Software // Enterprise Applications
05:35 PM
Connect Directly
Repost This

Pennsylvania Voter Reg Site Leaked Personal Info

Before the site shut down, PDFs containing names, dates of birth, and portions of Social Security numbers could be accessed through the state's servers.

Pennsylvania took down its online voter registration Wednesday after discovering it failed to protect personal data, and the vulnerability was apparently caused by a programming error.

A Digg user reported earlier this week that Pennsylvania's online voter registration Web site exposed voters' personal information.

"This was discovered after filling out a registration myself," the Digg contributor wrote. "Being a security conscious programmer, I decided to test."

The programmer said that the printable voter application -- which users could fill out online, print out, and mail to election officials -- was not protected by authentication or validation.

Before the site shut down, PDFs containing names, dates of birth, and portions of Social Security numbers of some voters could be accessed through the state's servers.

"Had their programmer(s) validated that a requested ID belonged to the user that was logged in, there would have been no data leak," the programmer explained. "There was absolutely no validation at all and ANYONE (didn't even have to be logged into the SURE Portal System) could make requests to the script and retrieve data. Something as simple as that really makes you wonder about the security of the rest of our government systems which could be storing confidential information."

In addition to making voters vulnerable to identity theft, the programmer stated that someone could change a voter's party affiliation, print out the form, and mail it in, preventing people from voting in primaries.

State officials did not comment on the number of voter records that could have been compromised. In the 2004 presidential election, 5,731,942 registered voters went to the polls. State Democrats are holding their 2008 presidential primary on April 22.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.