Home | Español | Voter Resources | Contact Us | Candidate & Committee Login  

Supervisor of Elections Responds to Computerworld article on SQL Slammer Worm Attack

A recent article in Computerworld erroneously reported, despite clear evidence to the contrary, that Sarasota County’s voter registration system was attacked by a computer worm during early voting last fall.  The article, entitled “Worm attacked voter database in notorious Florida district,” alleged that the attack “brought the electronic voting system…to its knees,” and that voters were unable to cast ballots at early voting sites for two hours.  Neither of these allegations could be further from the truth. 

As a constitutional office, the Sarasota County Supervisor of Elections (SOE) maintains its own information technology department and its own data communications network.  To maintain a safe and secure network environment, the SOE IT staff work closely with the Sarasota County Enterprise Information Technology (EIT) department.  This separation of networks is not accidental. It is one of the many security measures designed to protect the integrity of the voter registration system.  Furthermore, the Sarasota County election tabulation system is completely isolated from all other networks.  It consists of one server and six workstations.  These computers are housed in a secure room with no outside network connections: not to other county networks, definitely not to the Internet, and not even to any other part of our office.  So the possibility of hacking the tabulation system by means of an attack on a server on the other side of the county does not exist.  The iVotronic touch screens used for voting are never networked and don’t have the ability to be networked, therefore removing any possibility of infection by this attack.

The server that was infected was not within the elections office network or control.  Neither does the “Security and Control Incident Report,” generated by EIT and mentioned in the Computerworld article, indicate that it was an elections’ server, let alone the voter database.  As a matter of fact, comments in the article made by an EIT employee state that it was not an elections database.  Yet the author insinuates that the voter database had been infected.

While the attack did temporarily interrupt the Internet connect that three of the seven early voting sites were using to support a secure session used to process voters, it did not stop voting at these sites. Anyone who has an internet service provider (ISP), which is probably almost everyone reading this message, has undoubtedly experienced an Internet outage.  Because we were very aware of this possibility, a contingency plan was in place for such an occasion and within minutes these sites began using our backup cellular network.  During the transition, election workers were in communication with our office by telephone to verify voters’ eligibility. The impact on the early voting sites and, more importantly, on the process itself was minimal.