The White House on Wednesday requested that every state surrender a laundry list of voter data, including partial social security numbers, using an insecure email address unprotected by even basic encryption technology.
Encouraging state election officials to transmit voter data insecurely belies the White House’s stated goal of improving the security and integrity of federal election systems.
A letter to Connecticut Secretary of State Denise Miller containing the request was tweeted out Thursday afternoon by Vanita Gupta, president and CEO of the Leadership Conference on Civil and Human Rights. It was signed by Kris Kobach, the vice chairman of the Presidential Advisory Commission on Election Integrity. (Vice President Mike Pence chairs the commission, which was formed in mid-May by executive order.) Kobach confirmed to the Kansas City Star that he sent similar letters to officials in every state.
The commission is tasked with drafting a report for President Donald Trump about the processes for registering and voting in federal elections. According to the letter, the commission is investigating “vulnerabilities and issues related to voter registration and voting.” Trump created the commission to look into his unproven claims of widespread voter fraud—the president has asserted that between 3 and 5 million illegal ballots were cast for his opponent, Hillary Clinton, ultimately costing him the popular vote.
The requested data includes:
- Full names
- Home addresses
- Dates of birth
- Political affiliations
- Last four digits of social security numbers
- Elections voted in from 2006 onward
- Information about felony convictions
- Information about voter registration in other states
- Information about military status
- And overseas citizen information
Voter rolls are considered public records, and can be obtained with varying ease, depending on the state. Ohio, for instance, makes its voter records available for download online, while other states require a formal request before handing over their records. However, voter data can be used for identity theft and is considered to be somewhat sensitive. A data firm that worked on Trump’s 2016 campaign recently exposed nearly 200 million voter records online, which the Center for Democracy and Technology likened to a leak of toxic waste. Social security numbers are considered personally protected information, and the exposure of even a partial number (i.e., the last four digits) may drastically increase the risk of identity theft or fraud, according to the US Department of Health and Human Services.
The letter asks that the information be submitted to the email address “ElectionIntegrityStaff@ovp.eop.gov,” which does not use basic security protocols.
The email address is assigned to the EOP—the Executive Office of the President. Secure email tests confirm that EOP email addresses don’t use STARTTLS, a protocol for encrypting email while it travels across the internet so it is less likely to be snooped on while in transit.
“STARTTLS is the minimum security precaution an organization should implement for its mail servers if they expect to be receiving or transmitting potentially sensitive information,” explained Roland Shoemaker, a technologist at the Electronic Frontier Foundation who works on the free certificate authority Let’s Encrypt. “Without point to point encryption anyone with access to the internet link between a user and their mail server, or between two mail servers, can see exactly what has been written, who wrote it, and who it is being sent to.”
Shoemaker noted, however, that STARTTLS only offers partial protection over unencrypted channels. “If an attacker is in a privileged position between two points they can simply strip the STARTTLS flag from a message and prevent the upgrade to an encrypted channel from ever happening,” he added.
To be fair, Kobach’s letter offers an alternative, more secure method for the transmission of the voter data as well (but it’s not clear that state officials would recognize the risk associated with the email address):
“You may submit your responses electronically to ElectionIntegrityStaff@ovp.eop.gov or by utilizing the Safe Access File Exchange (“SAFE), which is a secure FTP site the federal government uses for transferring large data files. You can access the SAFE site at https://safe.amrdec.army.mi/safe/Welcome.aspx.”
The letter also states that “any documents” submitted by Connecticut’s government will be made available to the public, though it’s unclear if the White House means that it intends to publish the home addresses and partial Social Security numbers of roughly 200 million registered voters. That would seem completely unnecessary, if not totally insane.
After the letter became public, Kobach clarified to the Kansas City Star that he intended to store that data on a secure server and not disclose it to the public. He said the Presidential Advisory Commission on Election Integrity needed to collect partial Social Security numbers in order to prevent “false positives.”
The Presidential Advisory Commission on Election Integrity did not immediately respond to a request for comment about its email security practices.
Requests for comment left after business hours with the Connecticut Secretary of State’s office were not immediately answered. Connecticut Secretary of State Merrill issued a statement saying her office would partially comply with the order, while withholding some sensitive data.
“In the spirit of transparency we intend to share publicly-available information with the Kobach Commission while ensuring that the privacy of voters is honored by withholding protected data. In the same spirit of transparency, we will request that the Commission share any memos, meeting minutes or additional information as state officials have not been told precisely what the Commission is looking for. This lack of openness is all the more concerning, considering that the Vice Chair of the Commission, Kris Kobach, has a lengthy record of illegally disenfranchising eligible voters in Kansas. (See, for example, Fish v. Kobach, No. 16-3147, 10th Cir. 2016). The courts have repudiated his methods on multiple occasions but often after the damage has been done to voters. Given Secretary Kobach’s history we find it very difficult to have confidence in the work of this Commission.”
California’s Secretary of State Alex Padilla said that he would not comply with the request at all and would refuse to provide California’s voter rolls.
“California’s participation would only serve to legitimize the false and already debunked claims of massive voter fraud made by the President, the Vice President, and Mr. Kobach. The President’s Commission is a waste of taxpayer money and a distraction from the real threats to the integrity of our elections today: aging voting systems and documented Russian interference in our elections,” Padilla said in a statement.
Government agencies have been pressured to increase their adoption of encryption in order to secure their communications and protect the public’s data. Senator Ron Wyden pressed for government agencies to adopt STARTTLS to protect their communications earlier this year, singling out the agency that manages email for the Pentagon, the Defense Information Systems Agency.
“I am concerned that DISA is not taking advantage of a basic, widely used, easily-enabled cybersecurity technology,” Wyden wrote in a letter to DISA, first reported by Motherboard. “Indeed, until DISA enables STARTTLS, unclassified email messages sent between the military and other organizations will be needlessly exposed so surveillance and potentially compromise by third parties.”