Cybersecurity specialists are warning that President Donald Trump’s voter-fraud commission may unintentionally expose voter data to even more hacking and digital manipulation. Their concerns stem from a letter the commission sent to every state this week, asking for full voter rolls and vowing to make the information “available to the public.” The requested information includes full names, addresses, birth dates, political party and, most notably, the last four digits of Social Security numbers. The commission is also seeking data such as voter history, felony convictions and military service records. Digital security experts say the commission’s request would centralize and lay bare a valuable cache of information that cyber criminals could use for identity theft scams — or that foreign spies could leverage for disinformation schemes. “It is beyond stupid,” said Nicholas Weaver, a computer science professor at the University of California at Berkeley.
“The bigger the purse, the more effort folks would spend to get at it,” said Joe Hall, chief technologist at the Center for Democracy and Technology, a digital advocacy group. “And in this case, this is such a high-profile and not-so-competent tech operation that we’re likely to see the hacktivists and pranksters take shots at it.” Indeed, by Friday night, over 20 states — from California to Mississippi to Virginia — had indicated they would not comply with the request, with several citing privacy laws and expressing unease about aggregating voter data.
… Technical experts say the voter data that the commission wants to assemble would quickly become a single treasure trove for cyber criminals and foreign intelligence services. Identity thieves could use information such as addresses, birth dates and the last four digits of Social Security numbers for digital impersonations, and foreign spies could use it to fill out dossiers on Americans they hope to blackmail.
“This information is particularly sensitive because it can be matched up with other stolen or publicly available information to build a more complete profile for an individual and target them for fraud or other exploitation,” said Jason Straight, a data breach expert who serves as chief privacy officer at the business solutions firm UnitedLex.