ALBERTA VOTER DATA CROSSED THE BORDER WHEN IT WAS UPLOADED.

BEFORE ANYONE LOGGED IN.

WE PROVED IT IN TWO HOURS.

Saskatchewan May Be Next.

What Six Weeks of Investigation Missed,

One Analyst Found on a Free Database at 1am on a Sunday.

By Kevin J.S. Duska Jr. | Prime Rogue Inc.

June 1, 2026 — 0500 AM MST

THE LEAD: THE DATA CROSSED THE BORDER WHEN IT WAS UPLOADED

Before anyone logged in. Before anyone searched for an Albertan’s address. Before the first session token was issued. The moment someone uploaded the Alberta List of Electors to the 10xVotes platform, 2.9 million Albertans’ names, addresses, phone numbers, and electoral divisions were transmitted through a United States company’s servers.

That is the upload event. That is the cross-border transfer. That is the moment this story became a foreign data operation and not just a privacy breach.

I can prove it. Here is how.

The 10xVotes platform routes all traffic through Cloudflare — headquartered in San Francisco, California. Cloudflare sits in front of the platform like a filter. Everything going in and coming out passes through it. Including, at the moment of ingestion, every single record from the Alberta voter list. The data went through an American company’s infrastructure when it was loaded onto the platform. Full stop.

And then there is the authentication layer. auth.10xvotes.com runs on Vercel — a US company, Washington D.C. compute infrastructure by default. No Canadian Vercel compute region existed before January 20, 2026. The skcn subdomain went live in March 2025. Every login to the voter data platform after that — every session, every search — processed credentials through US infrastructure. That is documented in public cryptographic records that have been sitting in a free database since June 2025.

Two independent proofs. Both from public records. Both pointing the same direction.

For six weeks journalists, regulators, and investigators described the question of US data processing as open and unresolved. The wall wasn’t load-bearing. It was a free Censys account and two hours of reading. The answer was there the whole time.

And then there is the name. The Canadian subdomain is called skcn. SK is the Canadian postal abbreviation for Saskatchewan. CN is Canada. The infrastructure was not built for Alberta. It was built for Saskatchewan and Canada. Whether Saskatchewan voters’ data has been processed through the same system is a question this article and the complaint filed this morning are formally placing before two provincial electoral authorities simultaneously.

Prime Minister Carney called the Centurion breach ‘deeply concerning.’ CSIS director Dan Rogers said Alberta’s referendum is ‘susceptible to foreign interference.’ The Carney government’s response beyond acknowledgment has been cautious. We believe this goes straight to the US executive branch. We cannot prove that yet. We are working on it. What we can prove today, from public records, is that Alberta voter data crossed into the United States when it was uploaded — before a single user ever logged in — and that the operation was built for Saskatchewan too. The proof is in this article. The complaints are filed. The clock is running.

THE METHODOLOGY: TWO HOURS, ONE FREE ACCOUNT, ONE ANALYST

I want to be precise about this because the methodology is the story within the story.

I became aware of the Centurion breach through my partner incessantly bringing it up in early Mau, 2026. I was busy and only looked into it on May 30, 2026. I filed a PIPA complaint with the OIPC the same day based on publicly reported facts. I had not looked at the 10xVotes infrastructure at all.

I have never visited 10xvotes.com and I’m not going to. I have no interest in putting my IP address in their server logs, especially while filing complaints against them. Everything in this analysis came from Censys — a publicly available internet infrastructure database. I searched the domain from the outside. I read certificate transparency records. I did not touch their infrastructure.

Certificate transparency is a system in which every TLS security certificate issued for a website is logged in public, tamper-evident, append-only databases. These records are immutable. Each entry carries a SHA-256 cryptographic fingerprint independently verifiable by anyone. I am not the source of this data. I am a person who read it.

My intern (Shoutout Jaiveer) has done this kind of analysis before on a previous case. It took him four hours. I’ve been doing this for over a decade so it took me two. I am not special. This is not an exotic skill. It is reading a public database.

We are Prime Rogue Inc. We are a boutique private intelligence firm in Calgary. Our website is not fully up. There are fewer than ten full-time staff. I did this alone, after midnight, on a Sunday, while also drafting formal legal complaints, having spent approximately six hours on this entire file across two days.

The journalists who covered this story did good work. Rory White at the National Observer discovered the skcn subdomain and broke the most important piece on the US connection. Luke LeBrun at PressProgress mapped the political network with rigour. The Globe and Mail got the court documents. CBC Edmonton stayed on the regulatory timeline. Infrastructure forensics is a specific technical literacy that doesn’t naturally land in a journalism program. The gap isn’t a failure. It’s a gap. We filled it.

FINDING ONE: THE UPLOAD EVENT — THE DATA CROSSED THE BORDER

This is the finding that wasn’t in the original PIPA complaint I filed Friday night. I found it Sunday evening. It changes the legal picture because it doesn’t require any inference from the authentication architecture. It is direct.

When the Alberta List of Electors was uploaded to the skcn platform, it transited Cloudflare’s infrastructure. Cloudflare is a US company. All platform traffic — including inbound data uploads — passes through Cloudflare’s Web Application Firewall before reaching the origin server. That WAF sits in the US. The data went through it.

This is not about where the data was ultimately stored. This is about what it passed through on the way in. Cloudflare processed it. Cloudflare is American. That’s the transfer.

It happened once — at upload. Everything after that is additional. The logins, the searches, the 150 claimed records, the 568 people who accessed the database. All of those are additional cross-border transfers layered on top of the original one. But the original one happened before any of them. It happened when someone uploaded the list.

David Parker says he paid $45,000 for the data. Whoever uploaded that data to the skcn platform transmitted 2.9 million Albertans’ personal information through US infrastructure without the knowledge or consent of a single one of them. That is the moment. That is the disclosure. It was the upload.

FINDING TWO: THE AUTHENTICATION LAYER — EVERY LOGIN WENT THROUGH THE US

The second finding is the one I found first, and it is independently sufficient.

auth.10xvotes.com is the login system for the entire 10xVotes platform. It runs on Vercel. Vercel is a US company. Its default compute region is Washington, D.C. Vercel’s Montréal, Canada compute region launched on January 20, 2026 — documented in Vercel’s own public changelog. Before that date, Vercel had no Canadian compute. The skcn subdomain was provisioned in March 2025.

From March 2025 through January 20, 2026 — the entire period the platform was being built and the voter data was being loaded — there was no Canadian option. Washington, D.C. was the only choice.

Every person who logged into skcn.10xvotes.com and searched for an Albertan’s home address authenticated through Washington, D.C. Every single one. The certificate chain proving this has been sitting in a public database since June 2025.

I found it in twenty minutes.

THE TWO OBJECTIONS AND WHY THEY BOTH FAIL

Before I get to the infrastructure architecture, I want to address the two technical pushbacks someone will raise. I’ve thought about both. Both fail. Both point to the same answer.

Objection One: Maybe Vercel’s edge network served it from Canada.

Vercel has two types of compute: serverless functions, which run in designated regions (default Washington D.C.), and edge functions, which run at points of presence globally. Someone will argue auth.10xvotes.com could have used edge functions and hit a Canadian node.

This fails on architecture. A full authentication system — validating credentials, signing tokens, querying a user database, managing sessions — cannot run on Vercel edge functions. Edge functions have a restricted runtime and can’t use standard Node.js APIs. They’re built for routing and lightweight transformations, not for running a login system for a multi-jurisdiction voter mobilization platform. auth.10xvotes.com runs on serverless functions. Serverless functions ran in Washington D.C. No Canadian option existed.

Objection Two: Maybe the voter data was stored on Canadian servers.

AWS has had a Montréal region since 2016. Someone will argue the database stayed in Canada and US infrastructure just queried it. The data never left.

Three answers. First: the upload event. The data went through Cloudflare’s US WAF when it was uploaded. Whatever the database location, it transited US infrastructure on the way in. Second: querying personal data from US compute is a cross-border transfer under Canadian privacy law regardless of where the database sits. Third: we don’t actually know where the database is — because nobody has compelled Cloudflare to produce its origin server records.

Both objections lead to the same place: Cloudflare and Vercel’s server records would answer both questions definitively. Those records are in the United States. They require a Mutual Legal Assistance Treaty request to access. The RCMP needs a criminal referral from the Election Commissioner to start that process. The complaint filed this morning demands exactly that. Both objections are arguments for doing the MLAT, not against it.

THE FOUR LAYERS: WHAT CENSYS SHOWED

Layer One — The Front Door: Cloudflare, San Francisco

The main 10xvotes.com platform runs behind Cloudflare Load Balancer and Cloudflare Web Application Firewall. Confirmed in Censys. Cloudflare is headquartered in San Francisco, California. All traffic to the platform — including the upload event and all subsequent user access — processed through Cloudflare’s US-based infrastructure. Cloudflare holds origin server IP addresses, access logs, account records for Voteatron LLC, and configuration history. Cloudflare can answer definitively whether the origin servers are in the United States. Cloudflare hasn’t been asked.

Layer Two — The State Deployments: DigiCert/GeoTrust, Unified Fleet

The main platform uses automated free certificates. The jurisdiction subdomains use paid DigiCert/GeoTrust commercial certificates — all under a single managed account. The subdomains are mi (Michigan), wi (Wisconsin), pa (Pennsylvania), hn (unknown US jurisdiction), and skcn (Saskatchewan/Canada). Same paid CA. Same certificate product. Same account. Five jurisdictions. One operation. Canada is deployment five on a schedule that started in Michigan in May 2024.

Layer Three — The Login: Vercel, Washington D.C.

auth.10xvotes.com. Vercel. Next.js. US-hosted. Washington D.C. compute for the entire operative period. No Canadian Vercel region before January 20, 2026 — Vercel’s own changelog, not my inference. Every login to any 10xVotes application including skcn went through here. No exceptions. The certificate chain is in the complaint. Every fingerprint is independently verifiable.

Layer Four — The Money: GoDaddy, Scottsdale, Arizona

pay.10xvotes.com. Go Daddy Secure Certificate Authority – G2. Scottsdale, Arizona. First provisioned March 2024 — fourteen months before the skcn subdomain came online. David Parker has said publicly he paid approximately $45,000 for voter data. GoDaddy holds the transaction records. GoDaddy hasn’t been asked either.

WHAT SKCN MEANS — AND WHY SASKATCHEWAN MATTERS

Every US state subdomain uses a two-letter postal abbreviation. mi. wi. pa. Consistent and obvious. skcn maps to no US state, county, or district. None. SK is the Canadian postal abbreviation for Saskatchewan. CN is Canada.

The subdomain is Saskatchewan/Canada. Not Alberta. Not Alberta-and-maybe-Saskatchewan. Saskatchewan and Canada, in the name, from the beginning, a year before Centurion went public.

This means the infrastructure was not built to serve Centurion’s Alberta operation. It was built for a Canadian deployment and Centurion filled it. Whether Saskatchewan voter data has been processed through the same system — through Centurion, through another operator, or in anticipation of future Canadian operations — is unknown. What is known is that the infrastructure name says Saskatchewan and Canada, and the deployment covers exactly the two provinces that 10xVotes co-founder Drew Born has publicly advocated annexing as US states.

We are formally notifying Dr. Michael Boda, Chief Electoral Officer of Saskatchewan, by copying him on the complaint filed this morning. Saskatchewan has approximately 850,000 registered voters. If the skcn deployment has processed any of their data, they deserve to know. Dr. Boda has been publicly pushing for expanded powers to address foreign interference in Saskatchewan’s elections. We are giving him documented grounds to use whatever powers he has.

The potential scope of this breach just expanded. It was 2.9 million Albertans. If the skcn deployment processed Saskatchewan voter data — and the infrastructure name says that was the intent — it could be 3.75 million Canadians. Cloudflare’s configuration records for the skcn subdomain would answer this definitively. Those records require an MLAT request. The complaint demands it today.

THE DEPLOYMENT TIMELINE

Subdomain	First Certificate	Jurisdiction
mi.10xvotes.com	May 2024	Michigan — First deployment
wi.10xvotes.com	October 2024	Wisconsin
pa.10xvotes.com	October 2024	Pennsylvania
hn.10xvotes.com	September 2024	Unknown US jurisdiction
skcn.10xvotes.com	March 2025	Saskatchewan/Canada — Fifth deployment

Michigan first. Fall 2024 — three more US states. March 2025 — Canada. The Bill 54 investigative threshold amendment came into force July 4, 2025. By that date the skcn subdomain had been operational for four months. The amendment raised the bar for the Election Commissioner to open an investigation to a standard the Commissioner himself said would have prevented every substantive investigation his office had conducted in the previous five years. The data operation was running. The law that would have allowed an investigation was changed. The timeline is a fact.

THE PLATFORM IS STILL RUNNING

April 30, 2026: Court of King’s Bench issues emergency injunction. Centurion database comes down. 566 cease-and-desist letters.

May 9, 2026 — nine days later: 10xVotes renews its wildcard TLS certificate covering all subdomains including skcn. Certificate fingerprint: e7672acba2575a8f20d4. Valid through August 7, 2026.

The platform did not shut down. The Saskatchewan/Canada infrastructure was not decommissioned. Nine days after Canada’s largest privacy breach became a national story, 10xVotes renewed the certificates that keep it operational.

The certificate runs until August 7, 2026. The referendum is October 19, 2026. The gap is 73 days.

THE THREE COMPANIES AND THE ONE PHONE CALL NOBODY HAS MADE

Three US companies hold the records that would complete this picture.

Vercel holds server execution logs for auth.10xvotes.com — the logs that would confirm definitively whether authentication compute ran in the US or whether it was somehow configured otherwise. Cloudflare holds the origin server records — the records that would confirm where the voter data was stored and whether Saskatchewan’s data was ever in scope. GoDaddy holds the financial transaction records for pay.10xvotes.com — the records that would establish the financial relationship between Centurion and 10xVotes.

None of these records are accessible to any Canadian provincial authority through voluntary request or provincial compulsion. They require a Mutual Legal Assistance Treaty request from the RCMP to the US Department of Justice. The MLAT has been in force since 1988. The RCMP uses it routinely. To initiate an MLAT request the RCMP needs a formal criminal referral from a competent authority. The Election Commissioner of Alberta has that authority under EFCDA s. 5.2(2)(j).

The referral has not been made.

The gap between ‘deeply concerning’ and ‘we have compelled the US companies to produce their records’ is one criminal referral from the Election Commissioner to the RCMP. We filed the complaint this morning demanding it. The Commissioner has 30 days. We will report on whatever he does or doesn’t do. So will Dr. Boda in Saskatchewan.

WHAT WE FILED

This morning we filed a formal complaint with Gordon McClure, Chief Electoral Officer and Election Commissioner of Alberta. We filed a technical addendum to the PIPA complaint with Commissioner Diane McLeod at the OIPC Alberta. We copied Dr. Michael Boda, Chief Electoral Officer of Saskatchewan, on both.

The Elections Alberta complaint leads with the upload event. It then establishes the authentication layer. It pre-empts and defeats the two strongest technical objections. It demands formal investigation, compelled production, and criminal referrals to the RCMP with a specific request to initiate MLAT proceedings against Vercel, Cloudflare, and GoDaddy. It demands referrals to the Commissioner of Canada Elections, CSIS, NSICOP, the Minister of Public Safety, and a formal notification to Elections Saskatchewan. It includes a Vavilov notice: any declination that doesn’t meet the standard from the 2019 Supreme Court case is reviewable. Silence after 30 days triggers judicial review.

The complaint meets the reasonable grounds standard Elections Alberta has described as equivalent to the evidence needed to arrest someone in a criminal matter. The complaint sets out 14 documented elements. Three of them — Vercel’s Montréal launch date, its default compute region, and the skcn provisioning date — are not assumptions. They are proved from Vercel’s own public records.

The full complaints will be available at foreigninterference.ca – in a few days. They are long. They are supposed to be long.

THE BIGGER PICTURE

This is not a standalone event. It is one documented node in a network of foreign interference that includes Russian disinformation, US State Department engagement with separatist leaders in classified facilities, a US Ambassador who promoted the platform at Trump rallies and was recalled to Washington ten days after the injunction, and a co-founder of 10xVotes who openly advocates for annexing Alberta and Saskatchewan.

Storm-1516, a Russian disinformation network attributed by Insikt Group, was linked to albertaseparatist.com. The Russian Pravda network published 67 articles targeting Alberta separatism in four months. American and Russian operations in Alberta’s referendum environment are documented, simultaneous, and convergent.

Alberta’s grievances with Ottawa are real. The complainant knows this because he lives here. What the network around 10xVotes did is identify those grievances, build surveillance infrastructure to quantify and pressure the people who hold them, and deploy that infrastructure using stolen voter data. You don’t do that because you care about Alberta. You do that because destabilizing Canada serves your interests.

The referendum is October 19, 2026. The platform is still running. The certificate is valid until August 7. The Saskatchewan dimension is unresolved. We have 140 days. We will keep working.

ABOUT THE AUTHOR, SOME HOUSEKEEPING, AND AN OPEN OFFER

It is currently about 0500 in the morning in Calgary. This will go live around 0600 a.m. Mountain Time. I am going directly to bed after I hit publish.

I will be sleeping until at least 2:00 p.m. Mountain if I can manage it. My phone is hardened and you probably will not get through. Leave a text. Send an email with a direct number. Signal is rubicon49.50. Email is kevinjr.duska (at) proton.me.

If you are a journalist who has worked on this file and want to follow up: I will prioritize your response. Independent media: same. National public broadcasters and anyone vouched for by people I trust: also same. I’m not naming who those people are.

If you are someone at Elections Alberta, Elections Saskatchewan, the OIPC, the federal Privacy Commissioner’s office, or the RCMP who has found this at 4 in the morning: I welcome that conversation. Same contact info. I will call you back after 2 p.m.

I sent this to a few journalists before I went to sleep. If they want to amplify it, great. If not, the complaints are filed and the record exists. I am not attaching conditions to this.

If you want our services: contact at primerogueinc.com. We do this kind of work. We are good at it.

If you want to support what we do: follow us on YouTube and whatever platform you prefer. We do not have a Patreon and we do not want your money. If you must donate to someone, donate to ARCS Animal Rescue and Care Society of Calgary in honor of Rogue — a Beagle-Dogo Argentino mix, 2009 to 2024, the best dog, the reason this company exists, and the reason it is named what it is.

Kevin J.S. Duska Jr. is the President of Prime Rogue Inc., a Calgary-based private intelligence and strategic transparency firm. He is an intelligence and cybersecurity professional as well as a member of the Canadian Association of Journalists, and a registered Alberta elector whose name and home address were in the Centurion database along with 2.9 million of his neighbours.

He is also the author of Echo State: The Logs Can’t Lie Yet, a forthcoming memoir about ATIP reform, transparency warfare, and what happens when one person decides to file 700 access to information requests a year and document what comes back. It publishes September 28, 2026 — Right to Know Day, which is a real date that the federal government has so far declined to make mean anything. Pre-orders are theoretically available at EchoState.ca. The pre-order button might not currently work because the site is not supposed to be up yet. This is, in a roundabout way, on brand for a book about institutional dysfunction.

A PIPA complaint was filed with the Office of the Information and Privacy Commissioner of Alberta on May 29, 2026. A technical addendum incorporating this analysis was filed June 1, 2026. A PIPEDA complaint to the Office of the Privacy Commissioner of Canada is being prepared and will follow.

We will keep working this story. More is coming. The Saskatchewan dimension is new as of tonight. We do not yet know what it means in full. We intend to find out.

Wilco approves this message.