Capitol Fax.com - Your Illinois News Radar » Accidental (and apparently harmless) password leak could prompt move away from Crosscheck program
SUBSCRIBE to Capitol Fax      Advertise Here      About     Exclusive Subscriber Content     Updated Posts    Contact Rich Miller
CapitolFax.com
To subscribe to Capitol Fax, click here.
Accidental (and apparently harmless) password leak could prompt move away from Crosscheck program

Thursday, Oct 19, 2017 - Posted by Rich Miller

* Indivisible Chicago

Crosscheck is an interstate data-sharing program between 28 states. Participating states send their entire voter file to a server in Arkansas. Kansas then downloads all of this data, runs a rudimentary name matching algorithm, and then uploads the results back to Arkansas. We have the passwords to every step in this process.

We’ve posted documents obtained by Indivisible Chicago as a result of FOIA requests to Florida and Illinois. The “yellow paper” redactions are our redactions of usernames and passwords carelessly sent via email. We have redacted instead of posting publicly, as we take the sensitivity of this data more seriously than the Illinois, Arkansas, and Kansas election authorities.

The documents include:

    Passwords to Crosscheck Results files for all states, 2011
    Passwords to Crosscheck Results files for all states, 2013
    Passwords to Crosscheck Results files for all states, 2014
    Illinois State Board of Elections, full voter file encryption password, 2012
    Illinois State Board of Elections, full voter file encryption password, 2014
    Arkansas decides not to change passwords, 2011
    ISBE username/password to Arkansas FTP server, 2016
    ISBE username/password to Arkansas FTP server, 2017
    Florida-Kansas matches; Florida provides Kansas SSN4
    ISBE IT emails Kansas asking how Crosscheck works\basic security questions, 2017

For some background on how counter-productive and perhaps even dangerous Crosscheck is, click here.

* The documents appear to show the group was sent this info via FOIA

ISBE Encryption Password - 2012
The password used by the Illinois State Board of Elections to encrypt over 8 million voter records in a file sent to Arkansas and Kansas state authorities.

ISBE Encryption Password - 2014
The password used by the Illinois State Board of Elections to encrypt over 8 million voter records in a file sent to Arkansas and Kansas state authorities. NOTE: This is the same password as 2012, only it ends with “2014″ instead of “2012″.

FTP Server Credentials - 2016
Both the username and password, in a single email, which allows Illinois to login to the FTP server in Arkansas which houses over 100 million voter records across 28 states. The server connection is not encrypted, meaning this username/password is not only sitting in email but is transmitted across the internet in plain text.

FTP Server Credentials - 2017
Same as the image above. Exactly the same. How many years states have gone without ever changing their passwords to access such sensitive systems is unknown.

* I reached out to Steve Sandvoss, the executive director of the Illinois State Board of Elections. He said they did attempt to redact all user ID info, login IDs and passwords, but four of them got through. “They should’ve been redacted but they weren’t,” Sandvoss admitted.

But, Sandvoss said, all the login info and passwords are “obsolete” with the exception of the one for 2017. “It’s possible that it is active,” he said, but “the file is empty” because te people who run Cross Check in Kansas are required to immediately delete the information.

And even if it wasn’t empty, Sandvoss said, the file itself is encrypted so you’d need an encryption key to access it and Indivisible Chicago doesn’t have that. And the file can only be accessed remotely via a specific IP address. Without that, you can’t get in.

“At first glance, it looks bad,” Sandvoss admitted. But when you peel the layers back, “We don’t feel that the information they have poses a risk to voter data.”

* But there is an upside for Indivisible Chicago, which has been working to get Illinois out of Crosscheck for a while now. Sandvoss said Florida FOIA laws are “pretty liberal.” A lot of information can legally be requested in that state, which brings up a “legitimate security concern” about remaining in the program. Sandvoss said he thought the full board would take a hard look at that issue when they meet in November to decide whether the state will remain in the program.

…Adding… From Sandvoss…

Hi Rich,

Just an update; the FTP login ID and password contained in the January 19, 2017 e-mail have been changed, therefore the ones that were released are no longer valid.

       

20 Comments
  1. - getafteritguy - Thursday, Oct 19, 17 @ 3:34 pm:

    The point isn’t that they forgot to redact some passwords. The point is that those passwords and username were in Emails. That is gross negligence when we’re talking about SSN4, DOB, Names, Addresses for 8.8 million people.


  2. - Roman - Thursday, Oct 19, 17 @ 3:34 pm:

    The state board gave up passwords and log-ins in the FOIA and then they blame Florida’s FOIA laws for creating vulnerabilities?

    Seeing as Illinois voter data has already been hacked once before by the Russians (who didn’t have passwords and log-ins,) pardon me if I don’t buy the “nothing-to-see-here” assurances from the board of elections.


  3. - OneMan - Thursday, Oct 19, 17 @ 3:44 pm:

    Really curious how they are doing the matching with a ‘rudimentary name matching algorithm’

    Doing it with SOUNDEX (a phonetic algorithm for indexing names by sound, as pronounced in English. The goal is for homophones to be encoded to the same representation so that they can be matched despite minor differences in spelling.) on that scale would give you a ton false positives. So many it would be useless.

    Using full name matching with birthdate might be a better filter but even then it is going to have a decent false positive rate. If you then included logic to see if voting was such that it overlapped it would be better, but still not good enough to close out a voter’s registration.


  4. - Charles - Thursday, Oct 19, 17 @ 3:48 pm:

    soooo…there are emails with decryption passwords that access voter files? I used to work at Indiana University with IT managers. That is unbelievably bad IT security, especially when we are talking about SSN4 and other sensitive info.


  5. - indivisiblechinw - Thursday, Oct 19, 17 @ 4:05 pm:

    “Just an update; the FTP login ID and password contained in the January 19, 2017 e-mail have been changed, therefore the ones that were released are no longer valid.”

    Guarantee you that was changed today. The username and password for 2016 and 2017 were the same and previous years specifically mention not bothering to change passwords. This was a completely reactive response to bad security practices.


  6. - Amalia - Thursday, Oct 19, 17 @ 4:13 pm:

    all very frightening. paper ballots don’t look too bad right now.


  7. - Bebeembop - Thursday, Oct 19, 17 @ 4:15 pm:

    Why didn’t they take proper precaution with the passwords and usernames. Our voter information is vulnerable because of incompetence. Everyone involved with this debacle should resign.


  8. - indivisiblechinw - Thursday, Oct 19, 17 @ 4:16 pm:

    The name matching algorithm is an exact match on firstname, lastname, and DOB. No name variations or Soundex involved.

    They have middlename and SSN4 however even when those mismatch, Crosscheck returns it as a match.

    E.g.,
    John Sam Doe 1/1/1970 8329 in IL
    John Frank Doe 1/1/1970 3439 in KS

    Crosscheck calls those a match and then local clerks in each state have to parse through. To give a sense for the magnitude of that pile of garbage, IL receives ~500k “matches” every year from Crosscheck that are re-assess every single year. That’s nuts.

    Here is the count of match rows for the last 4 years:
    2017:542,065
    2016:454,325
    2015:456,791
    2014:451,982

    This is for “maintenance” yet the number of matches never goes down… the vast majority of this is garbage that just gets thrown over the wall every year and re-parsed through every year, mixed in with the % of people who actually move in/out of state and should have their voter records updated. It would be hard to design a less efficient system. No one can tell us the hours spent across every county filtering through this mess every year.


  9. - Harold - Thursday, Oct 19, 17 @ 4:35 pm:

    The usernames and passwords weren’t obsolete when they were originally put in emails, apparently group emails, and sent willy nilly all over the internet. That is textbook gross incompetence and when we’re talking about sensitive voter information….that person should get canned.


  10. - Claire - Thursday, Oct 19, 17 @ 4:53 pm:

    This really shows a disregard for ensuring that voters have the right to vote without risking that their personal information will be inappropriately divulged.


  11. - John - Thursday, Oct 19, 17 @ 4:55 pm:

    My buddy told me that if he had put user names and passwords in unencrypted emails he would be fired from his job. In this case…it seems we’re talking about some pretty sensitive data. Isn’t the State Board of Elections accountable to the Legislative Branch?


  12. - Lynn - Thursday, Oct 19, 17 @ 4:58 pm:

    John - No, the Illnois State Board of elections has broad powers and little to no oversight with regard to election management in this state which includes voter registration data. It seems to me that Legislators need to consider legislation in the upcoming session that would be some general checks on board. This type of incompetence can’t happen.


  13. - Bebeembop - Thursday, Oct 19, 17 @ 5:02 pm:

    Lynn: they should call have the ISBE members and staff to the Assembly and question them. Between this, the hacked Illinois voter roll, the exposed Chicago voter roll, and the vulnerability of e-voting machines to hacking, the Illinois government needs to get a handle on voting and voter rolls before the next election cycle.


  14. - countrybeforeparty - Thursday, Oct 19, 17 @ 5:02 pm:

    I’m frankly shocked that the IL State Board of Elections would not immediately pull our state from Crosscheck based on this gross negligence. No matter your political affiliation, you should be outraged that IL voters’ personal info is so vulnerable and used in such a dysfunctional way that is designed to make it more difficult for citizens to exercise their right to vote and make their voice heard.


  15. - Hanna Banana - Thursday, Oct 19, 17 @ 5:12 pm:

    I don’t understand. DId Springfield pass a law that we participation in Crosscheck? There was something wasn’t there? I thought they passed something.


  16. - Bother J - Thursday, Oct 19, 17 @ 5:17 pm:

    NO its voluntary. They could vote to get out all on their own. It seems that the republicans on the board don’t want to and don’t care that Illinois voter registration has been put at serious risk.


  17. - arewedoomed - Thursday, Oct 19, 17 @ 6:19 pm:

    This is absolutely ridiculous. Anyone who pays attention has known for years that crosscheck is problematic at best…more accurately it is racist and disenfranchises voters. Now it’s a way to hand over personal data to hackers who don’t even have to be that good at hacking.

    We need out and we need out now.


  18. - TinyDancer(FKASue) - Thursday, Oct 19, 17 @ 9:01 pm:

    All this to detect all that voter “fraud” that doesn’t even seem to exist.
    This is what we should be worried about:

    https://www.c-span.org/video/?435437-1/def-con-hacking-report-warns-voting-machines-vulnerability

    Here’s the report:

    https://www.defcon.org/images/defcon-25/DEF%20CON%2025%20voting%20village%20report.pdf


  19. - McLincoln - Thursday, Oct 19, 17 @ 11:51 pm:

    FTP was dubbed unsecured > 5 years ago. I’m an accountant and I know this.


  20. - ThatGirl - Friday, Oct 20, 17 @ 2:07 pm:

    How can the ISBE justify participation in a system that’s outdated, not secure, and partisan when the IL legislature has passed a law specifically requiring IL to participate in a secure, non-partisan system? It’s negligence at best.


Sorry, comments for this post are now closed.


* Showcasing The Retailers Who Make Illinois Work
* Reader comments closed for the holidays
* And the winners are…
* SUBSCRIBERS ONLY - Update to previous editions
* Isabel’s afternoon roundup
* Report: Far-right Illinois billionaires may have skirted immigration rules
* Question of the day: Golden Horseshoe Awards (Updated)
* Energy Storage Brings Cheaper Electricity, Greater Reliability
* Open thread
* Isabel’s morning briefing
* SUBSCRIBERS ONLY - Today's edition of Capitol Fax (use all CAPS in password)
* Live coverage
* Selected press releases (Live updates)
* Yesterday's stories

Support CapitolFax.com
Visit our advertisers...

...............

...............

...............

...............

...............

...............

...............


Loading


Main Menu
Home
Illinois
YouTube
Pundit rankings
Obama
Subscriber Content
Durbin
Burris
Blagojevich Trial
Advertising
Updated Posts
Polls

Archives
December 2024
November 2024
October 2024
September 2024
August 2024
July 2024
June 2024
May 2024
April 2024
March 2024
February 2024
January 2024
December 2023
November 2023
October 2023
September 2023
August 2023
July 2023
June 2023
May 2023
April 2023
March 2023
February 2023
January 2023
December 2022
November 2022
October 2022
September 2022
August 2022
July 2022
June 2022
May 2022
April 2022
March 2022
February 2022
January 2022
December 2021
November 2021
October 2021
September 2021
August 2021
July 2021
June 2021
May 2021
April 2021
March 2021
February 2021
January 2021
December 2020
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
December 2019
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
November 2016
October 2016
September 2016
August 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016
December 2015
November 2015
October 2015
September 2015
August 2015
July 2015
June 2015
May 2015
April 2015
March 2015
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
December 2013
November 2013
October 2013
September 2013
August 2013
July 2013
June 2013
May 2013
April 2013
March 2013
February 2013
January 2013
December 2012
November 2012
October 2012
September 2012
August 2012
July 2012
June 2012
May 2012
April 2012
March 2012
February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004

Blog*Spot Archives
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005

Syndication

RSS Feed 2.0
Comments RSS 2.0




Hosted by MCS SUBSCRIBE to Capitol Fax Advertise Here Mobile Version Contact Rich Miller