The Eisner Awards, the comics industry equivalent of the Oscars, are due to be held — virtually, thanks to the ongoing COVID-19 pandemic — later this week. The voting for this year’s winners was not without incident, having been shut down suddenly on the last day of voting and later reopened for a short window, with all previous votes thrown out due to what Comic-Con referred to as an “anomaly.” While the exact nature of the anomaly was not revealed by Comic-Con, last month io9 reported on users on Twitter reporting the ability to see others’ data when attempting to access the site to vote. After speaking with numerous Eisner voters regarding their experiences with this year’s voting, The Beat has uncovered what appears to be multiple issues with the voting process, and that Comic-Con was aware of the issues within a week of the vote opening.
It’s worth noting up top that, while a majority of Eisner voters who spoke to The Beat for this article did experience one issue or another with the voting, not all of them did, and even within those that did their experiences were all a little different. Some voters I corresponded with were able to view other people’s information after logging in; some didn’t have to log in at all to view that information; others weren’t even able to log in in the first place.
Voting for this year’s Eisner Awards opened on June 4th, 2020, with the announcement of the full list of nominees and the opening of the voting site, EisnerVote.com. The voting window was set to remain open for two weeks, until midnight on June 18th. All Eisner Awards voters must have a registered account with Comic-Con, authenticated by email address and password, and including the voter’s name, physical address, phone number, and role within the comics industry.
Arpad Okay, assistant manager at Newbury Comics CambridgeSide (and occasional Beat contributor), logged into his account on June 10th to cast his votes. As he put it when I asked him about his experience, “things went askew immediately after logging in.” Okay saw the personal information for another user, as well as the votes they had cast. “I changed everything to my information, my votes, and changed my password.” After voting, Okay emailed Rick Gerlach (president of R&M Professional Services, and listed on EisnerVote.com as the contact for “any issues or questions about using the voting website”) about what he’d seen, and received a response telling him that his account had been “crosslinked” with someone else’s, and that it would be ‘corrected.’
On June 12th, Dark Horse Comics PR Coordinator Anthony Mauro sat down to submit his Eisner Awards votes. He told The Beat that when he tried to log in with his email address and password, though, his credentials didn’t work. “And when I went to update them,” Mauro told me, “I couldn’t because my email address was (obviously) already in use. Shortly after I tried voting, I received an email from Rick Gerlach stating ‘Could I have you re-register and vote on the Eisner website? Your account was accidentally cross-linked with another.’” Mauro confirmed for The Beat that the email he received from Gerlach was unsolicited — indicating that not only was he aware of the problem on the 12th, he also knew enough about who was impacted by it to reach out to them.
The issue appears to have persisted between then and June 17th, the day before voting was set to close. That’s when Dark Horse social media manager Cara O’Neil logged in to vote and found another user’s entries. “I checked my profile information,” O’Neil told me. “It was completely filled out for someone else—different name, comics affiliation, other personal details.” O’Neil emailed Gerlach herself, and received a response about crosslinking and needing to re-register. Re-registering presented its own problem: “When I went back to the site to attempt to re-register, the site was down for ‘maintenance.’ The next few times I checked, this was still the case. I never did get to re-register.”
That same day, cartoonist Chan Chau also attempted to vote after seeing a reminder from the MG-BIPOC in Comics Discord channel to which they belong. Navigating to the voting site, Chau was immediately authenticated into another user’s account — without entering their email address and password. “I had noticed the front page saying ‘Hello, Ro!’ but I disregarded it at the time and didn’t screenshot it,” Chau said. They cast their votes, changing the few fields that they noticed were already filled out, and chalking those up to a “glitch.” “When I was done,” Chau continued, “I went to change my profile information, since I recently moved to a different part of the country and wanted to make sure everything was up to date.” There, Chau saw full details for the other user, and, as they told me, “Everything started to line up.”
Chau wasn’t alone. The other members of the Discord channel, including cartoonist Andi Santagata, also experienced something similar. Santagata told The Beat they initially filled out most of their Eisner ballot early on in the voting window, with no issues, but didn’t submit their votes right away. When they accessed the website again days later to complete filling out their ballot, “I realized that the website had automatically logged me into someone else’s account, and, after refreshing a couple times, I found that it was logging me into several different people’s accounts.” Santagata said they were able to view half-a-dozen other users’ accounts while attempting to complete their ballot, and that when they were able to eventually access the site with their own account again, they found some of their own personal data had been changed.
As Chau describes the problem: “How it worked was, the last person who logged into the website, anyone who was currently looking at the website was also logged into that person as well. It was a weirdly linked session. The last person to log in would override the last session. It was like multiple computers were able to share a session, and that was terrifying. Because if you refereshed the page on occasion, someone else was likely to have logged in, and you’d have a new account you were looking at.”
Chau and Santagata both described to The Beat testing that the members of the group did among themselves to try to get to the bottom of the problem. “The Discord channel did test things together because we were able to see each other’s names/votes/profiles,” Chau told me. “We were trying to parse what was happening. There [were] unfortunately some people outside of our Discord group who [were] also logging in, none the wiser about this.”
The next day, Eisner Awards voting was shut down abruptly. None of the voters I spoke with received any communications from Comic-Con informing them of the shutdown, or of the so-called anomaly.
When voting reopened on June 24th, an announcement email was sent by Comic-Con administrator Jackie Estrada. The email, shared on Twitter by cartoonist Emil Ferris, read as follows:
“As a result of our investigation into the recently reported issues with the Eisner voting website, it appears this was not a malicious attempt but an error in the platform itself. While our examination of the records leads ut to believe the problem is small and we have no direct evidence that any votes have been altered, out of an abundance of caution and care we have decided to re-run the vote with a current and secure voting platform. Only the eligible comics industry professionals who cast votes on the original platform are being sent this invitation to recast their ballot.”
The new Eisner Awards voting window would be one week, half of what it had originally been, and individual emails were supposed to go out to all voters with a secure link to the revote.
Some previous voters received the email with the link; others, like Anthony Mauro, didn’t. “As I saw more and more of my colleagues in the industry receiving the email with the new link to vote, I got antsy that I hadn’t yet received it,” Mauro said. “I reached out to Jackie Estrada to ask for the link and was told that PR folks (along with “Non-creative publisher staff members” i.e. marketing) are not eligible to vote in the Eisner’s—despite me having voted the year prior.”
Cara O’Neil, who hadn’t been able to vote the first time around because the site was down for maintenance, also never received the email about the revote; After hearing from Mauro about Estrada’s response regarding non-creative publisher staff members not being eligible to vote, she didn’t bother trying again, despite also having voted in prior years.
Arpad Okay also did not receive an email regarding the revote, but was able to procure one from Estrada in time to vote again. Chan Chau and Andi Santagata both said they received the revoting email; Chau was able to revote, while Santagata didn’t have a chance to do so before the deadline. Other industry professionals reported never receiving the revoting email, and thus not taking part in the revote despite having voted during the initial round.
Others who held off on voting in the initial round due to chatter online about the data issues now found themselves completely cut off from participating in the revote, disenfranchised due to their caution over not wanting their personal data to be viewed by others. As Chau told me, “It’s unnecessarily cruel, to those who wanted to keep their information safe, just to be barred for it.”
The Eisner Awards revote closed on June 30th. On July 7th, an email from Jackie Estrada went out thanking those who participated in the revote. Not everyone who received the email actually did, though.
Retailer Annie Bulloch, co-owner of 8th Dimension Comics & Games in Houston, voted without issue in the first round of voting. When the time came for the revote, though, she told The Beat the automated emails sent by the new voting platform, ElectionBuddy, went to her spam folder, and a reminder email from Comic-Con wasn’t seen until it was too late. “Because I didn’t get a chance to participate in the revote,” she told me, “I thought it was weird when I got the email thanking me for my participation.”
I just got this email from the Eisner voting admin thanking me for participating in the revote and claiming the results were actually the same. I did not participate in the revote, so I have zero faith in whatever results they’re claiming. #EisnerAwards pic.twitter.com/QAcj4j1mXB
— Annie, Medium Creature, CR 10 (@texasannie) July 7, 2020
Bulloch shared screenshots of the email on Twitter. “As you will remember,” the email from Jackie Estrada read, “it was brought to our attention that some voters had issues with the original Eisner voting website. Our investigation into the matter discovered an error that, in certain specific situations, allowed one user to see the profile of a different user as well as access to the votes of the other user.
“Our examination of the records,” the email continued, “leads us to believe the problem was limited in nature and have no evidence that any original votes were compromised or altered.” The email reiterated the ‘abundance of caution’ that led to the revote, before stating the following: “A comparison of the original results and those of the revote indicates no difference in the results.”
Bulloch was understandably skeptical. “I have no faith in any Eisner results they might announce this year,” she said. “Frankly, I think this casts doubt on past years’ awards too. How long has it been like this, but escaped notice because we’re all used to comics industry technology being old and clunky?”
The common thread among all the experiences of the voters The Beat spoke with is a lack of transparency from Comic-Con. Rick Gerlach was made aware of the data issue within the first week of the Eisner Awards vote opening, so why was voting allowed to continue? They knew enough to proactively reach out to at least one person to have them reregister, so it stands to reason that they would’ve been able to identify all of the impacted users. Perhaps they thought the scope of the problem was small enough that it could be ignored.
Also at issue is Comic-Con’s clear misstating of the facts in their user communications (what little there were). Voters specifically said that they saw their information had been changed, and that they unwittingly changed the information of other users who had already voted. And yet Comic-Con said in emails, and the website for the Eisners still says, they found “no evidence that any original votes were compromised or altered.” They may not have found any evidence of it, but it happened according to the voters we spoke to, and if they misstated something like that — something that would’ve been addressed by the revote anyway — who knows what else they misstated about the situation (like, for example, that the overall results of the voting remained unchanged after the revote).
It seems likely that, in the absence of any transparency from Comic-Con, we’ll never know what the scope of the issue was. Comic-Con doesn’t publicly share stats around their voting pool, so it’s anybody’s guess even how many people vote in the Eisners, never mind what percentage of them might have been impacted by the data issues, and Gerlach never responded to multiple requests for comment. Regardless of what caused it, a data breach like this, particularly where users didn’t even have to log in to the voting site to view someone’s personal information, is a serious issue that could open up Comic-Con to lawsuits from the impacted users.
The whole thing casts a pall over what should be a triumphant night for the comics industry. The Eisner Awards are typically an opportunity to celebrate some of the best work from the past year. With all the uncertainty around the process and lingering questions about changed votes and compromised data, this year’s event, which was already going to be strange given its virtual nature, is sure to be even more unusual than expected.