Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Moore v. Kobach

United States District Court, D. Kansas

February 1, 2019

SCOTT MOORE, JAMES LONG, AND NANCY PERRY, on behalf of themselves and all others similarly situated, Plaintiffs,
v.
KRIS KOBACH, in his individual capacity, and SCOTT SCHWAB, in his official capacity as the Secretary of State of Kansas, Defendants.

          MEMORANDUM AND ORDER

          Daniel D. Crabtree United States District Judge

         Before the court is defendants Kris Kobach and Scott Schwab's Motion to Dismiss (Doc. 11).[1] It presents two vexing questions of constitutional law: Does the Constitution recognize a right to informational privacy? And, if so, does that right prohibit public disclosure of purportedly private voter information? Regrettably, the Supreme Court has not decided either one of these questions. And though our Circuit has decided the first question, it has not addressed the second one. Consistent with Circuit precedent, the court concludes that such a right exists and, though it is a close question, the court holds that the Complaint's allegations plead a plausible claim for relief. The pages that follow explain why.

         The court emphasizes that two procedural requirements play a prominent part in these conclusions. One, the questions come to the court on a motion to dismiss. The standard for surviving such a motion is a relatively forgiving one. Two, the court must assume that the “facts” pleaded in the Complaint are true, and view them in the light favoring plaintiffs. While the court applies that standard in this Order, it does not imply that plaintiffs ultimately will prove their version of the facts is true. Time will tell.

         I. Overview

         Before describing the facts that control the current motion, the court briefly summarizes the case's overarching legal issue.

         The Constitution does not explicitly recognize a right to informational privacy. On this everyone agrees. But a trilogy of Supreme Court decisions has assumed, without deciding, that such a right exists. NASA v. Nelson, 562 U.S. 134, 138 (2011); Nixon v. Adm'r of Gen. Servs., 433 U.S. 425, 457-65 (1977); Whalen v. Roe, 429 U.S. 589, 598-99 (1977). Recognizing constitutionally protected “zones of privacy, ” the Court has opined that this right-if it indeed exists-includes an individual's interest not to have their personal matters disclosed publicly. See Whalen, 429 U.S. at 598-99.

         Whether the Constitution recognizes a right to informational privacy is a dispositive question for plaintiffs' official capacity claim. Here, plaintiffs Scott Moore, James Long, and Nancy Perry bring this lawsuit, on behalf of themselves and all others similarly situated, against defendant Kris Kobach. They have sued defendant Kobach in his individual capacity and official capacity as Kansas Secretary of State. Defendant Kobach no longer serves as Kansas Secretary of State, so, by rule, current Kansas Secretary of State Scott Schwab becomes the defendant on the official capacity claim. Fed.R.Civ.P. 25(d).

         Plaintiffs' two claims take aim at the Interstate Voter Registration Crosscheck Program (“Crosscheck”), a data comparison program used to compare voter registration information among participating states. The Kansas Secretary of State's (“KSOS”) Office runs Crosscheck. In Count One, the Complaint alleges that the Kansas Secretary of State-acting in his official capacity-has violated their Fourteenth Amendment right to informational privacy in two ways: (1) failing to adopt adequate safeguards for Crosscheck; and (2) disclosing part of plaintiffs' Social Security numbers and other personally identifiable information. And, because plaintiffs allege these constitutional violations are continuing ones, they seek injunctive and declaratory relief requiring the KSOS to stop exchanging plaintiffs' voter data until the KSOS can ensure their information will not be subject to public disclosure. In Count Two, plaintiffs allege that defendant Kobach-in his individual capacity-has violated the Kansas Public Records Act (“KPRA”). Plaintiffs seek civil penalties on their KPRA claim.

         Defendants filed a Motion to Dismiss both claims under Fed.R.Civ.P. 12(b)(6). Doc. 11. Plaintiffs have filed a Response in Opposition. Doc. 14. And, defendants have submitted a Reply. Doc. 15. After considering the parties' arguments the court denies the Motion to Dismiss for reasons explained, below.

         II. Facts

         As referenced above, the court must accept the facts asserted in the Complaint as true, and view them in the light most favorable to plaintiffs. Burnett v. Mortg. Elec. Registration Sys., Inc., 706 F.3d 1231, 1235 (10th Cir. 2013) (citing Smith v. United States, 561 F.3d 1090, 1098 (10th Cir. 2009)). The following facts thus come from plaintiffs' Complaint (Doc. 1).

         A. The Interstate Voter Registration Crosscheck Program

         Former Kansas Secretary of State Ron Thornburg launched Crosscheck in 2005 to help Kansas and neighboring states compare voter data and detect double registrants. The KSOS Office administers Crosscheck by collecting voter registration information from participant states and cross-referencing lists for potential matches. The KSOS then generates reports listing potential duplicate records for each participating state.

         Crosscheck uses a two-point match criteria, identifying registered voters who share the same first name, last name, and date of birth. Participating states also are asked to provide additional voter data, including part of the Social Security number, voter status, middle name, voter identification number, mailing address, county, date of registration, and whether the voter cast a ballot in the most recent election. In 2017, at least 10 states did not provide partial Social Security numbers for the KSOS to use to narrow results of the program's cross-checking.

         Crosscheck participants principally share data through a File Transfer Protocol (“FTP”) website, which the Arkansas Secretary of State's Office previously hosted. The KSOS now hosts this site. Participants share data with the KSOS by uploading their voter rolls to the FTP site. Specifically, each participant state extracts voter data from its registration rolls and formats that information to coincide with the formatting used by Crosscheck for data. The participating states then encrypt their files using a free encryption program and upload the data to the FTP site. Before 2017, defendant Kobach used the AxCrypt software to encrypt files; plaintiffs allege that 7-zip, another free encryption program, is now used.

         Participating states are asked to upload their data each January. Once they upload their extraction files, the KSOS pulls the files from the FTP site, runs a comparison of each state's voter information, and uploads result files to the FTP site. The KSOS then notifies each state that its results file is available and emails a decryption passphrase enabling the state to open its results file. The results file contains a potential match list, which identifies voters registered in that state who share a name and date of birth with a voter in another state. Once states have received their potential match lists, they may contact the other state where the voter, at least potentially, is double registered. When processing potential match results, the KSOS advises participating states to procure the voter's middle name, a partial Social Security number, and signature to help determine whether the voter has registered to vote in more than one state.

         Each state participating in Crosscheck is directed to inform the KSOS about its preferred method for communicating information requests. While the Crosscheck participation guide cautions against transmitting personally identifiable information about voting registrants via email, no provision of the Memorandum of Understanding (“MOU”) restricts unsecured transmissions. Plaintiffs allege that the MOU contains the only requirements governing states' participation in Crosscheck.

         B. Defendants' Policies and Practices for Requesting and Transmitting Information

         As a participant in Crosscheck, the KSOS analyzes potential matches by comparing secondary data about voters. Secondary data includes voters' partial Social Security numbers and middle initials. Once the KSOS narrows the number of potential matches, it submits information requests to the other state where double voting may have occurred. The KSOS provides the name and date of birth of potential match voters to the other participating states and requests documentation about voting history and the voter's signature in the other state. Plaintiffs allege that the KSOS requests states to supply voter signatures as unencrypted email attachments. Plaintiffs also allege that the KSOS lacks a method to narrow potential matches when the other participating state does not provide a partial Social Security number or a middle initial. So, plaintiffs contend, when a state does not include partial Social Security numbers or middle initials in its extraction file, the KSOS maintains a practice of sending full potential match lists in unencrypted email attachments to the other participant state. These full match lists include partial Social Security numbers and other personal identifying information about hundreds of voters. About half the states participating in Crosscheck provide partial Social Security numbers.

         C. States Begin to Join Crosscheck

         From 2005 to 2011, Crosscheck had just four participating states: Kansas, Iowa, Missouri, and Nebraska. When defendant Kobach took office in 2011, he pledged to expand Crosscheck, declaring “I have taken it under my wing and want to build it as one of my personal missions.” Doc. 1 at 18. In 2012, 10 new states joined Crosscheck, expanding the number of participants to 14 states. By 2016, 30 states participated in Crosscheck. So, plaintiffs allege, in 10 years Crosscheck's participants increased from four to 26 states and 100 million voter records were added to its comparison database. Despite this increase in the number of participating states and voter records, defendant Kobach never developed a more sophisticated protocol for sharing potential matches or ensuring that states maintained the shared voter data in a secure fashion. Also, defendant Kobach downsized his IT staff after the program expanded.

         D. Industry Standard Protocols for Data Maintenance and Transmission

         The Office of Management and Budget requires federal executive agencies to “[e]ncrypt all . . . moderate-impact and high-impact information at rest and in transit.” Doc. 1 at 19. The National Institute of Standards and Technology suggests multiple factors to determine the “impact level” of information. They include the following factors: how identifiable the information is; how sensitive the information is, both individually and in the aggregate; and how sensitive the information is, given its purpose. Under these factors, transmitting one Social Security number by itself is sufficient to trigger moderate-impact protocols and, therefore, an encryption requirement. The aggregation and transmission of Social Security numbers with other information warrants additional security protocols.

         Similarly, the Kansas Information Technology Executive Council (KITEC)-which is responsible for approving and maintaining all information technology policies for Kansas's governmental agencies-has promulgated minimum technology security requirements. KITEC's minimum standards mandate that users protect all restricted-use information from unauthorized disclosure and encrypt such information when sending it outside a secure boundary. KITEC's encryption requirement explicitly applies to information that “is not subject to public release by an entity in accordance with statute or court order, ” including partial Social Security numbers provided as part of voter registration. Id. at 20.

         E. Defendants' Collection, Maintenance, and Transmission Protocols as the Operator of Crosscheck

         Plaintiffs allege that defendant Kobach, as Crosscheck's operator, exposed the confidential personal information of Kansas voters by his practice of collecting, maintain, and transmitting data. On information and belief, plaintiffs allege that defendant Kobach sent usernames, login information, and decryption passwords (which provide access to Crosscheck results files) in clear text emails to dozens of recipients.

         From 2012 to 2017, defendant Kobach uploaded and extracted voter files by using an unsecure FTP. Plaintiffs allege that Crosscheck's FTP is not a secure method of transmission, and it lacks additional layers of security. Also, plaintiffs allege that Crosscheck's FTP server lacked a valid secure socket layer (“SSL”) certificate and was not fortified by secure shell (“SSH”) software. So, extraction files and results files containing personal identifying information about Kansas voters and partial Social Security numbers were transmitted to and from the host server by unsecure methods.

         At some point in or near October 2017, defendant Kobach began hosting the Crosscheck database on a server operated in the KSOS's Office. Plaintiffs allege that the server lacked and still lacks industry standard security protocols. For example, currently, the Crosscheck server uses a single-factor authentication system. This kind of system allows access to the Crosscheck program without detection. And, plaintiffs allege, Crosscheck's database is linked to other Kansas governmental networks that are not password protected.

         F. Defendants' Maintenance and Transmission Protocols as a Participant in Crosscheck

         As a Crosscheck participant, defendant Kobach exposed the confidential personal information of Kansas voters by collecting, maintaining, and transmitting their data. Plaintiffs allege that defendant Kobach has sent voters' personal identifying information, partial Social Security numbers, and voter signatures as unencrypted email attachments to other participating states. Plaintiffs allege this exposure is ongoing. Also, plaintiffs allege defendant Kobach directed counties to send voters' personal identifying information and partial Social Security numbers as unencrypted email attachments to other participating states. Last, plaintiffs allege that defendant Kobach shared confidential personal information about Kansas voters with other states who could release that personal voter information to the public in response to open records requests.

         G. Defendant Kobach Declines to Share Voter Information with Election Integrity Commission Because He Believes It Would Violate State Law

         On May 12, 2017, President Donald J. Trump appointed defendant Kobach to serve as Vice-Chair of the Presidential Advisory Commission on Election Integrity. And, on June 28, 2017, defendant Kobach addressed a letter to himself and election officials in 49 other states requesting “the publicly-available voter file data for [your state], including, if publicly available under the laws of your state, the full first and last names of all registrants, middle names or initials if available, addresses, dates of birth, political party (if recorded in your state), last four digits of social security number if available, voter history (elections voted in) from 2006 onward, active/inactive status, cancelled status, information regarding any felony convictions, information regarding voter information in another state, information regarding military status, and overseas citizen information.” Doc. 1 at 22. Defendant Kobach directed himself and the other election officials to “submit your responses electronically to ElectionIntegrityStaff@ovp.eop.gov or by utilizing the Safe Access File Exchange (“SAFE”), which is a secure FTP site the federal government uses for transferring large data files.” Id. at 22-23.

         On July 3, 2017, Kansas House Minority Leader Jim Ward sent a letter to Kansas Attorney General Derek Schmidt. This letter requested an opinion “whether the Secretary of State may disclose to the federal government [certain voter registration information without voter consent].” Id. at 23. The Attorney General issued his opinion on or around July 11, 2017. It opined that “the Secretary of State is forbidden to release the last four digits of a voter's Social Security number submitted as part of a voter registration and must redact that information from any records that may be released [to the public].” Id. Attorney General Schmidt also opined that the Presidential Advisory Commission on Election Integrity was a “person” for purposes of the Kansas Open Records Act, and any information shared with the Commission was tantamount to releasing the information to the public.

         Defendant Kobach publicly stated that he would not share voters' partial Social Security numbers with the Commission, asserting that “[i]n Kansas, the Social Security number is not publicly available.” Id. But, defendant Kobach claimed that it may be legal to share voters' partial Social Security number with the Commission if Kansas uploaded the information. He asserted, “If the Commission decides that they would like to receive Social Security numbers to a secure site in order to remove false positives, then we would have to double check and make sure Kansas law permits” it. Id.

         H. States Express Concern About Defendant Kobach's Security and Transmission Protocols

         States participating in Crosscheck expressed concerns that voters' partial Social Security numbers would be subject to release by other participating states under certain state open records laws. According to Kansas Elections Director Brian Caskey, half of the states participating in Crosscheck do not provide voters' partial Social Security numbers in their extraction files. When Florida participated in Crosscheck, the Director of the Florida Division of Elections (“FDE”) declined to provide Social Security information because defendant Kobach could not ensure that the voters' Social Security numbers would not be subject to release in response to an open records request. The FDE suggested that defendant Kobach create and share a list of the information closed from disclosure under each participating state's laws. Defendant Kobach declined to implement this practice even though his staff acknowledged that it “[has] been concerned about [records requests] for several years, ” and “would like to find firmer legal footing for denying those requests.” Id. at 24.

         Plaintiffs allege that at least four states either have left or stopped participating in Crosscheck based on concerns about defendant Kobach's ability to secure private voter information. According to a survey, New York left Crosscheck, in part, because “there was no guarantee [that Social Security numbers] would be private.” Id. And, Kentucky Secretary of State Allison Grimes suggested that Kentucky withdrew from Crosscheck because defendant Kobach could not protect voter data from public disclosure: Secretary Grimes linked a story about defendant Kobach's release of voter and state employee Social Security numbers. She also wrote, “Another example of why KY doesn't participate in KS #Crosscheck program[.]” Illinois and Idaho both have stated publicly that they will not send information to Crosscheck until defendant Kobach can guarantee the voter data's security.

         I. Plaintiffs' Voter Information is Disclosed

         1. Scott Moore

         Plaintiff Scott Moore is a 46-year-old United States citizen living in Mission Hills, Kansas. Mr. Moore first registered to vote in Kansas in Douglas County in 1992, while attending the University of Kansas. He re-registered to vote in 1998 after moving to Johnson County. Mr. Moore is registered as an unaffiliated, or “independent” voter. He has voted in every general election contest in Kansas since 1992.

         In 2013, defendant Kobach compared Mr. Moore's information with voter data submitted from Alaska, Alabama, Arizona, Arkansas, Colorado, Florida, Illinois, Iowa, Indiana, Louisiana, Kentucky, Michigan, Mississippi, Missouri, Nebraska, Ohio, Oklahoma, Tennessee, Virginia, and Washington.

         Mr. Moore shares a birthdate with a man named Scott Moore, who lives in Naples, Florida. As a result, Mr. Moore was one of 945 voters who defendant Kobach identified as potential double registrants in 2013. On April 29, 2013, defendant Kobach sent the list of potential double registrants, a list that included Mr. Moore, to the FDE in an unencrypted email attachment. In November 2017, the FDE released defendant Kobach's email containing the name, date of birth, address, and partial Social Security number of 945 voters. This disclosure included Mr. Moore's information. Others could view the exposed information because defendant Kobach's office shared the information in an unencrypted attachment to an email sent to the FDE.

         In November 2017, Mr. Moore learned that his information was disclosed from his neighbor, Anita Parsa. Ms. Parsa had received the list from Florida in response to an open records request, and she contacted Mr. Moore. And, in March 2018, Mr. Moore ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.