Some states fear that a Kansas voter record system could fall prey to hackers, prompting a delay in the annual collection of nearly 100 million people’s records into a database scoured for double-registrations.
Kansas Secretary of State Kris Kobach touts the program, called Crosscheck, as a tool in combating voter fraud. Last year, 28 states submitted voters’ names, birth dates, and sometimes partial social security numbers, to Kobach’s office.
But last fall, the news outlets ProPublica and Gizmodo reported a raft of cybersecurity weaknesses. For instance, Crosscheck relied on an unencrypted server for transmitting all that data.
Election officials in other states told Kansas to fix the problems, a process Kobach’s office says is nearly complete.
“We still have work to do,” said Bryan Caskey, who handles elections matters in Topeka. “We all just need to make sure that we’re doing everything we can to ensure the integrity of the program.”
Normally, Kansas starts collecting voter registration records from other states on Jan. 15 but hasn’t started yet this year because of the security weaknesses.
The Illinois election board nearly pulled out of Crosscheck last fall. Matt Dietrich, a spokesman for the agency, said his agency gave Kansas a list of IT problems that need fixing before their state will send any more data.
"They’re not going to be able to just give us a date and have us give them data," Dietrich said, "until they address these things that we told them about."
Kobach will no longer rely on that unencrypted data transmission system, which ran through the Arkansas secretary of state.
“In this year’s version of the program, Kansas is taking all that in-house,” Caskey said.
Though it relied on Arkansas for data transmission—letting states upload their records and obtain lists of potential double-registered names in return—Caskey said Kansas had already been handling data storage without that state’s help. Now, he said, the Kansas office is confident it can handle the transmission safely too.
Storing data for other states landed a Kansas state agency in trouble last year. Hackers accessed more than 5.5 million social security numbers stored by the Kansas Department of Commerce on behalf of 10 states.
In 2016, legislative auditors completed a three-year review of information technology security at 20 Kansas agencies that store sensitive information. They turned up significant weaknesses at most, including unpatched vulnerabilities that could open the door to hackers. The Secretary of State’s Office was not part of that audit.
--
Celia Llopis-Jepsen is a reporter for the Kansas News Service, a collaboration of KMUW, Kansas Public Radio and KCUR covering health, education and politics. You can reach her on Twitter @Celia_LJ.
To contact KMUW News or to send in a news tip, reach us at news@kmuw.org.
