State hearing set for Linn County auditor's complaint

Miller claims 'stonewalling' on questions of election security

Linn County Auditor Joel Miller (left) addresses members of the state Voter Registration Commission and staff during a c
Linn County Auditor Joel Miller (left) addresses members of the state Voter Registration Commission and staff during a commission meeting Wednesday in the Lucas State Office Building in Des Moines. Miller filed a complaint, charging the Iowa Secretary of State’s Office has failed to ensure Iowa’s election system is up-to-date and protected from cyberattacks in all 99 counties. (Rod Boshart/Gazette Des Moines Bureau)

DES MOINES — A state commission set a Dec. 9 administrative hearing to consider a complaint filed by Linn County Auditor Joel Miller alleging the Iowa Secretary of State’s Office has failed to comply with federal Help America Vote Act regulations.

The state’s Voter Registration Commission agreed Wednesday to consider Miller’s claims that the state has not provided requested information and has not taken necessary steps to ensure that the I-Voter system is up-to-date and protected from potential cyberattacks in all 99 counties.

However, Matt Gannon of the Iowa Attorney General’s Office told commissioners he plans to file a motion to dismiss the complaint on behalf of Iowa Secretary of State Paul Pate “that we feel is appropriate for this.”

The secretary of state contends his office has instituted considerable security measures to ensure the integrity of the vote in Iowa.

“My top priority is protecting the integrity and security of Iowa’s elections,” Pate said in a statement. “Our efforts have been praised on a bipartisan basis by my colleagues and by cybersecurity experts around the country. This is a race without a finish line, and my team is fully committed to this effort, along with our county, state and federal partners.”

However, Miller contends weaknesses in the state’s I-Voter system have gone unaddressed and county auditors are given little factual information to assess whether the system is truly secure.

“If hackers were able to remove, change or modify voter registration records, the results could be upending,” Miller said in his complaint. “This could lead to chaos at the polls and distrust of election results. It could also disenfranchise many voters.”


After the hearing,Miller said “there are inherent vulnerabilities in the system,” including the absence of a two-step process for transferring voter records from county to county and with county security audits and with errors and omissions in the database and felon list.

He also cited the lack of vulnerability assessments and penetration tests by a bona fide third-party private sector cybersecurity expert.

However, he said, his requests for information have not been adequately addressed, “stonewalled” or unanswered to the point where he felt the complaint process was the most viable avenue.

“I’m an IT person. I know smoke when I see it, and all I’m getting right now is smoke,” Miller said. “I think a lot of this could be avoided if he (Pate) would just answer questions and be more explicit about what he is doing to protect voter records.”

According to the Secretary of State’s office, the state’s I-Voter system resides in a Criminal Justice Information Services-compliant facility and sits behind an access control list that will only accept connections from authorized computers.

That access protocol requires two-factor authentication, and all users are required to undergo cybersecurity training. The system also has a monitoring system in place, called Vote Shield, which tracks all voter registration changes and updates and detects any anomalies.

Comments: (515) 243-7220;

Give us feedback

We value your trust and work hard to provide fair, accurate coverage. If you have found an error or omission in our reporting, tell us here.

Or if you have a story idea we should look into? Tell us here.