President Trump hasn’t merely demanded personal, identifying information (PII) on all voters in all 50 states.
His Presidential Advisory Commission on Election Integrity also asked that it be sent to a non-secure website, making the data vulnerable to identity theft and financial fraud, according to the Electronic Privacy Information Center (EPIC).
On Wednesday, EPIC filed an emergency restraining order to block the commission from trying to get voter data, calling the data demand a violation of the Constitutional right to privacy.
As of Wednesday, 44 states and the District of Columbia had refused to hand over all the requested information.
Mississippi Secretary of State Delbert Hosemann suggested an alternative action for the commission:
They can go jump in the Gulf of Mexico and Mississippi is a great state to launch from.
On Sunday, Trump tweeted a suggestion that the recalcitrant states and DC are trying to hide something:
Numerous states are refusing to give information to the very distinguished VOTER FRAUD PANEL. What are they trying to hide?
— Donald J. Trump (@realDonaldTrump) July 1, 2017
On June 28, the commission had sent a letter (PDF) to states seeking voter PII in order to “analyze vulnerabilities and issues related to voter registration and voting”.
What data are the states “trying to hide”? … or, rather, what data are some states eager to hand over, others are flat-out refusing to hand over, and some states are cherrypicking according to a disinclination to share sensitive information such as taxpayer IDs or other PII?
According to the letter sent to states, the commission is after:
…full first and last names of all registrants, middle names or initials if available, addresses, dates of birth, political party (if recorded in your state), last four digits of social security number if available, voter history (elections voted in) from 2006 onward, active/inactive status, cancelled status, information regarding any felony convictions, information regarding voter registration in another state, information regarding military status, and overseas citizen information.
In May, Trump signed an executive order to create the commission. One of its mandates is to create a report on voter fraud:
The Commission shall … submit a report to the President that identifies … (c) those vulnerabilities in voting systems and practices used for Federal elections that could lead to improper voter registrations and improper voting, including fraudulent voter registrations and fraudulent voting.
Since the 2016 election, Trump has been claiming massive voter fraud and providing zero evidence.
In addition to winning the Electoral College in a landslide, I won the popular vote if you deduct the millions of people who voted illegally
— Donald J. Trump (@realDonaldTrump) November 27, 2016
The commission has requested publicly available voter roll data, in accordance with the laws of each state. EPIC said in its lawsuit that the request for information such as financial data and, in particular, the home addresses of military members and their families – along with its plans to make the information “publicly available” – is “without precedent and crazy”.
From the commission’s letter:
Please be aware that any documents that are submitted to the full Commission will also be made available to the public.
In its emergency restraining order, EPIC also cites the commission’s failure to undertake a required Privacy Impact Assessment prior to sending requests to state election officials, saying that the omission underscores an “urgent need for relief”. (This isn’t the first time that the government has skipped over a required Privacy Impact Assessment: in March, lawmakers raked the FBI over the coals for failing to do a privacy assessment on the facial recognition technology behind its enormous database of tens of millions of face images.)
The commission’s letter directs states to submit the information by July 14 to ElectionIntegrityStaff@ovp.eop.gov or by what it says is a secure FTP site for transferring large data files, Safe Access File Exchange (“SAFE”), at https://safe.amrdec.army.mil/safe/Welcome.aspx.
Besides the Gulf of Mexico, there are many other bodies of water adjacent to, or within, US states that the commission might consider jumping into, as implied by many states’ responses. CNN has compiled those responses here.
Wilderness
OK, so change the request and don’t make the docs public. The states will be happy and the commission can perform its vital task.
Elliott W
They need to use Rudy’s security company to beef up this site:-o
S Williams
This is kind of BS. The error is occurring because the certificate authority for the site is part of the DoD PKI system. These certificate authorities aren’t in standard root certificate setups, but it doesn’t make them invalid. If admins for orgs dependent on AMRDEC would install the associated DoD certificates on their systems, then the error wont’t occur. This is the case for other DoD websites that aren’t public affairs type sites (like the Air Force Portal).
This is ‘t much different than a business running an internal CA that partners would have to trust in order to not have similar issues.
The article makes it sound like negligence (self signed certain) or web app vulns. She also failed to research why the error was occurring.
Paul
You missed a bit from the letter where it makes it clear that the Commission is requesting (not demanding) information that is publicly available under the laws of the state. If you don’t like that some of that information is PII then you need to take it up with the states.
“In addition in order for the Commission to fully analyze vulnerabilities and issues related to voter registration and voting, I am REQUESTING that you provide to the Commission the PUBLICLY-AVAILABLE voter-roll data for North Carolina, including, if PUBLICLY AVAILABLE UNDER THE LAWS OF YOUR STATE, the full first and last names of all registrants, middle names or initials of available, addresses, date of birth, political party (if recorded in your state), last four digits of social security number if available, voter history (elections voted in from 2006 onward, active/inactive status, cancelled status, information regarding any felony convictions, information regarding voter registration in another state, information regarding military status, and overseas citizen information.”
enkaskal
many .mil sites use the DoD root CA’s. Here’s a brief explanation/example: http://www.forge.mil/Faqs.html#faqs16
Max
Wait, am I missing something? “The commission has requested publicly available voter roll data, in accordance with the laws of each state.” If the data is already publicly available, a) why do they need to request to get it and b) what’s the big deal?
Paul Ducklin
IMO the answers are [a] even though the data may be a matter of public record, it may not be conveniently gathered together in a form that the commission can readily analyse, so the request is probably to do with saving time and effort in getting hold of usable data from all the legislatures in a consistent format and [b] there isn’t one. Feels as though EPIC’s objections in this case might be a bit of a “mountain out of a molehill” situation.
Whether the electoral register ought to be a matter of public record (as it is in the UK, for instance) is a separate issue that is much more interesting to me. My own opinion is that in today’s world of cheap CPU power for data mining, and of relentless cybercrime based on social engineering and other “data treachery”, it is wrong that the electoral register should be public – especially if it is compulsory to register, as in the UK.
Max
I don’t even see the molehill here. If they have an issue with the data being public they should complain about that, but not about someone taking the already public data and making it public again on another platform. And what’s with the states refusing to hand over this data, or suggesting the commission should jump in the Gulf instead? This whole situation is very confusing to me and doesn’t make a lot of sense.