Electronic Voter Registration in South Dakota

John D. Gregory*

(2003) 3 E-Filing Report No. 4 p. 11


            In January, 2003, the South Dakota House of Representatives passed House Bill 1010, “An Act to permit voter registration on the internet”.[1]  The Bill proposed to extend the current system by which residents of the state may register to vote at the office where driver’s licences are issued (the Department of Commerce and Regulation).  The current system dates from 1994, when it was made to conform with the federal National Voter Registration Act (NVRA),[2] by which all states must allow for voter registration by driver’s licence authorities.[3]  On registering, a person gives the office a signature, which is digitized and used to prepare a voter registration card.

            Bill 1010 would have added to that system a method of registration for those who already had driver’s licences[4] and who did not want to come into the office to register to vote.  State residents were to be allowed to register as voters online, giving their driver’s license number at the time.  The voter registration office would then contact the Department of Commerce and Regulation and receive a transfer of the digitized signature to put on the voter registration record.[5]  Such signatures are used when registrants vote by absentee ballot; the ballot is submitted with the voter’s signature, which is compared to the signature on the registration record.

During debate in the House, some members argued that the system was not sufficiently secure and thus that it raised the risk of election fraud.  Supporters replied that it was just as secure as Arizona’s similar electronic registration process.[6] This note will examine some of the bases on which one might judge the security of an electronic registration system.

The use of the digitized signature itself has no role in securing the voter registration system.  The signature would simply be taken off the driving file and dropped into the voter registration file, without any independent creation or review.  It plays a role only in verifying absentee ballots.  It is thus misleading to say that the Bill’s system used or turned on electronic signatures in any significant way.   It would be more accurate to say that the voter registration system would have broadened its reliance on identification information (not a signature) presented to get a driver’s license – a reliance required by the NVRA in any event.[7]

            Two important non-technical factors influence the security discussion.  First, the NVRA requires that states accept mail-in registration as well as registration at driver’s licensing offices and other state agencies, to make registering for voting easier than it had previously been.  People who register at the state agencies may not be asked for more identification than they would need to obtain the usual service from the agencies.  For mail registration, they need not provide any more information than they would in person.  South Dakota sends mail registrants an acknowledgement card by non-forwardable mail. If that card comes back, they send a confirmation mailing.  If that also is not delivered, they put the voter on an inactive list, and if he or she does not vote for two elections, they cancel the registration.[8]

            The second non-technical factor is how the act of voting itself is checked.  In South Dakota a voter need only state his or her name at the polling booth, without showing any identification or signature or other supporting information.  If the name is on the list, the person will be allowed to vote, unless someone present challenges the self-identification.  On such a challenge, the challenger and the intended voter each provide “evidence”, and the person in charge of the poll decides.[9]  It is arguable that more security is needed at the registration stage if there is little security checking at the time of voting.10]  For mail-in ballots, as we have seen, a signature is provided by the mailer that is checked against the signature in the voter registration record.

            In this context, how secure is the system under Bill 1010?  Three things prevent someone from registering as someone else: the first is a confirmation card, parallel to the acknowledgement card sent to mail-in registrants.  The Bill allowed the use of electronic registration only for people who are still at the address shown on their driver’s licence.  The confirmation card would be sent to that address.  A fraudster would have to intercept that mail to avoid the eventual vote from escaping his control.

The second deterrent is the chance that the other person has already registered or will register before the election – assuming that the voter registration system would do something to put people on notice if it had two registrations purporting to come from the same person (say by refusing to register the second person making the attempt).[11]  The third is the difficulty of obtaining the driver’s license number of the other person.  This may not be unduly difficult for the licence number of one individual.  It may be a good deal more difficult to acquire enough license numbers to make enough phony registrations to influence the results of an election.[12]

In debate in the House, the Arizona system was held up as a trustworthy model.  In that state, one can register to vote online by a similar but not identical process.[13]  In Arizona, the person wishing to register contacts the Motor Vehicle Division (MVD) in the first instance.  He or she provides the driver’s license number[14] and (optionally) a Social Security Number, and if these are recognized, the applicant is “authenticated”.  He or she then provides “voter specific registration”, notably party affiliation, and verifies his or her intention to register to vote.  Then the MVD transfers this information to the Secretary of State, along with the digitized version of the ink signature (what the documents call the “wet” signature) of the registrant.  The Secretary of State redistributes the information to the county recorders who keep voter registration records.

Thus Arizona differs from South Dakota in having the registrant first contact the MVD and not the voter registration authorities.  This is not significant.  Arizona uses the digitized signature for similar reasons as South Dakota – to check the validity of early or mail-in ballots, and also to review petitions.  It is not used to confirm identity of voters who show up at the polls in person.

Arizona appears to add to this process two authentication methods that were not proposed in South Dakota.  First, the registrant is asked for a Social Security Number when he or she applies to the MVD to be registered to vote.  The SSN is routinely used in the state in applications for driver’s licences, as it is in South Dakota. However, it is not required to register to vote.  Registrants are asked for the last four digits of the SSN, but if the registrant does not provide them, the process continues regardless.

Second, Arizona requires that the completed voter registration request be signed with an electronic signature.[15]  The Overview says of electronic signatures only this: “The user electronically signs the EZ Voter Registration by agreeing to the terms of submitting the application.”[16]  The Regulation says “An electronic signature for use on an electronic voter registration form shall be a separate acknowledgement statement authorizing the transmitter to transmit the information to the destination county recorder.”[17]

Electronic signature is defined by reference to the general Arizona statutes.[18]  They say that an electronic signature is “an electronic or digital method of identification that is executed or adopted by a person with the intent to be bound by or to authenticate a record”.[19]  It “shall be unique to the person using it, shall be capable of reliable verification and shall be linked to a record in a manner so that if the record is changed the electronic signature is invalidated.”[20]

At first reading, one wonders if large numbers of Arizona residents have the technical capacity to create such an electronic signature, especially the rule that it must be linked to the signed record so that if the record is changed the signature is invalidated.  However, the Overview of the system notes the large volume of duplicative paperwork under the old system and anticipates that electronic registration “will replace about 70 percent of the paperwork filed for voter registration.”[21]

On further examination, it turns out that the electronic signature is a good deal less demanding than the literal wording of the statute suggests.  The Secretary of State has established a Policy Authority (“PA”) on electronic signatures to be used with state agencies.[22]  The PA analyses the risks of the proposed use of electronic signatures and decides what level of security is appropriate in each case.[23]  In this case it appears that the express authorization to the MVD to transfer the application and digitized signature to the registration authorities is taken as a sufficient indication of an intention to sign electronically.  The identity of the signer is supported by the driver’s licence number (and possibly the SSN).   False information subjects the provider to a penalty for perjury.[24]  The technology built into the MVD and Secretary of State’s systems, by which the application and digitized signature are sent to the county recorders, is apparently thought to be secure enough to ensure that the signed documents are not altered.

In addition, Arizona sends a confirmation of registration to the registrant at the address in the driver’s licence record.  This is, as in the South Dakota scheme, a disincentive for someone else to use another driver’s information to register.

This review suggests that South Dakota’s proposed electronic registration system was in practice not substantially less secure than that of Arizona, though it is clear that Arizona has given uncommonly careful thought to the security needs of its system.  The reliability of the internal workings of the communications between South Dakota’s motor vehicles authority and their voter registration system is not disclosed in the discussion about Bill 1010.

The real comparison in judging security is arguably not another state’s implementation, in any event, but the risk across the in-state system.  Compare South Dakota’s mail-in registration rules.  In effect, someone can request registration with very little identification or authentication, then be subject to no further authentication when showing up to vote.  If they vote by absentee ballot, they face little checking at any point.  In that context, requiring an active driver’s licence number of a registrant seems relatively demanding.

            Despite these arguments in favor of the system of Bill 1010, South Dakota will not be putting them into practice in the short term.  The Bill was killed in the state Senate.[25] Supporters of the Bill say they will try again in the next session, in 2004.  They will have time to develop further support for the security of the registration system.[26]

* General Counsel, Policy Branch, Ministry of the Attorney General (Ontario, Canada). The views expressed here are not necessarily those of the Ministry.

[2] 42 United States Code s.394 (1993).

[3] In 2001, almost 40 percent of all registrations nationwide originated in motor vehicle offices.  Election Reform Briefing, “Statewide Voter Registration Databases”, March 2002, by electionline.org and The Constitution Project, p.6, online: http://www.electionline.org/site/docs/pdf/svrs.briefing.03.04.2002.pdf .

[4] South Dakota also provides for “nondriver identification cards” issued by the same Department, which the internet registration system would also use in the same way.

[5] The Bill said that the applicant “may register … using the digitized signature retained by” the driver’s licence office. It did not say exactly how this was to be done. The description here is provided in an Associated Press news article, “System would let voters register online”, January 27, 2003, online: http://www.aberdeennews.com/mld/aberdeennews/news/5044364.htm .

[6] The views of critics and supporters are noted in the news article cited in the previous note.

[7] An applicant for a driver’s licence must submit a social insurance number, a “brief description”, and a birth certificate or passport.  S.D. Code s. 32-12-3.  Applicants for registration to vote require none of these.  South Dakota election laws are online at http://legis.state.sd.us/statutes/Index.cfm?FuseAction=DisplayStatute&FindType=Statute&txtStatute=12.

[8] The acknowledgement card is required in S.D. Code 12-4-5.3, the confirmation mailing by 12-4-19, and placement on the inactive list by 12.4-19.2.  All registered voters are sent a confirmation card once a year, and a confirmation mailing if the card is not delivered.

[9] This description of the voting system is based on an Election Reform Briefing on Voter Identification, published by electionline.org and The Constitution Project, online at: www.electionline.org/site/docs/pdf/voter_id_report.pdf.  See also S.D. Code s. 12.18.10 on challenging for wrong identification.

[10] Requiring voters to prove their identity at the poll is controversial.  Opponents say that the poor or vulnerable are less likely to have the kinds of identification required, or more likely to feel intimidated by being asked.  A full discussion is found in the Election Reform Briefing on Voter Identification, cited in the previous note. 

[11] Section 12-4-40 of the S.D. Code on Elections provides that demonstrable double registrations lead to deletion of the older registration; suspected doubles require notice to the registrants to verify the facts.  Counties send updates to their lists to a centralized state list every day, and the state notifies counties of duplicates.  “Statewide Voter Registration Databases”, cited above at n.2, p.12.

[12] This note does not comment on the risk of fraud by those who apply in person at the state office; presumably they could also apply fraudulently directly at the voter registration office.  Here we are reviewing only the increased risk alleged to be caused by the online applications.

[13] See Arizona’s EZ Voter Registration Overview, online with related documents at http://www.sosaz.com/election/EZ_Voterregistration/EZ-Voter_Registration_Overview.htm .

[14] Again the system will work if the person holds a non-driver’s identification card from the MVD and the other conditions for drivers are satisfied.

[15] A three-page-long regulation governs the process: Title 2, Chapter 12, Supp. 02-1, Article 6, effective March 29, 2002, online at http://www.sos.state.az.us/public_services/Title_02/2-12.htm.  Regulation R2-12-603 says “To accept the terms of the electronic voter registration system, a registrant shall electronically sign the electronic voter registration form.” 

[16] Ibid., twelfth paragraph.

[17] Supra, note Y, section R2-12-603 para. B.

[18] R2-12-601 para 2: “’Electronic signature’ is defined in A.R.S. s. 41-132.”

[19] A.R.S. s. 41-132 s.E.4, online at http://www.azleg.state.az.us/ars/41/00132.htm .

[20] Ibid. s. B.

[21] Supra, note X, sixth paragraph.

[22] A description appears at http://www.sos.state.az.us/pa.

[23] See A.R.S. 41-121 s.13 on the duties of the Secretary of State.

[24] R2-12-603 para A.1.

[25] The bill was not recommended by the Senate’s committee that studied it (the vote was 3:3), was brought back to the full Senate without a recommendation, and declared lost.  A record of its disposition is online at http://legis.state.sd.us/sessions/2003/1010.htm .

[26] None of the arguments on electronic voting registration give much support to online voting itself. That is a very challenging process, with yet-unresolved issues of identification, security, and audit beyond the scope of this note.