Are Oregon’s Antiquated Computers To Blame For Ballot Scandal? State Got $86 Million from Feds To Upgrade, and Never Did

As the Oregon ballot scandal continues to unfold, many people are reporting in the My Party Was Changed facebook group that elections officials are telling them that they’ve always been registered as non-affiliated, even though hundreds of people are swearing they were registered with a party.

While the group began as mostly Republican voters, more and more Democrats have joined the group to tell their story.

One theory going around is that somehow a chunk of data updates have gone missing in the Secretary of State computer system, which would nullify any updated info that voters had sent in during certain time periods in the past, and the system is reverting to what the person originally registered as many years ago.

Here’s just one such example:

The faulty computer theory just might hold water, as it appears as though Oregon’s state computer system has been a complete disaster for years, routinely crashing and being susceptible to hackers.

Some of the computer systems are over 30 years old!

The latest big crash happened in August of 2019, as KXL reported:

Maybe you’ve thought recently, “Goodness, things are just slower than molasses working with the State of Oregon!”.  Maybe you always think that.  In any case, you are not alone.

If you’ve dealt with the Oregon DMV or if you’re a long-haul driver earning an updated license or if you have service requests pending with the Oregon Department of Transportation, Oregon Health Authority, Dept. of Human Services, Dept. of Revenue, or Oregon State Police, your business with the State is progressing a good bit slower than usual right now.

Ever since Friday, a mystery glitch has invaded the State of Oregon’s entire system.  Internet connectivity has been spotty at best.  VOIP phones are being affected as well.

And — News Flash; They don’t know what it is yet and while this bug isn’t a major cause for emergency right now, it’s impact is enormous.  To put it plainly, Oregon’s I.T. Systems are sick.  They have a bad cold and they can’t seem to shake it.

The state system suffered a massive hack in February of 2014. The Oregonian reported:

Frustrations are mounting more than a week after a breach of the Oregon secretary of state’s website caused elections and business databases to go offline. State officials say they’re still investigating how the intrusion from a foreign entity occurred and don’t know when the databases will return.

The attack “appears to be an orchestrated intrusion from a foreign entity and not the result of any employee activities,” the agency reported on its website this week.

The department’s Central Business Registry and ORESTAR, the state’s online campaign finance reporting system, were temporarily taken offline as a precaution after officials detected “an intrusion” around Feb. 4. Since then, business attorneys haven’t been able to look up existing business names, and campaign finance officials have not been able to report transactions.

The breach also raises questions about the security of the agency’s other databases, including the voters database, which contains personal information that isn’t publicly available.

About 25 agency workers are investigating the breach, and officials are in the process of hiring outside experts to review security measures, he said. “The forensic exam is an incredibly laborious, highly specialized process,” Green said. “We’ve had people working as many hours in a day as possible.”

The agency is receiving about 1,100 calls a day, nearly twice as many as usual, and wait times are longer than usual, he said. Business forms can be filed via fax, mail or email, he said.

Officials reported the breach to the Oregon State Police, and the FBI have also been informed.

Two months later, the state figured out it was some piece of software that someone installed on a computer that left many networks vulnerable.

Even more maddening is that Oregon received $86 Million from the Federal government in 2009 to update its computer systems. And they never did. That money has sat in a trust fund, doing nothing.

While investigating why Oregon is taking so long to adapt to the unemployment claims during the Covid shut down, The Oregonian found that state officials have not upgraded much of anything in 11 years:

Oregon is one of a number of states weathering the coronavirus outbreak with technology that is decades old. Oregon’s systems were built in the 1990s, with some components dating as far back as 1985.

As in other states, Oregon’s claims system is built on an antique programming language called COBOL, developed in the 1950s. In New Jersey, the state put out a call for volunteer COBOL programmers to help adapt its own unemployment claims system.

Oregon has been planning updates since 2009, when the state received $85.6 million in one-time modernization funds from the U.S. Department of Labor. The state still had nearly $82 million on hand this past October, according to a letter Erickson sent to the Legislature in January.

Planning for an upgrade has spanned three administrations of three Oregon governors.

“For a variety of reasons, including leadership changes within the agency, work on the initial phase of the modernization initiative did not begin until February 2016 and did not begin to pick up pace until the last quarter of 2016,” according to a legislative update issued in 2019.

The update did not explain which leadership changes interfered with the project, but a 2013 investigation by The Oregonian detailed management failures under former Gov. John Kitzhaber that delayed the mainframe computer replacement project and wasted tens of millions of dollars.

Three of the agency’s top leaders either left or were fired that year after the problems surfaced.

Inside state government the issues had been well-documented, as “audit after audit exposed leadership problems that festered as the agency wasted as much as $30 million on computer software programs that didn’t work,” The Oregonian reported.

Bill Fink, a former agency deputy director, said in 2013 that he’d been highly concerned about problems replacing the mainframe system during his 2006-2012 tenure. He hired a consultant who reported in March 2012 that the initiative “was veering off track.”

Another consultant delivered similar findings in early 2013, although his credibility was undermined when he was accused of drugging and assaulting several women in Portland. He ultimately pleaded no contest to sexually abusing one woman and unlawful possession of the drugs ecstasy and ketamine.

The department’s technology section also faced allegations of nepotism in 2013, when it emerged that the Legislature’s technology project analyst, Bob Cummings, came to the defense of his wife’s work managing employment department technology projects amid lawmakers’ questions. Bob Cummings still works for the Legislature and Leslie Cummings went on to be deputy secretary of state.

State auditors worked to keep the languishing computer project on leaders’ radars. Their 2015 audit found that the department’s staff had to identify and manually collect claims errors. In the wake of that audit, Brown made another change in leadership at the agency, replacing the director with Erickson.

“These computer programs are inflexible, poorly documented, and difficult to maintain,” the audit found. “Considering these factors, Employment should take steps to replace them with more robust and maintainable computer code.”

The report noted that prior audits by the Secretary of State’s office, in 2003 and 2012, identified problems introducing changes to the systems. Auditors found the systems were “largely unchanged” in 2015.

Given these revelations, it’s certainly plausible that Oregon’s aging computer system could very well have suffered some major glitch that reverted thousands of voter registrations.

In fact, the unemployment system is so bad that some people making claims had to restart their claim. Twice. Because of computer glitches.

But that’s not all. Here’s a brief rundown of Oregon’s other past computer network problems:

In August of 2016, the DMV’s computers crashed, and no one could take their driving tests. Officials said “computer system failures are not uncommon. She did not know why the system crashed.” In fact, the problem was worse than originally reported, as one spokesman told OPB “The agency experienced network issues last week that affected all of its systems, causing major delays. The issue with the knowledge tests is not related to that.”

A similar crash happened again in April of 2017, as one official explained “We have local issues among our 60 field offices fairly often – power failure, network connection,” said Oregon DMV spokesperson David House. “But statewide outages that last more than a few minutes are rare.”

Who can forget the DMV employee who was caught using agency information on drivers and registrations to run a car theft ring.

And oh yeah, the system crashed yet again in August of 2019.

At one point, Oregon’s DMV was voted worst in the nation.

Even more hilarious, the DMV sells drivers information. They pocketed $11.5 Million last year from it.

And state officials are now scapegoating the DMV as a possible source for the confusion with the ballots.

In March of 2015, the state’s data center was hacked again, as The Daily Astorian reported:

The data breach occurred at a time when two top managers at the data center — Michael Rodgers, the acting director of the data center, and Technical Engineering Manager Marshall Wells — are on paid administrative leave pending a human resources investigation. The two men have been on leave since February and remained on leave Thursday, according to a DAS spokeswoman.

Auditors from the Secretary of State’s Office were already conducting a routine review of security at the data center when the breach occurred. They had identified vulnerabilities at the data center in a 2010 audit, but a March 2012 follow-up audit mostly gave the data center good marks for security.

The governor said an “unknown external entity” had accessed limited information at the data center. Chris Pair, a spokesman for Brown, described it as information about the location of data on state computer servers, but not the actual data. State employees notified the governor of the breach on March 20, and Pair said it occurred a few days before that.

It was the third high-profile data breach to occur at a state agency in the last 13 months. Hackers accessed the Secretary of State’s business registry and campaign finance databases in February, and the Oregon Employment Department revealed a similar breach in October.

Knowing how fragile Oregon’s 20+ year old computers are, the Russians evidently did try to hack the system in 2016.

A recent audit of the security of the state police computers revealed several flaws, as State Scoop reports:

An audit of the Oregon State Police’s cybersecurity practices published this week found that the agency is not following basic policies widely promoted by government agencies nationwide, including active management of its hardware and software inventory and user authorization.

The report, which was delivered by the office of Secretary of State Bev Clarno, also found that Oregon’s Enterprise Information Services, the statewide IT agency, has fallen short in its duties to assist the state police with information security protocols.

Specifically, Clarno’s auditors reported that OSP has barely implemented the top cybersecurity controls recommended by the Center for Internet Security, a nonprofit organization whose guidelines are widely considered a gold standard for enterprise IT security. CIS’s full set of controls includes 20 items, but the audit only reviewed OSP for its compliance with the first six, none of which the agency showed anything better than partial implementation.

The audit stated that OSP is not keeping an active inventory of hardware that connects to its network, both authorized and unauthorized. The inventory tool it currently uses does not integrate with a majority of devices, forcing OSP to use a “manual process” to track incompatible hardware. But the audit went on to reveal that the hardware inventory is only updated once a year. Although OSP told auditors it is replacing its inventory tool, its tracking of IT assets “remains incomplete, out-of-date, and inaccurate until the agency fully implements the replacement.”

Clarno’s office found similar results when reviewing OSP’s software inventory, finding that the agency does not adequately vet programs it installs on its computers.

There are also rumors in the My Party Was Changed Facebook group that people are receiving their new voter cards in the mail, after they updated their party over the last couple of weeks. Only the new cards still say non-affiliated. PLUS we’re told by elections officials that any updates made after ballots were sent out in late April won’t be updated in the computers until June 8th, when the election is certified. So how can they be sending out updated cards?

Here’s one such example:

It appears as though the state of Oregon’s official government computer network is held together by duct tape and bubble gum.

These are the computers that Oregon voters are supposed to trust?

Oregon’s computer system would be prime pickins’ for Attorney General Barr to audit and investigate.

Meanwhile, covfefes such as this are still being reported in the Facebook group:


Thanks for sharing!