Names, addresses, birthdates and the last four digits of social security numbers shared by the Mississippi Secretary of State’s office with a voter registration clearinghouse is susceptible to hackers, according to a ProPublica report.
Secretary of State Delbert Hosemann in 2009 began sharing Mississippians’ personal data with the Kansas-based Interstate Voter Registration Crosscheck Program, which was established in 2005 to identify possible duplicate voter registrations across state lines and provide evidence of possible double votes.
The October ProPublica report highlights several security weaknesses within the Crosscheck program that leaves Mississippians’ personal information vulnerable to hackers, including information being stored on insecure servers.
The ProPublica analysis differs sharply with assurances Hosemann gave Mississippi Today in July that the information shared with the Crosscheck program “is subject to strict security standards, including encryption and permanent deletion.”
When asked this month if Hosemann would rethink sharing personal data with the Kansas-based Interstate Voter Registration Crosscheck Program following the ProPublica report, a spokeswoman for Hosemann said: “We don’t have anything to add right now, but if we do in the future, I’ll let you know.”
The ProPublica report is based largely on public records requests filed by Indivisible Chicago, a citzens group formed after last fall’s election to obsturct the agenda of President Donald Trump. The report chronicles troubling security issues within the program:
• Files received from the 28 participating states are hosted on an insecure server.
• Usernames and passwords were emailed by program staffers, making them more accessible to hackers.
• Passwords were “overly simplistic and only irregularly changed.”
“It blows my mind — this is complete operational security incompetence,” Joe Hall, the chief technologist for the Center for Democracy & Technology, an organization that promotes internet freedom, told ProPublica. “You should consider all of that stuff in the hands of people who are clever enough to intercept someone’s email.”
Hosemann made national headlines in June when Kansas Secretary of State Kris Kobach, the head of President Donald Trump’s newly formed Advisory Commission on Election Integrity, requested detailed voter information from all 50 states.
When asked if he would comply with the request, Hosemann, a Republican, responded: “They can go jump in the Gulf of Mexico and Mississippi is a great state to launch from. Mississippi residents should celebrate Independence Day and our state’s right to protect the privacy of our citizens by conducting our own electoral processes.”
But a Mississippi Today report a week later showed that Hosemann had been sharing that same requested info to the Crosscheck program – launched and managed by Kobach himself – since 2009.
That’s when Hosemann defended the Crosscheck’s security guidelines, drawing distinctions between the Crosscheck program and the one Kobach aimed to launch under the Trump administration.
Hosemann emphasized that the Trump administration’s request for voter file information included “no guarantee of confidentiality and without oversight from or control by the states.”
Twenty-eight states, including Mississippi, participated in the Crosscheck program in 2016, according to its website.
Oregon, Washington and Florida left the program in recent years after encountering flawed data reports, and since the ProPublica report published in October, Illinois and Idaho officials have publicly reconsidered sending their voter information to the program.