On July 3, 2017, the Electronic Privacy Information Center ("EPIC") filed this lawsuit in the United States District Court for the District of Columbia. EPIC sued the Presidential Advisory Commission on Election Integrity and individual members of the Commission under the Administrative Procedure Act, the Federal Advisory Committee Act and the Fifth Amendment to the United State Constitution. EPIC, a nonprofit, public interest, research group whose members included registered voters across the country, sought declaratory and injunctive relief to halt the Commission's efforts to gather personal voter data from the states. The Commission had been established by executive order to "study the registration and voting processes used in federal elections."
Specifically, on June 28, 2017, the Commission began an effort to collect detailed voter histories from each state. The Commission sent a letter asking states to provide the "full first and last names of all registrants, middle names or initials if available, addresses, dates of birth, political party (if recorded in your state), last four digits of social security number if available, voter history (election voted in) from 2006 onward, active/inactive status, cancelled status, information regarding any felony convictions, information regarding voter registration in another state, information regarding military status, and oversees citizen information." It also sought information on "voter fraud" or "registration fraud."
EPIC alleged that the Commission had failed to conduct a privacy impact assessment, which was required under the E-Government Act of 2002 for any agency seeking to conduct a new collection of information that could be used to contact a specific individual. The Plaintiff claimed that the Commission's failure to make a privacy impact assessment available for public inspection violated the Administrative Procedures Act and the Federal Advisory Committee Act. Moreover, it alleged that the Commission's attempt to gather voter information violated information privacy rights of millions of Americans as guaranteed by the Fifth Amendment.
On July 7th and July 11th, EPIC submitted a first and a second amended complaint, adding the Department of Defense and the Director of the White House Information Technology as defendants in the litigation. EPIC alleged that the Department of Defense had last approved a privacy impact assessment in 2015, when it had specifically prohibited the collection, maintenance, or dissemination of this information from members of the general public. EPIC also claimed that the Director of White House Information Technology was repurposing the computer system to collect voter information data, and that the Director was subject to the E-Government Act.
On July 13th, EPIC submitted an amended motion for a Temporary Restraining Order and Preliminary Injunction prohibiting the Defendants from collecting voter data until a Privacy Impact Assessment was completed and released to the public.
On July 24, 2017, District Judge Colleen Kollar-Kotelly denied the Plaintiff's motion. She held that the Plaintiff had standing to sue the Defendants based on the alleged injury it suffered when the Defendants failed to conduct a Privacy Impact Assessment as required by the E-Government Act. But, the Plaintiff did not have standing to bring suit on behalf of its advisory board members for any alleged constitutional or statutory violations. The court found that the Plaintiff must rely on the Administrative Procedure Act for a cause of action in the suit. Because the Administrative Procedure Act only allows for suit against an agency, and because the Defendants were not an agency but entities in close proximity to the President, the court could not review the collection process. If the Commission's scope expanded to be more than an advisory body, then the Plaintiff could ask the court to revisit the decision. 2017 WL 3141907.
The following day, EPIC appealed Judge Kollar-Kotelly's order to the United States Court of Appeals for the District of Columbia Circuit. The court (Judges Karen LeCraft Henderson, Stephen F. Williams, and Douglas H. Ginsburg), in an opinion issued December 26, 2017, affirmed Judge Kollar-Kotelly's order, but stated different reasons. The Court of Appeals held that EPIC had not shown a substantial likelihood of standing because it had not shown likelihood of injury from either deprivation of information (the privacy assessment) or organizational injury of the type the E-Government Act seeks to prevent. The Supreme Court declined to hear an appeal of this decision on January 7, 2018. 139 S.Ct. 791. The Court of Appeals, on April 2, 2018, denied to rehear the appeal en banc. 2018 WL 1896522.
Back in district court, the Defendant moved to dismiss the second amended complaint and to stay the proceedings pending the appeal on September 5, 2017. On January 3, 2018, the President terminated the Advisory Commission on Election Integrity. Judge Kotar-Kotelley denied without prejudice the motion to dismiss as well as the plaintiff's motion to file a third amended complaint—the substantive issues in the case had been resolved by the termination of the commission. The court ordered the defendant to confirm that all voter data had been deleted before the case would be dismissed.
Judge Kotar-Kotelley dismissed the case on August 22, 2018 in light of the fact that all voter data collected by the Commission had been deleted. The plaintiff had concurred that this would secure the substantive relief requested. The case is now closed.
Gabriela Hybel - 07/30/2017
Elizabeth Johnson - 03/15/2019
compress summary