At least eight states have stopped using Kansas’ anti-voter fraud program because of its ineffectiveness, but put citizens’ personal data at risk by not formally withdrawing. The Interstate Voter Registration Crosscheck Program was supposed to help states scrub ineligible voters, but many states have for years found the program’s data to be inaccurate and burdensome to verify. Rather than immediately cancelling the free program, these states continued to send sensitive voter information — in one case, for nearly a full decade — through a system with serious cybersecurity vulnerabilities. Sending data through this insecure system had the potential of opening up millions of American citizens to identity theft. Based on interviews with state election officials and communications obtained through public record requests, the following states have sent voter registration data to Crosscheck without using the analysis received in return to clean their voter lists: South Carolina, Kentucky, West Virginia, Georgia, North Carolina, Nevada, Louisiana and Colorado. None of the states listed have submitted voter data into the Crosscheck program since these cybersecurity vulnerabilities were made public late last year.
Every year or two, participating states sent the full names and birthdays of their registered voters to Kansas Secretary of State Kris Kobach, who led President Trump’s short-lived voting commission, pushed false stories about voter fraud in New Hampshire and advocated for strict new rules to make registering to vote more difficult, the justification for which was eviscerated in court in recent days. In some cases, states have sent additional information like the last four digits of Social Security numbers.
Kansas has extended the window of time for submitting data in 2018 as it deals with security issues. No states have pulled out since the discovery, but at least a handful are now considering leaving the program over fears that they will expose their citizens to identity theft.