A request from a senior member of President Donald Trump’s commission on voter fraud for states’ data on registered voters — including names and addresses and social security numbers, is being flayed by cybersecurity experts — with one calling it, “beyond stupid.”
According to Politico, Kansas Secretary of State Kris Kobach’s request for personal information on voters, as part of Trump’s quest to prove there was voter fraud in the 2016 election, is getting more than push-back from states which are refusing to share the data.
As of Friday evening over 20 states have refused to turn over the info to Kobach, citing privacy laws and concerns over how it will be used.
Cybersecurity experts claim that is a wise move on the part of the states.
“The bigger the purse, the more effort folks would spend to get at it,” explained Joe Hall, chief technologist for the Center for Democracy and Technology. “And in this case, this is such a high-profile and not-so-competent tech operation that we’re likely to see the hacktivists and pranksters take shots at it.”
Nicholas Weaver, a computer science professor at UC Berkeley was more blunt, stating: “It is beyond stupid.”
Trump proposed an “election integrity” commission in May, before selecting Kobach — who has a history of pushing for voter suppression laws — to head it up.
While that alone was a warning flag for states not wishing to have Kobach get his fingers into their voter rolls, the idea of a centralized database containing sensitive information — at a time when the FBI is investigating Russian hacking connected to Trump campaign officials — set off alarms with tech professionals.
“This information is particularly sensitive because it can be matched up with other stolen or publicly available information to build a more complete profile for an individual and target them for fraud or other exploitation,” explained data breach expert Jason Straight of business solutions firm UnitedLex.
Speaking with Politico, cybersecurity experts said that they are just as concerned that Kobach’s said that the commission would publish all the voter data it receives.
Despite the fact that some of that information is already available to the public, Kobach’s plan to publish, “could result in the commission making voter data more widely accessible than it otherwise would be from the state itself,” explained Straight.
Referring to the letter that Kobach sent out to each of the states asking for the info, one cryptography expert said it looked like a scam to him.
“Nothing about this letter appears to take information security into account,” stated Matthew Green of Johns Hopkins University. “If I didn’t know this letter was real, I would assume it was a clever spearphishing campaign.”