SHERROD BROWN
aa Wnited States Senate
BANKING, HOUSING,
AND URBAN AFFAIRS WASHINGTON, Dc 20510 - 3505
IWANCe July 31,2017
‘VETERANS’ AFFAIRS
Donald MeGahn
White House Counsel
1600 Pennsylvania Ave., NW
Washington, DC 20500
Dear Mr. McGahn:
We write to express concern and seek information related to the decision made by the White
House to publish emails containing personal information of citizens that wrote to the President's
Advisory Commission on Election Integrity (the “Commission”.
The White House recently published over 100 pages of emails sent to the Commission by
citizens who voiced opinions about the Commission’s work, including concerns about the
attempt to gather and publish data on millions of American voters. The data the Commission
sought to collect included party affiliation, election participation history, birthdays, and partial
social security numbers of all voters since 2006. The emails echoed the sentiments shared by
millions of Americans in that they raised privacy and security concerns with the Commission’s
plan to gather and publish personal data on American voters. Secretaries of State for over forty
states also share those concerns, and they refused to provide all or part of the information
requested by the Commission.
Many of the published emails contained personal information on the original senders, including
names, physical and email addresses, phone numbers, and some of the emails contained
employment information. The White House received as many as half of these emails before it
issued the Federal Register Notice soliciting comments on the Commission and before the
Commission website went public, both of which include warnings that names and contact
information may be published. However, the White House published dozens of emails sent by
citizens that received no warning or explanation of the White House’s disclosure policies, and
the White House neglected to redact those emails before publication, making public the personal
information of dozens of Americans. In today’s digital world, where personal information in the
‘wrong hands can lead to unwanted intrusions into people's lives, we find it particularly
concerning that the White House would intentionally release personal information without
express consent and without adequately informing people that their information would be
released. Especially so soon after the personally identifying data of nearly every U.S. voter
belonging to the Republican National Committee was exposed online.
Elected officials across this nation, at every level, encourage citizens to engage and communicate
with their government leaders as a means to promote transparency and involvement in
government, This is a hallmark of our democratic system of government and allows people thatdo not hold office to have input in government beyond just their vote. Since our nation’s
founding, whether by mail, phone, or email, people have contacted their elected representatives
to voice their opinions. At no time have Americans contacted their elected representatives with
the expectation their representatives would subsequently publicly disclose their personal
information without permission.
The decision by the White House to publish the emails commenting on the Commission without
redacting personal information demonstrates, at best, a lack of sensitivity to and simple disregard
for the very concerns raised in many of emails. At worst, the decision to publish is a vindictive
action taken to harm individuals that spoke out against the Commission’ efforts to gather and
publish personal data on every American voter. Regardless of the White House's intent, this
incident warrants answers from the Administration as to why this personal information was
published and clarification as to the White House policy on the publication of personal
information contained in communications sent by private citizens.
We therefore respectfully submit the following questions and requests for information to the
White House:
1. What is the White House policy for publishing, releasing, or otherwise making public
personal information contained in communications sent to the White House in written
correspondence? Please provide a copy of all relevant written policies
Does the White House provide any public notice, on its website or otherwise, that
informs citizens who send correspondence to the White House of what information may
be made public? If yes, please provide a copy of any relevant written policies.
What is the White House understanding of the consent people provide when sending
written correspondence to the White House? What is the basis of this understanding?
4. Did the White House warn or otherwise notify the senders of the now-published emails in
advance that the White House would make public the personal information contained in
such emails?
Has the Administration amended, altered, or otherwise changed, formally or in practice,
any White House policy of disclosing personal information contained in written
correspondence sent to the White House by citizens? If yes, please provide a copy of all
relevant written policies.
6. Has the White House rescinded any privacy or personal information disclosure or
publication policies since January 20, 2017? If yes, please provide a copy of all relevant
written policies.
7. Did the White House publish all email comments it received regarding the Presidential
Advisory Commission on Election Integrity (the Commission)?10.
uN
12.
14.
‘Who made the decision as to which emails to release and what standards were used in
making such determination?
‘Was the release of personal data in any way retribution for criticism of the Commi:
‘What guarantees can be made that personal information in future comments from citizens,
critical of the Administration will be protected?
Does the White House follow the Federal Trade Commission (FTC) standards for the
privacy and security of sensitive data provided to them by United States citizens?
(https://www.fte.gov/site-information/privacy-policy)
Does the White House follow National Institute of Standards and Technology (NIST)
standards on the maintenance and security of personal information provided to it by
United States citizens? (https://www.nist.gov/privacy)
Can the White House assure our European trading partners that it is committed to Privacy
Shield, given the upcoming review period and the fact that this disclosure could be
considered a breach if any of the individuals affected by the above-referenced data
release are dual US-EU nationals? (https://www.privacyshield.gov/welcome)
Will the White House provide or pay for credit monitoring services for the individuals
whose personal information was shared by the White House after commenting on the
Commission?
Ensuring the security of personal information is of paramount importance, and we appreciate
your prompt response to this letter.
out
Sincerely,
M Bow Vm io
Sherrod Brown: janne Feinstein
United States Senator United States Senator
Ron Wyden
United States Senator