The Privacy Cost of Voting

How electoral participation can allow identification of your private information

Voting in the United States can be challenging enough with commonly cited barriers like taking time off work, getting to a polling location, and meeting any ID requirements. Those who are able to vote, or even just register to vote, pay another often unrealized cost: the publication of personal information in the public record. Depending on the state, registering to vote results in your name, date of birth, gender, race, ethnicity, street address, phone number, email address, occupation, and party affiliation entering publicly accessible voter rolls. Nebraska even publishes the voter’s driver license number or partial social security number.

This loss of privacy is not the result of hackers or leaks of private information like the widely publicized DNC data breach in 2015. Rather, voter rolls are public information by law (in part through the 2002 Help America Vote Act). All 50 states have specific requirements that guarantee access to personal voter data by, at a minimum, political parties and candidates and in many cases, any person, including financial institutions, insurance companies, and healthcare providers.

What can be done with this data?

Although intended for use by political campaigns to provide voters with information through targeted political advertisements, little stops this information from being used for commercial marketing and more malicious activities. Thirteen states do not even specify that electoral roll data cannot be used for commercial purposes.

For some, like domestic violence survivors and others susceptible to harassment, the basic level of personal information published by almost all states can put a person’s safety at risk. Most citizens have a valid reason to want information like their address and phone number to be private even if it is just to avoid junk mail and telemarketing calls. An even stronger privacy interest exists for protecting information like dates of birth or the last four digits of social security numbers, which are often used by banks or security providers to verify customers’ identities.

Re-identification of anonymous data

The real kicker is that this data can be used to “re-identify” anonymized data that should not be identifiable to a person like medical, education, and employment records as well as online activity and purchasing habits. Individuals and businesses consent to information about themselves and their customers or employees being shared on the condition of “anonymization” where identifying characteristics like their name and full address are stripped from the data, but “non-identifiable” characteristics like race, gender, age, and zip code remain.

By matching “non-identifiable” characteristics in the “anonymized” data with identifiable voter roll data, names can be re-attached to supposedly anonymous data (e.g., the voter role could show there is only one white female born 12/12/90 living in the 10027 zip code and her name is Jessica Jones). The anonymized data could be something as trivial as Netflix publishing “anonymized” watch history or something as serious as HIPAA-protected health records in a medical study.

Simulated re-identification example: Red and Green data is available in the voter roll. Green and Yellow data is available in medical study data. Having green data in both can allow for unique identification of “anonymous” medical data.

It has been well documented that personal information like that published in voter rolls can be used to re-identify most Americans with seemingly un-identifiable characteristics. Latanya Sweeney of Carnegie Melon University found in 2000 that 87% of United States residents can be uniquely identified by name given just their 5-digit zip code, date of birth, and gender. If you sign up for an account on a website with this info, there’s a good chance the company can find your name, race, ethnicity, address, contact info, and voting history if it wanted to (and then link this to other available data like your credit history and property ownership).

How hard is it to get access to electoral roll data?

In New Hampshire, it requires going to the state archives and using one of two old Dell desktops. But in New York, I received a disk containing the complete voter roll for free just two weeks after requesting a copy online. For data on Ohio and North Carolina voters, it’s as simple as downloading files from government websites. Washington State makes you fill out a simple form before you’re emailed the data. For data on voters in states that make it slightly harder to download information, a number of for-profit services have popped up to make the data more easily accessible for a fee.

A disk of voter roll data received from the New York State Board of Elections

There should not be a tradeoff between exercising the right to vote and maintaining a basic level of personal privacy. Some jurisdictions like the New York City Board of Elections have taken steps to limit access to voters’ personal data, but the majority have done little to address the privacy concerns of voters. While voter roll data will likely continue to be published, the most sensitive information like exact birth dates should not be made available by any state, especially for commercial purposes. Broader privacy-protection proposals like former FTC commissioner Julie Brill’s “Reclaim Your Name” initiative could give voters more power over what data brokers can do with their data. Until then, many Americans will be forced to give up their data in exchange for voting for the candidate of their choice.