Privacy Pinheads: The Staggering Stupidity of Trump’s Voter Commission

UPDATE (1 July 2017): Trump Voting Commission vice chairman Kobach — who himself was fined $1000 by a judge about a week ago for misleading a court on a voting-related matter — is now reportedly claiming that data sent to the commission (the email address option provided for that purpose apparently doesn’t even currently use basic STARTTLS email encryption!), will be stored on a “secure” server and won’t be made public. This assertion directly contradicts the letter sent to states, which specifically says that the data will be made public! As for a “secure” federal server … give me a break! That data will be in the hands of Russia and China, and up for sale on the Darknet for identity fraud, faster than you can say “Trump University.”

– – –

Across the political spectrum, states are refusing to cooperate with the voter information request from Trump’s White House Voter Commission. As of yesterday, at least 25 states — including one that’s the home state of a commission member — are refusing the request in whole or part. 

Trump is upset. “What are they trying to hide?” he’s ranting. And for once in his damned life he’s right — but not for the reasons his micro-brain postulates. It’s actually not at all about Trump’s voter fraud fantasies, it’s all about basic privacy.

These states are indeed trying hide something — they’re trying to hide the private information of their citizens from the massive privacy abuses that would occur if that data were turned over to the commission!

I’ve been running my PRIVACY Forum mailing list — https://lists.vortex.com/mailman/listinfo/privacy — here on the Internet continuously for a quarter century. In that time, I’ve seen a wide range of privacy issues and problems — from the relatively trivial to the mind-blowingly disastrous. 

But (to paraphrase the great composer and playwright Meredith Willson), I’ve never seen anything in terms of sheer bang beat, bell ringing, big haul, great go, neck or nothin’, rip roarin’ stupidity in the privacy realm that rises to the level of the Trump commission data request. 

Let’s see what they asked for from all 50 states (and to be delivered within 16 days, by the way):

• Full first and last names of all registrants, middle names or initials
• Addresses
• Dates of birth
• Political party
• Last four digits of social security number
• Voter history (elections voted in) from 2006 onward
• Active/inactive status or cancelled status
• Information regarding any felony convictions
• Information regarding voter registration in another state
• Information regarding military status
• Overseas citizen information.

And they note:

Please be aware that any documents that are submitted to the full Commission will also be made available to the public.

Bozo’s nose is flashing red! The privacy abuse meter just pinned over against the right-hand peg in the danger zone! The self-destruct announcement lady has started her countdown!

The commission’s request is insanity. And their offhand mentioning that the data will be made public (perhaps to encourage “vigilante” actions using that data?) takes that insanity and accelerates it to warp speed.

It’s truly mind-boggling. Much of that data is exactly the sorts of information that are primary fodder for privacy abuses. How often are you asked for your date of birth or last four digits of your SSN to identify yourself? Yeah, one hell of a lot!

And contrary to what the supporters of this outrageous data request are now asserting, much of that data is not public in the first place, and has specific usage and distribution restrictions placed on it by state laws when it is made available. Making that data openly available in the manner that the commission describes would in many cases be a direct violation of law. Lock them up!

For example, here in California, Title 2, Division 7, Article 1 section 19005 of the California Administrative Code specifies that:

No person who obtains registration information from a source agency shall make any such information available under any terms, in any format, or for any purpose, to any person without receiving prior written authorization from the source agency. The source agency shall issue such authorization only after the person to receive such information has executed the written agreement set forth in Section 19008.

And the code further specifies the specific ways that data obtained under this section can and cannot be used, which obviously could not be enforced under the commission’s public data dump paradigm.

The manners in which this kind of data could be abused — both by the federal government and by anyone else who gained unrestricted access to this trove after the commission made it public — would be immense. Not only are the individual information elements subject to abuse, but the ways in which this data could be combined with other personal data from other sources creates a privacy nightmare deluxe. 

If a private firm proposed to handle personal data this way, they’d be crucified.

There are of course many reasons to suspect — and various states have been saying this in no uncertain terms — that the real purpose of Trump’s commission is to devise new mechanisms for the GOP to deploy for voter suppression. I agree with this analysis.

But leaving that aside — purely from a privacy abuse standpoint the commission’s data request is beyond stupid, beyond inane, beyond dangerous — but indeed what we might have expected from a commission working for this particular Commander-in-Chump.

The states are right to push back hard against the commission’s utterly intolerable data request. And the mere fact that such an inept, idiotic, and privacy busting request was made in the first place is yet another proof that Trump’s Voter Commission is just another inept Donald Trump fraud.

–Lauren–