by Todd Shepherd, Broad + Liberty

A Democrat in the Pennsylvania House of Representatives is sponsoring a bill that would require all county election offices in the commonwealth to obtain a website URL ending in .gov in order to provide the public with more immediate clarity about which election websites are official government sites and which are not.

The legislative memo for the bill from Rep. Joe Webster (D-Montgomery) was introduced in February, weeks before Broad + Liberty reported on Vote.pa, a Democratic-aligned, left-wing funded website that registers people to vote, but also harvests their data like phone numbers and email addresses in order to create a contacts database for campaigning.

Vote.pa is a form of what cybersecurity experts call “typosquatting,” which relies upon creating a website URL that is extremely close to the official site, in this case, the Department of State’s URL which is vote.pa.gov.

The site is owned and run by Commonwealth Communications, which in turn is run by JJ Abbott, a Democratic operative and former press secretary for Gov. Tom Wolf. The Internet Archive shows the site was launched in 2020, and originally posted a prominent disclaimer that by using the website to register, the user was agreeing to receive political communications in the future.

But that disclaimer was shelved sometime in late 2022 or early 2023, meaning a user would have had to click onto a separate page for the site’s privacy policy to understand their contact data was being used to create a political database.

Elected Democrats across federal and state offices have promoted Vote.pa even though it’s not the official Department of State site.

U.S. Senator Bob Casey posted on X a link to Vote.pa, and so have state Senators Jay Costa (D-Allegheny) and Judy Schwank (D-Berks). Most notably, however, are mailers that have Gov. Josh Shapiro’s signature on them urging people to request mail-in ballots. But the mailer recommends voters visit Vote.pa — not Vote.pa.gov. Governor Shapiro also recently appeared at an event sponsored by The Voter Project, a nonprofit cousin of the Voter Project Fund which paid for the mailers with Shapiro’s endorsement of Vote.pa.

In essence, Webster’s bill hopes to neuter a site that has been promoted by Gov. Shapiro, U.S. Senator Bob Casey, and state Senators Costa and Schwank.

Webster did not return a request for comment on Vote.pa. In previous reports, the Department of State and Gov. Shapiro’s office also declined to comment.

The .gov part of a website address is what’s called the “top level domain.” Other examples are .com, .net, .org, and so on. However, while almost anyone can register any web address they like with .com or .org, websites ending in .gov can only be given out by the federal government to qualified governmental entities.

“Visiting a .gov website shows residents that they are using a trusted and secure source with reliable information,” Webster’s legislative memo says. “Nevertheless, there are no requirements in statute for state and local agencies to maintain a .gov [top level domain]. This leaves the door open for potentially nefarious actions by individuals looking to confuse or scam residents with unofficial websites around voting and elections.”

In 2021, an elections security specialist made a similar recommendation — and seemingly rebuked sites like Vote.pa in the process.

“[U]nfortunately, only 11 of Pennsylvania’s 67 counties have election websites that are on .gov domains,” said Will Adler, Senior Technologist in Elections & Democracy at the nonprofit Center for Democracy & Technology.

“The vast majority [of Pennsylvania election websites] are on .com or .org domains, which anyone can purchase. For instance, Philadelphia’s official elections website is philadelphiavotes.com. With that being the official website, it’s easy for someone to make a convincing fake website at, say, phillyvote.com and produce fake information about the election or even collect information from unwitting users.”

In 2020, the FBI distributed a memo nationwide to state and local governments warning about “dozens of suspicious websites that look like official election websites but are not legitimate,” according to Yahoo! News. The report did not provide an exact copy of the memo, nor did it name any examples of the suspicious websites.

“These suspicious typosquatting domains may be used for advertising, credential harvesting, and other malicious purposes, such as phishing and influence operations,” the DHS bulletin said in 2020. “Users should pay close attention to the spelling of web addresses or websites that look trustworthy but may be close imitations of legitimate U.S. election websites.”