Data Privacy

Voter Files: The Public Record Almost Nobody Knows They Are In

July 11, 2026 7 min read Haven Team

Registering to vote in the United States creates a government record containing your full name, home address, date of birth or age, and, election by election, whether you showed up. In most states that record is public by design, and an industry exists to collect, enrich, and resell it. Twice in the past decade, databases covering nearly every registered American voter have sat exposed on the open internet. Most of the people in them have no idea the file exists.


What Is Actually in a Voter File

The core record, maintained by each state, typically contains your name, residential address, mailing address, year or full date of birth, party affiliation where states register it, precinct, and your participation history: which elections you voted in, going back years. Participation history records that you voted, never how; the secret ballot survives. Some states include phone numbers; a few historically included partial Social Security numbers or driver's license data in the registration record itself, though those fields are generally excluded from the public version.

Public accessibility is not an oversight. Voter rolls are public records for accountability reasons that predate the internet: parties and candidates verify eligibility, researchers audit elections, and journalists check the rolls for irregularities. The transparency is doing real democratic work. What changed is the cost of assembling, copying, and cross-referencing the records, which fell from "weeks in a county clerk's office" to zero.

Who Gets the File

Access rules vary widely by state. Some states restrict the file to political committees and require signed use agreements limiting it to electoral purposes. Others sell it to effectively anyone: journalists, academics, marketers, or a private individual with a modest fee. Ohio and a handful of other states have gone further and publish downloadable voter rolls on state websites.

Above the state files sits a commercial layer. Firms such as L2, Aristotle, and TargetSmart assemble the state files into national databases, keep them updated, and enrich them by joining against consumer data: estimated income, modeled ethnicity and religion, magazine subscriptions, gun ownership likelihood, hundreds of scored attributes per person. Campaigns of both parties are the primary customers, and the enriched national voter file is the backbone of modern political targeting. The enrichment is the part your state never collected and never asked your consent for; it arrives from the same broker ecosystem described in our data broker opt-out guide.

The Two Leaks That Covered Nearly Everyone

Aggregation concentrates risk, and the record here is concrete.

In December 2015, security researcher Chris Vickery found a database of 191 million US voter registration records configured for public access on the open internet: names, addresses, dates of birth, phone numbers, party affiliations, and vote history, essentially the national voter file, requiring no password. No party ever formally accepted responsibility for the misconfiguration.

In June 2017, UpGuard researchers found an Amazon S3 bucket belonging to Deep Root Analytics, a data firm working for the Republican National Committee, publicly readable and holding about 198 million voter profiles, roughly 1.1 terabytes. This was the enriched version: alongside the registration data sat modeled scores on individual voters' likely positions on dozens of political issues. Anyone who found the URL during the exposure window could have copied the political profile of nearly every American adult.

The asymmetry to notice

You can update your address or, in some states, cancel a registration. You cannot recall a copy. Every download of a state file, every broker snapshot, every leaked bucket is a fork of your record that persists and circulates on its own schedule, with your home address in it.

Why This Is a Safety Issue

For most registrants, the voter file mostly means political mail and campaign texts. For a smaller group, it is the weak point that undoes every other precaution. A voter record is a name-to-home-address lookup, refreshed by the government whenever you move and re-register. People-search sites ingest voter files among their sources, which means the address you carefully keep off social media can surface from your civic registration instead. For stalking survivors, abuse victims who relocated, judges, and journalists who write about violent actors, that lookup is the difference between an online harasser and one at the door; the mechanics are the same ones covered in our doxxing protection guide and OSINT footprint post.

Legislatures know this, which is why nearly every state operates an Address Confidentiality Program (ACP): a scheme, typically for documented survivors of domestic violence, sexual assault, or stalking, that substitutes a state-issued address for your real one across public records, voter rolls included, and forwards your mail. Many states also shield specific professions, police officers, judges, prosecutors, on request. The protection is real but narrow, requires enrollment before the records propagate, and does nothing about copies already circulating.

The Same Data Under Other Rules

The US arrangement is one policy choice among several, and the contrast is instructive. In the European Union, political opinions are special-category data under GDPR Article 9, with processing prohibited by default and narrow exceptions; a broker openly selling per-person modeled political stances would be operating squarely inside the prohibition. The UK splits its electoral register in two: an open version anyone can buy, which individual voters may opt out of, and the full version restricted to elections, credit referencing, and law enforcement. Canada restricts its federal list of electors to electoral participants and purposes.

Jurisdiction Who can obtain voter data Individual opt-out
US (most states) Political actors always; in many states, researchers, media, or the general public Rare; ACPs for documented safety cases
UK Open register sold commercially; full register restricted Yes, from the open register
Canada (federal) Parties, candidates, election administration Limited; commercial sale not permitted

What a US Registrant Can Do

There is no way to fully separate voting from record creation, and declining to vote over it is a bad trade against a risk that, for most people, is manageable with the steps above. The useful posture is the same one that applies to every dataset in this series: know the record exists, know who can read it, and shrink the optional parts.

Try Haven free for 15 days

Encrypted email and chat in one app. No credit card required.

Get Started →