Secretary of State Kris Kobach’s office will postpone the initial uploading of voter registration data from other states to the Kansas-based Interstate Crosscheck System while it reviews the program’s cybersecurity, a state official said Wednesday.
Bryan Caskey, director of elections in Kobach’s office, told members of the House Elections Committee the Kansas secretary of state’s office began reviewing security protocols for all its election processes in October 2016 due to national concerns over cybersecurity in voting systems. The Crosscheck program, which compares registrations across states to identify duplicate registrants and voters, has come under scrutiny for what critics claim are possible vulnerabilities of its data.
Each year, states participating in Crosscheck upload data from their voter rolls for Kansas to compare with other member states and identify duplicates. Caskey said that process typically begins around Jan. 15 and takes a few weeks, but the window isn’t open yet. The initial start date will be pushed back a few weeks, but he still expected it to fall in the typical few-week window.
Department of Homeland Security officials will also be in Kansas in February to help review security protocols. Caskey said he wasn’t sure yet whether the submissions would begin before or after the visit.
“We’re still in the ballpark of where we’ve been in previous years,” Caskey said. “It’s just the first possible day we’re slipping back a little bit because we’re still testing and retesting.”
Despite concern over the security of Crosscheck, Caskey emphasized his office was not aware of any breaches of the system. Kansas, however, will take over processes associated with transmitting voter data between states that had been handled by the Arkansas secretary of state’s office.
Caskey said Kansas officials felt more comfortable handling the transmissions given the climate of concern over cybersecurity and were trying to “catch up from a security standpoint.” Arkansas’ office also come under fire for emailing out usernames and passwords for states to upload their data, which critics say isn’t proper security protocol. Caskey said that was a concern for Kansas officials.
“I won’t say that that’s the only reason, but I’m not going to ignore the fact that — yes, it was a factor,” Caskey said.
Illinois announced Tuesday it wouldn’t upload voter data because it had not received an update from Kansas on system security, according to the Associated Press.
Caskey said he had spoken with Illinois officials and understood they would not upload data until they were confident in the security. He did not read the announcement as Illinois’ decision to leave Crosscheck. Illinois was one of 28 states that participated last year.
“I didn’t take that to mean they’re never uploading it,” Caskey said. “They’re not uploading until they’re comfortable with the security, and so I’m not surprised because we haven’t finished all of our testing.”
Caskey told the committee security enhancements would be paid for from funds in the secretary of state’s office and total less than $20,000 for this year.
Rep. Pam Curtis, a Kansas City Democrat and committee member, said she was concerned with cybersecurity of all state systems.
“I also serve on the Government Technology and Security Committee, and we’ve been hearing a lot lately about how most systems are already breached and it’s just a matter of time before you realize that,” Curtis said.
Curtis said she was happy to learn from Caskey the secretary of state’s office conducted third-party reviews of its voting systems.
Rep. Blake Carpenter, a Derby Republican and the committee’s vice chair, said he wasn’t concerned about Crosscheck security but wasn’t sure what would happen if someone was determined to get into the program.
“I don’t think at this point I share in those concerns due to how long the program has been active and also how often they are keeping up the security on the program,” Carpenter said. “I mean, am I going to come out here and make the claim it can never get hacked? No.”