Democrats on a legislative panel Wednesday urged state elections officials to quickly remove Illinois from a controversial interstate voter registration program amid warnings it is unreliable and vulnerable to hacking, threatening to act on their own if they don’t.
“For months now it has been very obvious that millions of Illinoisans’ personal data is at risk because of our participation in this program,” state Rep. Will Guzzardi, D-Chicago, said at a joint state House and Senate committee hearing on the topic. “As soon as possible, the (State Board of Elections) should say the logical thing, which is, ‘We cannot participate in this program because it is putting Illinois at risk.’ ”
Illinois is among a number of states evaluating participation in the Interstate Voter Registration Crosscheck Program, conducted through the Kansas secretary of state’s office that is aimed at flagging duplicate voter registrations across state lines.
Crosscheck has drawn heightened political attention due to questions of the security of voters’ personal information. In addition, some states have been sued for wiping out voter registrations based solely on the system’s findings without following procedures spelled out in federal voting rights laws.
“It has been demonstrated the Crosscheck is being used, even though it may not have originated this way, as a very partisan tool, and I think it’s irresponsible for the State Board of Elections to explicitly allow the removal of voters in other states with our data,” state Rep. Carol Ammons, D-Urbana, said. “We are complicit in the denial of voting rights for people in other states, and its demonstrable.”
Security concerns involving Illinois voter registration data and participation in Crosscheck was brought to the fore by Indivisible Chicago, a progressive group formed following President Donald Trump’s election that found various security lapses. Additionally, the top election official in Crosscheck’s home state, Kansas Secretary of State Kris Kobach, co-chairs a Trump-appointed panel on voter fraud that Democrats contend is aimed at trying to push voter suppression measures and has created its own security concerns.
Bernadette Matthews, the assistant executive director of the State Board of Elections, said the board will discuss participation in Crosscheck when it meets Monday, though no vote is on the agenda. Democratic lawmakers said they eventually could consider state legislation to remove Illinois from Crosscheck.
Matthews said if there is a need to rely on Crosscheck, it’s because of the frequent transition of people from Illinois to Indiana. That prompted state Sen. Bill Cunningham, D-Chicago, to ask if the board should consider an intergovernmental agreement with Indiana to share voter information.
Illinois currently participates in two multistate voter registration sharing programs: Crosscheck and the Electronic Registration Information Center, known as ERIC. State elections officials acknowledge the ERIC system provides more reliable information and greater security for personal information than Crosscheck. But they note that of Illinois’ neighboring states, only Wisconsin is an ERIC participant.
Shawn Davis, director of digital forensics for the law firm Edelson PC, detailed a series of security problems with Crosscheck that made voter information, including names, addresses, dates of birth and the last four digits of personal Social Security numbers vulnerable to hackers.
Davis said his review revealed security faults, outmoded encryption technology, improperly configured firewalls and breeches of commonly accepted practices in which user names and passwords were routinely emailed to states across the country.
Moreover, Davis said through government Freedom of Information Act requests and publicly available information, passwords and other information to be kept confidential between the states were released. States were able to access results of voter registration comparisons by all using the same password.
Davis, who also is a faculty member of the Illinois Institute of Technology’s Center for Cybersecurity and Forensic Education, said the vulnerabilities were unlikely to have a great effect on voter registration as much as “it could lead to widespread ID theft and fraud.”