Miami.fraud.map.jpg

[Image courtesy of miamiherald]

Back in February, I blogged about what appeared to be a high-tech attempt to create fake online absentee ballots requests in Miami-Dade, Florida. A few months later, an investigation revealed that the ballots were tied to workers for a Congressional campaign seeking to win a hotly-contested August 2012 primary.

Yesterday, one of those workers was sentenced for his role in the scheme. The Miami Herald’s Patricia Mazzei – who initially broke the story and whose reporting was key in furthering the investigation – has the latest:

Congressman Joe Garcia’s former chief of staff will head to jail for orchestrating a fraudulent, online absentee-ballot request scheme during last year’s elections.

Jeffrey Garcia, the Miami Democratic congressman’s longtime political strategist, will spend 90 days in jail as part of a plea deal reached with the Miami-Dade state attorney’s office, the Miami Herald has learned …

Prosecutors tied Jeffrey Garcia to hundreds of phony ballot requests submitted for last year’s elections on behalf of unsuspecting voters without their permission. Though none of those ballots were mailed, forged or cast, Joe Garcia’s campaign planned to target those infrequent voters with telephone calls, fliers and visits to try to persuade them to vote for the candidate.

Investigators reopened their probe into the ploy in February after the Herald reported that almost 500 of the August 2012 primary ballot requests in Garcia’s congressional district could be traced through Internet Protocol addresses that originated in Miami. Florida elections law prohibits anyone other than voters or their immediate family members from submitting online ballot requests.

Mazzei’s story also details how the scheme worked in practice:

A grand jury convened by State Attorney Katherine Fernández Rundle revealed in December that the Miami-Dade elections department had flagged thousands of fraudulent online ballot requests — the handiwork of an apparent computer hacker — during last year’s elections.

The Herald’s subsequent analysis found that 2,552 requests had been made over a 2½-week period during the summer. The origins of most of them, which targeted mostly Republican voters in two state House districts, were masked by foreign Internet Protocol addresses.

But 472 of them that targeted mostly Democratic voters in Garcia’s congressional district had come from IP addresses in Miami.

When prosecutors took another stab at the case, they linked those addresses to [campaign workers John] Estes and [Giancarlo] Sopo. Sopo’s attorney, Gus Lage, said Sunday that Sopo didn’t personally plug voters’ personal information into the online request forms — though his cousin, sister and friends did, after they learned from Sopo that Jeffrey Garcia was looking for people to do the time-intensive work.

“What happened was Jeffrey Garcia compiled the information which was then delivered to these individuals,” Lage said. “They put it [into the forms] independently.”

In many ways, Garcia’s plea deal brings the “whodunit” phase of the investigation to a close – but the case remains a powerful reminder of the need to for election offices to address the security of any online portals – not to mention the need to monitor activity on those portals for suspicious activity. This case may have been the work of a slightly sophisticated, hard-charging campaign staffer – but the next case could come for a more highly-adept attacker not as prone to leaving digital fingerprints.

The trick for election officials, as always, is to stay one step ahead of the bad guys. The challenge, of course, is that this is usually easier said than done.