AAPD-DVP AAPD comments on voter registration database design

AAPD comments on voter registration database design
May 25, 2005

Juliet Thompson
General Counsel
Election Assistance Commission
1225 New York Ave., Suite 1100
Washington, DC 20005
Dear Ms. Thompson:
The American Association of People with Disabilities (AAPD) is the nations largest cross-disability organization with over 100,000 members across the United States. AAPD supports secure, accurate and independent voting for all Americans and full implementation of the Help America Vote Act (HAVA).
AAPD wishes to express its appreciation for the opportunity to comment on the Election Assistance Commission's (EAC) position statement concerning states' implementations of statewide voter registration systems pursuant to the Help America Vote Act (HAVA) of 2002.
We view this element as being critical to HAVA's ultimate success. Reforming the way Americans vote in elections is important. Providing accessible voting devices to everyone is critical. However, if we do not have current, accurate, accessible, and timely voter registration processes and data, we perpetuate a potential for having hundreds of thousands of Americans disenfranchised through computer keystrokes. If we do not maintain our voter registration lists rigorously, we have a potential that voters will not know where they should vote. We even continue a possibility that individuals will be listed incorrectly in voter registration systems in more than one jurisdiction.
AAPD has the following recommendations to be included in the Voluntary Voting System Guidelines (VVSG) for state voter registration databases:
There are 20.9 million voting aged citizens with disabilities who are not registered to vote (55.7% of the total disability population). The NVRA requires disability and social service agencies, such as Medicaid, to be integrated to the same degree as registrations from Department of Motor Vehicles. Voter registration applications coming from disability and social service agencies must be electronically conveyed to the state voter registration system for processing. The conveyance should be in real time, meaning that as data is entered into the agencies database, it is automatically and simultaneously transmitted to the states voter registration database.
When Congress was debating the NVRA, it included Section 7A because it recognized that many poor people and people with disabilities would not have a need for a drivers license. In order to avoid creating a voter registration gap between people with disabilities and the general population, social service and disability agencies are required to provide voter registration services. Regretfully, the mandates of Section 7A have been ignored. The voter registration gap which Congress expected to correct, in fact, exists and some data indicates that the gap is growing. Guidance requiring disability and social service agency conformity will not only ensure compliance with Section 7A of the NVRA, but will also help to ensure that states maintain accurate and up-to-date voting records as required by HAVA. States try to justify their lack of compliance by arguing that social service and disability databases cannot be made compatible with their voter registration database this is absurd and false. With effort, any database can be made compatible with any other database. The VVSG must correct this violation of federal law and end the voter registration discrimination faced by Americans with disabilities as well as those citizens who depend upon social services to survive.
The way states meet HAVA's mandate in Section 303 will determine how election officials handle all of these issues. We have heard recently that some states are pursuing implementation in a so-called "top-down" approach. The EAC's comments indicate that this approach is "more compliant" with Section 303's requirement that the statewide voter registration system be "a single, uniform, official, centralized, interactive computerized statewide voter registration list defined, maintained, and administered at the State level." This approach means that each state's election jurisdictions will have "uniform" hardware, software, and procedures for storing and managing every voter's registration information. It means that the election jurisdictions will use this system to enter voter registration information on an "expedited" basis into the centralized system.
The EAC also refers to a so-called "bottom-up" implementation approach. This system approach refers generally to situations in which counties in a state might have different hardware, software, and voter registration processes. However, on a daily, weekly, or monthly basis-which is not well defined by the EAC-the local jurisdictions upload their data into the official, centralized, interactive statewide "list." The EAC indicates that this approach is "less compliant" HAVA's Section 303 mandates.
The phrases "top-down" and "bottom-up" are not very helpful, either conceptually or technically, to people who have to implement critical information systems. One seems to say that you must have a completely new system if you do not already have a statewide voter registration system, replacing all that you have. That is a compliant system.
A uniform, centralized voter registration system will facilitate the administration of elections by providing additional data on each voter, such as the need for ballot and election information in a language other than English and special accommodation requirements for voters with disabilities.
The other seems to say that you can be compliant by cobbling together a patchwork of existing systems, even if they do not meet the HAVA's clear requirements for singularity, uniformity, centralization, interactivity, and expedition. The EAC's comments seem to suggest that states can be "a little compliant" with HAVA. This approach is dangerous. It administratively weakens what is a clear mandate for compliance. It provides for an almost certain situation in which any number of registered voters' "official" records can differ at the state and local levels because of a day, week, or longer lag between entry at the local level and update into the state database.
Instead of using the "bottom up" terminology, the EAC might use more accurately the phrase "trickle in architecture" coined by Glenn Newkirk of Info SENTRY Services. He refers to a situation in which various HAVA-mandated data "trickle in" to the statewide database from local jurisdictions, state agencies, and the Social Security Administration. We submit that HAVA's authors in no way intended to mandate and pay for a "trickle in" patchwork system in each state. HAVA does not say that states shall implement "a more or less single, more or less uniform, more or less official, more or less centralized, more or less interactive computerized" statewide voter registration system. HAVA intended for data entry, data management, and data inquiry to be interactive and real time on the official, statewide database.
It intended for these activities to occur with local jurisdictions using:

Uniform data structures among election jurisdictions,

A uniform hardware architecture among election jurisdictions,

A uniform software architecture among election jurisdictions, and

Continuous, high-speed network connections among a state's election jurisdictions for interactive data entry, data management, and data inquiry.

The "trickle in" architecture for which the EAC provides implicit approval does none of these. The EAC should refine its document to make it clear that states should not spend Federal funds for any system that does not meet HAVA's clear intent.
HAVA's Section 303 also requires that the "appropriate State or local official shall provide adequate technological security measures to prevent the unauthorized access to the computerized list established under this section." The "trickle in" model virtually precludes a statewide voter registration system from having "adequate technological security measures" because it leaves each local election jurisdiction to define and establish its own measures. Is it reasonable or even possible to assume that all 17, 36, 64, 67, 75, 88, or 100 local jurisdictions in a state will provide equivalent levels of "technological security measures" for their registered voters' records? Is it reasonable or even possible to establish clear responsibility and accountability for information security when all of those jurisdictions are free to provide their own definition and administration of what constitutes "adequate technological security measures"?
The answer to both questions is no. Some local jurisdictions probably have very sophisticated security measures that even some states will have difficulty matching. However, other local election jurisdictions probably have little more than a locked office door protecting their electronic data. Adequate security measures for official voter registration records will require a much greater uniformity of measures to protect the confidentiality, integrity, and availability of our nation's official voter registration records.
HAVA did not intend to create a "trickle in" or "lowest common denominator" model of data security in which the weakest link in a local jurisdiction dictates the level of security for the entire statewide database. By mandating that state or local election jurisdictions "shall provide adequate technological security measures" HAVA established an auditable benchmark for information system security that can be met only by a centralized, uniform, integrated architecture. It is an architecture that places clear responsibility and accountability with the person in charge of the official records.
Establishing centralized, uniform, interactive statewide system is not easy. However, the EAC's apparent acceptance of these cobbled-together systems simply defers the pain of centralization and uniformity to later days. That pain will come one error, one delayed registration, and one local system failure at a time until a states implement well-managed uniform systems. Establishing a centralized, uniform, interactive statewide system is not inexpensive. However, the EAC's apparent acceptance of these cobbled-together systems simply spreads the cost of systems maintenance and management out to the counties, masking the total, aggregated cost of a statewide system that still falls short of HAVA's mandate.
In revising its document, the EAC should ask itself why companies do not build, or even allow, patchwork systems. Can each McDonald's franchisee decide to implement its own non-uniform computer system? Does Wal-Mart allow its stores to transmit credit card and inventory transactions to Bentonville every so often? Do major banks allow branches to establish their own "adequate technological security measures" to protect customers' data? Should the EAC allow less timeliness, integrity, and security of data related to one of our most precious constitutional rights to be less than that of fast-food, retail, and banking data?
Now is a time for the EAC to be clear in its interpretations of HAVA and provide clear guidance in what Chief State Election Officials must do to be in FULL compliance with HAVA.
Sincerely,
Jim Dickson
Vice President of Government Affairs
American Association of People With Disabilities (AAPD)
202-457-0046 x25
202-457-0473 fax
1629 K Street NW, Suite 503
Washington, DC 20006
Email

Member Benefits | About AAPD | Join | Disability Resources | News | Contact Us | Calendar | Home