The Trump administration’s Presidential Advisory Commission on Election Integrity is asking states for voter-registration data from as far back as 2006. This would include names, dates of birth, voting histories, party registrations and the last four digits of voters’ Social Security numbers. The request has engendered controversy, to put it mildly, including refusals by many states and a caustic presidential tweet. But whatever the political, legal and constitutional issues raised by this data request, one issue has barely been part of the public discussion: national security. If this sensitive data is to be collected and aggregated by the federal government, then the administration should honor its own recent cybersecurity executive order and ensure that the data is not stolen by hackers or insiders.
We know that voting information has been the target of hackers. News reports indicate that election-related systems in as many as 39 states were penetrated, focusing on campaign finance, registration and even personal data of the type being sought by the election integrity commission. Ironically, although many of these individual databases are vulnerable, there is some protection in the fact that U.S. voting systems are distributed among thousands of jurisdictions. As data-security experts will tell you, widespread distribution of individual data elements in multiple separate repositories is one way to reduce the vulnerability of the overall database.