Electronic
Voter Registration in South Dakota
John D. Gregory*
(2003) 3
E-Filing Report No. 4 p. 11
In January, 2003, the South Dakota House of Representatives passed House
Bill 1010, “An Act to permit voter registration on the internet”.[1]
The Bill proposed to extend the current system by which residents of the
state may register to vote at the office where driver’s licences are issued
(the Department of Commerce and Regulation). The current system dates from 1994, when it was made to conform with the
federal National Voter Registration Act (NVRA),[2]
by which all states must allow for voter registration by driver’s licence
authorities.[3]
On registering, a person gives the office a signature, which is digitized
and used to prepare a voter registration card.
Bill 1010 would have added to that system a method of registration for
those who already had driver’s licences[4]
and who did not want to come into the office to register to vote. State residents were to be allowed to register as voters online, giving
their driver’s license number at the time. The voter registration office would then contact the Department of
Commerce and Regulation and receive a transfer of the digitized signature to put
on the voter registration record.[5]
Such signatures are used when registrants vote by absentee ballot; the
ballot is submitted with the voter’s signature, which is compared to the
signature on the registration record.
During debate in the House,
some members argued that the system was not sufficiently secure and thus that it
raised the risk of election fraud. Supporters
replied that it was just as secure as Arizona’s similar electronic
registration process.[6]
This note will examine some of the bases on which one might judge the
security of an electronic registration system.
The use of the digitized signature itself has no role in securing the
voter registration system. The
signature would simply be taken off the driving file and dropped into the voter
registration file, without any independent creation or review. It plays a role only in verifying absentee ballots.
It is thus misleading to say that the Bill’s system used or turned on
electronic signatures in any significant way. It would be more accurate to say that the voter registration system would
have broadened its reliance on identification information (not a signature)
presented to get a driver’s license – a reliance required by the NVRA in any
event.[7]
Two important non-technical factors influence the security discussion. First, the NVRA requires that states accept mail-in registration as well
as registration at driver’s licensing offices and other state agencies, to
make registering for voting easier than it had previously been. People who register at the state agencies may not be asked for more
identification than they would need to obtain the usual service from the
agencies. For mail registration,
they need not provide any more information than they would in person. South Dakota sends mail registrants an acknowledgement card by non-forwardable
mail. If that card comes back, they send a confirmation mailing. If that also is not delivered, they put the voter on an inactive list,
and if he or she does not vote for two elections, they cancel the registration.[8]
The second non-technical factor is how the act of voting itself is
checked. In South Dakota a voter
need only state his or her name at the polling booth, without showing any
identification or signature or other supporting information. If the name is on the list, the person will be allowed to vote, unless
someone present challenges the self-identification. On such a challenge, the challenger and the intended voter
each provide “evidence”, and the person in charge of the poll decides.[9]
It is arguable that more security is needed at the registration stage if
there is little security checking at the time of voting.10]
For mail-in ballots, as we have seen, a signature is provided by the
mailer that is checked against the signature in the voter registration record.
In this context, how secure is the system under Bill 1010? Three things prevent someone from registering as someone
else: the first is a confirmation card, parallel to the acknowledgement card
sent to mail-in registrants. The
Bill allowed the use of electronic registration only for people who are still at
the address shown on their driver’s licence. The confirmation card would be sent to that address.
A fraudster would have to intercept that mail to avoid the
eventual vote from escaping his control.
The second deterrent is the chance
that the other person has already registered or will register before the
election – assuming that the voter registration system would do something to
put people on notice if it had two registrations purporting to come from the
same person (say by refusing to register the second person making the attempt).[11]
The third is the difficulty of obtaining the driver’s license number of
the other person. This may not be
unduly difficult for the licence number of one individual. It may be a good deal more difficult to acquire enough license numbers to
make enough phony registrations to influence the results of an election.[12]
In debate in the House, the
Arizona system was held up as a trustworthy model. In that state, one can register to vote online by a similar but not
identical process.[13]
In Arizona, the person wishing to register contacts the Motor Vehicle
Division (MVD) in the first instance. He
or she provides the driver’s license number[14]
and (optionally) a Social Security Number, and if these are recognized, the
applicant is “authenticated”. He
or she then provides “voter specific registration”, notably party
affiliation, and verifies his or her intention to register to vote. Then the MVD transfers this information to the Secretary of
State, along with the digitized version of the ink signature (what the documents
call the “wet” signature) of the registrant. The Secretary of State redistributes the information to the county
recorders who keep voter registration records.
Thus Arizona differs from South
Dakota in having the registrant first contact the MVD and not the voter
registration authorities. This is
not significant. Arizona uses the
digitized signature for similar reasons as South Dakota – to check the
validity of early or mail-in ballots, and also to review petitions. It is not used to confirm identity of voters who show up at
the polls in person.
Arizona appears to add to this
process two authentication methods that were not proposed in South Dakota.
First, the registrant is asked for a Social Security Number when he or
she applies to the MVD to be registered to vote. The SSN is routinely used in the state in applications for driver’s
licences, as it is in South Dakota. However, it is not required to register to
vote. Registrants are asked for the
last four digits of the SSN, but if the registrant does not provide them, the
process continues regardless.
Second, Arizona requires that the
completed voter registration request be signed with an electronic signature.[15]
The Overview says of electronic signatures only this: “The user
electronically signs the EZ Voter Registration by agreeing to the terms of
submitting the application.”[16]
The Regulation says “An electronic signature for use on an electronic
voter registration form shall be a separate acknowledgement statement
authorizing the transmitter to transmit the information to the destination
county recorder.”[17]
Electronic signature is defined by
reference to the general Arizona statutes.[18]
They say that an electronic signature is “an electronic or digital
method of identification that is executed or adopted by a person with the intent
to be bound by or to authenticate a record”.[19]
It “shall be unique to the person using it, shall be capable of
reliable verification and shall be linked to a record in a manner so that if the
record is changed the electronic signature is invalidated.”[20]
At first reading, one wonders if
large numbers of Arizona residents have the technical capacity to create such an
electronic signature, especially the rule that it must be linked to the signed
record so that if the record is changed the signature is invalidated. However, the Overview of the system notes the large volume of duplicative
paperwork under the old system and anticipates that electronic registration
“will replace about 70 percent of the paperwork filed for voter
registration.”[21]
On further examination, it turns
out that the electronic signature is a good deal less demanding than the literal
wording of the statute suggests. The
Secretary of State has established a Policy Authority (“PA”) on electronic
signatures to be used with state agencies.[22] The PA analyses the risks of the proposed use of electronic signatures
and decides what level of security is appropriate in each case.[23]
In this case it appears that the express authorization to the MVD to
transfer the application and digitized signature to the registration authorities
is taken as a sufficient indication of an intention to sign electronically.
The identity of the signer is supported by the driver’s licence number
(and possibly the SSN). False
information subjects the provider to a penalty for perjury.[24]
The technology built into the MVD and Secretary of State’s systems, by
which the application and digitized signature are sent to the county recorders,
is apparently thought to be secure enough to ensure that the signed documents
are not altered.
In addition, Arizona sends a
confirmation of registration to the registrant at the address in the driver’s
licence record. This is, as in the
South Dakota scheme, a disincentive for someone else to use another driver’s
information to register.
This review suggests that South
Dakota’s proposed electronic registration system was in practice not
substantially less secure than that of Arizona, though it is clear that Arizona
has given uncommonly careful thought to the security needs of its system. The reliability of the internal workings of the communications between
South Dakota’s motor vehicles authority and their voter registration system is
not disclosed in the discussion about Bill 1010.
The real comparison in judging
security is arguably not another state’s implementation, in any event, but the
risk across the in-state system. Compare
South Dakota’s mail-in registration rules. In effect, someone can request registration with very little
identification or authentication, then be subject to no further authentication
when showing up to vote. If they vote by absentee ballot, they face little checking at
any point. In that context,
requiring an active driver’s licence number of a registrant seems relatively
demanding.
Despite these arguments in favor of the system of Bill 1010, South Dakota
will not be putting them into practice in the short term. The Bill was killed in the state Senate.[25]
Supporters of the Bill say they will try again in the next session, in 2004.
They will have time to develop further support for the security of the
registration system.[26]
*
General Counsel, Policy Branch, Ministry of the Attorney General (Ontario,
Canada). The views expressed here are not necessarily those of the Ministry.
[2] 42 United States Code
s.394 (1993).
[4] South Dakota also provides
for “nondriver identification cards” issued by the same Department,
which the internet registration system would also use in the same way.
[5] The Bill said that the
applicant “may register … using the digitized signature retained by”
the driver’s licence office. It did not say exactly how this was to be
done. The description here is provided in an Associated Press news article,
“System would let voters register online”, January 27, 2003, online: http://www.aberdeennews.com/mld/aberdeennews/news/5044364.htm
.
[6] The views of critics and
supporters are noted in the news article cited in the previous note.
[8] The acknowledgement card
is required in S.D. Code 12-4-5.3, the confirmation mailing by 12-4-19, and
placement on the inactive list by 12.4-19.2. All registered voters are sent a confirmation card once a year, and a
confirmation mailing if the card is not delivered.
[9] This description of the
voting system is based on an Election Reform Briefing on Voter
Identification, published by electionline.org and The Constitution Project,
online at: www.electionline.org/site/docs/pdf/voter_id_report.pdf.
See also S.D. Code s. 12.18.10 on challenging for wrong
identification.
[10]
Requiring voters to prove their identity at the poll is controversial.
Opponents say that the poor or vulnerable are less likely to have the
kinds of identification required, or more likely to feel intimidated by
being asked. A full discussion
is found in the Election Reform Briefing on Voter Identification, cited in
the previous note.
[11] Section 12-4-40 of the
S.D. Code on Elections provides that demonstrable double registrations lead
to deletion of the older registration; suspected doubles require notice to
the registrants to verify the facts. Counties
send updates to their lists to a centralized state list every day, and the
state notifies counties of duplicates. “Statewide Voter Registration Databases”, cited above at n.2,
p.12.
[12] This note does not
comment on the risk of fraud by those who apply in person at the state
office; presumably they could also apply fraudulently directly at the voter
registration office. Here we
are reviewing only the increased risk alleged to be caused by the online
applications.
[14] Again the system will
work if the person holds a non-driver’s identification card from the MVD
and the other conditions for drivers are satisfied.
[15] A three-page-long
regulation governs the process: Title 2, Chapter 12, Supp. 02-1, Article 6,
effective March 29, 2002, online at http://www.sos.state.az.us/public_services/Title_02/2-12.htm.
Regulation R2-12-603 says “To accept the terms of the
electronic voter registration system, a registrant shall electronically sign
the electronic voter registration form.”
[16] Ibid., twelfth paragraph.
[17]
Supra, note Y, section R2-12-603 para. B.
[18] R2-12-601 para 2:
“’Electronic signature’ is defined in A.R.S. s. 41-132.”
[21] Supra, note X, sixth
paragraph.
[23] See A.R.S. 41-121 s.13
on the duties of the Secretary of State.
[25] The bill was not
recommended by the Senate’s committee that studied it (the vote was 3:3),
was brought back to the full Senate without a recommendation, and declared
lost. A record of its
disposition is online at http://legis.state.sd.us/sessions/2003/1010.htm
.
[26] None of the arguments on
electronic voting registration give much support to online voting itself.
That is a very challenging process, with yet-unresolved issues of
identification, security, and audit beyond the scope of this note.
|
|