Ex-DNI Clapper, Cyber Experts: White House Data Collection Makes U.S. Elections More Vulnerable to Foreign Attack

December 5, 2017

Latest voter commission plan for U.S. voter database also increases ID theft risk for millions, says new brief filed by Georgetown Law’s Institute for Constitutional Advocacy and Protection

WASHINGTON– Former Director of National Intelligence (DNI) Jim Clapper, former Director of the National Counterterrorism Center Matt Olsen, and other noted national security and cybersecurity experts are warning that the Trump administration’s voter commission is creating a massive database of private voter information that may become a target for hacking attempts by foreign governments and criminals.

The experts signed a new brief filed in federal court today by Georgetown Law’s Institute for Constitutional Advocacy and Protection (ICAP) and the law firm Morrison & Foerster, LLP in support of a pending lawsuit against the voter commission, officially called the Presidential Advisory Commission on Election Integrity.

“In 2016, America experienced an unprecedented attack against our democracy by a foreign nation-state seeking to influence the outcome of the presidential election through cyber operations,” said former National Counterterrorism Center Director Olsen. “We should do everything we can to increase our defenses against such attacks. To that end, the Commission on Election Integrity should ensure that it has established basic data security measures as it sets about gathering the highly sensitive information of millions of Americans into one centralized, potentially vulnerable location where the database may quickly become an appealing target for foreign powers and criminal enterprises alike.”

U.S. voter data—including names, addresses, partial social security numbers, and voting history—is currently decentralized around the country. The brief argues that the commission’s collection of large volumes of personal data into one centralized location creates “a treasure trove for malicious actors,” including foreign adversaries seeking to interfere with our elections and criminals pursuing identity theft or sales of massive amounts of personal information on the black market. “The bigger the database, the greater the payoff from a potential breach,” the brief says.

The brief expresses particular concern with the commission’s “seemingly last-minute” change in where to house and maintain the database. Originally, the commission announced U.S. voters’ compiled data would be housed at the Department of Defense, which at least has significant capacities to maintain securely large amounts of sensitive information. But, five days later, the commission said it would actually repurpose a White House system to accept the voter data.

The brief says the commission has “not disclosed which White House system has been ‘repurposed’ to accept the [personal identifiable information] of millions of Americans or what measures are in place to protect that data adequately, underscoring the importance of permitting discovery into these matters. Based on what is already known, however there is substantial reason to believe that the Commission has gone about its work in ways that subjected the data to significant vulnerabilities and indeed exacerbated those vulnerabilities.”

In addition to former DNI Clapper and former National Counterterrorism Center Director Olsen, the brief is signed by cybersecurity experts including Paul Rosenzweig, who served as Deputy Assistant Secretary of Homeland Security in the George W. Bush administration; and former Obama administration officials Suzanne Spaulding, who served as Under Secretary of Homeland Security for the National Protection and Programs Directorate; Alexander Macgillivray, former Deputy U.S. Chief Technology Officer; Nancy Libin, former Chief Privacy Officer at the Justice Department; Christopher Painter, former Coordinator for Cyber Issues at the State Department; Andrew J. Grotto, former Senior Director for Cybersecurity Policy in the White House, and Dipayan Ghosh, former technology policy advisor in the White House.

Their amicus, or friend-of-the-court, brief supports a lawsuit filed by Democracy Forward Foundation against the commission, the Department of Homeland Security, and Kris Kobach, vice-chair of the voter commission. Democracy Forward filed the lawsuit on behalf of Common Cause and registered voters in Florida, Texas, and New York who are seeking to halt the continued collection, dissemination and use of politically sensitive voting data of millions of Americans.

“Absent any evidence of large-scale voter fraud, it’s unclear precisely what danger this commission is trying to protect against—but the dangers it’s causing are quite clear,” said brief coauthor Joshua Geltzer, executive director of ICAP, visiting professor at Georgetown Law, and former Senior Director for Counterterrorism and Deputy Legal Advisor at the National Security Council. “What this commission is doing by accumulating, ingesting, and storing at one high-profile location the sensitive information of millions of Americans creates serious and avoidable vulnerabilities for our citizenry and our democracy, especially in an era of clear efforts by foreign powers to interfere with our elections.”