Administrators of the voter registration database used by 32 states and run by Kris Kobach, Kansas’ secretary of state and the co-chair of President Trump’s Commission on Voter Integrity, are emailing passwords and using unencrypted servers, according to newly released documents. These basic security vulnerabilities are leaving sensitive voter information open to the public and potentially hackers

Indivisible Chicago, a branch of the national resistance organization, obtained documents showing that the Interstate Crosscheck Program — a program that compares voter registration databases across states for duplicate voters — is administered in a way that exposes voters’ names, addresses, and in some states, social security numbers, to security breaches.

“They should be going out of their way to make sure this is super secure,” Steve Held, a member of the Indivisible chapter who filed a public records request for the documents, told ThinkProgress. “I probably have as great or greater security on my Twitter account as these guys have on this FTP server.”

According to the documents, elections officials from states that administer the Crosscheck program are sending passwords through unsecured emails to more than 80 recipients. In some states, those emails are subject to public records requests, meaning that people can obtain both passwords and voter files. Some of the documents Held received through his Freedom of Information Act request included unredacted passwords.

We have the 2017 @illinoissbe username & password to the Arkansas FTP server hosting 100m voter records. #EndCrosscheck @illinoissbe pic.twitter.com/MXo0GtbjpJ — Indivisible CHI NW (@indivchicagonw) October 17, 2017

Crosscheck launched in 2005 as part of a broader effort to combat voter fraud and improve election administration. States that participate submit their voter files to Kansas, which stores them in a server based in Arkansas and analyzes them to catch potential double voting. Under Kobach, the program grew from just three states to the 32 states that now participate. Kobach, who is also running for governor of Kansas, has said he wants to use Crosscheck as a model for a national voter database.


Voting advocates have raised concerns about the inaccuracy of the program — roughly 99 percent of the illegal double voters the program catches are false positives, with non-white citizens more likely to be falsely flagged as double voters. In the new documents, Kansas officials admit that double voting rarely occurs and most instances flagged by Crosscheck are errors.

While those concerns should be enough for Illinois to leave the program, Held, whose day job is in technology, claims that the security concerns are just as alarming. The documents show that the Arkansas server is not properly encrypted and provides just one layer of security for a database that stores highly sensitive information.

In their response KS & AR acknowledge the FTP server holding your data is not an encrypted channel. @illinoissbe #EndCrosscheck pic.twitter.com/IQkUDhq3kR — Indivisible CHI NW (@indivchicagonw) October 17, 2017

“They have other security measures in place but the whole concept of security is layers. That’s why you fly in a jet that has four engines. They’re flying in a jet with one engine,” he said. “People would be fired in the private sector for being this incompetent.”


The documents also show that the states running the program use the same passwords from year to year, and when they do make efforts to change passwords, they follow simple formulas that can be easily guessed.

According to Held, the Illinois State Board of Elections is claiming “this is all much ado about nothing” because all of the passwords shared in the documents are old. But that misses the point, he said.

“I don’t know if they’re just that clueless about security or if they’re trying to save face and play this down and try to minimize what all of this means,” he said. “We’re not saying we dumped this voter file or we hacked this. We’re saying that security 101 is: Do not email passwords. Find a secure way to transmit passwords and even encrypt the passwords themselves in transit. That’s just basic basic stuff.”

Even before Indivisible Chicago learned of this oversight, the group had been lobbying the Illinois State Board of Elections to pull out of the Crosscheck program. They claim that while the state was concerned about the massive amount of voter information requested by Kobach and Vice President Mike Pence’s voting commission in June, Illinois elections officials are ignoring the fact that they already exposed the state’s roughly 8 million voters to security breaches when they sent the state’s information to Crosscheck, most recently in March 2017.

This summer, several Democratic state legislators joined Indisivible’s effort to lobby the Board of Elections to pull Illinois out of the Crosscheck program. According to the AP, the American Civil Liberties Union of Illinois and the Chicago Lawyers’ Committee for Civil Rights also oppose the program and helped pack a recent State Board of Elections meeting to advocate against the program. After Indivisible Chicago made the documents public last week, 20 lawmakers wrote a letter encouraging the state to end its participation.

Correction: This story has been updated to reflect that Crosscheck launched in 2005, not 2015 as previously stated.