Voter data stored on the Crosscheck records system is unencrypted, putting the information of millions of voters at risk. (AP Photo / M. Spencer Green)
Imagine if your information, including name, your birthday, part or all of your Social Security number, and perhaps your address were compiled and shared, along with the same information of thousands upon thousands of other people. Shared just with the click of an email with minimal encryption. Stored on some server in Arkansas with minimal security.
Such vulnerable data would be a glaring security threat, and quite concerning to the average person. Concerns over identity theft, hostile foreign interference, and tampering would run rampant. And yet, an insecure server that holds significant personal data actually exists. It’s called the Interstate Voter Registration Crosscheck Program.
Crosscheck is used by over two dozen states to compare voter records in a flawed attempt to identify cases of voter fraud. Sponsored by Kansas’ controversial Secretary of State Kris Kobach, this program compares data that’s insufficient to produce dependable results. Researchers at Harvard and Stanford say it leaves room for massive error: They found Crosscheck makes it 99 percent more likely that a legitimate voter get purged from the rolls than an illegitimate one. The system is also a glaring security risk, as it uses minimal IT security and its operators have demonstrated a disregard for basic cybersecurity protocol. The result? Information of millions of voters is vulnerable to hacking, tampering, and manipulation.
An investigation by ProPublica determined that Crosscheck “suffers from data security flaws that could imperil the safety of millions of peoples’ records.” Crosscheck supposedly works by having states send in certain data from their voter rolls, which is then compared with that from other states. The data is stored on a standard server in Arkansas, which the state readily admits is insecure. Data stored on it is unencrypted, leaving it vulnerable to hacking and tampering.
Security experts have noted that even inexperienced hackers could gain access to the server. Imagine what an experienced hacker could do. Take data. Change birthdays. Remove names. Add nonexistent names. Whatever they wanted to do.
Beyond the server, the people operating Crosscheck handle the data carelessly. The most simple security measures such as changing passwords and avoiding sharing them via email were neglected or ignored. This may explain why passwords have been obtained by unauthorized third parties, and why states have wrongly received back the information of other states.
What makes all of this worse is that those operating Crosscheck previously promised participating states that “industry standard encryption technology and passwords” were used to secure the system. States were lied to as a means of securing their participation in the program.
In light of recent insecurity revelations, multiple states have left the program or are reconsidering their participation in the program. Kentucky left the program just last month because of security concerns and “unreliable” results. Alaska, Florida, Pennsylvania, Massachusetts, Washington, Oregon, and New York previously left the program.
Despite acknowledging that Crosscheck has numerous vulnerabilities, those running it in Kansas have made clear that the plans to improve security are insufficient. In fact, the Kansas election director has noted that he is unsure whether the Kansas taxpayers would pay for needed security upgrades.
Given the litany of recent reporting on just how insecure Crosscheck is, no state can credibly still be in the dark. So why is any state still participating in Crosscheck? Good question, especially since there is a much more secure and reliable alternative.
The Electronic Registration Information Center, or ERIC, was created in 2012 by Pew Charitable Trust and IBM. It uses more data points to compare voter information, producing far more reliable results than Crosscheck. But, just as important, it is also far more secure than Crosscheck.
Even before February 28, the reasons for Donald Trump’s imploding approval rating were abundantly clear: untrammeled corruption and personal enrichment to the tune of billions of dollars during an affordability crisis, a foreign policy guided only by his own derelict sense of morality, and the deployment of a murderous campaign of occupation, detention, and deportation on American streets.
Now an undeclared, unauthorized, unpopular, and unconstitutional war of aggression against Iran has spread like wildfire through the region and into Europe. A new “forever war”—with an ever-increasing likelihood of American troops on the ground—may very well be upon us.
As we’ve seen over and over, this administration uses lies, misdirection, and attempts to flood the zone to justify its abuses of power at home and abroad. Just as Trump, Marco Rubio, and Pete Hegseth offer erratic and contradictory rationales for the attacks on Iran, the administration is also spreading the lie that the upcoming midterm elections are under threat from noncitizens on voter rolls. When these lies go unchecked, they become the basis for further authoritarian encroachment and war.
In these dark times, independent journalism is uniquely able to uncover the falsehoods that threaten our republic—and civilians around the world—and shine a bright light on the truth.
The Nation’s experienced team of writers, editors, and fact-checkers understands the scale of what we’re up against and the urgency with which we have to act. That’s why we’re publishing critical reporting and analysis of the war on Iran, ICE violence at home, new forms of voter suppression emerging in the courts, and much more.
But this journalism is possible only with your support.
This March, The Nation needs to raise $50,000 to ensure that we have the resources for reporting and analysis that sets the record straight and empowers people of conscience to organize. Will you donate today?
Unlike Crosscheck, which is free to join, ERIC does come with an upfront price tag; however, it substantially lessens the downstream cost to states by producing far fewer false positives that have to be reviewed by state employees one name at a time. Even putting the difference in results aside, the fee is a small price to pay for securing the personal information of millions of voters.
Secretaries of state are charged with securing citizens’ data. By participating in Crosscheck, and continuing that participation in light of all the security concerns, secretaries of state are failing that responsibility. They ought to pull out of Crosscheck immediately. If they still want to partake in an interstate comparison system, they can partake in ERIC.
The past two years have seen one sign after another of the dangers of hostile interference in our election system. One of the most basic lessons learned should be to secure our voter systems the best that we can. Crosscheck is an abysmal fail at learning that lesson. As voters, we should demand better. And secretaries of state should listen. Before it’s too late.
Russ FeingoldRuss Feingold served as a Democratic senator from Wisconsin from 1993 to 2011 and is currently president of the American Constitution Society.