Connecting state and local government leaders
Actions by the President’s Commission on Election Integrity, the Department of Justice and Congress raise myriad problems for our federalist approach to elections and security.
WASHINGTON — On Wednesday, word arrived of three seemingly unrelated events. While each of these events has broad implications for the security and integrity of American elections, the nature and timing of each of these—all on the same day—raise serious questions.
The Presidential Advisory Commission on Election Integrity, or PACEI, sent letters out to every state requesting that they provide:
“publicly available under the laws of your state, the full first and last names of all registrants, middle names or initials if available, addresses, dates of birth, political party (if recorded in your state), last four digits of social security number if available, voter history (elections voted in) from 2006 onward, active/inactive status, cancelled status, information regarding any felony convictions, information regarding voter registration in another state, information regarding military status, and overseas citizen information.”
They requested that this information be provided within 16 days, via e-mail or via the Safe Access File Exchange, a secure FTP site. It is notable that the PACEI does not state where or how this information will be stored or protected, other than to admit that all these files will be made publicly available, and furthermore does not state what it will do with this sensitive and personal information, other than “fully analyze” it.
It's very important to note that most of this data is not available to the public, as it is highly sensitive personally identifiable information (PII). For instance, in most states the date of birth, Social Security number (last four digits or otherwise), felon status, military status, and other information is not, and should not, be made available to the public, and the commissioners on the PACEI should certainly know that. Can you imagine making publicly available to anyone with an internet connection, foreign or domestic, a complete list of all military voters and their home addresses, let alone including birthdates and social security numbers?
Furthermore, without that PII, using only the public information regarding identity (usually name and address only), it is virtually impossible to use that data to analyze anything. The states and those of us who have expertise in working with voter registration data will tell you that you need several other reference points (usually the PII) to effectively match a record with another record and conclusively state those records relate to the same individual. For instance, if you have a “Sean O’Hara” in one state living at 123 First Street, and a “Sean O’Hara” living at 123 First Avenue in another state, can you know that these two records relate to the same Sean O’Hara? Of course not. So a choice must be made—either collect enough data, including sensitive data, to make the analysis useful (which requires a comprehensive security plan), or get virtually no utility from the data whatsoever. It appears that the PACEI has chosen the latter, but it’s unclear why.
The Department of Justice’s Maintenance Compliance Letter to All NVRA States
Also on Wednesday, the Voting Section of the U.S. Department of Justice (DOJ) sent out a letter to all 44 states covered under the National Voter Registration Act (NVRA). The letter requests that each state provide detailed information on their voter list maintenance procedures, and in some states, requests the state provide data supplemental to that provided to the Election Assistance Commission (EAC) regarding registration inactivations, cancellations, etc.
This letter is notable for three reasons. First, to my knowledge, it is unprecedented. In the quarter-century since passage of the NVRA, of which I spent seven years as a DOJ lawyer enforcing the NVRA, among other laws, I do not know of the DOJ conducting any other broad-based fishing expedition into list maintenance compliance, whether during Democratic or Republican administrations. Second, while the DOJ is certainly within its purview to send such a letter, it is very unusual that the letter focuses ONLY on those provisions, and does not at the same time request information confirming compliance with the provisions that require that motor vehicles and public assistance agencies also register new voters. If the DOJ is going to enforce the NVRA, as it should, it would seem appropriate to enforce ALL of the NVRA, and not just select sections.
U.S. House Appropriations Bill Calls for Termination of EAC
On the same day as these two letters, the U.S. House introduced an appropriations bill for the 2018 fiscal year, calling for termination of the EAC within 60 days of enactment. While the intelligence and law enforcement communities, and state and local election officials from every state, are working feverishly to address the very real threat of attempts by Russia and perhaps other foreign governments to hack into our elections system, Congress proposes eliminating the one federal agency with expertise in this area, which is attempting to coordinate efforts between federal, state, and local agencies to secure our election systems in future elections. Our election infrastructure and technology will not be made safer by eliminating this important agency, and indeed, it won’t even save much money, as the EAC’s entire annual budget is less than $10 million, out of an overall federal budget exceeding $3 trillion. But it will make those who seek to tamper with our elections and voter trust in our systems very happy, impeding our nation’s ability to combat the threats from anti-democratic institutions and governments.
Is There a Link?
The fact that all these things happened on the same day raises significant questions and concerns. Is the DOJ coordinating with the PACEI, and if so, what role is the DOJ playing in the PCEI’s efforts? How does the DOJ react to the privacy concerns raised by the PACEI’s requests? While the DOJ is relying upon data provided by the states to the EAC, is it aware that the agency is on the chopping block? And how will the special counsel, while working for the DOJ investigating acts arising from Russia’s efforts to influence and manipulate the outcome of the 2016 election, view efforts to eradicate the one agency best situated to work with federal agencies and election officials to protect against future threats?
How Should the States Respond?
States play a very important role as caretaker of their citizens’ data, and they all take that responsibility very seriously. Before releasing any data to a federal advisory commission, or anyone else for that matter, states should consider the following:
- The letter is worded as a request. It’s not clear that the PACEI has any legal authority to compel states to provide any data, and states are free to respond as they see fit. Several states have already done so, including California and Connecticut.
- To the degree that voter data is publicly available, the PACEI has the resources and expertise to obtain that data as anyone else would, without additional burden or expense being placed on the states.
- The 16 day window for providing the data is extraordinarily brief, particularly when one considers that July 4 and the summer meeting of the National Association of Secretaries of State (NASS) falls in the middle of it. Why did the PACEI wait so long to send this letter if they needed the data so soon?
- As custodians of citizen data, it is entirely appropriate for the states to ask the PACEI to explain why they need the data, how they will use, and what protections will be in place to prevent misuse of the data. Until those questions are answered, it may be imprudent to share data with the PACEI.
David Becker is a former senior litigator with the U.S. Department of Justice Voting Section, and currently serves as the Executive Director and Founder of The Center for Election Innovation & Research, a non-profit that works to improve the security, integrity, and efficiency of elections.