A little-known law in the nation's capital is leading to complaints over the way it lets anyone on the Internet find out D.C. voters' names, addresses, voting history and political affiliations, with little more than a click or two.

The political list, known as a voter file, was published on the D.C. Board of Elections' website in the weeks leading up to Tuesday's Democratic primary. It contains a complete record of every voter who is registered to vote in the contest, as well as whether the voter has cast a ballot in the six elections going back to 2012.

The issue underscores a growing tension between the use of data in governance and the need to protect people's privacy. Surveys by the Pew Research Center show that while most Americans approve of the use of data to evaluate a restaurant's health and safety record, they are less comfortable when it comes to posting real-estate transactions or individuals' mortgage data on the Internet.

We won't link to the voter file directly here out of respect for voters who are casting ballots Tuesday, but we can say we've examined it first-hand. Here's a redacted screenshot to show what it looks like. In the board of elections's coding scheme, "Y" means voted, "N" means did not vote, "A" means absentee, "E" means voted early and a blank space means the agency has no record of how a voter behaved in that year's election.

"All of the information contained in this listing is public information," said Kenneth McGhie, the D.C. Board of Elections' general counsel. "Indeed, we indicate on our voter registration form that 'voter registration information is public, with the exception of full/partial social security number, date of birth, email, and phone number.' All of this information can be obtained from the DCBOE pursuant to a data or Freedom of Information Act request.”

It’s not the existence of the file itself that’s shocking, critics say. It’s the fact that the D.C. Board of Elections made it available on the Internet. Typically, every state has this kind of voter information; it’s just held at the statehouse or at the public library where you have to physically retrieve it from the stacks — probably with the help of a staffer — in order to see it. Putting that data on the open Internet changes the game because it allows virtually anyone, from anywhere, to view the data with no questions asked.

Having such easy access to people's names and home addresses potentially poses security risks for vulnerable populations, such as victims of sexual assault and stalking, privacy advocates say. It also makes it that much easier for someone to learn about the political attitudes of their neighbors, and to discriminate accordingly.

"Based on what I know, I think D.C.'s practice is uncommon, if not downright unique," said Alexander Howard, a senior analyst at the Sunlight Foundation who studies government transparency and open data.

For some privacy-conscious individuals, the alternative may simply be to abstain from voting — but that would mean trading away a fundamental civic right for a modicum of safety.

In an exchange on Twitter, Ashkan Soltani, the Federal Trade Commission's former chief technologist, and two other security analysts, Collin Anderson and Jake Laperruque, pressed the board of elections to explain its behavior. The board of elections pointed to a part of D.C. law, Section 1-1001.07(h)(2A), that it claimed requires the voter file to be published online 14 days before a primary. Indeed, the relevant part of the law does appear to support the board of elections' decision.

But Lexis-Nexis appears to be
the only place
you can find this language; other websites that keep track of D.C. law do not reflect legislation enacted in May 2015 that requires the D.C. Board of Elections to publish the voter file on its website. (Prior versions of the law call for posting the voter file in D.C.'s "main public library," not on the Internet.)

"Putting a list of names in a main public library is drastically different, in terms of privacy impact, than publishing a full list of names/address/political-affiliations on a public website in digital form," said Soltani in an interview. (Soltani has done contract work for The Washington Post). "It allows anyone (marketers, stalkers, and would-be identity thieves) to now have a recently updated list of names and address of folks in the district."

Few states appear to take the same approach as the District of Columbia. Florida, for instance, considers voter information as a public record and warns that the information "can find its way onto the Internet" indirectly through people who get those records from the state, but it does not appear to post the file itself online. Colorado considers some voter information a public record, such as full name and address, but still requires you to make a formal request for access to it. California's rules are more restrictive, putting even home addresses off-limits.

The revelation about D.C.'s apparently uncommon behavior raises key questions about whether the public-interest benefits of releasing the voter file so widely outweighs the potential privacy risks. Howard is not convinced. "Frankly, I'm having a hard time formulating a strong argument as to why publishing this entire file in this form is in the public interest," he said. Tweeting Monday night, the D.C. Board of Elections said publishing the data in comprehensive form is aimed at combating potential voter fraud.

Some legal experts, such as University of Washington assistant law professor Ryan Calo, suggest that a more prudent way to release voter information in the Internet age may be to publish only names and only in print.

With D.C. voters still streaming to the polls Tuesday, it's a very timely issue.