Election Security: Voter Registration System Policy Issues




August 7, 2019
Election Security: Voter Registration System Policy Issues
Discussions about federal election security often focus on
VRDBs were inappropriately accessed. Although the
protecting voting machines and ensuring the integrity of
committee found no evidence that registration data had
election results, but voter registration processes may also be
been deleted or changed in 2016, its report notes that data
vulnerable to interference. Real or perceived threats to voter
obtained in the breaches may be held for use at a later date.
registration data could undermine public confidence in the
The report also noted that the committee had “limited
electoral system. Altered voter registration data could
information on the extent to which state and local election
potentially prevent eligible individuals from voting or allow
authorities carried out forensic evaluation of registration
ineligible individuals to vote in many states and territories.
databases.”
Voter data may also be a target for identity thieves or others
seeking access to individuals’ personal information.
Centralized State Databases
VRDBs may be targets for those seeking to interfere in
For each state and territory (except North Dakota, which
elections or to access personal data on individuals. Each
does not require voter registration), voter registration can be
state with voter registration maintains a “centralized,
thought of as a system, organized around a centralized voter
interactive computerized statewide voter registration list,”
registration database (VRDB) containing individuals’
under Section 303 of the Help America Vote Act of 2002
names, addresses, and other information. The other
(HAVA). According to the SSCI and other government
components of a voter registration system can vary,
reports, Illinois’s VRDB was breached by cyber actors in
depending upon state law and practices. Typically, a VRDB
2016, resulting in exposure of voter registration data. These
receives inputs from various sources (e.g., individual
reports also note that another state’s registration database
voters, local registrars, or other databases) to update its
may have been accessed in 2016 using a state employee’s
records. During an election, the VRDB is used to verify the
credentials obtained via email phishing.
eligibility of those who turn out to vote and is shared with
local election administrators as poll books (or lists of
Under HAVA, the required centralized VRDB must at least
eligible voters). Database information may also be shared
contain the name, registration information, and a unique
with various sources for data verification, list maintenance
identifier for every legally registered voter in each state.
purposes, or in the interest of public availability.
Other features of a state’s database can vary, and it may
include additional personal data about individuals. States
The VRDB and the ways in which it connects to other
also vary in their technical and administrative policies
offices or entities involved in election administration
related to registration database management, such as the
(including vendors who provide software or equipment) can
level of access granted to the database; what backup
present security vulnerabilities. Some security
systems or audit trails are used; the degree of connectivity
vulnerabilities are related to cybersecurity or technology
to other election systems or sources of registration-related
and others are related to human errors or actions. A state
data; and the process for removing inactive or ineligible
must generally ensure that its VRDB maintains (1) accurate
voters from the database.
records; (2) privacy for individual data; (3) accessibility for
relevant actors; and (4) reliability during an election.
Sources for Updates or Verification
State VRDBs often receive or share data with other sources
States have different policies regarding registration and the
in order to verify new registrations, make changes to
management of voter data, and some state or local practices
records, or to remove ineligible voters. Unauthorized actors
may present bigger security challenges than others. Yet by
may seek to access the VRDB or other election systems
having a variety of voter registration systems across states,
through these connections between the database and other
potential problems that could arise may be limited to a few
sources. The SSCI report included three such examples
states or localities, rather than affecting a nationwide
from 2016. In one state, the committee noted that “at least
database or system.
one other government system connected to the voter
registration system” was being scanned by outside actors.
Registration Security Issues in 2016
In another state, the committee found that the website for a
A July 2019 report from the Senate Select Committee on
district attorney’s office had been targeted, possibly
Intelligence (SSCI) on Russian interference in the 2016
because its “most wanted” list “may have in some way been
election noted that VRDBs “were not as secure as they
connected to the voter registration system.” The committee
could have been,” and detailed instances in at least seven
also stated that multiple attempts were made to illegally
states where voter registration systems were targeted for
access Vermont’s online voter registration application,
access, either directly or through connections between the
which was connected to the state’s database.
central database and other governmental or election
systems. In two of those states, the report found that
https://crsreports.congress.gov

Election Security: Voter Registration System Policy Issues
In addition to the state election official(s) tasked with
on the distribution of currently registered voters. On
managing the database, a variety of other sources may
Election Day, poll books or lists of eligible voters are
transmit voter data to state election officials, including local
typically used at polling stations to verify the registration
election officials; individual applicants; government
status for individuals who turn out to vote.
agencies offering registration opportunities (e.g.,
departments of motor vehicles [DMVs]) or maintaining
States generally also maintain a degree of public
vital records; or election officials in other states.
accessibility for voter registration data. Many states, and
Connections to various data sources, such as a DMV or the
some localities, maintain websites that allow individuals to
Social Security Administration (SSA) database, are
check their registration status at any time, which can be an
commonly used to verify registration information received
important tool for catching errors that may have been
from applicants or to process registration status updates.
recorded in the centralized database. States also typically
Registration status changes can occur for a variety of
allow entities or individuals meeting certain requirements to
reasons, often dependent upon state law, including changes
request access to, or purchase, a list of registered voters.
related to an individual’s name, residence, mental
incapacitation, criminal status, or death.
The data contained in a voter registration system can
present identity theft or other personal privacy risks. For
States may also check registration information against other
safety reasons, some states restrict disclosure of certain
data sources for list maintenance efforts that seek to
registrants’ data, such as victims of domestic abuse or
identify duplicate registrations associated with a single
public officials. States can establish and publish privacy
voter or to identify those who are ineligible to vote. The
policies related to voter registration information that
U.S. Postal Service’s National Change of Address (NCOA)
address limits on what personal data are collected; how data
database, for example, is often used to identify voters who
can be used and by whom; what security and legal
have moved outside of an election jurisdiction. States also
safeguards are in place; and how access to specific records
might compare their registration records against other
or data elements can be restricted under certain conditions.
states’ lists through partnerships or interstate organizations
like the Electronic Registration Information Center (ERIC).
Mitigating Election Day Effects
Maintaining the security of a voter registration system is an
To preserve the integrity of the VRDB, states consider how
ongoing process for those who keep the database and its
information is added to, revised, or removed from its
related components continually operating behind the scenes
official records. States might allow connections between the
between elections. During an election, however, the
VRDB and other sources to check information, but they can
accuracy and reliability of a database becomes particularly
prevent any automatic changes from being made to
consequential. Errors related to individual records could
registration records or prohibit data-sharing partners from
prevent certain voters from casting ballots, or system-wide
viewing records in their entirety. Cybersecurity measures,
problems could affect all voters in a precinct or state. Any
such as firewalls or encryption, can help secure the
issue occurring on Election Day could undermine public
networks or communications channels that connect a state’s
confidence in the electoral process or outcome.
centralized database to other parts of a registration system.
States can also engage in a variety of accountability
Voter registration deadlines, in some states, may prevent
measures related to the VRDB, such as establishing access
certain changes from being made to an individual’s record
control policies; limiting access privileges; requiring the
immediately preceding, or during, an election. While such
consent of other officials for significant changes to the
deadlines can provide an opportunity for election officials
database; and utilizing an audit system to log any
to verify information and secure their records, some
connection or change to the database.
deadlines may also inhibit a voter’s ability to correct
particular registration errors or altered data. States generally
Access to Registration Information
provide ways for voters to check their registration status,
State election officials also share information from the
but reminders to voters to do so sufficiently ahead of an
VRDB for various purposes. Exporting information from
election or when list maintenance efforts occur may help
the VRDB may also present security risks. States must
prevent voters from learning of an issue only when they
typically have measures in place, for example, that prevent
attempt to vote. Similarly, some states notify voters any
unauthorized changes to the underlying data from being
time their registration information has changed.
made when it is exported from the database. States also
attempt to provide appropriate protections to avoid
If an issue with an individual’s registration status arises at a
disclosure of certain elements of registrants’ personal
polling place, the voter may cast a provisional ballot under
information, such as Social Security numbers or driver’s
HAVA. States, however, are often not equipped to use
license numbers for purposes other than verifying that
provisional ballots on a large scale, and vary in their
information with SSA or a DMV.
processes for how final voter eligibility is determined and
how such ballots are counted. To ensure election officials
Voter registration information is often shared for list
have accurate voter lists, jurisdictions also can maintain
maintenance efforts. State voter registration information
multiple means of accessing poll books, such as online
also usually must be shared with local election officials in
access to the data, electronic data stored on an offline
order to administer an election. Local election
computer, and/or a printed paper list of registered voters.
administrators, for example, often need to prepare and
deliver ballots to polling places in their jurisdiction based
https://crsreports.congress.gov

Election Security: Voter Registration System Policy Issues

Sarah J. Eckman, Analyst in American National
Government
IF11285


Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.

https://crsreports.congress.gov | IF11285 · VERSION 1 · NEW