A request by President Trump’s voter fraud commission for data from states could pose a threat to national security, according to former Homeland Security Secretary Michael Chertoff.
Michael Chertoff, who led DHS under President George W. Bush from 2005 to 2009, wrote in an op-ed for the Washington Post on Wednesday that if “sensitive data is to be collected and aggregated by the federal government,” the Trump administration must ensure the information is not targeted by hackers.
Trump’s Presidential Advisory Commission on Election Integrity sent a letter to all 50 secretaries of state last week requesting voters’ full names, their addresses, their birth dates, the last four digits of their Social Security numbers, their voting histories and their political parties, if they had been recorded.
Nearly every state has objected to the request in some form. Kris Kobach, vice chairman of the commission and the Kansas secretary of state, has refuted that characterization, argued Wednesday that up to 36 states had expressed a willingness to provide whatever information is permitted for release under the law.
Chertoff says the commission’s ambition to create a database of personal information from all voting Americans could entice criminal actors.
“We know that a database of personal information from all voting Americans would be attractive not only to adversaries seeking to affect voting but to criminals who could use the identifying information as a wedge into identity theft,” Chertoff said. “We also know that foreign intelligence agencies seek large databases on Americans for intelligence and counterintelligence purposes.”
National security experts say America’s diffuse voting system, where states manage their own databases, makes it more secure from hackers.
Numerous news reports have documented how Russian hackers penetrated the election systems in as many as 39 states last year.
“Although many of these individual databases are vulnerable, there is some protection in the fact that U.S. voting systems are distributed among thousands of jurisdictions,” Chertoff said. “As data-security experts will tell you, widespread distribution of individual data elements in multiple separate repositories is one way to reduce the vulnerability of the overall database.”
Chertoff said the commission needs to address outstanding questions about what it intends to do with the data it collects, such as how and where the information will be kept, who would have access to it, and whether it would be encrypted.
Chertoff is not the only security expert who is concerned about the potential vulnerability of a centralized system of voter information.
Politico published a story this weekend in which cybersecurity experts warned that cyber criminals could use the data for identity theft scams, and foreign spies could leverage for disinformation schemes.
“This information is particularly sensitive because it can be matched up with other stolen or publicly available information to build a more complete profile for an individual and target them for fraud or other exploitation,” said Jason Straight, a data breach expert who serves as chief privacy officer at the business solutions firm UnitedLex.
Marc Lotter, a spokesman for Vice President Mike Pence, who is leading the panel with Kobach, insisted cybersecurity will be strong.
“The federal government takes cybersecurity very seriously,” he told Politico. “No publicly identifiable information will be released to the public and the information will be managed consistent with federal security guidelines.”
