Update: The article, including the headline, has been updated based on responses from the offices of the secretaries of state of Oregon and Washington.
Election security in some states appears to be so lax that someone could spy on other people’s mail-in ballot process and even cancel their ballots with only basic personal information that’s easily obtained online.
However, spokespeople for the states’ election authorities assure that measures are in place to prevent such tampering.
The online voter portal for Washington State only requires the name and date of birth of a voter for a login. Dates of birth are a matter of public record for many people, either through social media, government and court documents, or Wikipedia pages, not to mention millions of hacked personal records available for sale on the dark web.
Upon login, a person can view the voter’s registration information and other details, including the registered address and ballot status. The portal also allows voters to request a new ballot, which the person can fill out online, print out, and mail to the election authorities to vote. The ballot package needs to be signed, and the signature would be matched by the authorities to the one they have on record.
However, the page warns that “if you continue, a ballot previously mailed to you will be cancelled,” suggesting that somebody could log in and cancel another person’s ballot simply by requesting a new one.
The Epoch Times contacted a Washington voter who then went through the process for his own ballot, which he recently received in the mail. He verified that a person’s name and date of birth are all it takes to request a new ballot.
Kylee Zabel, spokeswoman for the Washington secretary of state, explained that the original ballot wouldn’t be invalidated, but only “placed on hold.” If the voter returns the ballot, it would still be processed and counted and no additional ballots would then be accepted.
“The Office of the Secretary of State and county elections offices, with the collaboration of state and federal partners and private-sector experts, have instituted multiple levels of security over the entire vote-by-mail process, including both electronic and manual measures to maintain the integrity of the election,” she told The Epoch Times via email.
“The online portal is monitored 24/7 to detect and prevent unusual activity, and manual backend processes protect against fraudulent attempts.”
A similar issue appeared to apply to Oregon, where the voter portal also only requires a name and date of birth for a login. The portal allows the voter to fill out the ballot online, print it, and submit it to election authorities, an Oregon voter contacted by The Epoch Times confirmed. The page says the option is only available to military, overseas, or disabled voters, but there doesn’t seem to be any verification that would prevent other voters from using it.
Andrea Chiapella, spokeswoman for the Oregon secretary of state, assured The Epoch Times that “no votes can be cast or canceled online” through the voter portal, called MyVote.
Voters with disabilities and military and overseas voters can mark their ballot online “and send it back in their return envelope already sent to them,” she said via email.
“They still must return the ballot with the proper identifying information, including their signature, which will be compared against the voter’s signature in the voter registration file before being accepted to count,” she said.
She also noted that trying to cast another person’s ballot is a felony punishable by up to five years in prison.
“Attempts to alter information on MyVote can be tracked through our system logs to help identify the individual who is committing the crime,” she said.
The Oregon voter portal appeared to be offline for maintenance on Oct. 18 for several hours.
In November 2019, a laptop belonging to a medical contractor that had the personal information of more than 650,000 Oregon residents was stolen. The data included names, Social Security numbers, as well as “phone numbers, dates of birth and Medicaid ID numbers,” The Oregonian reported.
Both Washington and Oregon hold all-mail elections, meaning ballots are automatically mailed to all registered voters before every election.
The online voter portals issue was first spotted by users of anonymous discussion board “Politically Incorrect” on 4chan.org. The board is known for robust open-source research, as well as online pranks and offensive posts.
Screenshots posted to the board around Oct. 18 indicated some users took advantage of the vulnerability to log in as Portland, Oregon, Mayor Ted Wheeler, Oregon Secretary of State Bev Clarno, and others. It’s not clear whether the users went through the whole process of printing the overseas, military, or disabled ballots for the officials. The main posts on the board on the subject urged users not to commit voter fraud, but only showcase the vulnerability to publicly expose it.
It isn’t clear if other states suffer from the same vulnerability.
The offices of secretaries of state from several other states, including California, Ohio, Texas, Alaska, Florida, and Pennsylvania, didn’t immediately respond to requests by The Epoch Times for comment.
Mail Voting Concerns
While Oregon and Washington have conducted all-mail elections for years, some states, such as Nevada and California, are sending ballots to all voters this year for the first time with only several months of preparation. This has sparked concerns over whether the infrastructure in such states is prepared to handle the deluge of mail-in ballots.
On top of that, voter rolls are notoriously messy and often include the names of people who’ve moved to different addresses, left the state, or have died. That means the ballots can end up in the hands of people who aren’t eligible to vote.