EXECUTIVE SUMMARY:

It’s been a lively week for voter-related cybersecurity, from voter booth software concerns to voter data exposure to new legislation.

Earlier this week, major voter booth software maker, Election Systems & Software, admitted that it had installed remote access software on its systems over the past six years. Remote access is used by companies to modify computer systems remotely. However, it also poses a huge security threat – if a cybercriminal gains entry into the company’s remote access, it’s over.

Thursday, news broke that RoboCent, a robocalling data analytics firm that specializes in political campaigns, left hundreds of thousands of voter data files exposed online with no password protection. Possible voter information exposed in the leak includes names, phone numbers, political affiliations, dates of birth, and genders.

The RoboCent data leak calls to mind an even more significant exposure of sensitive voter information from a separate incident. Last year, the largest voter data leak in the history of the United States occurred when 198 million voter records were left unprotected online by Deep Root Analytics. Worse, the records were there for 12 days, and downloadable.

There’s good news, though. This week also marked the passage of a new California law that requires journalists, researchers, and political campaigns to disclose if voter data that becomes available to them is from a data breach. Governor Jerry Brown and the legislature also allocated $134 million for new voting equipment in the state budget that took effect July 1. The budget included funds to create offices dedicated to election cybersecurity.