Leo Pate, Application Security Consultant at nVisium, a Falls Church, Virginia-based application security provider, says the privacy problem is twofold: 1) from a state data collection standpoint, and 2) from a technology perspective.
Pate explains, “From a state data collection perspective, the issue that most states face is “what data do we collect, who can access it, and what data do we not give out.” State election administrators want to run fair and open elections; however, the rules regarding how they do so is largely dictated by the state government. The good news is that there has been a lot of activity regarding state voter information and election security since the 2016 Presidential election. For example, in the vast majority of states, there are stipulations that must be met before any person or organization can acquire voter data and what data will be provided. Just like with any data, voter data can also be fused with other data sources to “paint” a bigger picture about any individual voter. While you may not be able to receive a home address for a voter via a state’s voter file, you can take that voter’s name and do a lookup via the white pages to find an address. From there, you can determine their potential state and federal officials.
“From a technological perspective, if the “Vote Joe” (VJ) application can access a user’s contact list on their device, how is VJ storing that data and what protections are in place to safeguard that data? There are numerous mobile application vulnerabilities that can be manipulated for exploits. The world we live is a mobile one, highly interconnected and a lot of telemetry on ourselves resides on our mobile devices. While voter data collection and the fusion of other data sources are definitely privacy concerns, the tools we chose to use in the election process should also be just as heavily scrutinized,” Pate says.