Since May, the Trump administration has been on a quest to collect complete voter files from almost every state. Most states have refused the Justice Department’s unprecedented demands for the data, which includes driver’s license and partial Social Security numbers. The government has sued more than 20 states over that refusal. But at least 10 states — home to over 37 million registered voters — have provided their full voter lists to the federal government.
The DOJ has asked states to agree to a “confidential memorandum of understanding” in connection with handing over their full voter files. That agreement reveals both the DOJ’s plans to interfere with the states’ authority to run elections and how dangerously insecure the sensitive data will be in the department’s hands. It provides yet more evidence of the administration’s campaign to interfere with upcoming elections.
Some states that have provided the DOJ with their full voter files, such as Texas and Alaska, have signed the agreement while others, such as Tennessee and South Dakota, have refused. Colorado, one of the more than 25 states that have refused to turn over their full voter files, first made the proposed agreement public.
The agreement explains that the DOJ plans to conduct its own analysis of states’ voter files and then instruct the states to remove specific voters, which the federal government has never done before. This would turn the American system of election administration upside down. It is the states, not the federal government, that have the statutory authority — not to mention the expertise — to add and remove voters from the rolls. States also have procedures in place to guard against eligible voters being wrongly removed.
Yet the agreement provides that the DOJ will “test, analyze, and assess states’ [voter rolls]” and send each participating state a list of voters who must be removed within 45 days. But the federal government does not have the tools or the expertise to conduct such list maintenance, and it is anyone’s guess how it will undertake its “analysis” of the voter rolls it obtains, creating a real risk of voters being improperly flagged for removal. The agreement says nothing about how the DOJ will examine the voter rolls, nor does it say states would be given any reasons for demanded removals.
The agreement says that states must remove voters named by the DOJ within 45 days — but following through may violate federal law. The National Voter Registration Act requires states to undertake a specific process to remove voters who have moved. That process involves sending a notice to the voter and — if the voter does not respond and does not vote — the jurisdiction must wait two federal election cycles to remove the voter from the rolls. That’s far longer than 45 days. Additionally, the National Voter Registration Act has a “quiet period” of 90 days before any federal election (primary or general), during which time a state may not conduct systematic removals of voters who have become ineligible.
Further, the agreement lacks adequate safeguards for the data that states are asked to provide. A section titled Confidentiality & Department Safeguards explains the rules that “any member of the Justice Department in possession” of the voter registration list must follow, but the measures are barely more than protocols used by typical office workers. The agreement lacks the needed encryption of the data and does not require any audit log analysis.
Even if the safeguards were adequate, a phrase at the end of the section renders them meaningless. The agreement states that the voter files — which contain full names, addresses, dates of birth, driver’s license and partial Social Security numbers — may be provided to a contractor for work “related to the Department’s list maintenance verification procedure.” Yet such a contractor is not bound by the safeguards in the agreement, and it provides no framework for vetting contractors. The result is an extremely high risk of this data being hacked and used by bad actors to wreak havoc on both voters’ personal lives and on the elections system more broadly.
The potential for this sort of misuse is not far-fetched. In early January, the DOJ admitted that a DOGE employee at the Social Security Administration “signed a ‘Voter Data Agreement,’ in his capacity as an SSA employee” with an advocacy group whose “stated aim was to find evidence of voter fraud and to overturn election results in certain States.” The willingness of the administration to share sensitive information with outside actors intent on overturning election results makes the memorandum of understanding even more troubling.
Voters should call upon their state governments to resist the Trump administration’s attempts to usurp states’ responsibility to run elections effectively and fairly.
