Secretary of State comments on voter fraud, possible hack during ’16 Primary Election
Update:
Secretary of State Alex Padilla released the following statement regarding a possible voter registration database breach in Riverside County:
“We contacted the Riverside County District Attorney’s office last year immediately following media reports in which District Attorney Mike Hestrin claimed that California’s voter registration database was breached. The Riverside County District Attorney’s office then confirmed to our office that they had no evidence of any database breach. To-date, we have not received any subsequent information or evidence from the District Attorney.”
“Following the DA’s latest claims echoing those made over a year ago, we reached out again to his office requesting any additional information or evidence they may have.”
“We take the security of our elections very seriously. The security protocols for VoteCal, California’s statewide voter registration database, follow industry best practices–including the capturing of IP addresses used for all online voter registrations. The Secretary of State’s office conducts regular security assessments and utilizes tools to identify and block suspicious activity on our systems.”
“The Secretary of State’s office has captured IP addresses used for online voter registrations since February 2017, in addition to the network safeguards, server hardening techniques, firewalls, and system monitoring that our office already employed to protect against any attempts of outside intrusion.”
Investigation into voter fraud 7/24/17:
An investigation by the Riverside County District Attorney’s office found occurrences of voter fraud which could be a result of hacking and identity theft.
The day of and weeks following the June 2016 primary, the D.A.’s office received several complaints that voters from both parties had their affiliation changed before heading to the polls.
After a lengthy investigation, the DA said they found where the problem came from, someone got onto the state’s voter registration website and changed some voters information without the voter’s consent.
“Somebody, some entity got access to these voter’s information, private voter information and changed it. That’s all I am referring too, so I do not know if there was a security breach or data breach that I don’t know,” said DA Mike Hestrin.
There are a few important things to point out.
This possible hack happened during the June primary, the DA says no one in Riverside County reported a similar problem during the general election.
At the time, everyone who was a victim of this was given a provisional ballot, so they were still able to vote during the primary for the party of their choice if they wanted to.
The big question now is who would do this and why?
“I don’t have any evidence that the Russians were involved. I don’t have any idea who may have done this, Hestrin said. “The only thing I can say, in a small number of cases, residents of Riverside County appear to have had their information switched. Not something that they did but someone did to them.
According to the DA, the state’s website doesn’t capture users IP addresses, so they are not able to track down the source.
At the time we reported that local party leaders, both Republican and Democrat, in the Coachella Valley were finding dozens of folks with the same problem.
“I think that they are going to find that there is a lot more than that, but just that the party affiliations were changed there were a lot more than that,” said Joy Miedecke , President of the East Valley Republican Women.
Riverside County Registrar of Voters doesn’t find the DA’s investigation accurate.
Their findings show that about 100 voters complained of this issue, yet there only two voters where the Registrar could not figure out what happen. The Registrar is confident in their findings based on examining voter signatures on registration forms and ballots.
The Registrar of Voters sent us a full statement responding to the DA’s investigation and a Time Magazine article on the possible hackings:
A recent story in Time Magazine contained some incorrect information and may have, in some people’s minds, mischaracterized questions about voters who said their registrations had been improperly changed for elections in 2016.
The story reported that, “In at least half a dozen cases, (Riverside County District Attorney Mike) Hestrin and his investigators concluded, the changes had been made by hackers who had used private information, like Social Security or driver’s-license numbers, to access the central voter-registration database for the entire state of California.”
As occasionally occurs, some Riverside County voters reported in 2016 that they believed their registrations had been changed without their knowledge or consent. In the vast majority of cases, reviews by the Registrar of Voters Office indicated that the voters had in fact requested the changes. The reviews included an examination of the voters’ signatures.
In some instances voters forgot they requested the change and, occasionally, had cast ballots for years under the registration change they were challenging. In only two cases out of approximately 100, the Registrar could not resolve questions about a registration change that was being challenged. The Registrar forwarded information about those cases to the California Secretary of State and the Riverside County District Attorney for further review.
While the State of California hosts an online voter registration system, Riverside County is not in a position to comment about whether a person who has improperly acquired personal information needed to access the state system could change a voter’s registration.
Additionally, the use of the word “hackers” has created some confusion in Riverside County. Many people would acknowledge the difference between a “hacker” who intentionally thwarts security measures to break into a computer system and someone who changes an individual computer record after somehow acquiring personal information about a single relative or stranger.
The Time Magazine story also reported, “It was only months later that it dawned on investigators in D.C. that undermining voters’ faith may have been the point of the Riverside County hack all along. In the months following the California primaries, the feds discovered that Russian hackers had broken into more than 20 state and local election systems and attempted to alter voter registration in several of them. Looking back at the events in Riverside County, cybersecurity officials at the White House wondered whether it had been a test run by the Russians.”
Riverside County has not been notified by any law enforcement agency or by the Secretary of State’s office that voter registration in Riverside County has been compromised in any way.
The Time Magazine story also reported that, “The county registrar, Rebecca Spencer, says she has been working with a local state assemblywoman to get emails and texts sent when a voter changes any part of online voter information.” In fact, Spencer told the reporter that Hestrin was the one working with an assemblywoman on the issue.
Unfortunately, some news organizations are writing stories based largely on the Time Magazine article, creating accuracy problems of their own. For example, one publication wrote a story that said a 15-page cybersecurity plan under President Barack Obama’s administration revealed that the voting system in Riverside County had been hacked. I personally read that report and Riverside County was never mentioned.
The Registrar of Voters takes election security and election integrity very seriously. The Registrar of Voters is working with the Riverside County information Technology department, the Riverside County Information Security Office, the Department of Homeland Security, and the FBI to perform vulnerability assessments on their network in order to ensure that the network is safeguarded against cyber security threats.
Last month the Governor signed a bill that requires the state to notify a voter when their information is changed. Voters would get an email, a text message, and a letter if their address or party affiliation had been changed.
We reached out to reached out to the State Attorney General to see if the state’s website is going to be changed so it can track the IP address of someone using it, but they have yet to respond.
More: Today’s Top Stories
First Alert Forecast
More: I-Team and Stands for You investigations
Find us on Facebook: KESQ News Channel 3 & CBS Local 2
Follow us on Twitter for breaking news updates: @KESQ & @Local2
We’re on Instagram! @KESQ_News_Channel_3 & @CBSLocal2
Watch live newscasts