White House’s planned voter database could be hacking target, experts warn

Posted at 10:05 PM, Dec 05, 2017

Nine national security and cybersecurity experts filed an amicus brief Tuesday afternoon in support of a lawsuit against the Presidential Advisory Commission on Election Integrity. The experts warn that the commission’s plan to centralize voter data with a national database could become a target of foreign cyber attacks.

The brief — filed by Georgetown Law’s Institute for Constitutional Advocacy and Protection and signed by former Director of National Intelligence James Clapper, among others — supports a pending lawsuit against the commission, which attempted to retrieve voter data — including names, addresses, birthdays and partial Social Security numbers — from all 50 states.

The commission, which was set up by President Donald Trump to combat voter fraud, is headed by Kansas Secretary of State Kris Kobach, a staunch supporter of voter ID laws. In July, 44 states and the District of Columbia refused to provide certain types of voter information to the commission, which were requested by Kobach.

Currently, voter data is decentralized across states. The amicus brief signatories say that by housing all the data in one place, “(p)ersonally identifiable information about millions of American voters would be extremely valuable to foreign adversaries seeking to interfere in future elections.”

“The bigger the database, the greater the payoff from a potential breach,” the brief states.

The group also raised concerns over the “seemingly last-minute” decision to store the database in a repurposed White House system instead of storing it with the Department of Defense. The filers say the White House has not said what system has been repurposed, and they warn that it “may lack core safeguards.”

“Based on what is already known, however, there is substantial reason to believe that the Commission has gone about its work in ways that subjected the data to significant vulnerabilities and indeed exacerbated those vulnerabilities,” a release for the brief states.

Election interference by Russia in 2016 was also a concern for the security experts.

“(A) foreign adversary such as Russia could conduct targeted information campaigns against particular subsets of voters. It could even seek to undermine voters’ access to the polls by, for example, targeting individuals of one party or another (or perhaps of all parties) with disinformation about the locations or hours of polling places or false reports that an election has been postponed or canceled,” the brief states.

The filers add that if a hack could alter the information stored on the database, “the results could have other serious implications for future elections” and “could cause widespread confusion for months or years to come.”

Signatories of the brief include former National Counterterrorism Center Director Matt Olsen, former Deputy Assistant Secretary of Homeland Security Paul Rosenzweig, former Under Secretary of Homeland Security for the National Protection and Programs Directorate Suzanne Spaulding, former Deputy Chief Technology Officer for the Obama administration Alexander Macgillivray, former Justice Department Chief Privacy Officer Nancy Libin, former Coordinator for Cyber issues for the State Department Christopher Painter, former White House technology adviser Dipayan Ghosh and former White House Senior Director of Cybersecurity Policy Andrew J. Grotto.