Publishing voter registration data must balance privacy with transparency

D.C. voters waving signs in support of mayoral candidates in 2014. (Photo credit: WAMU/Flickr)

As mandated by law, the District of Columbia published a list of voters online 14 days before the election. This is an excellent and unfortunate example of how a disclosure of unredacted voter registration data online may be legal, but raise ethical questions that merit public debate and reform.

As sharp-eyed privacy advocates noticed, the District went beyond what the 2015 Primary Date Alteration Act required, publishing not only names but home addresses, party affiliations and voting frequency.

The rationale for this additional disclosure provided to Fusion News by Kenneth J. McGhie, the general counsel for the D.C. Bureau of Elections, was that the additional data was public and could be disclosed if someone made a freedom of information request for them.

This is a weak argument to support an additional discretionary disclosure, and has the potential to not only lead to individual harms, but significant damage to broader public trust in government to make wise stewardship decisions about public information, as well as tertiary effects on other disclosure efforts.

When we spoke to the The Washington Post about this very issue, we had a hard time formulating a strong argument as to why this action was in the public interest, particularly publishing data beyond the names required by statute. As I reported at the Huffington Post last year, when a national voter file leaked online in late 2015, it raised many of the same issues.

It is clear that releasing unredacted voter files of names, addresses, party affiliations and voting frequency online with no restrictions on its use is not in the public interest. Protecting privacy when releasing open data is essential. Other state legislatures have made the same determination.

While state voter registration records are indisputably public records, states, municipalities and federal districts have approached disclosure and conditions for use in multiple ways. Some states charge a nominal fee for voter files on hard electronic media. Others provide the data for the cost of shipping. Depending on the state, the voter file may only be used for noncommercial, academic or charitable purposes — or may have no restrictions at all.

State legislatures and election bureaus need to rethink how they’re approaching the digital age in a way that both honors the public’s right to know and acknowledges how privacy and security equities have shifted with increasing connectivity and access to the internet.

As a society, we hold that the content of your ballot is private to the individual, but not the fact of your registration or whether you exercised your right to vote, once registered. Our secretaries of state and local electoral bureaus hold that record for us and govern access and usage by different entities according to the law.

Posting a full voter file online does create the potential for the public to know more about their neighbors with respect to political affiliation and their history of civic engagement, at least as measured by voting activity.

In answer to criticism, the D.C. Board of Elections argued that “the info is published if anyone wishes to challenge another voter’s eligibility,” citing the D.C. Code in noting that the law mandates that the information should be “always available, i.e. to check petition signatures, or challenge votes.”

That knowledge can be used in positive ways, for instance, by researchers analyzing how party affiliation or voting participation has shifted over time in different districts across demographics. It’s important to note that in most cases, however, that’s bringing the public toward where political campaigns were decades ago but not in line with the current state of the art in campaigns — or even 2008 — when many other data points can be layered on top of the backbone provided by the core file.

A full voter file could also be used in negative ways, as a backbone of knowledge to identify individuals when combined with other datasets, or to target individuals in their homes on the basis of their party affiliations or for some unrelated cause. Publishing the names and addresses of minorities, women and members of marginalized communities in an easily searchable form online increases the potential for that data to be used for harm, particularly for populations where domestic abuse is at issue.

Given the practical impossibility of removing someone’s name and address from a file once it has been published online and downloaded by multiple third parties, a state must also take proactive, meaningful steps to ensure that people at risk within the database have an opportunity to remove themselves from the database prior to publication.

Voters should also be afforded better access to confirm that his or her registration is accurate and up-to-date, much in the same way you’d check a credit report. That does not require that the entire file be posted online, however: a secure web application could enable someone to login and check their information or request redactions.

That’s why the discretion that D.C. has exercised here in publication without conditions is problematic, particularly in going beyond what the law requires in full disclosure online. It is also an example of how a municipal government failed to ensure that sufficient notice and consent occurred for a significant statutory change in making sensitive data more liquid online, without ensuring that the public was informed of the legislative proposal through local media. Publishing a notice on the D.C. Council website, and an agenda item on The Washington Post is not sufficient.

The D.C. Council should rethink its approach, looking to other states for guidance. California’s rules are particularly instructive, as a guide to voter registration records from the University of California at Berkeley outlines.

While the state collects sensitive data in the voter file, California’s election code states that a voter’s home address, telephone number, email address and precinct number are not open to the public. The code also makes exceptions for access and restrictions on use. Under this code, California voter registration data:

  1. Shall be confidential and shall not appear on any computer terminal, list, affidavit, duplicate affidavit, or other medium routinely available to the public at the county elections official’s office.
  2. Shall not be used for any personal, private, or commercial purpose, including, but not limited to: (A) The harassment of any voter or voter’s household. (B) The advertising, solicitation, sale, or marketing of products or services to any voter or voter’s household. (C) Reproduction in print, broadcast visual or audio, or display on the Internet or any computer terminal unless pursuant to paragraph.
  3. Shall be provided with respect to any voter, subject to the provisions of Sections 2166, 2166.5, 2166.7, and 2188, to any candidate for federal, state, or local office, to any committee for or against any initiative or referendum measure for which legal publication is made, and to any person for election, scholarly, journalistic, or political purposes, or for governmental purposes, as determined by the Secretary of State.

We believe this to be a reasonable baseline standard for access and disclosure. Here’s what we propose as a standard for ethical disclosure of this electoral dataset. It seems all parties agree that voting data provides a backbone of knowledge about how communities are involved and engaged in the most basic of democratic rights and expressions. Voter registration data and electoral data are both crucial to understanding the politics of a polis — a city — and how they shift over time. We should be good stewards of it.

As lawmakers consider how or whether to make a public voter file online, they should ensure that secretaries of state minimize potential harms by including names, party affiliations, voting district and whether or not someone voted. No state should disclose personally identifiable information in a public voter registration file, including home address, cell phone number, email address or date of birth. And, as in California, states should make access to the full file freely available for disclosure to candidates for public office and people with a demonstrated use in the public interest.