Trump Election Commissioner’s Voter Database Is a Ripe Target for Hackers

Kris Kobach calls the program a model for the country. It has major security problems.

Kansas Secretary of State Kris Kobach talks with a reporter in his office in Topeka, Kan. Orlin Wagner/AP

Kansas Secretary of State Kris Kobach has called his Interstate Crosscheck Program, which compares voter registration lists among states to search for fraudulent double voting, a model for the nation. Kobach is the vice chair of President Donald Trump’s controversial election integrity commission, which is seeking to find evidence of voter fraud and use it to impose new restrictions on voting. Crosscheck “illustrates how successful a multistate effort can be in enhancing the integrity of our elections and in keeping our voter rolls accurate,” Kobach said at the first meeting of the commission in July.

Yet newly released documents show that the program touted by Kobach has major security vulnerabilities that could lead to sensitive voter data being hacked, released, and even modified. States that employ the program upload their voter data to an unsecured server and exchange usernames and passwords to access the server over unsecured emails. They have also released sensitive, unredacted information on voters to the public.

Crosscheck was founded in 2005 to compare registration lists among Midwestern states but has been dramatically expanded by Kobach, and it’s now used by 32 states. Participating states upload their voter lists to a server run by the Arkansas secretary of state, and then Kobach’s office analyzes the data to search for illegal double voting. However, those files are being uploaded to a server that is not encrypted and could be hacked, according to documents released to the grassroots anti-Trump group Indivisible Chicago following a Freedom of Information Act request by the group. (Indivisible Chicago is lobbying Illinois to leave Crosscheck.)

Typically, sensitive data like this would be handled using a secure file transmission network called an SFTP, but Crosscheck uses an unsecure system, according to the documents. “This is a FTP site and not an SFTP,” Bryan Caskey, deputy assistant secretary of state for elections in Kansas, wrote to Clayton Nicholson, an information specialist with the Illinois State Board of Elections, on June 28. Moreover, the usernames and passwords used by state election officials to upload voter data are being sent in the body of unsecured emails to more than 80 people. That makes these communications a ripe target for hackers, says Shawn Davis, director of digital forensics at Edelson PC, a Chicago-based law firm specializing in technology issues.

“It’s completely vulnerable and wide open,” says Davis. “The largest issue is that they’re emailing the credentials back and forth. That’s a huge vulnerability.”

If a hacker sent a “phishing email” to Kansas pretending to be from another state that’s part of Crosscheck, Davis says, he or she could potentially get access to the voter files of every state participating in Crosscheck. That information could be stolen, released, or even modified, Davis says. “It’s not very secure at all,” he says of Crosscheck.

States are also not always protecting the data they have. After Florida received a FOIA request from a voting rights activist in Kansas, it released unredacted personal information on 1,400 voters, including their names, birth dates, and the last four digits of their social security numbers. This information could be enough to make them targets of identity theft, says Davis.

Crosscheck’s security vulnerabilities are particularly noteworthy because Trump’s election commission has requested voter data from all 50 states, leading to fears about how secure that data is and how it will be used. Kobach has repeatedly cited Crosscheck as a template for the commission’s work.

In addition to the risk of hacking, Crosscheck has been found to produce false matches 99 percent of the time. Academics from Stanford, Harvard, Yale, and the University of Pennsylvania who studied Crosscheck found that “200 legitimate voters may be impeded from voting for every double vote stopped.” Because the program searches for double voting using only voters’ first and last names and date of birth, it generates thousands of false matches, which makes double voting seem far more common than it is and can cause people to be incorrectly taken off voter rolls and even wrongly prosecuted for illegal voting.

In the newly released emails, Kansas election officials admit that Crosscheck can lead to mistaken cases of alleged fraud. “In a majority of cases of apparent double votes, in the end they do not turn out to be real double votes due to poll worker errors, mis-assignment of voter history, voters signing the wrong lines in poll books, etc,” wrote Brad Bryant, the state election director for Kansas, to Kyle Thomas, director of voting and registration systems at the Illinois State Board of Elections, in 2011. 

Following the release of the new documents, 20 state legislators in Illinois have called on the state board of elections to withdraw from Crosscheck. “We urge the Board to end the state’s participation in the Interstate Voter Registration Crosscheck System (‘Crosscheck’) and to refuse to comply with the Presidential Advisory Commission on Election Integrity’s second request for voter registration data,” they wrote.