Is there a federal factor in the voter records leak?
Unlikely. With the First Amendment and states' rights issues to consider, federal agencies may not play any role in following up on the leak of voter information for millions of Americans nationwide.
Lawmakers and the administration have for years been seeking common ground on a federal data breach law to replace the patchwork of state and local rules. But even with such a law in place, Uncle Sam may still have been shut out of any role in policing the recent exposure of a database of 191 million voter records.
The trove of personal information, complete with home addresses and telephone numbers, was briefly available on the public-facing web, due to a database configuration error. Privacy advocates and the media scrambled to investigate, but federal agencies were quiet. While voter registration information is public, it is rarely offered up for public consumption in bulk without some strings attached.
Some states bar public-facing online voter record databases, while Florida and Ohio, for instance, both run public-facing voter record look-up sites. Ohio's site returns addresses for name and county searches, while Florida's requires birthdates and contains a notice that the site is intended for use only by voters attempting to verify their own registration status. Florida's state government is considering legislation that would exempt voter information from public records rules because of the possible threat of identity theft.
Feds powerless to regulate?
"I think the federal angle is that there is no federal angle," said Kim Alexander, president of the California Voter Foundation.
The biggest federal law pertaining to electronic voting records was 2002's Help America Vote Act, which, instead of protecting individual records, may have helped set the stage for the leak by mandating that all states compile centralized, computerized voter record databases.
That helped facilitate the accumulation and trade of records by the private data brokers that supply voter records to political campaigns – the real "weak link" in the setup, Alexander noted.
And Alexander said it is "problematic" that voter registration data, in most states considered part of the public record, are governed by an inconsistent patchwork of state laws.
The FTC didn't respond to several requests for comment. Privacy advocates noted that, while the FTC regulates commercial data issues, it has long kept voter data at arms' length due to First Amendment and states' rights concerns.
"The people who should be addressing the risks that are associated with voter data are the same politicians who are using the data," Alexander said.
Ultimately, it may be up to states to address the issue.
California Secretary of State Alex Padilla said last week that his office was working with state Attorney General Kamala Harris to look at the case, but wouldn't confirm any official investigation. Contacted by FCW Jan. 6, a spokeswoman for Harris' office said she could not comment on any potential or ongoing investigation.
The leak may serve as a wake-up call on voter privacy, however.
A centralized database of voter records is "a whole new level of risk," Alexander said. "The big deal is it's all collected in one place on the Internet for any one scammer or terrorist to access."
Paul Stephens, spokesman for the Privacy Rights Clearinghouse, echoed Alexander's concerns, noting that identity thieves could benefit from such a public database.
But he warned that prior federal proposals would have preempted state laws, and offered weaker privacy protections than the state laws they would have preempted. A national privacy policy may not be the answer, he said.
Alexander differed. "It would be great if there was a federal law that set, not a ceiling, but a floor [on voter record privacy]," she said. One easy fix, she proposed, would be redacting birth days and months, to lessen the value of voter records to identity thieves.
"People shouldn't have to risk identity theft to participate in the democratic process," Alexander said.
NEXT STORY: SBA slow to improve IT security, watchdog says