Advertisement

Incompatible file formats led Los Angeles County to drop 118,000 voters in California primary

A review of the June 5 mishap concludes it did not happen because of a "printing error," as officials said originally.

Multiple factors contributed to Los Angeles County eliminating more than 118,000 registered voters from the rolls during the June 5 California primary election, according to a report published Wednesday. The document, prepared by IBM Security Services, explains that software incompatibilities and clashing file formats between the state’s official voter list and the county’s system led to the voters being dropped from the roster.

At the time, county officials attributed the cut names to a printing error.

The affected voters accounted for about 2.3 percent of the county’s registered voters, and were spread across about one-third of the sprawling county’s precincts. The most populous in the United States, the county spans from the city of Los Angeles to the edge of the Mojave Desert, and boasts more than 5.1 million registered voters, more than one-quarter of California’s statewide total. People who showed up to vote but were told their names were not on the rolls were still allowed to cast provisional ballots.

The report’s executive summary , which was released by the Los Angeles County Counsel’s office, rules out a data breach or other kind of cyberattack, but it does reveal how quickly mismatched software can muck up an election. Still, it stopped short of being totally conclusive.

Advertisement

“IBM recreated the issue that led to 118,509 registered voters being excluded from the voter rosters, in two separate scenarios,” the report reads. “A definitive answer on which scenario actually took place for the June 5 Primary is impossible to determine due to a lack of audit logging available within the specific voter software system.”

The IBM team found that a change to the file format of the official voter list provided by state authorities made it incompatible with the equipment used by the county. Because the county’s Voter Information Management System, or VIMS, had not been updated to accept the new file format, it generated records for those 118,509 voters without their dates of birth, rendering them ineligible.

“Since the birthdates were missing, the County’s system incorrectly classified these voters as ‘underage’ and left them off the printed precinct rosters,” a county press release states .

IBM ran simulations of the voter-roster generation, including one in which it exported records from the voter file provided by the state, stopping at 118,509 names, which investigators saw were processed without birthdates. A second export using the county’s data generated correct records matching voters’ names with their dates of birth. But IBM’s researchers also found that the VIMS system did not dump the incorrect records from the first export. They concluded that the voter roster Los Angeles County used on June 5 contained information from both exports, resulting in the voters who had been dropped.

The IBM investigation also included an review of a 21-minute outage of the county’s election results reporting website on June 5 a few hours after polls closed. Investigators concluded the website buckled under heavy demand, ruling out evidence of a cyberattack.

Advertisement

Still, it doesn’t take an actual hacker to simulate the effects of a cyberattack on election systems, cybersecurity experts say. While results websites are unofficial counts, a successful distributed denial-of-service attack that knocks one offline can cause the public perception that an election has been thrown, John Dickson of the Denim Group consulting firm told StateScoop recently . And the indictment last month of 12 Russian intelligence officers contained multiple allegations that they targeted state and local voter registration systems during the 2016 election, including one state — believed to be Illinois — where the personal information of 500,000 voters was stolen.

Maryland suffered a similar incident during its primary election on June 26, when about 80,000 voters were told they would have to cast provisional ballots because a “software glitch” prevented their registrations from being transmitted from the Motor Vehicles Administration to the State Board of Elections.

In Los Angeles County, IBM recommends updating the VIMS software so it matches the state’s voter file and implementing stronger quality-control measures. The report also tells the county to improve the capacity of its election bureau’s website “to accommodate periods of high demand,” such as election nights.

Benjamin Freed

Written by Benjamin Freed

Benjamin Freed was the managing editor of StateScoop and EdScoop, covering cybersecurity issues affecting state and local governments across the country. He wrote extensively about ransomware, election security and the federal government’s role in assisting states and cities with information security.

Latest Podcasts