Let’s follow all of the money

September 7, 2017

Some of the investors in the Cedar Crossing Casino project went public (see attached) and made it easy for you to compare who has donated to the former and present Linn County Board of Supervisors and other candidates/elected officials. The only two publicly named local investors in the Wild Rose Casino project appear to be Steve Emerson and Hunter Parks.

I do believe the local media failed to do their homework in their initial coverage of this story. I hope they “follow all of the money” and not just the “bread crumbs” laid out before them in yesterday’s Board of Supervisor meeting. –Joel D. Miller – Linn County

Cedar Crossing Casino investors per The Gazette on 3-30-2014 and 4-3-2014.pdf


Board of Supervisors’ casino resolution

September 7, 2017

If you did not have a chance to see the Linn County Board of Supervisors’ resolution on casinos yesterday, the official, signed version of the resolution is attached.

I noticed the following stories in the news:





I also noticed the lack of balance about other contributions from casino investors to elected officials. For example,

One major Cedar Crossing investor has given the Governor Branstad Committee $24,200 over the years.

Another Cedar Crossing investor and his/her/their likely relatives has given Supervisor Oleson $900 over the years, Supervisor Rogers $400 over the years, and Supervisor Harris $100 over the years.

And an investor in the Wild Rose project has given Supervisor Rogers $500, Supervisor Oleson $250 $500, and Supervisor Harris $400 over the years.

So if contributions are really creating an “optics” problem for one casino, then maybe the news media should do their job and look at the donations to other elected officials to see if other “optics” problems exist?

You can check the campaign finance reports yourself by going to https://webapp.iecdb.iowa.gov/publicview/NewContributionSearch.aspx#ctl00_cph1_gvList Check the box CONTRIBUTIONS TO COMMITTEES and the box CONTRIBUTIONS FROM AN INDIVIDUAL. -Joel D. Miller – Linn County Auditor

Linn County partners with ProCircular to secure elections

September 1, 2017

Recently, I hired ProCircular to conduct a review of Linn County’s election and voter registration systems. Yesterday morning (8/31/2017), members of Procircular’s project team and my staff held a project kick-off meeting and, later, ProCircular issued the press release below, which resulted in The Gazette publishing Cybersecurity firm to review Linn County election system. In addition, Dean Borg of Iowa Public Radio interviewed me and his story will likely air sometime in the near future. If you have any questions, please contact me. Joel D. Miller – Linn County Auditor

Iowa’s Linn County Partners with ProCircular to Secure Elections

Auditor Joel Miller hires ProCircular Cybersecurity to review and secure election systems for upcoming elections

Cedar Rapids, IA, September 1, 2017 – Linn County Auditor & Commissioner of Elections Joel Miller has retained Iowa-based cybersecurity firm ProCircular to review Linn County’s voter registration and election system. The effort will support the upcoming county-wide school elections to be held on Sept. 12, 2017, in Linn County, Iowa.

Miller states, “This is a continuation of our efforts to improve the integrity of the voting process to ensure that our systems and records are secure, and that every vote is accurately counted. Furthermore, a sense of urgency has motivated us to commence this review now based upon the U.S. Department of Homeland Security’s recent declaration that voting systems are considered critical infrastructure.”

ProCircular will inventory Linn County’s election system and voting equipment to confirm compliance with official certified versions; voting equipment deployed to polling places will be evaluated for vulnerabilities, and systems used by Linn County employees to access and update voter registration records will be reviewed for proper safeguards.

“We’ve brought together a team of cybersecurity, electronics, and voting systems experts to help better secure voting in Linn County,” says Aaron R. Warner, CEO of ProCircular. The company’s experts also participated in DefCon’s voter hacking event in Las Vegas this August to bring attention to potential vulnerabilities associated with current voting systems.

ProCircular is a cybersecurity and compliance firm that provides customized, high-quality solutions to organizations by applying decades of real-life expertise.

If you would like more information about this topic, please contact Aaron R. Warner at 319-359-2632 or awarner@procircular.com.

Update #9: Linn County voter data

August 23, 2017

For more information, contact:

Becky Stonawski

Deputy Commissioner of Elections

(319) 892-5300, ext. 1



August 23, 2017

Update on Voter Security Issue

CEDAR RAPIDS, IA – August 23, 2017 – On August 4, 2017, the Linn County Elections department experienced a security lapse. Our office presented updated information to the Board of Supervisors this morning during their public meeting. We provide the following information to the public:

While fulfilling a request for voter information following Iowa law, four email addresses associated with the Linn County Republicans received an email on August 4 with voter data. The voter data incorrectly included the last four digits of voters’ Social Security numbers. We immediately contacted all four individuals, and they were directed, by phone, to permanently delete the email. Since then, our Information technology (IT) department has done one house call. We have another house call scheduled for Thursday night (August 24). We are still communicating with the last two individuals as to their wishes. During the house call, our IT staff does not touch the electronic devices of the individuals. Instead, they watch over the shoulders of the owners and verbally talk them through making sure that all data related to the email in question has been completely deleted.

We believe that this protects both the public and the individuals. Here, our IT staff has seen that the emails are fully deleted and that nothing was downloaded or disseminated. We have asked the four individuals to sign an attestation document saying that they deleted and did not disseminate the information. In return for both the attestation and the IT review, the Linn County Board of Supervisors has authorized an indemnification agreement. This indemnification protects the individuals from any lawsuit that Linn County might face in relation to this situation.

We wish to thank the individuals involved for their patience and cooperation. We know that this was an unfortunate situation, and we appreciate their communication.

The issue that caused the most concern involved one email address that was incorrect. We have been working with Google, the internet provider of the email address, to pursue legal remedies. On Sunday, August 6, we submitted an affidavit to Google explaining the security issue and requesting that the email be ‘escrowed.’ Escrowing is a legal procedure by which an email can be taken out of a person’s email box. However, the person must receive notification that this has been done. We followed this procedure.

Second, Linn County Attorney Jerry Vander Sanden assisted in obtaining a subpoena. This subpoena allowed Google to verify activity on the account. Google Legal Services has now provided a certificate of authenticity along with notice that the account was never used from August 4 – August 9. Specifically, the email address was never accessed, there was no IP address to associate with the email address, and there was no forwarding email set-up. In other words, the email address was ‘dead’ during the time of our security concern.

We know that the email was escrowed or taken out of the email box. We also know that no one accessed the email.

We believe that an appropriate investigation and consultation has occurred. We further believe that there is no reasonable likelihood of financial harm to the consumers.

Auditor Miller is still standing by our office’s request that the voter data export tool be modified so the last four digits of Social Security numbers cannot be exported. He will continue to lobby the Secretary of State’s office to have them make that change.

For additional information, please contact Linn County Election Services. Phone: 319-892-5300, ext. 1. Email: elections

Update #8: Linn County voter data

August 16, 2017


August 16, 2017


Becky Stonawski

Deputy Commissioner of Elections

(319) 892-5300, ext. 1


Update on Voter Security Issue

(CEDAR RAPIDS, IA – July 16, 2017) A security lapse occurred in the Linn County Elections office on August 4, 2017. The Linn County Auditor’s Office has been working diligently over the past twelve days with both law enforcement and online companies to minimize any potential issues associated with the August 4 security lapse. We have appeared before the Board of Supervisors four times over the last twelve days, and we have been in constant communication with the Linn County Attorney’s office.

Legal processes are ongoing. Unlike hacking or theft of computer information, here we can identify where the data went. We are working to ensure that the data has not – nor will not – be further disseminated. As we work to resolve this issue, we are hopeful that further security measures, including ID protection, will not be necessary. If however, additional measures become necessary, we will comply with Iowa law. At this point, the public needs to take no action.

The Linn County Elections office apologizes sincerely for the stress and loss of trust that this situation has caused. We appreciate the public’s patience, and we believe that the situation will be resolved. We encourage Linn County voters to continue to exercise their right to vote.

For additional information, please contact Linn County Election Services. Phone: 319-892-5300, ext 1. Email: elections.


Update #7: Linn County voter data

August 12, 2017

Still no news I can share on the legal remedies being pursued. Sorry.

One of the issues covered by the local media, i.e., KGAN on its Thursday news programs and KCRG on its Friday news programs is my request for the Iowa Secretary of State to change the export tools in I-Voters so they cannot export confidential data when fulfilling a voter data request from the public. It seems the SoS’s position has evolved from wanting me to recant my request (via a voice mail by the author of the attached letter) to being receptive to my request – see paragraph #1 in the attached letter. Of course, the SoS’s offer to change is conditioned on the other 98 county auditors concurring with my request.

I hope my request does not turn into a "who supports the SoS versus who supports Auditor Miller" when the question should be: What’s the right thing to do?

I don’t agree with some of the other statements in the SoS’s letter, but I’m not going to argue about those statements now because what I really want is for the export tools in I-Voters to be changed so neither my successor nor any other county auditor has to deal with an accidental release of confidential voter data that is illegal to export in the first place.

BTW, a few of my detractors have tried to score political points by criticizing my use of this blog to post updates. Of course, they have never likely tried to personally post something on the County’s official website; whereas, I have posted on that website. Let me just say, "Life is already too short for me to have to use the County’s web site as my mouthpiece in a crisis".

As for my individual posts on my blog, I am very particular about indicating which role I am in when I post on this blog, e.g., if I am posting as a candidate or a resident, I indicate it. On this post, I am and I have been writing as the county auditor; hence, the signature that follows. Thanks for reading! -Joel D. Miller – Linn County Auditor

CO to Linn Co re SSN breach.pdf

Update #6: Linn County voter data

August 10, 2017

Unfortunately, I have very little to update you on today other than the legal wheels are in motion and I/we are awaiting updates. I stand by my belief that we have minimized the risk of the accidently released voter data being used for unlawful purposes.

I believe the local news media has been doing a fine job of keeping you informed on this incident, i.e., if you utilize any of the media outlets on a daily basis. My latest interview (8/10/2017) was part of a story carried by CBS2/FOX28 and you can see it here. Tomorrow (8/11/2017), KCRG’s I-9 reporter Josh Scheinblum is scheduled to do a follow-up report on this incident.

While the legal wheels are in motion, I will be working to eliminate the possibility of anyone in my office from ever fulfilling a request for voter data that includes confidential data, e.g., the last four of your SSN. Thus far, the Iowa Secretary of State’s Office has not been receptive to removing the options to include confidential data in the voter data requests. In fact, the SoS would like me to rescind my letter to them requesting they modify I-Voters.

The SoS is in a pickle. Secretary Paul Pate issued an Open letter to Iowa Voters on August 1st and then my office accidently releases confidential voter data on August 4th. Talk about bad timing. But the ability of my employees and Auditors’ employees across the State of Iowa to commit this error has been around for years and the opportunity to commit the error today still exists.

I believe if a statistician was asked about whether or not an accidental data release occurred in the past, he/she would indicate it’s very likely confidential data has been released in the past. Think about it. Every one of Iowa’s 99 counties has access to I-Voters and the ability to export a list to fulfill a voter data request. “To my knowledge” – which I have been known to say – just means that I do not know about it. It does not mean it has never occurred. Let’s ensure it never occurs again.

Mr. Secretary: This is my open letter to you. Please fix I-Voters so no employee of yours or mine ever again has the opportunity to accidently include confidential voter data in a report that is issued to a member of the public. Regards, Joel D. Miller – Linn County Auditor

Communicating to the Board re voter data mistakenly released

August 10, 2017

Dear Board of Supervisors:

In my first update posted on my blog at 5:31pm on Saturday, August 5th, I indicated I talked to the Board Chair and to Supervisor Harris – see:

At 6:16pm (Friday), Linn County Supervisor and Board Chairman Brent Oleson called me to get an update.

At 8:53am (Saturday) – I returned a call to Linn County Supervisor John Harris and gave him an update.

On Sunday at 5:34pm, I talked to Board Chair Oleson and gave him an update.

Last night, Supervisor Houser stopped by and while were conversing, indicated no one called him about the incident.

Please pardon me, but when I am in the middle of crisis, I think I should be able to expect the Chair of the Board, duly elected by his peers, to update his peers as he sees fit and to be held accountable by his peers when he does not do so. And it appears Brent, that you did not inform your peers … and to their discredit, three of them did not bother to call me.

Stacey, you indicated I should have called you. Does County Attorney Vander Sanden call any member of the Board to inform you that he charged someone with murder? Does Sheriff Gardner call any member of the Board to inform you he arrested someone for robbing a bank? Why is it you let the Attorney and Sheriff operate autonomously and with impunity and think you need to micromanage the Auditor, Recorder, and Treasurer, and imply a threat to my budget (Stacey) if I don’t comply?

I called the county officials I thought I needed to inform (the Board Chair) and I returned calls to those who called me (Harris). If another incident occurs, I will likely do it the same way.

I will send the Board updates on this incident going forward so you have no excuse for not knowing what’s going on, but you have given me reason to believe that it’s “every man for himself” as far your interactions with each other are concerned and I evidently cannot count on one of you share communications with the other, which is exactly why I prefer to discuss matters with you as a Board and not individually.

I got asked about this topic by some news reporters because of the back in forth in yesterday’s Board meeting, which prompted this email to you.

No reply requested, expected, or necessary.


Joel D Miller – Linn County Auditor

Update #5: Linn County voter data

August 9, 2017

At this morning’s Board of Supervisors meeting, I handed out the attached letter which was emailed to Iowa Secretary of State (SoS) Paul Pate. You can view the video recording of the meeting by clicking on the previous link.

In my opinion, three things occurred in this incident. First, we received a bad email address that we had no reason to believe was bad, and we sent voter data to that email address. Second, an employee clicked on the wrong box during a data export and forwarded unauthorized voter data to a bad email address. And third, an option exists on the voter data export report to export the last four digits of social security numbers when there is no reason that our Auditor’s Office or any other Auditor’s Office needs the ability to export any portion of social security numbers or other confidential records.

The purpose of this letter is to urge the SoS to remove the ability for County Auditors to export confidential records from the State I-Voters voter registration system. BTW, Secretary Pate tried to reach me and left me a voice mail while I was attending the Board meeting.

I am pleased to report that we have made some additional progress today towards eliminating the risk of voter data falling into the hands of bad actors. Unfortunately, I cannot provide any additional details at this time. –Joel D. Miller – Linn County Auditor

SoS letter 8.8.17.pdf

Update #4: Linn County voter data

August 8, 2017

An article in the August 5th Gazette caused a Linn County resident to contact the Auditors Office and Deputy Stonawski responded with the following email. The resident’s concerns are well placed and, again, I apologize to Linn County’s registered voters that voter data was accidentally released.

At this time, I have nothing more to report as we are pursuing legal remedies to bring closure to this incident. -Joel D. Miller – Linn County Auditor

From: Rebecca Stonawski
Sent: Tuesday, August 8, 2017 9:53 AM
Cc: Joel D. Miller

Dear Ms. F:

Thank you for reaching out. I understand your concerns, and I appreciate your patience in awaiting a response.

We have been working diligently over the past four days with both law enforcement and internet companies to minimize any potential concern. As a legal process is ongoing, I cannot comment specifically on the process. However, our goal is to take care of this issue with minimal damage to the public interest.

We are also communicating with the Linn County Board of Supervisors and the County Attorney to decide if any protectionary measures are needed. I am hopeful that protectionary measures will not be needed.

However, if they are, we will follow the law from the Code of Iowa in regard to notification of each person involved and action steps. You do not need to do anything at the present time.

I cannot comment on employee issues. However, we have placed a temporary moratorium on fulfilling voter data requests from our office. We will be working with the Iowa Secretary of States office to make sure that this never happens again.

I want to apologize sincerely for the stress and loss of trust that this has caused. We believe that there was no mal-intent on anyones part, and it was simply an accident. However, we recognize that this type of issue will take time to address.

I also encourage you to continue to vote. I understand your concerns, but we believe very strongly that the right to vote is one of the most important rights Americans have.

Thank you very much for expressing your concern. Our office made a mistake, and we have been working diligently to address it quickly. We welcome any additional questions you have.


Becky Stonawski, Deputy Commissioner of Elections, JD, PhD

#319-892-5300, opt. #1 rebecca.stonawski

Begin forwarded message:

From: CF
Date: August 5, 2017 at 10:03:30 AM CDT
To: <Auditor>
Subject: Voter data release

Mr. Miller

What a disappointment to read in the paper this morning about the voter data released with partial social security numbers.
A few weeks ago I wrote Paul Pate regarding releasing voter data for the Trump administration that sounded like it would have social security numbers. It seemed to be just an easier way for all information to be hacked, or given away so easily by the click on the keyboard.
I guess I don’t see why this information is needed on a weekly basis.
The last four digits of a social security # are asked for all the time when you have to call an insurance co., doctors office and many other personal things. I don’t see why this information is given at all.
I hope people that release things like this don’t continue to have access to it. It’s more than just a simple click on the wrong box. It’s our personal data.
It’s beginning to seem like being a registered voter is just too risky.


%d bloggers like this: