top of page
Writer's pictureBill Tolson

The High Stakes of Mishandling Election-Related Data - Preserving the Integrity of the 2024 Vote with Trusted Systems for Data Management



As the November 2024 Federal, State, and Local Elections draw near, the integrity of the electoral process has become a pressing concern for political pundits, candidates, and federal, state, and local agencies. The core of this issue is the crucial duty of safeguarding election-related data, a responsibility that, if mishandled, could potentially erode public trust in our democratic process.


The electoral process involves a range of data-intensive operations, each generating a wealth of sensitive information. These include the voter registration process, agency training, placement of poll workers, coordination and security of polling locations, distribution and collection of ballots, sensitive area access, and vote tabulation. This data is not only crucial for the smooth execution of the election but also serves as the foundation for maintaining transparency, accountability, and public trust in our democratic process.

Mishandling or destroying election-related data, whether through negligence, questionable data management, inadequate security measures, insufficient poll worker training, or intentional manipulation, can have severe and far-reaching consequences for governmental agencies and the very fabric of our electoral system.


Legal Implications and Litigation

One of the most significant risks of data mismanagement is the potential for legal challenges and costly litigation by voters, candidates, or special interest groups, which can delay outcomes and force additional expenses. Election-related challenges inevitably start with a tidal wave of freedom of information (FOIA) requests demanding all data related to the election. These FOIA requests can include emails and attachments, calendar schedules, pole worker training materials and direction, timecards, polling video surveillance feeds, SMS messages, collaboration application feeds (Teams/Zoom, etc.), spreadsheets, agency presentations, as well as other agency documents.


Many agency personnel already have experience with the FOIA process pains. For example, suppose FOIA requests cannot be produced in the legally allotted time frame (regulation) or are considered incomplete. In that case, agencies can face lawsuits from various stakeholders - including political parties, candidates, advocacy groups, or individual voters, alleging violations of election laws, voter rights, or data privacy regulations.


Moreover, unacknowledged FOIA requests and mishandled election data can potentially constitute grounds for contesting the results, leading to prolonged legal battles, uncertainty over the validity of elected officials, and overall voter dissatisfaction. This legal quagmire not only strains the resources and budgets of agencies but also threatens to undermine the legitimacy of the entire electoral process.


Financial Penalties and Fines

Depending on the nature and perceived severity of the data mishandling, state and local agencies may also face substantial financial penalties or fines imposed by state or federal authorities. Non-compliance with election laws, data privacy regulations, and non-compliant FOIA responses can result in significant agency monetary consequences, potentially straining agencies' budgets and impacting their ability to carry out their ongoing essential functions.


Investigations and Audits

Accusations of data mishandling can trigger investigations by various federal and state agencies, such as the US Department of Justice, the Federal Election Commission, and state election boards. These investigations can be costly, time-consuming, and resource-intensive and may uncover additional irregularities or issues requiring further agency scrutiny or wide-sweeping corrective actions.


Furthermore, audits of election processes, additional election data management practices, and cybersecurity measures may be ordered, leading to extra costs and operational disruptions for the agencies involved.


Reputational Damage and Loss of Public Trust

One of the most detrimental consequences of mishandling election data is the potential for agency reputational damage and loss of public trust. When the integrity of the election process is questioned, agencies may face intense public scrutiny, criticism from media and watchdog groups, increased office turnover, and a loss of trust from their constituents.

This erosion of public confidence not only makes it more difficult for agencies to govern effectively but also has long-lasting consequences, potentially impacting future elections as well as the ability of these agencies to carry out their duties effectively.


Election Challenges and Disputes

Mishandled or lost data can provide grounds for challenging the legitimacy of election results, leading to prolonged disputes and uncertainty over the validity of elected officials' capabilities. This can create political instability and gridlock and undermine the agency's ability to function effectively or carry out its mandated responsibilities.


While California has generally had a good track record in conducting secure and transparent elections, there have been instances where data mishandling or other issues related to election data have raised concerns and highlighted the importance of robust data management practices. Some of the critical issues that led to election-related litigation in 2022-2023 included:

  1. Allegations of issues with mail-in ballot handling, signature verification, and ballot curing processes in some counties. In these cases, lawsuits were filed claiming voter disenfranchisement.

  2. In some jurisdictions, Concerns were raised about the security, auditing, and chain of custody procedures for electronic voting data and voting machine information.

  3. Legal challenges over the rules and timelines for processing and counting different categories of ballots (mail-in, drop-box, provisional, etc.).

  4. Questions about voter list maintenance and potential issues with ineligible voters being included in the rolls.


The above issues underscore the importance of data integrity, security, and transparency in the electoral process. Mishandling election-related data through human error, system glitches, or security vulnerabilities will potentially undermine public trust, create confusion and frustration among voters, and open the door to potential legal challenges or allegations of voter suppression or fraud.


To address these issues and maintain the integrity of California's elections, some state and local agencies have been working to implement more robust data management practices, enhance cybersecurity measures, and adopt technologies like California's Trusted Systems requirements to ensure the immutability and audibility of election data. By learning from past incidents and taking proactive best practice steps to safeguard election-related data, California can continue to uphold the principles of free, fair, and transparent elections.


Cybersecurity Risks and Data Breaches

Inadequate data security measures or improper election data handling can also increase the vulnerability of election systems to cyber threats, such as hacking, data breaches, or ransomware/extortionware attacks. Data breaches can result in the loss or exposure of sensitive voter information – violating current California data privacy laws, further eroding public trust, and potentially leading to identity theft or other consequences for affected citizens.


The Importance of California Trusted Systems Compliance

In light of these potential consequences, it is imperative that state and local agencies responsible for administering elections implement robust data management and practices, employ secure and auditable storage solutions, and adhere to strict (audited) protocols for handling election-related data.


One critical step in mitigating these risks is to ensure agency compliance with California's Trusted Systems directives. These requirements mandate using technologies that ensure data integrity and immutability, such as write-once-read-many (WORM) storage and tamper-evident logging. This helps prevent accidental or intentional data modification, tampering, or deletion, ensuring the preservation of accurate and auditable election data throughout its lifecycle.


California Trusted Systems

Trusted Systems require comprehensive audit trails and detailed logs that capture every employee access, data modification, or action performed on election data. This chain of custody documentation provides irrefutable and reportable evidence of compliant data handling, enabling thorough investigations and audits in case of any disputes or allegations of data mishandling.


Furthermore, Trusted Systems mandates strict access controls and user authentication mechanisms, limiting data access to authorized personnel only. This mitigates the risk of unauthorized access, data breaches, or insider threats that could compromise election data integrity.


State and local agencies can demonstrate their commitment to data integrity, security, and transparency by adhering to California's Trusted Systems requirements. This legal defensibility can help agencies withstand potential legal challenges, investigations, or audits related to data handling practices during the election process.


By implementing robust and proven data management practices, employing secure and auditable storage solutions, and adhering to strict protocols for handling and storing election-related data, agencies can significantly reduce the risks associated with data mishandling or cyber-attacks.


Ultimately, it is the responsibility of governmental agencies to uphold the principles of democracy and safeguard the sanctity of the electoral process. By taking proactive measures to protect the integrity of election data, agencies can maintain public confidence in the legitimacy of the 2024 election results and preserve the cornerstone of our democratic society.


The restorVault California Trusted System Data Storage/Management Platform

The restorVault Trusted Storage Cloud Archive and Data Virtualization Platform have been specifically engineered to adhere to the stringent requirements outlined in the California Trusted System guidelines. The restorVault solution comprehensively addresses the four fundamental principles that govern the certification process.

 

First, the California Trusted System mandates that agencies maintain at least two copies of every electronic resource or data file. restorVault's innovative cloud infrastructure ensures compliance by storing each file, alongside its unique hashed fingerprint, across two separate dispersed cloud storage vaults. This practical approach provides an additional layer of redundancy, as the duplicate copies are housed in entirely different storage areas.

 

Second, the guidelines stipulate the employment of proper hardware, software, and media storage techniques to prevent unauthorized data additions, modifications, or deletions. The restorVault platform stores all data within its secure cloud environment, where it is encrypted using industry-leading military-grade encryption. This data encryption ensures sensitive data can not be copied for ransomware purposes later.

 

Furthermore, the data is committed to immutable/WORM (Write Once Read Many) storage tiers, effectively safeguarding it from corruption and ensuring its "copy of record" status. This robust encryption and immutable storage capabilities not only shield sensitive election-related information from potential theft and misuse but also render it impervious to the effects of contemporary ransomware strains that could otherwise compromise or destroy the data, forcing agencies into paying exorbitant ransoms and starting the election process again.

 

Third, agencies must store at least one copy of each document or file in a separate and secure location, with at least one copy in an unalterable format, such as immutable or WORM storage. As mentioned, the restorVault platform adheres to this requirement by storing each data file in an encrypted state across two separate data center locations.

 

Finally, the system must demonstrate its ability to withstand rigorous independent audits to validate the integrity of the stored documents. restorVault boasts an impressive track record, having successfully provided its platform to numerous California state and municipal agencies -all while maintaining continuous compliance through ongoing audits.

 

In addition to these core requirements, the restorVault platform offers a suite of advanced data integrity capabilities, including:

  • Digital Fingerprinting: Each time a file is saved, a unique fingerprint is generated using an MD5 or SHA1 hash of its contents and metadata, effectively preventing unauthorized alterations to its history or contents.

  • Serial Numbers: Every file is assigned a unique serial number, ensuring no files are missing or have been tampered with.

  • Secure Time: The system's time clock is secured using a global, redundant, authenticated time source (Stratum Level I hardware time sources), guaranteeing accurate timestamping.

  • Data Encryption: All data, both in transit and at rest, is protected by robust 256-bit AES encryption.

  • Data Verification: Stored files are systematically re-verified against their fingerprints every 90 days, repaired using the second copy if necessary, and retained by customer-defined policies.


For a comprehensive understanding of the California Trusted System regulations and their implementation, readers should refer to the restorVault blog titled "A Step-by-Step Guide to California Trusted System Implementation."

 

Contact us today to learn which California agencies have already adopted the restorVault California Trusted Systems data storage platform.

Comments


bottom of page