DES MOINES — A state commission set a Dec. 9 administrative hearing to consider a complaint filed by Linn County Auditor Joel Miller alleging the Iowa Secretary of State’s Office has failed to comply with federal Help America Vote Act regulations.

The state’s Voter Registration Commission agreed Wednesday to consider Miller’s claims that the state has not provided requested information and has not taken necessary steps to ensure that the I-Voter system is up-to-date and protected from potential cyberattacks in all 99 counties.

However, Matt Gannon of the Iowa Attorney General’s Office told commissioners he plans to file a motion to dismiss the complaint on behalf of Iowa Secretary of State Paul Pate “that we feel is appropriate for this.”

The secretary of state contends his office has instituted considerable security measures to ensure the integrity of the vote in Iowa.

“My top priority is protecting the integrity and security of Iowa’s elections,” Pate said in a statement. “Our efforts have been praised on a bipartisan basis by my colleagues and by cybersecurity experts around the country. This is a race without a finish line, and my team is fully committed to this effort, along with our county, state and federal partners.”

However, Miller contends weaknesses in the state’s I-Voter system have gone unaddressed and county auditors are given little factual information to assess whether the system is truly secure.

“If hackers were able to remove, change or modify voter registration records, the results could be upending,” Miller said in his complaint. “This could lead to chaos at the polls and distrust of election results. It could also disenfranchise many voters.”

ARTICLE CONTINUES BELOW ADVERTISEMENT

After the hearing,Miller said “there are inherent vulnerabilities in the system,” including the absence of a two-step process for transferring voter records from county to county and with county security audits and with errors and omissions in the database and felon list.

He also cited the lack of vulnerability assessments and penetration tests by a bona fide third-party private sector cybersecurity expert.

However, he said, his requests for information have not been adequately addressed, “stonewalled” or unanswered to the point where he felt the complaint process was the most viable avenue.

“I’m an IT person. I know smoke when I see it, and all I’m getting right now is smoke,” Miller said. “I think a lot of this could be avoided if he (Pate) would just answer questions and be more explicit about what he is doing to protect voter records.”

According to the Secretary of State’s office, the state’s I-Voter system resides in a Criminal Justice Information Services-compliant facility and sits behind an access control list that will only accept connections from authorized computers.

That access protocol requires two-factor authentication, and all users are required to undergo cybersecurity training. The system also has a monitoring system in place, called Vote Shield, which tracks all voter registration changes and updates and detects any anomalies.

Comments: (515) 243-7220; rod.boshart@thegazette.com