Jul 182012

Hmm; Facebook is really, really important in WA.  The AP reported that “Wash. to unveil voter registration on Facebook.”  On the face of it, sure, why not?  Then you see some of the details.

Once it’s live, Facebook users can click on the application within the secretary of state’s Facebook page. They’ll need to agree to let Facebook access their information, which will be used to prefill their name and date of birth in the voter registration form. Users will still need to provide a driver’s license or state ID card number to continue.

It certainly appears that the secretary of state’s office is unaware that driver’s license #’s are not effective means of ensuring someone is really who they say they are.  You see, WA state driver’s licenses and state ID’s numbers are not random; here’s how they’re generated.   And here’s a 2nd link with a little program that, given a person’s name and DOB, will generate the corresponding driver’s license #.

Remember, Facebook supplies the DOB & name, so if you walk up to anyone’s computer with an open facebook page you could register them to any physical address you’d like to send it to.   This is of particular note in WA state, since we’ve turned into a completely postal-service run voting state – so via Facebook you could potentially hijack a whole bunch of people’s votes – and certainly unregistered voters would never know unless they tried to register at a later date.

And it’s not just leaving your page open… consider the millions of people in WA with Facebook accounts.  There are numerous ways to attain their passwords – a few:

  1. Keylogging software – this is extremely popular already, and used to steal such things as credit card information, passwords, etc.
  2. Viruses and various web malware (one of the leading antivirus vendors estimates about 50% infection rates); a virus that infects your computer can easily steal session information that allows folks to logon automatically (e.g. When you save your Facebook login/password so you don’t have to type the darn thing over and over again
  3. Breaking into individual’s computers.  No perhaps even more incentive to actually target people’s computers
  4. Breaking into Facebook – time and again big company computers are hit, losing hundreds of thousands to millions of passwords.  Yahoo just lost 450,000, android and phandroid forums were also hacked for another close a 1M more, Linkedin was hit the other day, and more just keep happening.  Now you can register en masse with your largesse
  5. Phishing – a very effect attack sent by email to lure people to login to what seems to be a legitimate site (e.g. Banks, email accounts, etc.) but is actually a lure to capture your password
  6. Password guessing – why go to all the trouble above, just guess.  A simple analysis of the passwords on yahoo showed the top 10 passwords were 123456, password, welcome, ninja, abc123, 123456789, 12345678, sunshine, princess, & qwerty – why should Facebook users be any different?
  7. Heck, interviewing for a job – the current fad with employers is to demand your Facebook password

Register your kid, your partner, who cares who gets to vote as long as there are more of them?  With over 20% of the populace not registered, that’s a lot of missed votes out there.

This is serious business.  I’ll just say our current governor won her prior election by 129 votes.  How many Facebook accounts is that?


Sorry, the comment form is closed at this time.