By John Myers
April 9, 2019
California has launched few government projects with higher stakes than its ambitious 2018 program for registering millions of new voters at the Department of Motor Vehicles, an effort with the potential to shape elections for years to come.
Yet six days before the scheduled launch of the DMV’s new “motor voter” system last April, state computer security officials noticed something ominous: The department’s computer network was trying to connect to internet servers in Croatia.
… The apparent hacking incident was the most glaring of several unexpected problems — never disclosed to the public — in rolling out a project that cost taxpayers close to $15 million.
The Times conducted a four-month review of nearly 1,300 pages of documents and interviewed state employees and other individuals who worked on the project … The emails present a picture of a project bogged down by personnel clashes, technological hurdles and a persistent belief among those involved that top officials were demanding they make the “motor voter” program operational before the June 5 primary, so that it could boost the number of ballots cast.
“Not meeting the deadline was not an option,” said a project staffer who asked to remain anonymous to speak freely about what happened. …
Some of the mistakes popped up within hours of the system going live: frozen or blank DMV computer screens; private information remaining on touchscreen devices between appointments; selections sometimes flipping from what a customer had chosen.
Three weeks later, mistaken records showed up at local election offices, upward of 100,000 inaccurate documents by the fall. Party preferences were wrong. Some non-citizens were mistakenly added to the voter rolls. Other DMV customers didn’t know they’d been registered.
Staffers from a trio of state offices were involved — led by Chief Information Officer Amy Tong, Secretary of State Alex Padilla and former DMV Director Jean Shiomoto. … Emails show that advisors to former Gov. Jerry Brown also closely monitored the work.
Some on the team building the system sounded those alarms, but to no avail.
“If we want to avoid an international incident and major security and launch failures on the scale of recent news stories about Facebook, IRS, or the Office of Personnel Management — we need state executives to understand the serious nature of the current high-pressure rush to launch,” a senior programmer wrote in an email the day before the system went live.
Building California’s automated voter registration system wasn’t going to be easy.
Programmers had to create a workaround for the DMV’s outdated computer system that could transmit thousands of daily registrations to state elections officials. Even a small mistake could result in a voter with the wrong ballot, or no ballot at all.
For the DMV, the timing was particularly tough. Its employees were already behind on technology needs to implement the federal Real ID program — a separate task that a recent audit said contributed to long lines at local department offices last summer.
… Time — or lack of it — was a consistent problem. The CDT was enlisted to join the effort almost 19 months after the original law was signed. … And at a May 2017 meeting, according to an email reviewed by The Times, a momentous decision was made: Move the project’s launch date from July to April.
Implementation was slow. A database of all registered California voters, a key requirement and itself a decade overdue, wasn’t completed until the fall of 2016. From there, another eight months passed without substantive discussions on the automated voter registration system.
… As the launch drew near, various technical glitches appeared — some difficult to diagnose and fix in the push to launch the system early.
A project timeline written in late 2017 shows that three months for testing key elements were condensed to six weeks. In other areas, design and testing would have to be done simultaneously.
In late February, the secretary of State’s chief counsel said he was concerned that a key component — how voter data would be transmitted from the DMV — was still incomplete.
Others had expressed concerns about whether the system being built was fully secure. …
… Touchscreen problems were also the source of frantic emails among top DMV officials regarding the potential for identity theft — the screens weren’t clearing personal data between customer appointments. … Officials later discovered a problem with incorrect county information, thus sending a voter’s new or updated registration to the wrong location.
… Errors by DMV field office employees were later cited as the cause of some 23,000 registration errors. But other mistakes may be attributable to the fact that multiple state government teams were involved with no clear leadership structure.
… Padilla, one of the system’s most visible supporters, admitted to frustrations with the program — …
… California’s Little Hoover Commission, an independent oversight agency, urged state officials last fall to ensure that the voter registration system’s problems are fixed.
“Otherwise,” the commission’s report concluded, “the rich diversity of California’s population will be limited in voice and fairness, and the legitimacy of elections called into question.”