The Privacy Penalty for Voting in AmericaStates Shouldn't Serve Up on a Platter Voters' Email Addresses and Phone Numbers
Voting is a red-hot mess in the U.S., and for a variety of reasons. But I want to tackle an angle that is too often overlooked. Namely, voting in the United States carries a huge privacy cost, in that states give away or sell voters' personal information to anyone who wants it.
See Also: You've Got BEC!
Take Florida, for example, which politically speaking is a valuable state that can tilt a presidential election. I live in Australia, but as a U.S. citizen, still cast my absentee ballot in Florida. Shortly after I changed my voter registration details with the state earlier this year, the first emails quickly began arriving from political action groups. My email address also began to be listed on websites for data brokers with names I'd never heard of before, and with who I'd never had a direct relationship.
It's completely unnecessary and irresponsible for states to publicly release voters' personal details, in electronic form, as a cost of exercising one's right to vote.
I didn't consent to this situation. I just wanted to vote.
Florida's voter registration records contain "grade A" data: names, mailing addresses, email addresses, birth dates, races, genders, party affiliations and phone numbers. Such data is incredibly valuable for political campaigns, but also for would-be identity thieves and others with criminal intent.
Every month, Florida's Division of Elections produces an updated electronic list containing all of the aforementioned data points, for every voter across its 67 counties. It's available to anyone for free. Only people who meet certain requirements such as working in high-risk professions or being victims of domestic violence are allowed to exclude some of their data.
These days, in any other context, publicly releasing such a treasure trove of personal information would qualify as a data breach. So it's no wonder that once Florida releases the data, data brokers immediately and legally being scooping up it up. These brokers often begin offering portions of it online, often as teasers for paid services.
Florida warns this is going to happen. But the state's not-so-helpful advice is: "Once information is in the public domain, you will need to contact the owner or administrator of third-party sites in order to get the information removed."
Transparency: Good for Democracy
Voter registration data gets made public for some very good reasons. Notably, maintaining transparency around voter registration rolls fosters trust in the integrity of our democratic systems.
That's incredibly important, especially as some opportunistic U.S. politicians have alleged -without basis - since the Nov. 6 midterm election that voter fraud has occurred in sharply contested states, including Georgia and Florida.
But there are ways to maintain the transparency of voter data without it ending up in the hands of dodgy data brokers or anyone else whose intentions cannot be verified, and who may not be working in the public interest.
Look to Australia
Alternatives are available. Australia, where I now reside, offers a much more rigorous approach to viewing voter data. Namely, any member of the public can view an electronic copy of voter registration data at an Australian Electoral Commission office, but copying or photographing such data is prohibited.
While the AEC does make this data available to political parties and researchers, it isn't for sale. Also, it only contains names and addresses, but not email addresses or phone numbers. That's helpful, since tech-support scammers, fraudsters, phishing attackers and other types of crooks can do a lot of damage using just email addresses and phone numbers.
What if States Were Facebook?
Another lens from which to view how states hand out voter registration data is to put it in the perspective of the now-defunct voter-profiling firm Cambridge Analytica, which improperly obtained 87 million Facebook users' profiles.
Cambridge Analytica obtained the data from an academic who'd been running a survey on Facebook around 2014, when it had more liberal rules about how apps could collect users' profile data (see Facebook: 87M Accounts May Have Been Sent To Cambridge Analytica).
Up until about 2014, Facebook allowed app developers to scoop up data not only on people who directly used an app, but also their friends. Facebook rightly changed its rules the next year to disallow that kind of collection.
One particularly outrageous aspect of the ongoing Cambridge Analytica scandal, which came to light earlier this year, is that the harvested data included not just personal information of survey takers, but also their Facebook friends. But these Facebook friends never consented to having their personal data get transferred without their consent to an entity they'd never heard of, let alone one that was working with President Donald Trump's campaign.
Such data sharing was against Facebook's terms of service, as the social network was quick to say. But Facebook had no way of enforcing or knowing how the data was being used, once it got collected. Similarly, U.S. states are powerless to stop how their voters' data gets bought, shared or transferred after its release, or how it might be used.
The Cambridge Analytica scandal helps highlight why Florida's release of email addresses and phone numbers is so critical. Just a few years ago, such data may have seemed innocuous. But we're now in an era of micro-targeted advertisements and content, and those two types of data alone - email addresses and phone numbers - are all an advertiser needs to target a consumer. Hence it's completely unnecessary and irresponsible for states such as Florida to publicly release this data as the cost to citizens of exercising their right to vote.
Such practices are especially dangerous in the social media age. Ad-targeting systems run by Facebook and others allow organizations to upload contact details they've collected for customers. The data gets hashed, and Facebook compares that to its own hash. If there's a match, an advertiser can then precisely target the person.
With Facebook, that matching can occur on the backend even with just a phone number that the targeted person has never actually divulged to the social network, as Gizmodo's Kashmir Hill reported in September.
This all comes full circle when set alongside the problems around using social media to push misleading political information and bogus news. Such easy access to precise, up-to-date voter information enables micro-targeting at scale on social networks, potentially by parties unknown, or which may not have individuals' best interests at heart.
No Data On A Silver Platter
U.S. states need to realize that online risks have grown by an order of magnitude since regulations around voter registration data were developed.
And the prevailing view now, led by the EU with its General Data Protection Regulation, is that people should have clear control over their data and the ability to consent to how it gets used and transferred.
Unfortunately, the penalty for a civic duty in the U.S. is a mandatory forfeiture of privacy.
Instead, U.S. voters should be able to choose whether their data gets made available to political campaigns or publicly released in such great detail, via what is often referred to as "opt-in" consent.
U.S. political parties will oppose this, of course. As in Australia, however, there's no legitimate reason why anything more than a person's name and postal address should be made publicly available, and to take it a step further, such data should only be viewable under tightly controlled circumstances.
It's true that even if U.S. states fix the loose controls they now have in place around voter data, data breaches would still provide a steady drip feed of much of the same kinds of data, whether to data brokers, or individuals or organizations with criminal intent.
States, however, should not be the ones serving up on a platter U.S. citizens' personal data to anyone and everyone.