by Todd Shepherd, Broad + Liberty
A Democrat in the Pennsylvania House of Representatives is supporting a bill that would require all county elections offices in the commonwealth to obtain a website URL ending in .gov to provide immediate clarity to the public as to which election websites are official government websites and which are not .
Legislative note to the draft act of Rep. Joe Webster (D-Montgomery) was introduced in February, weeks before Broad + Liberty reported on Vote.pa, a Democratic-backed, left-wing-funded website that registers people to vote but also collects their data, such as telephone numbers and e-mail addresses in order to create a database of contacts for the purposes of running a campaign.
Vote.pa is a form of what cybersecurity experts call “typosquatting,” which involves creating a website URL very close to an official website, in this case the Department of State’s URL, vote.pa.gov.
The site is owned and operated by Commonwealth Communications JJ AbbottDemocratic operative and former national press secretary Governor Tom Wolf. Internet archives show the site launched in 2020 and originally included an explicit disclaimer that by using the site to register, you consented to receiving future political communications.
However, this disclaimer was shelved in overdue 2022 or early 2023, which meant a user would have to click through to a separate page to read the site’s privacy policy only to find out their contact information had been used to create a political Database.
Elected Democrats in federal and state offices promote Vote.pa, even though it is not an official State Department website.
US Senator Bob Casey published on X link to Vote.pa, so the state Senators Jay Costa (D-Allegheny) i Judy Schwank (D-Berks). However, the most noticeable are postal items which have Governor Josh Shapiro a signature on them urging people to order mail-in ballots. However, the Postal Service advises voters to visit Vote.pa — NO Vote.pa.gov. Governor Shapiro also recently appeared at an event sponsored by The Voter Project, a nonprofit cousin of the Voter Project Fund, which paid for postage through Shapiro’s endorsement of Vote.pa.
Essentially, Webster’s bill seeks to neutralize the site promoted by Governor Shapiro, U.S. Senator Bob Casey, and State Senators Costa and Schwank.
Webster did not return a request for comment on Vote.pa. In previous reports, the State Department and Governor Shapiro’s office also declined to comment.
The .gov part of a website address is what’s called a “top-level domain.” Other examples are .com, .net, .org and so on. However, although almost anyone can register any .com or .org web address, websites ending in .gov can only be provided by the federal government to qualified government entities.
“Visiting the .gov website shows residents that they are using a trusted and safe source of reliable information” – Webster’s legislative note says. “However, there is no requirement in the statute for state and local agencies to maintain the .gov domain [top level domain]. This leaves the door open to potentially nefarious activities by those seeking to confuse or defraud residents using unofficial voting and election websites.”
In 2021, an election security official made a similar recommendation and apparently reprimanded sites like Vote.pa in the process.
“[U]fortunately, only 11 of Pennsylvania’s 67 counties have election sites hosted on .gov domains,” he said. Will Adlersenior technologist for elections and democracy at the nonprofit Center for Democracy and Technology.
“The vast majority [of Pennsylvania election websites] they are on .com or .org domains, which anyone can buy. For example, the official website for Philadelphia elections is philadelphiavotes.com. Because it is an official website, it is easy to create a convincing fake site, say, phillyvote.com, and provide false information about the election or even collect information from unsuspecting users.”
In 2020, the F.B.I he sent the note around the country to warn state and local authorities about “dozens of suspicious websites that look like official election sites but are not legitimate,” according to Yahoo! News. The report did not provide an exact copy of the memo or provide examples of suspicious websites.
“These suspicious typosquatting domains may be used for advertising, credential harvesting, and other malicious purposes, such as phishing and influence operations,” wrote a 2020 DHS bulletin. “Users should pay close attention to the spelling of web addresses or web pages that appear trustworthy but may be faithful imitations of legitimate U.S. election websites.”
