A headline today in the Washington Post is “Voter Database Alarms Experts.” The addition of another big government database alarms me as well. The other day I noted the huge vulnerability created by the income tax and resulting IRS data horde. And then there are federal data stockpiles for health care, security, and many other things.
Now a presidential commission apparently wants to create another juicy target for hackers.
From the Washington Post story:
More than a half-dozen technology experts and former national security officials filed an amicus brief Tuesday urging a federal court to halt the collection of voter information for a planned government database.
Former national intelligence director James R. Clapper Jr., one of the co-signatories of the brief, warned that a White House plan to create a centralized database containing sensitive information on millions of American voters will become an attractive target for nation states and criminal hackers.
… the brief focuses on the security implications of aggregating and housing sensitive information, such as names, addresses, party affiliation and partial social security numbers, in one central location, without adequate security and privacy safeguards. “A large database aggregating [personally identifiable information] of millions of American voters in one place, as the Commission has compiled and continues to compile, would constitute a treasure trove for malicious actors,” the signatories wrote.
The brief states that the commission does not appear to have established rules or procedures defining who gets access to the database or how it should be actively protected.
… Clapper and his co-signatories also said that the database will be situated on a re-purposed White House system, and not within the Department of Defense, making the information even more vulnerable to theft. “Aggregating a comprehensive and official set of such data onto one high-profile, widely publicized server maintained by the White House may reduce the technical and practical barriers to a foreign adversary acquiring such information and making use of it without detection,” the brief said.
