The voter-fraud-checking program championed by the head of the Presidential Advisory Commission on Election Integrity suffers from data security flaws that could imperil the safety of millions of peoples’ records, according to experts.
The emails and records revealed numerous security weaknesses. Crosscheck’s files are hosted on an insecure server, according to its own information. Usernames and passwords were regularly shared by email, making them vulnerable to snooping. And passwords were overly simplistic and only irregularly changed.
“It blows my mind — this is complete operational security incompetence,” said Joe Hall, the chief technologist for the Center for Democracy & Technology, an organization that promotes internet freedom. “You should consider all of that stuff in the hands of people who are clever enough to intercept someone’s email.”