My daughter just turned 18. She’s smart, opinionated, and absolutely ready to vote. And I did something that feels almost sacrilegious for a parent who cares deeply about democracy: I told her to wait. Not forever. Not to disengage. Just to hold off on registering until we’re closer to the deadline this fall. Why? Because right now, our voter registration systems are a mess — a political battlefield where our personal data is being treated like a weapon, passed around between governments and third‑party vendors, and routinely left hanging out on the open internet like a forgotten file on someone’s desktop. I don’t want my kid’s full name, address, date of birth, and partial Social Security number sitting in some unsecured cloud bucket or in the hands of a contractor who treats “security” as an afterthought. And that is not a hypothetical fear. It’s exactly what has already happened, over and over again. This is not about discouraging her — or anyone — from voting. It’s about the adults in charge of this system behaving so irresponsibly with voter data that I don’t trust them with my freshly 18‑year‑old’s information right now. When Your Voter File Becomes a Political Weapon Over the last couple of years, the federal government has been on a crusade to get its hands on complete, unredacted statewide voter registration lists from almost every state and Washington, D.C. These aren’t just the public records versions that include name and address. They want the whole thing: full legal names, residential addresses, dates of birth, driver’s license or state ID numbers, and pieces of Social Security numbers. The Department of Justice has sent demands to at least 48 states and D.C., and has sued Washington, D.C. and 30 states that refused to turn over their full statewide voter registration lists with driver’s license and Social Security information. Some of these lawsuits target states the administration lost in 2020, and the stated justification is “we just want to check whether your rolls are accurate.” Let’s be clear: there is a world of difference between auditing election systems and hoovering up the most sensitive information on tens of millions of voters into federal hands, to be processed by contractors we know almost nothing about. Election officials from both parties have raised alarms because the federal government has never had full, unredacted voter lists at this scale before. Some states have said no. Illinois, for example, refused to hand over dates of birth, driver’s license or state ID numbers, and Social Security information, citing state law and privacy protections, and instead sent a more limited file like the one it shares with political committees. The DOJ wrote back and said, essentially, “Not good enough. We want the entire database, all fields, including full name, date of birth, residence, driver’s license, and last four of the Social Security number.” Other states have been sued and then vindicated in court. A federal judge in California dismissed the DOJ’s lawsuit that sought to force the state to turn over its full, unredacted voter registration list, including addresses, dates of birth, driver’s license numbers, and the last four digits of Social Security numbers. In total, at least eight of these cases — including ones against California, Michigan, Massachusetts, Rhode Island, Oregon, Maine, and Wisconsin — have already been dismissed, and the DOJ is appealing several of them. So from my vantage point as a parent, here’s how this looks: the federal government is in a legal knife fight with dozens of states trying to pry loose as much sensitive voter data as possible, while courts are saying, “Hold on, you may not be allowed to do that.” That is not a stable, trustworthy environment for me to casually toss my daughter’s data into. The Grown‑Ups Left the Door Wide Open If this were just a theoretical debate about who could access what, I’d still be uneasy. But this isn’t theoretical. We have a long, ugly history of voter data being leaked, misconfigured, and left exposed — not by some movie‑villain hacker, but by the very entities that collect and monetize this information. A few greatest hits: * A tech contractor in Illinois left at least 13 databases with about 4.6 million records on the open internet — no password protection — containing names, addresses, dates of birth, Social Security numbers, driver’s license numbers, voter registration history, absentee and early voting records, even death certificates from multiple counties. * Security researchers found a misconfigured database sitting online that contained information on about 191 million U.S. voters — including names, addresses, birth dates, party affiliations, phone numbers and emails — accessible to anyone who knew where to look. * A huge dataset compiled by Deep Root Analytics, a political data firm that worked for Trump’s 2016 campaign, exposed personal information on roughly 198 million Americans due to a misconfigured Amazon S3 server. Again: names, demographics, political data, all sitting out there. * In Alaska, a cyberattack on the state’s online voter registration system exposed personal information — names, dates of birth, driver’s license numbers, last four digits of Social Security numbers, addresses, party affiliation — for about 113,000 people. * Another leak involved about 593,000 Alaska voter records associated with a national voter file compiled by TargetSmart; the data was exposed because a third‑party AI software company that licensed the data failed to secure its database. These are not minor slip‑ups. These are systemic failures: misconfigured servers, unsecured cloud storage, and contractors who don’t lock the damn door. And every time this happens, we get the same bland apology: “We take security very seriously.” No, they don’t. If they did, the personal information of millions of voters wouldn’t keep ending up on the internet like someone’s forgotten public Dropbox folder. The Third‑Party Vendor Problem Nobody Wants to Own Here’s the part that really sets me off: when states and the federal government collect this data, they don’t just keep it in some mythical, perfectly secured government vault. They share it. They license it. They hand it to third‑party contractors — data analytics firms, consultants, vendors — who then store, copy, and manipulate it on their own systems. That’s how you end up with situations like: * Deep Root Analytics compiling a massive trove of voter data for campaign work and leaving it exposed because of a misconfigured S3 bucket. * TargetSmart’s licensed data being left unsecured by Equals3, an AI software company, leading to the leak of hundreds of thousands of Alaska voter records. * Illinois counties’ data sitting in unsecured cloud storage run by a technology contractor, with Social Security numbers and full personal details just hanging out for anyone who finds the server. It doesn’t matter which party these vendors are aligned with. I don’t trust any of them if their idea of security is “remember to maybe set a password later.” Yet these are exactly the kinds of entities the federal government and the political parties rely on to store and process the giant voter files they’re currently fighting over. So when I picture my daughter registering to vote, I’m not just picturing our local elections office. I’m picturing a diffuse, poorly governed ecosystem of contractors and data firms that have already demonstrated, time and again, that they are fully capable of screwing this up on a massive scale. “Mom, Are You Saying I Shouldn’t Vote?” No. I’m saying I don’t trust the people holding the keys to the system right now. When I tell my daughter, “Let’s wait until October before you register,” I’m not telling her to sit out democracy. I’m telling her that her information has value, and that the adults who designed and run these systems have not earned our blind trust. I’m also acknowledging something we usually gloss over: once your data gets sucked into one of these giant voter databases, you don’t really get it back. You can’t un‑expose a Social Security number. You can’t un‑leak a birth date and home address that have already been scraped, copied, and sold fifty times. So yes, I am asking my daughter to delay — strategically. I want to see: * Whether more courts push back against these sweeping federal data demands. * Whether our state clarifies what exactly it is sharing, with whom, and under what security controls. * Whether there are any new breaches, “misconfigurations,” or “contractor errors” in the months ahead that change the risk picture. Do I think the system will magically become safe by October? No. But I’d rather not reward ongoing, active recklessness with my kid’s data while the lawsuits are still flying and the breaches are still being disclosed. What I Want Before I Hand Over My Kid’s Data If I’m going to feel even moderately comfortable telling my daughter to go ahead and register online, I want to see three basic things. * Data minimization and clear limits I want my state to say, in plain language: “Here’s what we collect when you register. Here’s what we do not collect. Here’s what we share, and with whom, and here’s what we will never share.” If you don’t need driver’s license numbers or pieces of Social Security numbers to run a secure, accurate election, stop hoarding them. * Vendor accountability with teeth If a contractor exposes voter data — like the firms involved in the 191 million‑voter exposure, the 198 million‑record Deep Root leak, the Alaska voter file mess, or the Illinois county databases — there should be real, painful consequences. Not “we’re sorry and we updated our settings,” but termination of contracts, fines,