Voter Suppression Security Flaws

From Indivisible.org, how big data is being used for voter suppression--and how inept the oppressors are with sensitive information:

On October 23, a story broke in Mother Jones, ProPublica, and Think Progress that caused a big stir in voting rights circles. A group of citizens in Illinois had discovered some smoking-gun evidence that the problematic Interstate Crosscheck program had some major security issues—and that key people knew about them.

WHAT DID YOU GUYS DISCOVER? COULD YOU WALK US THROUGH THE SECURITY PROBLEMS YOU FOUND?

• Within the past two weeks we discovered massive security failures in the Crosscheck program and in how the Illinois State Board of Elections (SBE) handles voter data.  
• We sent Freedom of Information Act (FOIA) requests to Illinois and other states for information about the program. We were startled by what we got back.
• For starters, we received multiple usernames and passwords that election officials use to log in to voter data and Crosscheck systems.
• The primary problem here is not that we have these passwords, but that the records show that every official and IT department involved in this process has been sending those usernames, login passwords, and decryption passwords in clear text in regular old emails—sometimes on chains with up to eighty recipients. Those are really bad security practices, even under normal circumstances. Anyone could have these passwords, and they could have been used while the election officials would have been none the wiser.
• In addition, Crosscheck asks states to upload their entire voter file to a server that does not use any encryption protocols. This means that every state’s username and password to this central server housing 100 million voter records is sent in clear text across the Internet.
• Even worse: even after there was an unprecedented rash of hacks against voter registration systems in 2016, Crosscheck and the twenty-eight participating states changed nothing and continued their poor security practices in 2017.
• In addition to these technical issues, we also exposed another flaw: if we can get information about thousands of voters through FOIA requests this way, other people can too. For example, we have about 1,000 Kansans voter information plus the last four digits of their social security number thanks to Florida. It appears that voter data sent to Crosscheck is then susceptible to open records requests in other states.

As someone who has helped create and maintain databases for technical development and manufacturing, this reveals how the custodians of this personal data don't understand what they are doing, don't trust the procedures they've implemented, don't trust each other in maintaining the information records, and simply don't care about the personal information in their care and custody.