Privacy concerns surrounding ksvotes.org pale in comparison to Kobach’s Crosscheck

The Kansas Reflector welcomes opinion pieces from writers who share our goal of widening the conversation about how public policies affect the day-to-day lives of people throughout our state. Mission Hills resident Anita Parsa is an election security activist.

In January 2018, working with Rep. Brett Parker (D-Overland Park), I approached members of the Kansas Legislature with a very modest proposal: Pass a law requiring data liability insurance to protect Kansas in the event that the state-run Interstate Voter Registration Crosscheck (or simply Crosscheck) was breached.

Crosscheck was a database of 100 million records, run by then-Secretary of State Kris Kobach. Containing voters’ private information collected from more than 25 states, it was loosely protected by an insecure server and problematic operational security, leaving Kansas vulnerable to serious financial consequences in the event of a breach.

Months earlier, local and national news had reported that Florida had paid more than $100,000 to remedy its breach of only 945 records out of the 100 million in Crosscheck. And around that same time, 14 national security experts filed an amicus brief describing large scale aggregated databases of voter registration data as “particularly attractive targets for malicious cyber actors.”

From that incident it was easy to extrapolate the risk of a larger breach of our attractive target, up to a billion dollars of potential liability for Kansas taxpayers.

A bill was quickly drafted, with support from both Democratic and Republican legislators.

And then, just as quickly, the bill went “poof.” Somehow, in the behind the scenes machinations of our Republican-led legislature, this common sense, bipartisan bill to protect Kansans from a massive potential risk was killed.

Shortly thereafter, Mike Kuckelman, chairman of the Kansas Republican Party, and Kris Kobach, election integrity powerhouse, expressed their deep concern about the financial liability and data security vulnerability Kansans faced.

Just kidding.

Kuckelman said nothing. Kobach, in response to reports of the actual, documented Florida breach and risk of further data privacy breaches, said, “I do not concede there is a problem.”

Shortly after he said this, a review by the U.S. Department of Homeland Security confirmed public reporting that Crosscheck’s data security issues were significant and Kobach was forced to shutter the system.

Yet in a recent Kansas Reflector article, Kobach and Kuckelman are terribly concerned about how ksvotes.org might use data unfairly.

Editor Sherman Smith’s article, “Privacy concerns shadow popular voter registration website,” raised questions about the use of data from ksvotes.org, an alternative voter registration website created in 2017 by Blueprint Kansas in response to barriers Kobach erected to registering to vote in Kansas.

Ksvotes.org collects voter data and uses it for two reasons: to register Kansans to vote and to remind voters to vote.

The officers of Blueprint Kansas — Brian McClendon, Jamie Shew, Kate Davis and Patrick Miller — say they haven’t used it in any other way, there is no accusation that they have used it any other way, they say they don’t plan to use it any other way, and doing so would jeopardize their 503(c)(3) status.

But Kobach and Kuckelman are scare-mongering that maybe they could someday?

The chasm between Kobach and Kuckelman’s dismissive reactions to the documented security issues of 100 million voter records in Crosscheck and their pearl-clutching over hypothetical issues with 40,000 records in ksvotes.org just might reveal that their concerns about ksvotes are driven more by fear of being held accountable to voters than principled commitment to voters’ data privacy rights.