OR Voting Portal May Let Anyone Cast An Overseas Voter’s Ballot

Oregon’s voting portal lets anyone log into an Oregon resident’s voter account using only his name and birthday — and once logged into a voter’s account, it appears that a bad actor could use the online tool to cast the ballots of overseas voters by email. For that matter, the system doesn’t appear to protect against someone fraudulently casting ballots in the names of domestic voters by claiming to be overseas.

Oregon’s online elections portal, “MyVote,” lets anyone access residents’ registration information by entering a resident’s first and last name and birthday — which are often available online. From there, a fraudster could hypothetically mark a resident’s ballot, claim he is an overseas voter, and then submit the resident’s marked ballot by fax or email, according to whistleblower Cara Tapken, an Oregon resident, who showed The Federalist how the portal works.

The Loophole

After logging into the service, operated by Democrat Secretary of State LaVonne Griffin-Valade, one can access a voter’s address and party affiliation, along with an online ballot-marking tool that can be used to fill out a ballot for the resident, Tapken showed The Federalist. In at least some cases, the site asks for the resident’s zip code (which is visible on the voter information page) before allowing access to the ballot-marking system.

This tool is supposed to be limited to overseas or disabled voters, and “all other voters should use the printed ballots received directly from their county elections office,” the website reads, according to Tapken. But the same online portal allows a person to claim overseas status if he wants to potentially submit a ballot by fax or email. The Federalist asked Laura Kerns, communications director for the secretary of state’s office, how Oregon verifies the overseas status of those who use the portal claiming to be overseas voters and submit ballots via fax or email — and whether Oregon even attempts verification — but she failed to provide an answer.

The online portal gives users who claim overseas status access to a ballot return envelope and a secret ballot waiver form, which an overseas voter completes to relinquish his “right to a secret ballot.” Both documents require signatures, and the portal allows users to print and sign both before emailing or faxing them, with the marked ballot, to a county election official. The ballot return envelope includes the obligatory warning that “making a false statement in this declaration is a felony punishable by up to five years’ imprisonment and a fine of up to $125,000 and civil offense punishable by penalties of up to $10,000.”

The only additional security measure mentioned in the portal is signature verification, which has proven lax in states like Michigan and Arizona.

When Tapken accessed the site in 2020, she said the secret ballot waiver form included a requirement that the address provided match the address listed on the Federal Post Card Application (FPCA), which is the form overseas voters use to request a ballot. But when Tapken more recently accessed the site, it did not mention this address-matching requirement. A 2021 update to state election law apparently omitted the requirement. Kerns did not answer The Federalist’s question about whether the secretary’s office ensures that the address submitted on the documents from the online portal matches the voter’s address on file. She also did not answer a question about whether Oregon verifies that people who submit emailed ballots are actually registered as overseas voters.

Kerns did not specify which security measures, if any, would prevent someone from using the online voting portal to access an Oregon voter’s information page, fill out a resident’s ballot, and, by claiming the resident is an overseas voter, cast that resident’s vote by email.

Kerns told The Federalist there is “no evidence of anyone successfully misusing this system” and claimed the system has “multiple layers of security that ensure it won’t be misused.” She cast the overseas voting system as “military voting,” even though it includes civilians residing outside of America and not just military members. 

However, Kerns offered no explanation for the vulnerabilities Tapken described to The Federalist and declined to respond directly to The Federalist’s questions about how the state verifies claims that a person is an eligible overseas voter. Rather, the only safeguards she pointed to were the fact that falsely submitting a ballot is illegal, the assertion that election officials would notice “if multiple ballots have been submitted by a single voter,” the monitoring of “site traffic,” and the aforementioned — but unspecified — “multiple layers of security on the MyVote system.”

To update one’s voter registration on the “MyVote” portal, the site only requires one’s first and last name, birthday, and driver’s license or ID number. To prove identity, Oregon voter registration cards only require a driver’s license number, the last four digits of one’s Social Security number, or another form of ID such as a bank statement or utility bill.

‘Freeway to Fraud’

Oregon’s “MyVote” loophole poses an even greater concern to Oregon voters in light of a massive 2023 data breach. Last year, hackers accessed the information of close to 3.5 million residents through the Oregon DMV in a breach that affected 90 percent of state license and identification holders, according to KOIN. The DMV said at the time that residents with an ID “should assume [their] personal information was exposed.” The DMV has recently come under additional scrutiny after a cursory investigation this month found that glitches and oversights in the Oregon DMV’s “motor voter” system registered more than 1,500 potential noncitizens to vote, as The Federalist previously reported.

Republican state Sen. Dennis Linthicum told The Federalist the state elections system has no barriers to keep bad actors from gaining access and flooding officials with fraudulent ballots. Linthicum has held office since 2017, and he is now the party’s nominee for secretary of state.

“There’s nothing in place,” Linthicum said. “Welcome to Oregon, we make everything easy.”

He said Oregon does not require a full Social Security number for voters to register. He also took issue with the state accepting “personal attestation,” or voters’ claims that they are eligible, at face value.

“The Democrat majority has engineered this freeway to fraud. This isn’t accidental. None of this is accidental. This is purposeful,” Linthicum said.

Tapken told The Federalist she discovered the issue in 2020 and has since been trying to get the word out. “Never once did it ask me to prove who I was,” Tapken said. “If I could do this that easy, just me, what about others?” 

Tapken said she tried reporting this to then-Gov. Kate Brown, now-Gov. Tina Kotek, Griffin-Valade, the state elections office, and news outlets.

“I got 50 people between legislative, between news media, between the elections office, and not a single one of them had done anything about any of it,” Tapken said. “Happy 2024 voting. Maybe someone voted for you already, maybe not.”

For more election news and updates, visit electionbriefing.com.

Logan Washburn is a staff writer covering election integrity. He graduated from Hillsdale College, served as Christopher Rufo’s editorial assistant, and has bylines in The Wall Street Journal, The Tennessean, and The Daily Caller. Logan is originally from Central Oregon but now lives in rural Michigan.