29 January 2019

Voter Privacy Breaches a Preview of Donor Privacy Breaches to Come?

The Lexington Herald-Leader/ProPublica investigation into the Kentucky Secretary of State’s use of confidential voter records demonstrates the danger of giving partisan politicians and their staff access to sensitive private data of citizens:

In an appearance on MSNBC in July 2017, Kentucky Secretary of State Alison Lundergan Grimes expressed her vehement opposition to giving voter data to President Donald Trump’s voter fraud commission, which had requested it from election officials in all 50 states. The privacy risks were simply too high, she said…

But… Grimes’ own staff had been looking up hundreds of voters in the very same registration system. One of her former staffers first revealed the practice last summer but provided little detail.

Now, an investigation by ProPublica and the Lexington Herald-Leader shows that the searches were extensive and targeted prominent state politicians, including gubernatorial candidate Rocky Adkins, who could have been Grimes’ opponent in the Democratic primary. Grimes, who had been considering a bid, announced last week that she has decided not to run for the governorship…
Grimes’ staff made questionable use of its unprecedented access to the voter registration system, or VRS. They looked up applicants for non-political positions with the seeming purpose of discovering their party affiliation. State law prohibits inquiring as to whether such applicants are Republicans or Democrats.

Her staff searched for hundreds of voters, mostly state employees outside the secretary of state’s office, for no discernible reason. Documents show they looked up current and former employees, a federal judge, the Kentucky education commissioner and every member of the Kentucky Board of Education.

They even searched for members of the ethics commission who are investigating Grimes herself.

The article also reveals what sort of information is available on these data files:

Pieces of the voter roll contained in Kentucky’s VRS have always been accessible. The public has the ability to search for a person’s party affiliation and voting precinct if they can supply a first name, last name and year of birth. Anyone can also buy a more extensive version of the voter roll for a fee. That version includes each voter’s full name, birth year, party affiliation, address, precinct and whether the voter has cast a ballot (but not for whom) in the past five years.

Internal access to the system reveals far more. Administrators can view voters’ drivers license numbers, every address ever linked to a voter, full birth dates, phone numbers, email addresses, Social Security numbers for some voters, disability status, military status and the addresses of voters — like domestic violence survivors — who have petitioned to have their address kept off the public roll.

For those of us that value the right of citizens to keep their charitable giving private, a right that is currently threatened by the policies of both the California and New York state attorneys general offices, the alleged improper actions of the Kentucky Secretary of State in accessing and using confidential information about citizens are an ominous warning. Forcing charities to turn their major donor lists over to state governments is an invitation to an unscrupulous attorney general or member of their staff to go digging through this sensitive information for political gain. If the example of Kentucky isn’t enough to demonstrate the danger, it’s hard to imagine what is.