Recent reports have disclosed that DOJ has now “asked” at least nine states for copies of their voter rolls, and I know that there are at least a handful of counties that have separately also received requests/demands for the county’s voter file. I’m not at all sure the requests are lawful. And what’s more, depending on why the requests are coming (the explanation the DOJ is giving doesn’t make much sense), federal law may not only prohibit DOJ from asking, but may also create liability for states and counties that respond.
Some voter registration data (including parts of the voter file) are public (and required to be public by federal law). Some information on the voter file is more sensitive data (like Social Security digits, driver’s license numbers, and signatures) that states have protected from public release, and in every case I’m aware of (this decision collects several of the others), courts have ratified states’ ability to keep that information protected. (In a truly odd case, DOJ has sued over this sensitive PII in Orange County, and if I were betting, I’d bet on them losing.)
But here’s the thing: even data that’s available to the public may not be legally available to the federal government. In the Privacy Act of 1974, based on some then-recent disclosure of unsavory federal efforts to amass personal data, Congress regulated federal access to data records of identifiable individual Americans (statistical compilations are treated differently). Congress was particularly sensitive to the treatment of data on individuals revealing activity protected by the First Amendment (like, say, voting).
For the most part, Congress didn’t prohibit federal agencies from collecting this data outright. But it did set up some procedural protections. The law says that if a federal agency is going to collect data — even data otherwise available to the public — we first have to be able to have a public conversation about what’s being collected for what purposes (and how it’s stored and secured and transmitted and accessed, etc.) The agency has to provide a notice in the Federal Register with an opportunity for comment, and has to notify Senate HSGAC and House Oversight committees, for any new set of data records, or any new use of existing records. The rules are serious: criminal penalties are attached.
And what’s more: if the federal agency plans to use the data records in a matching program that affects an individual’s benefits, there are legal repercussions not only for the federal agency, but for any other governmental entity sending them data. Those sorts of programs have to be set up with careful written agreements, available to Congress and to the public … and state and local providers of data are on the hook if they send information they know is going into a program like this, without dotting “i”s and crossing “t”s first.
I flagged these potential Privacy Act issues in DHS’s apparent expansion of a system designed for tracking immigrants, to expand to contain searchable data on U.S.-born citizens. And there are similar (and similarly disturbing) issues if DOJ’s just accumulating voter files. DOJ keeps its Privacy Act disclosures online, here. (At least, I’m not aware of another repository.) It’s the Civil Rights Division that’s asking. And so I’ve looked through the Privacy Act notices submitted by the Civil Rights Division, and the only one that’s even plausibly anywhere near close is the authorization to keep general case files. That notice says it’s for “case files, matters, memoranda, correspondence, studies, and reports relating to enforcement of civil rights laws and other various duties of the Civil Rights Division” – if you’re investigating a civil rights violation, you’re going to have personal information about the victims and targets and witnesses. Fair enough. But I don’t think anyone would look at that notice and expect that DOJ plans to collect and keep a bunch of voter files, with identifiable information about individuals’ registration and/or voting history who aren’t themselves plausibly part of any investigation into state practices.
So I don’t think DOJ has jumped through the necessary hoops to collect what it’s requesting, even if it were telling the truth about why. But I’ve also got questions about the why.
Collecting the voter files is also of extremely limited utility in investigating what DOJ says it’s investigating in these requests. The requests cite provisions of the National Voter Registration Act and the Help America Vote Act that require officials to have general programs of voter list maintenance. To assess whether officials are satisfying these statutory mandates, you’d want to know what procedures they have in place, and maybe some statistics about overall list maintenance activity. But the individual records on the list aren’t really relevant to that inquiry: whether “Justin Levitt” happens to be on any state or county’s voter list has very, very little to do with whether the state or county has the general program it’s required to have under federal law.
I’m not claiming that temporary access to particular voter registration data will never be necessary for any federal investigation. But if the voter rolls aren’t really necessary for the asserted purpose here, that raises questions about why the DOJ actually wants the lists – not only whether it’s not telling the truth (or the whole truth) in its demand letters, but also whether it has other purposes in mind, like matching databases to each other in a way that might impact benefits (with the mistakes that follow from bad matching). That’d have distinct protections under the Privacy Act, with distinct consequences for the state and local officials asked to supply data. There have been reports about the degree to which the DOGE approach is to move fast and break things — which may be fine for the private sector, but not consistent with federal statutory protections for public activity. I guess I’m wondering whether the demands for voter rolls are more of the same.