Since President Trump's Election Integrity Commission was last in court, the commission has announced plans to dramatically alter how it plans to collect state voter information in an attempt to avoid a potential legal ruling that could require it to conduct a privacy assessment before collecting the data.
The plan, more or less, is to have a few people on the White House staff conduct all of the work of the commission in order to help maintain a legal argument that the "sole function" of the commission is to advise the president. The commission is chaired by Vice President Mike Pence.
On Monday, Charles Christopher Herndon, the director of White House Information Technology, laid out how limited that would be in a declaration submitted in the case brought by the Electronic Privacy Information Center.
"The Executive Committee for Information Technology will have no role in this data collection process. The U.S. Digital Service (which is within the Office of Management and Budget) will also have no role, nor will any federal agency," Herndon wrote. "The only people who will assist are a limited number of my technical staff from the White House Office of Administration."
The Presidential Advisory Commission on Election Integrity — whose membership has only added to the concern that the commission is an attempt to push back voting rights — announced previously that it would not be using a Defense Department website for states to upload requested voter data. (Many states have balked at sending all of the data requested, and only one — Arkansas — submitted data by the time of the July 7 hearing in the case.)
The commission stopped using the Defense Department site because the federal judge hearing EPIC's case challenging the would-be data collection made it clear that she saw potential problems under the E-Government Act if non-White House agencies were involved in the data collection. This is so because such agencies would more clearly be subject to the law's requirement that a privacy impact assessment be completed before the government engages in certain actions.
No such assessment was conducted before the commission's vice chair, Kansas Secretary of State Kris Kobach, requested the data from state officials. EPIC sued. The Justice Department lawyers defending the commission are focused on two arguments: EPIC and its members don't have standing to bring the lawsuit, they say, and, even if they do, the commission — because it only advises the president — is not covered by the law.
Judge Colleen Kollar-Kotelly initially heard arguments in the case more than a week ago. At the hearing on July 7, she made clear that she thought the Defense Department should be added as a defendant in the lawsuit (presumably because she thought that made an easier case for arguing that the privacy assessment needed to be done).
EPIC did so, but days later the Justice Department announced that the commission would no longer be using the Defense Department website for states to upload the data. Kollar-Kotelly asked for more briefing on how the case should proceed, leading EPIC to file an amended complaint and an amended request for an order stopping the commission from collecting the state data. The commission, which agreed not to collect any state data until the judge rules on EPIC's request, opposed the request on Monday. EPIC filed its reply shortly thereafter.
In addition to the standing question, the major dispute before Kollar-Kotelly at this point is over whether and when the E-Government Act’s privacy assessment is required of actions within the White House.
The government argues that a narrow interpretation applies — that the assessment would only be required if the commission had "substantial independent authority in the exercise of specific functions." EPIC argues that a much broader interpretation should apply — one that clearly would require the commission to do an assessment.
Herndon submitted his declaration in connection with Monday's Justice Department filing. In addition to explaining who would be running the IT part of the commission's work, he also laid out how the commission now plans to collect, store, and deal with the state data request.
First, here's the way the commission, per Herndon, plans to have the states submit data:
Then, per Herndon, here is how he is planning on the commission getting access to the data:
Herndon also included a brief aside about the data's accessibility to his technical staff, writing, "They will have access to the data, but all access will be logged and recorded by our network monitoring tools."
Notably, the Defense Department conducted a privacy assessment of the site the commission originally announced would be used to upload the state data. (EPIC argued that assessment was insufficient because it was not considering the type of data transfer involved in the commission's work.)