Kansas Secretary of State Kris Krobach has never been accused of being the sharpest tool in the shed, and now he's proving why. Kobach, who co-chairs Donald Trump's 'election integrity commission' (aka, voter suppression commission), has been utilizing an unsecured database platform to compare the voter rolls of 32 different states in search of duplicates. Mother Jones' Ari Berman has more on the hacker-friendly Interstate Crosscheck Program Kobach has been using to push his assault on voting rights.
Yet newly released documents show that the program touted by Kobach has major security vulnerabilities that could lead to sensitive voter data being hacked, released, and even modified. States that employ the program upload their voter data to an unsecured server and exchange usernames and passwords to access the server over unsecured emails. They have also released sensitive, unredacted information on voters to the public.
Crosscheck was founded in 2005 to compare registration lists among Midwestern states but has been dramatically expanded by Kobach, and it’s now used by 32 states. Participating states upload their voter lists to a server run by the Arkansas secretary of state, and then Kobach’s office analyzes the data to search for illegal double voting. However, those files are being uploaded to a server that is not encrypted and could be hacked, according to documents released to the grassroots anti-Trump group Indivisible Chicago following a Freedom of Information Act request by the group. (Indivisible Chicago is lobbying Illinois to leave Crosscheck.) [...]
If a hacker sent a “phishing email” to Kansas pretending to be from another state that’s part of Crosscheck, Davis says, he or she could potentially get access to the voter files of every state participating in Crosscheck. That information could be stolen, released, or even modified, [Edelson PC director of digital forensics Shawn] Davis says.
Of course, we know that Russian hackers did send phishing emails to at least 100-plus local elections officials last year, based on the NSA document leaked several months ago. It’s the exact vulnerability that makes Kobach’s chosen system ripe for attack.