With planning for the 2016 presidential election underway, a new auditor general’s report sharply criticizes Gov. Rick Scott’s administration for its handling of the backbone of democracy in Florida: the electronic system that holds vital data on 12 million voters in the nation’s biggest battleground state.
The audit found that internal security controls need improvement; a disaster recovery plan has not been tested since 2011; 14 state employees had “inappropriate and unnecessary access privileges” to the database; no mechanism exists to ensure that production changes are “properly authorized, tested and approved’; security training for employees hired during the past year were not done on a timely basis; and measures to protect confidential and exempt voter information need improvement.
The audit has heightened tensions between Secretary of State Ken Detzner and county election supervisors, who call the report “troubling.” A group of four supervisors, including association president Brian Corley of Pasco County, met with Detzner two weeks ago to complain about poor communication from the agency. They later realized that Detzner had responded to the critical audit but didn’t inform supervisors. Their letter is here.
Auditors found that the system broke down eight times between December 2014 and February of this year, and was offline for a three-day period between Feb. 24 and 26. Auditors clearly were concerned about the state’s maintenance and level of security on the system, known as FVRS for Florida Voter Registration System.
“The department was unable to provide appropriate documentation to evidence that effective FVRS IT maintenance controls were in place and functioning,” the audit says. “Specifically, we noted that the Department did not have maintenance schedules that prescribed the frequency and type of preventative maintenance to be performed. Additionally, the Department did not have records of scheduled and unscheduled maintenance that included complete information on all maintenance performed, problems and delays that were encountered during the maintenance process, the reasons for the problems and delays, the elapsed time for the resolution of the problems and delays, and routine analysis of maintenance records to identify recurring patterns or trends that may have required additional review and evaluation by management.”
In a preliminary response, Detzner, a Scott appointee and Florida’s chief elections official, did not take issue with the findings. He noted that the agency was implementing a new hardware platform in July and that “the Department has implemented improved security controls.”
As for the 14 employees whose access to the database the auditor general found “inappropriate,” Detzner responded that everyone with access has undergone a criminal background check and holds a “confidential or managerial” job in the agency. A “major rewrite” of the FVRS code is underway that will include a new “inquiry-only” level of restricted access, he said. The audit and Detzner’s response are here.
Original article here.