States are right to push back on the DOJ’s pursuit of voter data
Over the past year, the personal data of millions of American voters has become the focus of an escalating legal and political battle. At the center are efforts by the Trump administration to gain access to state voter registration systems and records, including voters’ personally identifiable information, such as Social Security numbers, birth dates and driver’s license numbers.
Many states have declined to turn over voter PII, underscoring that their own laws protect this information from disclosure. Instead, they have provided the voter information that is publicly permissible under their respective state laws. In response, the Department of Justice has sued 29 states and the District of Columbia. Six states have so far succeeded in having the cases dismissed; one state reached a settlement and provided the requested data to the DOJ. The Trump administration has now also sought to access similar voter data from counties.
Wondering what the disputes are really about? In short, there are compelling reasons for states to safeguard voters’ personal data, and their systems and controls are integral to maintaining critical election security and integrity. The administration has claimed it needs the PII to determine states’ compliance with federal law, though it hasn’t specified why.
At the center of the dispute is a struggle over who controls the administration of elections, an issue grounded in principles that date back to the founding of our nation. Article 1, Section 4 of the Constitution provides that it is the states who have the power to establish “the Times, Places and Manner of holding Elections” for their citizens, and only Congress, not the president, can alter or supersede state procedures governing federal elections and registration.
Even under federal election laws enacted by Congress over many decades, state and local election officials have retained comprehensive authority over election management and voter roll maintenance. This makes sense in light of our nation’s framework of decentralized election administration, which recognizes that the officials closest to their citizens are in the best position to assess eligibility and establish robust processes to protect the integrity of the vote and ensure voter privacy. These safeguards include extensive state laws and established best practices employed by local and state election workers to verify eligibility, safeguard data, secure systems and materials, and audit results.
As amici in several of the lawsuits, a bipartisan group of former secretaries of state summed it up succinctly: “Allowing the President to change election rules and procedures on [his] whim…, without any input from election administrators charged with executing those rules and without the checks and balances provided by Congress, would be equivalent to dropping an anvil onto the carefully balanced scales of justice.”
Beyond the question of authority, the dispute raises broad concerns about data privacy, as well as how the data could be used to restrict eligible voters’ ability to vote. The president’s recent 2026 elections executive order, which includes provisions that seek to federalize control over the determination of eligibility for mail voting, invokes similar concerns.
In the DOJ lawsuits, states point out that even when Congress has legislated in the election realm, states have not been required to disclose personal voter data to the federal government. They assert that many state and federal privacy laws, including the federal Privacy Act and the federal Driver’s Privacy Protection Act, bar them from disclosing this sensitive information.
These privacy concerns should matter to every American. At a time when identity thieves use personal data in increasingly sophisticated ways, the Trump administration has offered no clear explanation of how it intends to use the data, who will have access to it, or what safeguards will protect it from misuse or breach. Government agencies and many others have long warned that identity thieves can create havoc by obtaining the birth date, driver’s license number, and Social Security number of an individual.
The Federal Trade Commission’s website, for example, warns that bad actors, using Social Security numbers or other PII, can steal tax refunds, access health insurance or medical details, or obtain employment under another individual’s identity, leaving the victim to sort out false wage reports or tax or insurance problems.
What is being contested is not whether voter rolls should be accurate — all agree they must. The issue is whether the president can upend the constitutional framework of our nation’s elections — without statutory authorization, safeguards or transparency — and sacrifice the protection of voters’ sensitive PII as a casualty of this effort.
The states’ position is persuasive. These scenarios underscore why the PII should remain confined to its original purpose, and state and local jurisdictions should shield their voters’ private information with unwavering vigilance.
Kathy Boockvar is president of Athena Strategies and a senior adviser to the Institute for Responsive Government. She has decades of election security expertise. She has served as Pennsylvania’s secretary of the commonwealth, as vice president of election operations at the Center for Internet Security, and as a poll worker and voting rights attorney.
John Lindback is a fellow at the Institute for Responsive Government. He has been administering and supporting election security for several decades, including serving for eight years as director of elections in the Oregon Secretary of State’s Office and six years as chief of staff to the lieutenant governor of Alaska.
