Voter fraud investigation: an opportunity for hackers

Privacy, News, Politics, Rights

President Donald Trump recently issued an executive order forming the Presidential Commission on Election Integrity in order to examine alleged “vulnerabilities” in the election system. The commission is moving forward, despite pending federal lawsuits to have it shut down.

Pushing back

The commission has asked states to turn over sensitive voter data, including voters’ birth dates, driver’s license information, felony convictions, military status, Social Security numbers, and voting histories. In response, 45 states refused to release at least some of the requested data, while civil rights groups and privacy advocates unleashed a cavalcade of lawsuits against the government in federal court:

The lawsuits are making it more difficult for the commission to collect the data it seeks, but they’re not likely to stop it. One by one, states will likely have to comply with the president’s demands—and the collected information could be used to instill tougher voter registration and identification laws, and potentially restrict access to the ballot box.

Security concerns

Last year, when asked about the security of the U.S. voting system, Republicans and Democrats agreed that the decentralization of elections makes it impossible for hackers to manipulate data—ballot counts or voter rolls, for example—in a significant way.

This security is threatened, however, by the very mission of the voter fraud commission. A national list of registered voters could provide the very thing hackers (and hostile foreign governments) need to mount a wide-scale assault on American elections, since any records stored on computers are susceptible to cyberattacks.

Donathan Brown, author of Voting Rights under Fire, says the commission’s request to receive the information via a non-secure website—without authentication—poses significant privacy risks.

“Chief among these potential vulnerabilities include significant data breaches from hackers, which would possibly include the release of identifying information,” says Brown. “With no protections in place for the transmission of this data, along with the commission’s proposal to publish partial Social Security numbers, the risk of identity theft and financial fraud increases exponentially.”

Immigration attorney Renata Castro of Castro Legal Group has serious concerns for her clients and says, “Data exposed in the voter rolls could result in unwarranted probing of individual’s immigration status, especially those with names easily associated with foreign languages.”

A spokesman for the commission said the data will be encrypted, transmitted from the states through a secure connection, and kept on a White House system “designed to handle sensitive information.”

What’s the rush?

The Electronic Registration Information Center (ERIC) is a nonprofit group comprised of 20 red and blue states. ERIC shares large amounts of sensitive data to identify fraud, ensure accurate voter rolls, and promote voter registration.

Executive director Shane Hamline says it is unclear how the new commission will protect the data and generate usable results. ERIC spent more than three years developing extensive security protocols before launching in 2012. By contrast, Trump’s commission has demanded the same sensitive voter information—on an even grander scale—in less than two weeks.

“This is a textbook study on how not to use data,” says David Becker, executive director and founder of the Center for Election Innovation and Research. “There is no comprehensive security plan, no detailed methodology or outline” for the data request.

ERIC has helped register millions of new voters and prompted the removal of millions of names from the voter rolls—those who’ve died, moved to other states, or committed crimes that made them ineligible to vote.

But with far less expertise and planning, the president’s committee will have a tough road matching those results and ensuring data protection for all.