Imagine if your information, including name, your birthday, part or all of your Social Security number, and perhaps your address were compiled and shared, along with the same information of thousands upon thousands of other people. Shared just with the click of an email with minimal encryption. Stored on some server in Arkansas with minimal security.
Such vulnerable data would be a glaring security threat, and quite concerning to the average person. Concerns over identity theft, hostile foreign interference, and tampering would run rampant. And yet, an insecure server that holds significant personal data actually exists. It’s called the Interstate Voter Registration Crosscheck Program.
Crosscheck is used by over two dozen states to compare voter records in a flawed attempt to identify cases of voter fraud. Sponsored by Kansas’ controversial Secretary of State Kris Kobach, this program compares data that’s insufficient to produce dependable results. Researchers at Harvard and Stanford say it leaves room for massive error: They found Crosscheck makes it 99 percent more likely that a legitimate voter get purged from the rolls than an illegitimate one. The system is also a glaring security risk, as it uses minimal IT security and its operators have demonstrated a disregard for basic cybersecurity protocol. The result? Information of millions of voters is vulnerable to hacking, tampering, and manipulation.
An investigation by ProPublica determined that Crosscheck “suffers from data security flaws that could imperil the safety of millions of peoples’ records.” Crosscheck supposedly works by having states send in certain data from their voter rolls, which is then compared with that from other states. The data is stored on a standard server in Arkansas, which the state readily admits is insecure. Data stored on it is unencrypted, leaving it vulnerable to hacking and tampering.