"If Travis County had been canceling its voters (registrations) like they were supposed to," he (Haywood, the secretary of state's spokesman) said, "there would be no problem."
The SOS hands all the blame to Travis county when their TEAM database has been widely reported as having serious flaws with both implementation and security. The State Auditor's office recently did an audit of the database and the security of the information was the key issue in the findings.
SOS Audit ReportAn Audit Report on the Voter Registration System at the Texas Secretary of State's OfficeNovember 2007
Report Number 08-012
Overall Conclusion
(snip)
Auditors did not identify any instances in which potentially ineligible voters actually voted during the May 12, 2007, special election, although voting history data in the TEAM system was incomplete.
The Secretary of State's Office does not retain a complete history of death and felon records that were reported during previous periods. This limits its ability to identify ineligible voters who may not have been previously removed, convicted felons who try to register multiple times, or applicants who use a deceased person's information to register to vote. In addition, the Secretary of State's Office does not require counties to investigate and remove voter registration records that match felon or deceased records on a periodic basis. As a result, voter registration records identified by the Secretary of State's Office as potentially ineligible may remain active indefinitely.
The Secretary of State's Office has implemented certain access and security controls over the TEAM system; however, the Secretary of State's Office needs to implement additional controls to ensure that it adequately protects voter registration information and the TEAM system from unauthorized access. Auditors did not identify any breaches of security or disclosures of confidential voter registration data, but they did identify weaknesses that the Secretary of State's Office should address to ensure that the TEAM system is adequately protected. Specifically:
- The Secretary of State's Office does not have a process to ensure that user accounts are authorized by appropriate personnel, including administrative accounts that allow access to and control of confidential information within the TEAM system. The Secretary of State's Office also does not have the appropriate tools necessary to adequately monitor TEAM user activity.
- The Secretary of State's Office has not reviewed existing accounts for validity, nor does it have a process to do so in the future. As a result, it could not confirm whether county or contractor users were actual employees. This increases the risk of unauthorized access.
- Weaknesses within data backup and change management procedures increase the risk that the Secretary of State's Office would be unable to promptly and fully recover from a disaster. In addition, specific weaknesses within application and database security increase the risk that TEAM data is not adequately protected.
Tests performed by a contractor (IBM) on behalf of the Secretary of State's Office, as well as statements by county voter registration officials, indicate that although the TEAM system is available to users, its stability and response time can be improved. In addition, 106 (52 percent) of 204 county voter registration offices said that the TEAM system does not allow them to perform their jobs effectively.
:grr:
Sonia