Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Register to Vote, Lose your Identity

Created: 11 Feb 2008 08:00:00 GMT • Updated: 23 Jan 2014 18:42:23 GMT
Josh Harrison's picture
0 0 Votes
Login to vote

With the primaries going on it reminded me of a problem that can putthose of us who have registered to vote at an unnecessary risk ofidentify theft exposure. With everything we are doing to secure theworld electronically, it can still be the old analog means that doom us.

Last fall I received a piece of junk mail, I mean, "US postage paidpolitical glossy information to help inform voters" material. This isthe usual type of glossy, slick advertising mailer that most of us tossinto the garbage can. I decided to open it and inside I saw “Vote forMeasure 123456” and some political marketing info. OK, I still am goingto toss it. And then I noticed the little “Vote by Mail Application”attached. It was nicely pre-printed with name and address and my date of birth (DOB)!Yeesh, why didn’t they just go ahead and post my social security numbertoo?! Some may argue that a DOB is already a matter of public recordand I agree it isn’t as sensitive as your social security number, butDOB is enough to compromise portions of your identify and this could be why California Senate Bill 1614 was passed in 2002—to "protect the integrity of vital records by preventing unauthorized access to personal birth and death information."If I had followed the normal course of action, it would have been inthe trash for any dumpster/landfill diving fool to find.

Ok, big deal, one DOB record in the trash. Considering the number ofpeople who toss bank statements, I guess this may not be a big issue. Iassume that there were only about 100,000 of these created and theywould have been easy to find at the post office's front door or thetrash for apartment complexes.

This isn’t the worst part. I called the Registrar of Voters and I learned a few things.
1) The political group that sent the mailer appears to have broken no laws (per the Registrar of Voters).
2) The reason why political mailers include DOB information is because it makes it easier for the registrar of voters to confirm and validate a vote (nothing like ease of use over security!)
3) There are no guidelines given to people who send mailers for protection of personal or confidential information.

Does this mean that anyone who has a "cause" and $100 can get anelectronic voter file filed with 100,000 names, addresses, and DOBsfrom everyone in an entire county?

In Symantec’s Norton Internet Security™ 2008 and Norton 360 productswe have antiphishing and antifraud mechanisms built in. We also protectagainst drive-by downloads, which may install a keylogger to steal yourbanking transactions. With everything we are doing to secure youridentity and electronic transactions today, let’s at least make it alittle harder to own 100,000 identities the old fashioned way.

So what can you do?
o Open and check all mail, including "junk mail" and check for any personal or confidential information. Shred the confidential portions.
o Let your legislative representatives know that this isn’t acceptable.
o Ask your Registrar of Voters and other county offices how they are protecting your personal information.

California Senate Bill 1614 from 2002:
http://www.leginfo.ca.gov/pub/01-02/bill/sen/sb_1601-1650/sb_1614_bill_20020919_chaptered.html

Santa Clara Office of the Clerk Recorder:
http://www.sccgov.org/portal/site/rec/agencyarticle?path=%252F