Democracy requires participation where everyone should be able to stand up and be counted. New technology for voter registration and election management is about making easier to participate while maintaining integrity, but anyone with a healthy sense of skepticism knows the more complicated we make systems, the more opportunity there is for mistakes to creep in, or for vulnerabilities to be introduced that could undermine the entire process.

So, what makes data management in election systems and voter registration so scary?

Attestation

We use the word “attestation” a lot in the Identity Access Management world —  “attestation” is the noun form of the word “to attest” and attesting that someone is who they say they are, and that they are allowed to vote is always at the core of the voting process.

We often know the details about an individual but the tools to prove identity aren’t always the same for everyone — the ability to tie systems into multiple sources of truth can not only be overwhelming for governments but can become difficult to audit and validate.

Trust through Visibility

Trust in the system is what makes democracy work and confidence in the system is lost when you aren’t able to answer questions like “Was there really a breach? What did they see? Did they change anything?” When it comes to voter data, there can be no ambiguity, no anonymous data access, and everything needs to be logged with a digital signature for that log item so we know even the logs haven’t been tampered with.

Then all that big, complex, interrelated audit data needs to be able to be rendered in a way not only meaningful to the technical teams, but for consumption by elected officials and possibly the general public.  This means visualization that makes sense without having to understand all the complex tech under the hood.

Privacy by Design

While we need visibility, we need to be just as careful about PII (Personally Identifiable Information).  Every transaction needs to be encrypted, even in the data center. Every transaction needs to be signed so we know the data hasn’t been tampered with. And individual consumers need the ability to see what they are allowed to see, and not see more, with a clear source of truth for why they get to see it, and who gave them that access.

The Right Level of Security

Voter registration is a series of steps, from simple informational systems like educating people on the process, to attesting that a person is who they say they are. Not all systems need the same level of security, but they should work under a common set of rules that apply high levels of authorization to the services that require it, while not creating roadblocks for information that requires less security.

Enforcement at every step

By now you should know who someone is, what they are doing, and how you should control those actions.  Adding that control can be tricky if all you’re doing is protecting a gateway on an API.  You need to be able add the same controls to each service, and to each device, whether desktop browsers or IoT devices.

How can we help?

Cloudentity’s MicroPerimeter™ Security, coupled with our Cloud Identity Access Management (CIAM), provides a unique combination of Visibility, Protection and Enforcement that helps solve these problems seamlessly.  To learn more, download our Enhanced Security for Voter Registration overview, or feel free to contact us.