the birthdates of 118,509 voters.
Since the birthdates were missing, the County’s system incorrectly classified these voters as “underage” and left them off the printed precinct rosters.
IBM ran multiple simulations to determine what happened. It found that the incompatible state database was initially used to develop a voter roster file for printing. That initial export was stopped after 118,509 records were processed with empty birthdate fields. Then a second export was started, using the County’s own voter database. That export generated correct voter information. However, the system did not clear the erroneous data from the first export. As a result, the incorrect data was merged with correct data, leading to the error in printing the rosters.
In its review, IBM also investigated a 21-minute outage of the County’s voter information website, LAVote.net, on the evening of the election after the polls had closed. Once again, it found no evidence of a cyberattack, and attributed the outage to heavy demand on the website.
IBM recommended that the County undertake a series of corrective actions, including:
- Updating the software code so the state and local voter databases are compatible
- Implementing new quality control practices for Registrar-Recorder/County Clerk staff
- Resolving deficiencies in the system used to create the printed voter roster
- Increasing capacity and changing configurations on LAVote.net to accommodate periods of high demand
Registrar-Recorder/County Clerk Dean Logan said the County has already put in place measures to ensure that voter rosters are correctly printed for the General Election on November 6, 2018.
IBM Security Services’ full incident assessment and root cause analysis included a forensic review of the systems, procedures and agencies used in preparing and producing precinct rosters for the County’s 4,357 voting precincts and more than 5.1 million voters. The review also included testing of networks, servers and databases to evaluate any potential vulnerabilities and to assess the effectiveness of security controls, policies and quality control processes.
The review was conducted with the assistance of the County’s Chief Information Officer and Auditor-Controller. An executive summary of the findings can be found here: http://file.lacounty.gov/SDSInter/lac/1042885_FINALExecutiveSummaryAugust12018.pdf
Contact: Lennie LaGuire, Countywide Communications
pio@ceo.lacounty.gov, (213) 974-1311
|
