Since the president’s Advisory Commission on Election Integrity requested voter rolls from state election officials—allegedly for the purpose of investigating Trump’s unproven claims about widespread voter fraud—45 states and the District of Columbia have either partially or wholly declined to share their data, and security experts have raised concerns about whether the commission has the technical capabilities to keep the data secure.
A federal judge raised questions last week about the security of voter data transferred to the commission. Sources tell Gizmodo that the White House is backing down from its initial requests for state election officials to send the data through a file transfer website created by the Army and not intended for civilian use. The commission plans to propose another option for states to submit data, the sources said.
The commission’s plans were confirmed in a court filing this afternoon, which said the commission has decided to use “alternative means” for gathering the voter data. “The Director of White House Information Technology is repurposing an existing system that regularly accepts personally identifiable information through a secure, encrypted computer application within the White House Information Technology enterprise,” the filing says.
The commission is asking states to provide extensive private information about voters, including birthdates, partial Social Security numbers, and voting history since 2006.
Kris Kobach, the vice chairman of the commission, initially provided two ways for officials to send in their voter data: The first is an email address that, as Gizmodo reported, does not support basic encryption protocols. Voter data sent to the address would be transmitted over an unencrypted connection, leaving it vulnerable to interception or manipulation.
The second option the commission offered is an application called SAFE—the Safe Access File Exchange—used for the transfer of unclassified files too large for email. Although SAFE appears properly configured for use on military computers, ensuring an encrypted connection on a civilian computer would require state officials to take several technical steps, for which the commission provided no guidance.
SAFE is administrated by the U.S. Army Aviation and Missile Research Development and Engineering Center (AMRDEC), a military research team, and is widely used in the military and at the White House.
The security of SAFE appeared to be a concern for a federal judge overseeing a lawsuit designed to stop the commission’s collection of voter data. Brought by the Electronic Privacy Information Center, the suit seeks a temporary restraining order to prevent the commission from collecting voter data from state officials until an assessment of the privacy impact on Americans is completed.
U.S. District Judge Colleen Kollar-Kotelly ordered Kobach to describe who maintains the website and how that data would be transmitted from the site to the commission. His responses, filed Thursday, reveal little about the security of the AMRDEC website.
According to a court filing Thursday from Kobach:
The Safe Access File Exchange (SAFE) is an application for securely exchanging files. States will upload data to the SAFE website, and Commission staff will download the files from SAFE onto White House computers. As this is a Presidential advisory commission, the White House is responsible for collecting and storing data for the Commission. The Commission’s Designated Federal Officer (an employee within the Office of the Vice President) will work with White House Information Technology staff to facilitate collection and storage.
But the site’s HTTPS setup, which enables data transmitted from a browser to the site to be sent over an encrypted connection, is problematic for civilian users in state governments. In fact, when state government officials visit the website, they are greeted with a conspicuous warning telling them that their connection is not private—implying that the data could be stolen or altered in transit.
“Mr. Kobach’s representations concerning ‘Safe Access File Exchange (SAFE)’ are alternately misleading or meritless. ‘SAFE’ is not, in fact, a secure system,” EPIC wrote in a Thursday filing. As using the application would apparently require state governments to ignore warnings about the possibility of the voter data being intercepted, EPIC’s assessment that the system is insecure is not without merit.
HTTPS connections are what prevent your credit card details from being stolen when you shop online or your password from getting snatched when you log in to your email account. Your browser establishes an encrypted connection with a website after checking out its certificate, which contains a public key used to encrypt data. If the certificate isn’t trusted, it’s possible that data you upload or enter onto the website is being intercepted by a third party.
That’s why browsers like Chrome and Safari blare warnings at users when problems arise involving a site’s certificate. In order to access SAFE securely, users need a special certificate from the Department of Defense, which issues its own digital certificates instead of relying on those which are recognized by commonly used web browsers. These custom certificates are not routinely installed on computers outside of the federal executive branch—when state officials visit the AMRDEC website, therefore, they are warned that it may be under attack.
Since the commission hadn’t given state officials a DoD certificate—or any information about how to get one—they couldn’t upload data without being warned that their connection is compromised. State officials would have had to click through the browser warnings, which is the exact opposite of what the security professionals who designed the warnings in the first place want them to do.
Simply put, each time a state official who doesn’t already have the DoD certificates attempts to use SAFE, the website warns: “Attackers might be trying to steal your information.” The military’s advice is apparently to ignore it. And that is objectively unwise.
At least one state complied, according to today’s filing from the commission. Arkansas officials uploaded data to SAFE, but the data will be deleted without being downloaded by the commission.
Gizmodo reached out to several state officials concerning the commission’s request but none immediately responded. One official working in a governor’s office said they hadn’t bothered to examine the security of SAFE because they did not intend to comply with the request on the grounds that the president’s commission is a sham.
Clicking through these kinds of warnings “causes warning fatigue on a site where people are being asked to post sensitive information,” Roland Shoemaker, a technology consultant at the Electronic Frontier Foundation who works on the free certificate authority Let’s Encrypt, told Gizmodo. “Really they should never be comfortable clicking through a certificate warning then uploading sensitive info.”
Although Kobach said the voter data will be downloaded onto White House computers, he hasn’t explained how it will be secured once it’s there.
“There’s not enough bourbon here in Kentucky to make this request seem sensible,” Kentucky’s Secretary of State Alison Lundergan Grimes told MSCNBC. “Not on my watch are we going to be releasing sensitive information that relates to the privacy of individuals.”
White House deputy press secretary Sarah Huckabee Sanders had previously dismissed state officials’ concerns about sharing sensitive voter data as “a political stunt.” And despite Kobach’s request for partial Social Security numbers, Sanders asserted that the commission is only requesting information already publicly available.
