Voter Records and Online Privacy

July 24, 2017

On June 28, the White House sent a letter to each state’s Secretary of State to request voter records.  In the letter, Kris Kobach of the Presidential Advisory Commission on Election Integrity requested publicly available voter information, including full name, address, date of birth, political party, the last four digits of voters’ social security numbers, voter history, and other voter status information.  The letter invites states to submit their responses electronically to a specific email address or through a designated file transfer website.  The commission set a deadline of July 14, which is an unusually short deadline for the amount of information they were requesting from the states.  On the White House website, there is a page called Presidential Advisory Commission on Election Integrity Resources, and on that page, there are links to the original agenda, the original letters to the states, responses received from public officials, and comments received from the public.

On July 14, citizens and the media realized that all of the emails sent to the provided email address had been posted on the White House website.  In the same paragraph, there was a specific disclaimer that “any documents that are submitted to the full Commission will also be made available to the public.”The posting of comments received from the public is a common practice of administrative agencies when the agencies are considering the adoption of new regulations.  The federal Administrative Procedure Act provides specific guidelines and most of these comments are kept available for public review on agency websites or regulations.gov.

Fine print disclaimers aside, the White House still might have run afoul of federal law with this posting, specifically the Privacy Act of 1978 that covers disclosures by federal agencies.  The emails were all reproduced in PDF files.  The From field is populated with the emailer’s name as it would appear in the recipient’s Inbox.  The formatting of the emails looks like they were pasted into a word processing program and then converted into a PDF file.For the first several days after the posting, one of the files with emails from the public included the full email address of every sender.  In most cases, only the sender’s name was listed in the From field – but many of these names were in blue instead of black like the surrounding text. The email address was then listed in an external link, so if you click on the sender’s name, your default email program will pop up a new email window to allow you to email this person directly. A large number of emails were sent through an intermediary called Common Cause, and the citizens who emailed the Commission using Common Cause did not have their email addresses revealed.  There appears to be a second batch of emails on the White House website that are listed as having been received between June 29 and July 11, but that file is not interactive.

Many people are worried that publishing comments like this could chill free speech.  The concern about reproducing comments is overrated because that has been going on for years.  But when you make a PDF, you have a choice for how interactive it will be, and the external links and full email addresses are unnecessary and go beyond what administrative agencies include when they post citizen comments on websites. Email addresses are vital parts of our digital identities.  Online services often use email addresses as a user’s login.  If you don’t want to disclose too much of your personal information, services like Common Cause provide an easy way to send an email through a separate service instead of through your personal email address.