Full Report
Even limited voter rolls can be linked to identify people, research shows
Analysis Summary
# Research: Public Voting Records: A Record, or an Attack Surface?
## Metadata
- **Authors:** Noah M. Kenney
- **Institution:** Digital 520 (Consultancy)
- **Publication:** Technical analysis/Whitepaper (as reported by *The Register*)
- **Date:** May 4, 2026
## Abstract
This research explores the privacy risks inherent in publicly available voter registration data. By comparing disclosure regimes in Texas and North Carolina, the study demonstrates that even when specific sensitive fields (like full Date of Birth) are redacted, individuals can be re-identified with high precision by linking voter rolls with external datasets, such as Federal Election Commission (FEC) contributions and social media. The findings suggest that voter rolls act as a "fingerprint," exposing military families, employment details, and personal contact information.
## Research Objective
The research addresses the question: **How effective are current data redaction strategies in protecting the privacy of voters when records are subjected to data-linking attacks?** It specifically seeks to quantify the likelihood of re-identifying "anonymous" individuals by merging voter files with other public datasets.
## Methodology
### Approach
The researcher employed a **Data Linkage (Record Linkage) attack** methodology. This involved taking "de-identified" or limited voter records and joining them with external datasets using common keys (PII) to see if unique individuals could be isolated.
### Dataset/Environment
- **Travis County, Texas:** Represents a restrictive regime (redacts DOB, party affiliation, and race).
- **Robeson County, North Carolina:** Represents a transparent regime (includes year of birth, race, gender, and phone numbers).
- **FEC Individual Contribution Data:** 2024 cycle records for ZIP code 78704.
### Tools & Technologies
- **Python:** Used for scripting the data joins and analysis.
- **FEC OpenAPI:** For fetching campaign contribution records.
- **Inner-join algorithms:** Used for exact matching on (Last Name, First Name, ZIP).
## Key Findings
### Primary Results
1. **High Re-identification Rates:** Name and ZIP code alone uniquely identify 95.81% of Travis County voters and 87.79% of North Carolina voters.
2. **The "Voting Fingerprint":** 98.4% of long-term voters in Travis County have a unique "turnout pattern" (which specific elections they voted in), making their history a unique identifier.
3. **Ineffective Redaction:** Texas’s decision to hide DOB is undermined by the inclusion of the "Registration Date." Combining ZIP, Gender, and Reg-Date uniquely identifies 28% of voters.
4. **Military Exposure:** Voter rolls in Travis County exposed 320 military families by publishing APO/FPO (military post office) mailing codes.
### Supporting Evidence
- A join between 181 unique FEC contributors and the Travis County voter file resulted in a **52.49% unique match rate** using only basic scripting.
- Of the matched contributors, **74.3%** were linked to their specific employer via the FEC data.
### Novel Contributions
- **Turnout Pattern Entropy:** Identified that the specific combination of elections a citizen participates in over 30 years acts as a biometric-like signature.
- **Redaction Comparison:** Demonstrated that "less data" (TX) does not meaningfully increase privacy over "more data" (NC) if the remaining fields still allow for unique joins.
## Technical Details
The study utilized the **FEC individual-contribution data** as a "bridge" dataset. Because FEC data contains employer information and exact names, performing an inner join with the voter file (which contains residential addresses) allows an attacker to map a person’s home address to their workplace and political leanings. The research specifically highlights that phone numbers in North Carolina rolls are **88.53% unique**, making them a "primary key" for cross-referencing with leaked commercial databases.
## Practical Implications
### For Security Practitioners
- **Data Enrichment Risks:** Analysts must realize that voter rolls are a primary source for "doxxing" and identity enrichment. Malicious actors can use these rolls to validate targets for phishing or social engineering.
### For Defenders
- **Access Control > Redaction:** The research suggests that redacting fields is less effective than implementing **access controls** (identity verification for requests, rate limiting, and audit logs).
- **Generalization:** Recommends "jittering" dates—reporting birth/registration years rather than exact days to reduce the uniqueness of the records.
### For Researchers
- **AI-Enhanced Re-identification:** Future research should look at how Large Language Models (LLMs) can automate "fuzzy matching" (nicknames, address variations) to increase match rates beyond the 52% found in this study.
## Limitations
- **Geographic Scope:** The study focused on only two counties; disclosure laws vary significantly across the thousands of US jurisdictions.
- **Heuristic Matching:** The researcher used exact matches; actual match rates are likely much higher for professional data brokers using fuzzy logic.
## Comparison to Prior Work
This builds on **Latanya Sweeney’s (2000)** seminal work which showed 87% of Americans are unique via ZIP/Gender/DOB. Kenney’s work updates this for the modern era, showing that even without DOB, "Registration Date" and "Voting History" serve as viable substitutes for re-identification.
## Real-world Applications
- **Intelligence Operations:** Foreign services identifying families of deployed service members via APO/FPO codes.
- **Employment Discrimination:** Employers vetting applicants' political leanings via primary ballot history.
- **Identity Fraud:** Identifying "suspense" voters (those with returned mail) to hijack identities for address-change fraud.
## Future Work
- **The Role of AI:** Investigating how automated tools can bridge disparate public datasets at scale.
- **Policy Advocacy:** Evaluating the impact of federal privacy legislation (like the Secure Data Act) on local government record-sharing.
## References
- Kenney, N. M. "Public Voting Records: A Record, or an Attack Surface?"
- Sweeney, L. "Simple Demographics Often Identify People Uniquely."
- FEC Individual Contribution Dataset via `api[.]open[.]fec[.]gov`