Since the president’s Advisory Commission on Election Integrity requested voter rolls from state election officials—allegedly for the purpose of investigating Trump’s unproven claims about widespread voter fraud—45 states and the District of Columbia have either partially or wholly declined to share their data, and security experts have raised concerns about whether the commission has the technical capabilities to keep the data secure. A federal judge raised questions last week about the security of voter data transferred to the commission. Sources tell Gizmodo that the White House is backing down from its initial requests for state election officials to send the data through a file transfer website created by the Army and not intended for civilian use. The commission plans to propose another option for states to submit data, the sources said. … Kris Kobach, the vice chairman of the commission, initially provided two ways for officials to send in their voter data: The first is an email address that, as Gizmodo reported, does not support basic encryption protocols. Voter data sent to the address would be transmitted over an unencrypted connection, leaving it vulnerable to interception or manipulation.
The second option the commission offered is an application called SAFE—the Safe Access File Exchange—used for the transfer of unclassified files too large for email. Although SAFE appears properly configured for use on military computers, ensuring an encrypted connection on a civilian computer would require state officials to take several technical steps, for which the commission provided no guidance.
… “Mr. Kobach’s representations concerning ‘Safe Access File Exchange (SAFE)’ are alternately misleading or meritless. ‘SAFE’ is not, in fact, a secure system,” EPIC wrote in a Thursday filing. As using the application would apparently require state governments to ignore warnings about the possibility of the voter data being intercepted, EPIC’s assessment that the system is insecure is not without merit.
HTTPS connections are what prevent your credit card details from being stolen when you shop online or your password from getting snatched when you log in to your email account. Your browser establishes an encrypted connection with a website after checking out its certificate, which contains a public key used to encrypt data. If the certificate isn’t trusted, it’s possible that data you upload or enter onto the website is being intercepted by a third party.