After hearing an alarming presentation on the widespread vulnerability of Illinois voters’ personal data, a joint House and Senate committee had searing criticism for the State Board of Elections. The board’s sole Chicago-based representative provided answers for the panel regarding the Interstate Voter Registration Crosscheck Program. What lawmakers may not have realized, however, is that their pointed remarks were directed toward an agency already on their side of the issue.

Crosscheck has been at the center of a national voter data crisis. And in Illinois on Wednesday, the two committees were made aware of the depth of the systems mismanagement. Shawn Davis, professor of information technology and management at Illinois Institute of Technology, demonstrated how he was able to obtain crucial Crosscheck encryption keys for millions of Illinois voters via an improperly redacted FOIA request.

Davis also illustrated for the committees how a lack of Crosscheck file integrity checks mean state data uploads could be phished for. “They could also trick a state into uploading files to just a fake Arkansas FTP server,” he said.

Regarding individual voter rolls, Davis said attackers “could add names. They could potentially disqualify more voters and influence the program. They could potentially subtract names to allow more duplicate votes which would influence the program. There are no checks in place to see if that happened.”

Davis is just one of the 600-plus members of the public with committee witness slips in their names, who have been fighting for the state’s withdrawal from Crosscheck and for greater investment on voter data security.

The non-partisan State Board of Elections is anticipated to take a vote relating to the use of Crosscheck during their coming Monday meeting during. Illinois election officials say they’ll review security questions raised about a multi-state voter registration database.

Rep. Will Guzzardi (D-Chicago) drew applause from the room when he called for the board to take immediate action.

“For months now it’s been very obvious that millions of Illinois personal data is at risk because of our participation in this program,” he said. “A good number of us feel very strongly that the board ought to get us out of Crosscheck as quickly as possible and if it’s going be discussed at this meeting next Monday, I encourage that “

SBE members may be a step ahead of Guzzardi. Members have a long record of preference for the panel’s desired voter data verification network, the Electronic Registration Information Center (ERIC).

“I don’t think there’s any argument that ERIC is a superior system,” said SBE’s Assistant Executive Director Bernadette Matthews.

According to Matthews, the crux is in Crosscheck’s lower cost and exponentially larger user base, a factor SBE has to consider in order to comply with statutory requirements. While caught in the dilemma, SBE technology staff have continued to build a case for the state’s investment in ERIC. Since 2015, the board has been required by law to participate in the expensive proprietary network via SB172 while receiving insufficient state funds to pay their way. Consortium membership costs $83,000 per year plus a $25,000 one-time charge, and further one-off fees.   


While Crosscheck security failures became more evident nationally, SBE board members saw solutions in ERIC, which they noted “previously provided an anonymizer program, which is a form of security that the data runs through right before it is sent to ERIC. In addition, the driver’s license number and source key were encrypted as another double security feature.”

As data protection advocates grew louder in state government, SBE echoed those calls for greater investment in voter security. In a Sept.19 meeting, SBE again called on subsidized funding for a better voting data system.

“Insofar as voter list maintenance is concerned, Illinois is a participant in both the Interstate Crosscheck and ERIC programs. Our experience in both indicates that the more robust data-matching done by ERIC gives much more accurate results, with far fewer false positive results and very sound data security. We would recommend that ERIC membership be encouraged, or even monetarily subsidized, for all states,” reads the report.

Hearing Matthews’ agreement with the panel preference Wednesday, Rep. Ann Williams (D-Chicago) asked the question on the minds of many members: What’s stopping Crosscheck-using states from securing their data?

The short answer is the money, time, and inter-state coordination. There’s also the matter of how tightly the dual systems are tangled in many states, including Illinois.

Rep. Mike Fortner (R-West Chicago) laid it out clearly at the meeting when he confirmed that since the state is a member of both Crosscheck and ERIC, it gets match lists from both of those systems. And in both cases the board will combine the results, then sort them by election jurisdiction, before sending the results to the corresponding election authorities in each area. But despite the partisan rhetoric which has come to dominate the topic of Crosscheck, Fortner advised the same caution as Democratic lawmakers.

“It strikes me that when we talk about how anyone can be automatically removed (from voter rolls), it seems like it would invite a federal lawsuit,” he said.

The tangle of two systems is only the most recent chapter of SBE’s voter data story. An October 2015 board report illustrates how intertwined the agency’s work has become with others since SB172’s passage. Sections detail additional cross-training and presentations from SBE technology staff to implement a myriad of programs with at least seven other executive agencies most with their own unique data management systems. As ERIC evolved into a more secure product, that entanglement increased.

In June of this year, SBE member Kyle Thomas “reported that the ERIC membership is now being used to perform the National Change of Address (NCAO) updates. He indicated the next step was take the information for the cross-state movers, merge it with the interstate cross-check system.”

Even individual system improvements and introductions became linked to the other systems. By August of 2017, Thomas was discussing “the (Illinois Voter Registration System database)  program and said the polling place lookup feature on the website was updated to allow individuals who are not registered to vote to find their polling place so they may register to vote during grace period on election-day. Staff is also configuring IVRS to reflect not only the interstate cross-check data, but also the cross-state mover information from the agency’s membership in ERIC.”

Illinois isn’t the only state locked into a difficult marriage of data practices, but others have left Crosscheck.

“The reasons why some states left Crosscheck is because of the concerns that have been raised about Crosscheck’s insecurity and accuracy,” Matthews told lawmakers Wednesday. But another “reason why some states are not yet in ERIC has to do with the funding.”  

SBE faced brutal cuts through state’s budget impasse, with telling moments highlighted in a July 2015 report, in which SBE Legislative Liaison Cris Cray “said that the agency budget was vetoed and was not included in the bill for a one-month budget. The Executive Director noted that the agency is in a state of uncertainty and he was not sure if paychecks would be issued on July 15. He felt things were O.K. on the operational side of things and said staff will continue to work in the absence of a budget.”

Even then, SBE’s Kyle Thomas saw the impact on the agency from SB172 and “noted that it was an unfunded mandate and the major change was expansion of the Paperless Online Voter Application (POVA). In addition, the bill required the SBE to participate in the ERIC.”

This made Illinois the first state to include information from state agencies other than just those responsible for voter registration. The report said “the contracts for the contractual employees that have been assisting with the project were in place prior to the end of the fiscal year,” but “election authorities were also in need of hardware and software to support the updated POVA system and they could seek reimbursement through the next IVRS State Grant, depending on FY16 funding.”

As the complicated interlocking systems aged, the SBE suffered heavy financial burdens. A record of the board’s June 2017 meeting paints a picture of an executive agency struggling to keep up with growing IT needs but without a growing IT budget.

“We do note that the voting systems used throughout the state are mostly those purchased more than a decade ago with considerable federal funding assistance through HAVA grants. Those old voting systems are at, or beyond, their usual lifespans, and will need replacement in the very near future,” reads an August 2017 board report. “The latest (2015) standards for voting systems include a number of security upgrades. It would be a tremendous (and much needed) help to all of the state and local election administrators if another round of HAVA funding would be made available to replace the old voting systems with new, more secure technology.”

For all the furor from lawmakers over the Board of Elections’ data security protocols, the agency couldn’t even pay for their anti-virus software.  

“The McAfee antivirus license expires on September 4, 2017. Mr. Turner was unsure if the vendor would even provide a bid since the agency has been in payment arrears for two years. If the license is not renewed, Mr. Turner said it is possible that the agency will have to disconnect from the internet to prevent virus and malware infiltration,” reads an August report.

In fact, the very system which lawmakers on Wednesday demanded the board use, is the one lawmakers couldn’t pay for.

From the same August record: “Kyle Thomas reported that the ERIC Board voted to grant the agency an extension for payment to June 30.”

At their Aug. 22 meeting, board support for Automatic Voter Registration legislation appeared strong, but the body was closely monitoring the movement of budget bills for any signs of assistance. The 11-member agency was also stretched on personnel. They were asked to assist in gathering jurisdictional cyber-attack information for state Sen. Michael Hastings (D-Tinley Park) and U.S. Sen. Dick Durbin (D-IL) while SBE Executive Director Steve Sandvoss was being called to testify in front of the U.S. Senate Intelligence Committee to provide information on the state’s 2016 Distributed Denial of Service attack and the SBE’s current prevention efforts.

SBE Legislative Liaison Cray also relayed to the board her experience attempting to secure the required funding to implement AVR which, if carried alone, the board once estimated could cost as much as $940,000.

“She also was informed by the House Democrats that an appropriation hearing has not been set and was unsure if one would be scheduled. Discussion ensued regarding (AVR bill) SB250 and its impacts on the agency,” it reads.

Since then, new inter-agency labor sharing agreements have arisen which would significantly drive down those estimated costs. But according to SBE board members and the secretary of state’s office, even now, no appropriations bill exists for the necessary AVR work.


Matthews, however, did not flag when she spoke to The Daily Line. “It’s a question of resources which determines how just how long takes,” she said “but whatever the mandate, we always get it done.”

She also said the board has recently regained its footing, since the passage of the state budget. Matthews said the agency recently made new arrangements with and cleared its debts to ERIC, McAfee, and other vendors with the arrival of the first payments from the comptroller’s office.

 

It was in the wake of this recovery that she faced the ire the House and Senate Committees who, finally awake to the state’s data vulnerability, are ready to see a quick departure from a dangerous system which may yet require a lengthy separation.


“It has been demonstrated that Crosscheck is being used, even though it may not have originated this way as a very partisan tool and I think it’s irresponsible for the State Board of Elections to be complicit in allowing the removal of voters in other states with our data,” said Rep. Carol Ammons (D-Champaign). “We are complicit in the denial of voting rights for people in other states, and its demonstrable…And yet the State Board of Elections has not responded to the demonstrated fact.”

Noting a recent move by Idaho’s state legislature which is currently weighing legislation for the state’s formal removal from Crosscheck, Ammons concluded: “We may have to do the same thing if the State Board of Elections continues to refuse to.”