What is the DOJ Office of Legal Counsel (OLC) memo about?

The memo, dated January 11, 2024, provides a legal justification for the federal executive branch to collect, maintain, and share voter eligibility data from across the country. It argues this authority is implied in existing federal laws to ensure the integrity of federal elections.

Why are cybersecurity experts concerned about this?

Experts are concerned because this would likely lead to a centralized national voter database. Such a database would be an extremely high-value target for foreign adversaries and cybercriminals, creating a single point of failure that could compromise the personal data of millions of Americans and be used to disrupt elections.

No. The idea of federalized voter data collection has been debated before, most notably with the Trump administration's 2017 Voter Integrity Commission, which was disbanded after most states refused to share sensitive voter data due to privacy and legal concerns.

What are the risks to individual voters?

The primary risks are a loss of privacy due to data aggregation and the potential for being wrongfully removed from voter rolls. Data matching algorithms are imperfect and can produce 'false positives,' which could lead to eligible voters being incorrectly flagged as ineligible and purged from voting lists.

How can I check if my voter registration is active and correct?

You can verify your voter registration status by visiting the official website of your state's Secretary of State or your local county election office. Most states provide an online tool to look up your registration information.

DOJ memo outlines legal theory for nationwide voter data collection, sparking cybersecurity and privacy alarms

Introduction

A recently surfaced legal opinion from the Department of Justice’s Office of Legal Counsel (OLC) has ignited a firestorm among state election officials, privacy advocates, and cybersecurity professionals. The memo, dated January 11, 2024, constructs a legal rationale for the federal executive branch to collect, maintain, and share nationwide voter eligibility data. While presented as a measure to ensure election integrity, critics argue it paves the way for a centralized national voter database, creating a monumental cybersecurity risk and infringing upon states' constitutional authority to run elections. Michigan Secretary of State Jocelyn Benson dismissed the memo’s premise as a “fantasy” that “isn’t worth the paper it’s printed on,” a sentiment echoed by many of her peers (CyberScoop, 2024).

Background: A recurring debate over federal involvement

The concept of a federalized approach to voter data is not new. It represents the latest chapter in a long-running tension between federal oversight and state administration of elections. In 2017, the Trump administration’s Presidential Advisory Commission on Election Integrity made a sweeping request for sensitive voter data from all 50 states. The effort was met with widespread bipartisan refusal from state officials citing privacy concerns and legal restrictions, and the commission was ultimately disbanded without producing any substantive findings (The Washington Post, 2018). The OLC memo revives this debate, not through a public commission, but through a quiet internal legal interpretation of existing executive authority. It argues that various federal statutes implicitly grant the executive branch the power to verify voter eligibility to protect federal elections, even without explicit congressional creation of a national database.

Technical details: The cybersecurity risks of a centralized database

The OLC memo is a legal document, not a technical blueprint. However, its conclusions have profound technical and cybersecurity implications. Implementing its vision would necessitate the creation of a massive, centralized data aggregation system—a project fraught with peril.

Technically, such a system would likely involve:

Inter-Agency Data Sharing: It would require pulling data from numerous federal databases. This includes citizenship status from the Department of Homeland Security, death records from the Social Security Administration, and addresses from the U.S. Postal Service. This data would be funneled through APIs (Application Programming Interfaces) or other data transfer protocols into a central repository.
Data Matching Algorithms: The system would use complex algorithms to cross-reference state voter rolls with the aggregated federal data. The goal would be to flag discrepancies, such as a voter registered in two states, a non-citizen on the rolls, or a deceased person still listed as active.
State Data Ingestion: The federal system would need to consume voter registration data from 50 states and multiple territories, all of which use different systems, data formats, and update schedules. This creates a monumental data integration and normalization challenge.

From a cybersecurity perspective, this architecture is a worst-case scenario. It creates a single, incredibly high-value target for foreign adversaries, cybercriminals, and domestic hacktivists. A successful breach of a national voter database could expose the sensitive personal information of over 200 million Americans. State-sponsored actors from Russia, China, or Iran could seek to alter, delete, or exfiltrate data to sow chaos and undermine confidence in democratic processes. The potential for misuse is staggering, from mass identity theft to targeted disinformation campaigns based on stolen voter data.

Furthermore, the integrity of the data itself is a major concern. Data matching is notoriously imperfect. False positives are common, especially for individuals with common names, who have recently moved, or whose data contains minor typographical errors. As seen with previous multi-state cross-checking programs, these errors can lead to the erroneous disenfranchisement of thousands of eligible voters (ProPublica, 2017). The old adage "garbage in, garbage out" applies, and a flawed federal system could amplify data quality issues on a national scale.

Impact assessment: Who is at risk?

The ramifications of the policy outlined in the OLC memo would be widespread, affecting nearly every facet of American democracy.

American Voters: Every registered voter's personal information would be aggregated in a federal system, increasing their exposure to data breaches and identity theft. More acutely, voters could be incorrectly flagged and purged from the rolls due to data matching errors, potentially denying them their right to vote without their knowledge.
State and Local Election Officials: These officials, who have constitutionally mandated authority over election administration, would see their role diminished. They would be subjected to federal data-sharing mandates that could introduce inaccuracies into their carefully maintained voter rolls and create significant administrative burdens.
National Security: The creation of a centralized database of all American voters presents a grave national security risk. It provides adversaries with a single point of failure to target, disrupt, and delegitimize U.S. elections. The very existence of such a target increases the attack surface of our democratic infrastructure.

How to protect yourself

While the threat outlined in the memo is systemic and requires a policy-level response, individuals can take steps to safeguard their voting rights and personal data.

Verify Your Voter Registration: The single most important action you can take is to regularly check your voter registration status. Do not assume it is correct. Visit your state or local election official's website to confirm your details, especially your address. Do this well before any registration deadlines.
Engage with Election Officials: Your state Secretary of State and local election clerks are on the front lines of this issue. Follow their official communications and support their efforts to maintain secure and accurate state-level voter rolls.
Advocate for Privacy: Voice your support for strong data privacy legislation at both the state and federal levels. The less of your personal data is collected and shared without your consent, the more secure it is.
Practice Digital Hygiene: While this specific threat is about government data aggregation, maintaining good personal cybersecurity is always wise. Securing your online accounts with strong, unique passwords and two-factor authentication limits your overall exposure. Using a trusted hide.me VPN can help protect your internet traffic from snooping, adding a layer of personal privacy protection.

The DOJ OLC memo articulates a legal theory with profound consequences. By advocating for a significant federal role in managing voter data, it proposes a path that cybersecurity experts warn would centralize risk, threaten voter privacy, and could ultimately undermine the very election integrity it purports to protect.