Incognito — October 2024: Election Privacy

Welcome to the October 2024 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

October is Cybersecurity Awareness Month.

Here’s what we’re talking about: 

• Election privacy. Is it true that “you can vote or you can have privacy”?
• Recommended reads, including “A Third of US Population Just Had Their Background Info Exposed.”
• Q&A: How can I improve my offline privacy? 

“Millions of US Voter Data Exposed in 13 Misconfigured Databases” ran a headline in August. 

The truth is that in many states, voting records are already public. And although they don’t expose sensitive information like Social Security Numbers, publicly accessible records can still put voters at risk of harassment, doxxing, and other attacks. 

A POLITICO review of forums used for coordinating online harassment found multiple cases where harassers identified potential victims’ addresses through national voter registration records. 

Here’s what you need to know about voter privacy ahead of the November elections. 

Are Voting Records Actually Public?

To a point, yes.

It is typically possible to see whether someone voted or not, as well as their personal information, such as name and address. In some states, party affiliation is also shown. 

Tip: If you want to stop others from being able to tell who you’re likely to vote for, register independent (and then vote for whoever you want). Just be prepared to get more political mail than ever if you take this route. 

It is not possible to see who a person voted for, even in a presidential election. Ballots are always secret. However, earlier this year, Votebeat and The Texas Tribune found it possible to tie some voters to their ballots through publicly available information. 

How accessible voter registration data is depends on the state you live in. For example, voter files in Colorado contain full names, addresses, year of birth, political parties, and vote history (i.e., elections in which you did or did not vote). 

Who Can Access Voter Files?

In many states, anyone can access voter information (though you might have to reside in the state you’re requesting information on), whether for free or a fee (which can vary substantially). This is because certain pieces of voter information are considered “public records.” 

• Some states only allow access to voter information under supervision at local election offices. 
• A few states let you look up voter information online without any authentication. 

More concerning is that a number of states don’t have rules for what the voter information can be used for. 

Voter registration records are also one of many sources data brokers draw from.

Want to know how your state is doing in terms of voter information privacy? Comparitech research from a few years ago shows that the best states for voter data privacy are Virginia, Indiana, California, Utah, Minnesota, South Dakota, North Dakota, New Hampshire, and Louisiana. 

As for the worst states, they are North Carolina, Ohio, Arkansas, Massachusetts, Oklahoma, Connecticut, and Michigan. 

Tip: See a state-by-state breakdown of who can request voter information, what the files contain, what is kept confidential, and more on the National Conference of State Legislatures site. 

It Might Be Possible to Make Your Voting Information Private…

If you’re lucky, that is. 

Some states allow individuals to become a confidential voter. 

For example, in Colorado, you can go into the County Clerk and Recorder’s office, self-affirm that you believe you/a household member will be in danger of bodily harm if your address isn’t made confidential, complete the relevant form, and pay $5 to have your voter registration record kept private.

In Alaska, voters can keep their addresses private by providing a separate mailing address. 

Address Confidentiality Program (ACP) participants might also be able to register to vote as an ACP voter, depending on their state. 

Tip: See Voter Roll Privacy for state-by-state rules related to voter roll privacy.

You Might Also Be Able to Vote By Mail

Even if you’ve always been happy to vote in person, news reports of proposals to use AI cameras to stream footage of ballot dropboxes might make you reconsider. 

So, can you vote remotely? 

Again, it all depends on the state you live in.

• Some states let voters submit absentee/mail ballot applications if they have a valid excuse. 
• But a number of states let anyone apply for an absentee ballot. 

Tip: See the National Conference of State Legislatures table to see if you’re eligible to apply for an absentee ballot. 

BTW, It’s Cybersecurity Awareness Month 

Obviously, cybersecurity is something that we should be thinking about year-round. 

But let’s be honest… most of us probably don’t. 

So, what better time to do a quick audit of your cybersecurity practices than during the month dedicated to it? It doesn’t need to be a complex chore, either. 

Ask yourself: 

• Are all your devices, apps, and software up to date? If you’ve been putting off an update, do it now (here are the biggest risks in delaying updates). Even better, set your device to automatically install updates at night when you’re not using it. Follow this Wirecutter article on how to turn on automatic updates everywhere so you never have to worry about manually updating your phone, laptop, etc., ever again. 

• Are your passwords strong and unique? The Cybersecurity & Infrastructure Security Agency offers three simple tips to strengthen your passwords: make them long, make them random (using passphrases or a random mix of mixed-case letters, numbers, and symbols), and, of course, make them unique (if you reuse passwords, one compromised password can put your other online accounts at risk).

• Do you have multi-factor authentication enabled on sites and apps that offer it? If you’re not sure, the 2FA directory lists sites that support 2FA, including email, SMS, phone calls, software, and hardware. 

• Are you aware of the latest phishing tactics and scams? For example, QR scams are still going strong, and sextortion scams now include pictures of your home (part of a rising trend of criminals using publicly available information to blackmail you). 

We’d Love to Hear Your Privacy Stories, Advice and Requests

Do you have any privacy stories you’d like to share or ideas on what you’d like to see in Incognito going forward? Any tips for maintaining your privacy during elections? 

Don’t keep them private!

We’d really love to hear from you this year. Drop me a line at laura.martisiute@joindeleteme.com.  

I’m also keen to hear any feedback you have about this newsletter.

Recommended Reads

Our recent favorites to keep you up to date in today’s digital privacy landscape. 

A Third of the US Population Just Had Their Background Info Exposed

A data leak at the background check company MC2 Data (which operates sites like PeopleSearcher, PrivateReports, and PeopleSearchUSA) exposed the personal information of at least 100 million Americans. The leak likely happened due to human error. Subscriber information (i.e., people and organizations using the service) was also exposed. 

California Governor Vetoes Amendment for Opt-Out Preference

A bill that would have required mobile operating system and web browser makers to let consumers limit data collection by sending opt-out preference signals was vetoed by California Gov. Gavin Newsom. Newsom said he was worried the bill would impact mobile devices’ usability. Consumer Reports said the “industry worked overtime to squash this bill.”

Cybercriminal Says It Breached Temu; Temu Says That’s Not True 

A cybercriminal claims to have stolen millions of Temu customer records, including IP addresses, full names, and birth dates. An ad for the records was put up for sale on a dark web forum with a small sample and the promise that the “data has never been sold before” and “only copy will be sold.” Temu says the sample doesn’t match the records in its database.

“Vast Surveillance” from Tech Companies, Says FTC 

According to a recent Federal Trade Commission (FTC) report based on a four-year investigation, social media and video streaming companies collect massive amounts of personal data, which they then keep indefinitely (on users and non-users) and share with third parties. The report provides recommendations on how to stop the “vast surveillance of users.”

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: A lot of privacy tips are for online stuff. How can I improve my offline privacy?

A: What a great question.

The answer to which, as is often the case, depends on your threat model.

However, some things that everyone should probably do for better offline privacy include the following:

• Tear out parts of letters/documents with your name, address, and other important details, then shred/burn them. You can also get an address blocker stamp. 
• Don’t carry your government documents (Social Security cards, passports, etc.) in your wallet. 
• Don’t use loyalty cards. Still want that discount? Follow Tom Ritter’s, iSEC Partners’ principal security consultant, example by asking other people with loyalty cards if you can take a photo of their card’s bar code and then use it for your own purchases. You get a discount; they get points – it’s a win-win. 
• Pay with cash where possible. 
• Leave your phone at home. Comparitech has a great article on all the ways a smartphone tracks you, even when it’s off. 

Q: Is it worth using AdNauseum?

A: Interesting question! 

AdNauseum is an ad blocker based on uBlock origin that, in addition to blocking ads, also clicks on every ad blocked (though users can change the click rate). 

The idea behind it is to create noise and fake data for advertisers (i.e., if you click on every ad you see, what are you really interested in?) 

But does it actually work? 

In 2021, MIT Technology Review tested this tool and found that yes, it does indeed work, most of the time. 

However, Google can still track you in other ways. There’s also the fear among internet users that using AdNauseum will actually make you stand out even more and, therefore, make you easier to track overall.

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito? 

That’s it for this issue of Incognito. Stay safe, and we’ll see you in your inbox next month.