Newly revealed records show sloppy practices that could put millions of people’s information at risk.
by Jessica Huseman and Derek Willis
The voter-fraud-checking program championed by the head of the
Presidential Advisory Commission on Election Integrity suffers from data
security flaws that could imperil the safety of millions of peoples’
records, according to experts.
Indivisible Chicago, a progressive advocacy group in Illinois, filed a
public-records request with Illinois and Florida for information on the
Interstate Voter Registration Crosscheck Program.
Crosscheck was
created and run by the Kansas secretary of state’s office and is often
cited by Kris Kobach, Kansas’ secretary of state, as a way to identify
voters casting ballots in more than one state. Indivisible Chicago then posted emails and other documents it received, including messages exchanged between elections officials in Illinois and Florida and Crosscheck.
The emails and records revealed numerous security weaknesses.
Crosscheck’s files are hosted on an insecure server, according to its
own information. Usernames and passwords were regularly shared by email,
making them vulnerable to snooping. And passwords were overly
simplistic and only irregularly changed.
“It blows my mind — this is complete operational security
incompetence,” said Joe Hall, the chief technologist for the Center for
Democracy & Technology, an organization that promotes internet
freedom. “You should consider all of that stuff in the hands of people
who are clever enough to intercept someone’s email.”
The Kansas secretary of state’s office did not respond to emailed questions about Crosscheck’s security.
Click here for the full article.
Source: ProPublica
No comments:
Post a Comment