Illinois says security flaws in the Kansas-based voter database system favored by the White House show that it’s not up to the task.
By Shane Nicholson
CHICAGO — The Illinois State Board of Elections said Friday it would not be sending voter data for entry into a Kansas-based registry supported by the Trump administration, citing security concerns.
The Interstate Voter Registration Crosscheck Program, designed by Kansas election officials, supposedly collects and parses information on voter rolls around the country. Driven by Kansas Secretary of State Kris Kobach, a top figure in President Donald Trump’s recently disbanded “Voter Fraud Commission,” Crosscheck has come under fire for potentially exposing the personal data of more than 100 million voters.
Officials cited a lack of security measures in the Crosscheck system in declining to take part in the program. The board had originally indicated that it would begin sending data in January, but ISBE Executive Director Steve Sandvoss, in a Jan. 10 letter to state legislators, said that Crosscheck had not met its standards for protecting voter information.
“As of this date, we have received no description of security enhancements from Crosscheck,” Sandvoss wrote. “We plan to review and discuss those proposed enhancements upon receipt and we will transmit no data to Crosscheck until security issues are addressed to our satisfaction.”
Democratic state Sens. Kwame Raoul and Bill Cunningham have introduced legislation that would amend Illinois’ election code and disallow participation in any interstate voting registry outside the Electronic Registration Information Center, a non-profit organization that allows states to share voter information. Illinois is among 22 states participating in the ERIC program.
Questionable methods, security
Crosscheck’s ability to establish accurate voter rolls has been called into question in numerous reports and studies. One 2014 report showed that out of 7.2 million voters flagged by Crosscheck for potentially voting in multiple elections, only four had charges brought against them with none receiving convictions.
Oregon and Florida have both left the program, calling its methods and results questionable. “We left because the data we received was unreliable,” said Oregon’s secretary of state in 2014.
The system reportedly works by matching first, middle and last name, birth date, and last four digits of a Social Security number to known voter rolls. But that method, critics say, unfairly highlights persons with common last names. And the database is often incomplete, leaving out middle names or failing to recognize the difference between a Jr. and Sr.
Database expert Mark Swedlund told Rolling Stone in 2014 that Crosscheck used a “childish methodology” in coming to its conclusions. “God forbid your name is Garcia, of which there are 858,000 in the U.S., and your first name is Joseph or Jose,” he said. “You’re probably suspected of voting in 27 states.”
Methodology aside, some have pointed out serious security flaws in the Crosscheck system. An October report from ProPublica highlighted a number of issues around the storage of voter data within the Crosscheck system:
Crosscheck’s data is stored on an FTP server run by the Arkansas Office of the Secretary of State. FTP servers are unencrypted, leaving passwords and downloads readable by electronic spies. It is standard across the industry to instead use SFTP (short for “SSH File Transfer Protocol”), which protects data from prying eyes, according to Hall. He compared FTP servers to a postcard and SFTP servers to a letter sealed in an envelope and locked in a vault.
“It blows my mind — this is complete operational security incompetence,” Joe Hall, the chief technologist for the Center for Democracy & Technology, told ProPublica. “You should consider all of that stuff in the hands of people who are clever enough to intercept someone’s email.”
Further analysis by the tech-blog Gizmodo revealed even more concerns in Crosscheck’s setup, showing “an alarming array of previously unreported weaknesses in the network hosting the Crosscheck server.”
The Kansas authorities who manage the system, under the direction of Kobach, have further rebuffed calls to improve its algorithms that identify supposed illegal voters. Some groups have said that Crosscheck produces figures that exaggerate instances of voter fraud by a factor of more than 1,000. “Experience in the crosscheck program indicates that a significant number of apparent double votes are false positives and not double votes,” Crosscheck’s own 2014 user guide says.
Kobach has been a staunch supporter of voter caging, a method of purging voter rolls via a variety of means that have been struck down by U.S. courts. Following the president’s repeated and unsubstantiated claims of 3 to 5 million illegal votes being cast in the November 2016 general election, he was tapped as vice-chairman of the White House’s voting fraud team after Trump took office.
In June, Kobach sent notice to election officials in all 50 states asking them to submit voter data for entry into the Crosscheck system. But even then, Kobach requested data be sent via an unprotected email address that could have exposed the information of millions of voters. The commission was also shown to use private email accounts to conduct official business.
A December report from Georgetown University showed former Director of National Intelligence Jim Clapper and former Director of the National Counterterrorism Center Matt Olsen questioned the very efforts of the president’s commission.
“In 2016, America experienced an unprecedented attack against our democracy by a foreign nation-state seeking to influence the outcome of the presidential election through cyber operations,” said Olsen. “We should do everything we can to increase our defenses against such attacks. To that end, the Commission on Election Integrity should ensure that it has established basic data security measures as it sets about gathering the highly sensitive information of millions of Americans into one centralized, potentially vulnerable location where the database may quickly become an appealing target for foreign powers and criminal enterprises alike.”
A legal brief from Georgetown Law’s Institute for Constitutional Advocacy and Protection said that by consolidating voter data in Crosscheck, the likelihood of a breach that could reveal information on millions of voters was highly likely. Calling Crosscheck “a treasure trove for malicious actors,” the brief concluded, “there is substantial reason to believe that the Commission has gone about its work in ways that subjected the data to significant vulnerabilities and indeed exacerbated those vulnerabilities.”
The voter fraud commission was disbanded last week after a series of internal battles and lawsuits and states refusing to participate. The work of the commission has been passed along to the Department of Homeland Security, administration officials said.
States, courts respond
Meanwhile, the state of Indiana, a participant in Crosscheck, faces a lawsuit over its purging of voter rolls using the system’s methods. But a study by researchers from Yale, Harvard, Stanford, the University of Pennsylvania and Microsoft found that more than 99 percent of all potential voter fraud cases identified by Crosscheck are false positives.
Despite the known issues with the program, Indiana legislators have allowed a positive ID for suspected fraud by Crosscheck to be grounds for striking a voter from the rolls. That led to the filing of a lawsuit in October by Common Cause and the American Civil Liberties Union after the state purged more than 1.5 million voters between 2014 and 2017.
In testimony before the Kansas House Election Committee last week, Kobach claimed the Crosscheck system cost his state no money to operate, despite saying that multiple state IT employees were tasked with managing its systems. While avoiding questioning of the system’s highlighted security flaws, Kobach said that upgrades to address them would cost “less than $20,000.”
Kobach further acknowledged flaws in Crosscheck’s methodology. “I said before that a person with the same first name, last name and dob is a potential match,” he told the Kansas legislature. “What they do with that is up to the state.”
For now, any efforts from the Trump administration to compel states to use Crosscheck will continue to face legislative and legal challenges. Illinois rejected Kobach’s overtures last summer, saying that it would not fulfill any requests for data that could potentially expose the personal information of the state’s voters. And while a divided vote from ISBE in November left open the door for participation in the system, last week’s move showed that state officials have no interest in Crosscheck when it comes to ensuring open and honest elections in Illinois. R.
This story has been updated.