A ghost in the machine: The cybersecurity risks of a proposed federal voter list

Background: A contentious proposal in a high-stakes election

In August 2020, just months before a contentious U.S. presidential election, reports surfaced of a draft White House Executive Order that sent immediate shockwaves through the election security community. The proposed order, as detailed by CyberScoop, had two primary objectives: to limit mail-in voting and, more alarmingly from a technical standpoint, to mandate the creation of a centralized federal voter list. The plan was to compel states to submit their voter rolls to a federal entity, which would then cross-reference the data to identify alleged anomalies and duplicate registrations.

While this specific Executive Order never materialized, the proposal itself served as a critical case study in the immense cybersecurity and privacy risks associated with centralizing sensitive election infrastructure. The debate it sparked remains relevant, highlighting a fundamental tension between the perceived need for federal oversight and the security benefits of the United States' historically decentralized election system. Examining the potential fallout of such a plan reveals why cybersecurity experts almost universally condemned it as a dangerous and counterproductive idea.

Technical details: Architecting a catastrophic single point of failure

From a security architecture perspective, the proposal to create a national voter list was deeply flawed. The current system, while imperfect, is decentralized. Election data is managed by more than 10,000 state and local jurisdictions, each with its own infrastructure. While this creates complexity, it also offers resilience. An attacker would need to breach thousands of separate, hardened targets to disrupt an election on a national scale. A centralized federal list reverses this dynamic, creating what experts call a single point of failure.

This hypothetical database would have become one of the most valuable intelligence targets in the world, containing a treasure trove of Personally Identifiable Information (PII) for nearly every registered voter in the country. This includes:

• Full names and residential addresses
• Dates of birth
• Party affiliation (in some states)
• Voting history (i.e., which elections a person voted in)
• Potentially, partial Social Security numbers for verification

Aggregating this data would create a “crown jewel” asset for nation-state adversaries, cybercriminals, and insider threats. Potential attack vectors would be numerous:

• External Intrusion: Adversaries could exploit vulnerabilities in the web applications, databases, or network infrastructure used to house the list. Techniques like SQL injection, zero-day exploits, or sophisticated phishing campaigns targeting system administrators would be prime methods of attack.
• Insider Threat: A malicious or compromised employee with privileged access could exfiltrate the entire database or, more insidiously, manipulate its contents.
• Data Integrity Attacks: Far more dangerous than a simple data breach is the risk of data manipulation. An attacker could subtly alter records to change a voter’s address, mark them as inactive, or remove them from the rolls entirely, leading to mass disenfranchisement on Election Day. Such changes might not be discovered until it is too late.
• Denial-of-Service (DoS): A massive DoS attack could render the database inaccessible to state officials in the critical days leading up to an election, preventing them from verifying voter eligibility and creating widespread chaos and confusion.

J. Alex Halderman, a professor of computer science at the University of Michigan, told CyberScoop at the time that the idea was "a terrible idea that would undermine election security and privacy." This sentiment was widely shared. The sheer technical challenge of securely merging disparate data formats from 50 states and various territories, each with its own legacy systems and security postures, would almost guarantee the introduction of critical vulnerabilities.

Impact assessment: A threat to voters and democracy itself

Had the order been implemented, the impact would have been felt across society. The primary victims would be the American voters themselves, whose sensitive data would be consolidated into a high-risk repository, increasing their exposure to identity theft and targeted disinformation campaigns.

State and local election officials would also be heavily affected. A federal mandate would strip them of their autonomy in managing voter rolls, a responsibility traditionally held at the state level. They would be forced to comply with a complex and potentially insecure federal system, adding immense operational burdens.

This proposal was not without precedent. In 2017, the Trump administration’s Presidential Advisory Commission on Election Integrity (PACEI) attempted a similar data collection effort. It requested extensive voter data from all states, but was met with widespread bipartisan refusal. State officials cited privacy laws and concerns about federal overreach. The commission was ultimately disbanded without finding evidence of widespread fraud, but the episode demonstrated the significant legal and political hurdles to federalizing voter data.

Ultimately, the most significant impact would be on the democratic process itself. A successful breach of a national voter list—or even a credible but false claim of a breach—could be weaponized by foreign adversaries or domestic actors to sow distrust in election results. The very existence of such a target would provide endless fuel for disinformation campaigns designed to erode public confidence in the integrity of the vote.

How to protect yourself

While this specific federal database was not created, the threats to election infrastructure and personal data are real. Voters and officials must remain vigilant.

For Voters:

• Verify Your Registration: Periodically check your voter registration status directly on your official state or county election board’s website. Do not trust third-party links sent via email or text.
• Beware of Phishing: Be skeptical of any unsolicited communications asking for personal information related to your voter registration. Election officials will rarely ask for sensitive data like a Social Security number via email.
• Report Disinformation: If you encounter claims about election fraud or security breaches, seek out trusted sources like your state election office or established fact-checking organizations before sharing.
• Secure Your Digital Life: Protecting your personal information online reduces the data available to those who might use it for malicious purposes. Using tools for general privacy protection, including strong, unique passwords for all accounts, is a foundational step.

For Election Officials:

• Follow Federal Guidance: Adhere to the cybersecurity best practices and resources provided by the Cybersecurity and Infrastructure Security Agency (CISA) and the Election Assistance Commission (EAC).
• Prioritize Security Fundamentals: Implement multi-factor authentication for all system access, conduct regular security audits and penetration tests, and ensure all software is patched and up-to-date.
• Educate Staff: Continuous training on how to spot and report phishing attempts and other social engineering tactics is essential, as personnel are often the first line of defense.

The 2020 proposal for a federal voter list serves as a powerful reminder that in cybersecurity, decentralization is often a strength. While streamlining data can seem efficient, creating a single, monolithic target for our nation’s most determined adversaries is a risk that our democratic process cannot afford to take.