DOJ Civil Rights Division

Five-layer contractor stack processes federal identity verification data: IBM (M FALCON/VIS contract for E-Verify/SAVE transaction engine including Person Centric Entity Resolution), Peraton (M HART biometric system on AWS GovCloud), Palantir (M ImmigrationOS plus new USCIS VOWS platform), NEC Corporation (classified facial recognition algorithms for HART), Amazon AWS (hosting infrastructure). Any of these could be the unnamed 'contractor' in the MOU.

Institutional graph reveals DOJ Civil Rights Division shares 2 alumni with PILF, creating a revolving door between the agency and the advocacy group now driving DOJ voter roll purge policy

Structural observation from institutional graph: DOJ Civil Rights Division and Public Interest Legal Foundation share 2 alumni. Cross-pillar analysis shows J. Christian Adams (government+legal, orchestrator score 21.29) and Robert Popper (government+legal, orchestrator score 18.11) both moved between DOJ and PILF. This is a documented revolving door. The open triad analysis also shows Cleta Mitchell and Hans von Spakovsky connected through PILF (closure score 0.72, advisory relationships). The CIA-Southern Trust Company link (2 shared alumni) is another notable institutional bridge.

Executive order framework for voter roll program: EO 14159 (Jan 20, 2025) directed SAVE access for voter verification. EO 14248 (March 25, 2025) ordered election integrity measures including proof-of-citizenship requirement. DOJ began sending demand letters to states in Spring 2025, requesting full unredacted voter rolls from at least 44 states and DC. Additional executive actions: DOJ Criminal Division also requested info-sharing meetings in multiple states (MI, OR, NM, RI, VT, PA, CT, VA, WI, AZ, NV) -- a parallel criminal enforcement track. FBI executed search warrant in Georgia Fulton County Jan 28, 2026 for 2020 election records. AG Bondi personally reiterated demand to Minnesota Jan 24, 2026.

DOJ Confidential MOU mechanism: 9-page template agreement requires states to provide complete unredacted VRL including full names, DOB, addresses, driver's license numbers, and last 4 SSN digits. States must remove flagged voters within 45 days and resubmit updated rolls. MOU permits sharing data with unnamed DOJ contractors for 'list maintenance verification procedures' with contractors not bound by agreement safeguards. MOU itself and all drafts/communications deemed 'confidential' under Section XII(F). Legal authorities cited: NVRA (52 USC 20501), NVRA Section 11 enforcement (52 USC 20510(a)), HAVA (52 USC 20901), HAVA enforcement (53 USC 21111), Civil Rights Act of 1960 Title III (52 USC 20701), and Privacy Act of 1974.

MOU contractor loophole: Section IX of the MOU permits DOJ to share voter PII with 'a contractor with the Department of Justice who needs access to the VRL/Data information in order to perform duties related to the Department's list maintenance verification procedures.' Contractors are required to comply with Privacy Act per 5 USC 552a(m), but the MOU provides no framework for vetting contractors, no specification of who they are, and Brennan Center analysis found contractors are 'not bound by the safeguards in the agreement.' MOU also permits DOJ to present VRL data to 'a court, magistrate, or administrative tribunal' and share 'summary results.' No encryption requirement specified — only standard DOJ security protocols.

MOU Section IX permits DOJ to share voter PII (full names, DOB, addresses, DL numbers, SSN4) with 'a contractor' for 'list maintenance verification procedures' — contractor is not bound by the MOU's own data security safeguards and no framework exists for vetting contractors

MOU Section IX data security safeguards (2FA, audit logging, encryption, endpoint protection, physical access controls, no copying to USB/external storage) apply only to 'any member of the Justice Department' — the contractor provision is a separate sentence authorizing data sharing without binding the contractor to these same safeguards

MOU Section IX's only stated protection for contractor data access is that 'Recipients of information shall be required to comply with the requirements of the Privacy Act of 1974, as amended, pursuant to 5 USC 552a(m).' However, the MOU's own data security safeguards (2FA, audit logging, encryption, endpoint protection, physical access controls, USB restrictions) are phrased as applying only to 'any member of the Justice Department' — NOT to contractors. The Privacy Act reference is the weakest possible safeguard: it merely requires contractors to follow the same Privacy Act rules that already apply by default, adding no additional data security requirements.

MOU state compliance map: Alaska signed Dec 19, 2025 (Carol Beecher, Director AK Division of Elections + Harmeet Dhillon). Texas signed Dec 23, 2025 (Jane Nelson, SoS office). 11 states expressed willingness at Dec 4 court hearing per Eric Neff (acting chief DOJ Voting Section): AL, MS, MO, MT, NE, SC, SD, TX, TN, UT, VA. Of these, MS, SD, and TN provided voter rolls WITHOUT signing MOUs. CO and WI publicly rejected and released MOU copies. DOJ offered MOUs to additional states: CO (Dec 1), KY (Dec 2), NJ (Dec 1), UT (Dec 2). DOJ has now sued 29 states and DC for refusing unredacted voter rolls.

DOJ legal strategy evolution: Initial requests (Spring-Summer 2025) cited NVRA and HAVA. By August 2025, DOJ added Civil Rights Act of 1960 to correspondence. After three district court dismissals rejected all three statutes (Jan-Feb 2026), DOJ's later lawsuits dropped NVRA and HAVA claims entirely, relying solely on CRA Section 20701 records inspection provision — a Jim Crow-era statute originally passed to protect Black voter registration records from destruction by Southern officials. This represents a novel reinterpretation: using a civil rights law designed to protect voting access as authority to demand comprehensive voter PII for potential removal purposes.

Three federal courts dismissed DOJ voter roll lawsuits rejecting all three statutory bases. California (Judge unnamed, dismissed Jan 15, 2026 - called demands 'unprecedented and illegal'). Oregon (dismissed Feb 5, 2026). Michigan (Judge Hala Jarbou, Chief Judge W.D. Mich., 23-page order Feb 10, 2026 - ruled HAVA requires no disclosure, NVRA does not mandate VRL disclosure, CRA does not apply). DOJ appealed all three on Feb 25, 2026, seeking expedited 6th Circuit review of Michigan for resolution before Nov 2026 midterms. In later lawsuits DOJ dropped NVRA/HAVA claims entirely, relying solely on Civil Rights Act of 1960 records inspection provision.

Complete DOJ voter roll lawsuit map (as of March 2026): 29 states and DC sued across 5 waves. Wave 1 (Sept 16, 2025): ME, OR. Wave 2 (Sept 25, 2025): CA, MI, MN, NH, NY, PA. Wave 3 (Dec 1-2, 2025): DE, MD, NM, RI, VT, WA. Wave 4 (Dec 11-18, 2025): CO, HI, MA, NV, GA (dismissed/refiled), IL, WI. Wave 5 (Jan-Feb 2026): CT, AZ, VA, KY, NJ, OK, UT. Three dismissed (CA Jan 15, OR Feb 5, MI Feb 10 — all 2026), all appealed Feb 25. CREW won FOIA injunction Feb 19 forcing DOJ to produce records on voter data collection. DOJ demanded full rolls from 44+ states; Criminal Division conducting parallel info-sharing meetings in 11 states.

Multiple FOIA lawsuits seeking DOJ voter data handling records: CREW v. DOJ (25-cv-04426, D.C., preliminary injunction granted Feb 19 2026 ordering expedited production) and American Oversight v. ICE/DOJ (26-00835, filed Mar 10 2026). Neither has obtained contractor identity records yet. Key unanswered questions: who is the 'contractor' referenced in MOU Section IX, what data security standards apply to them, whether Palantir or other tech firms have been given access.

DOJ-DHS-SSA data pipeline for voter roll cross-referencing: DOJ shares state voter rolls received under MOU with DHS. DHS expanded SAVE (Systematic Alien Verification for Entitlements) database via Oct 31, 2025 SORN to accept bulk voter roll uploads. May 15, 2025 DHS-SSA agreement integrated SSA death database and citizenship fields into SAVE, adding hundreds of millions of records. SAVE now cross-references: full SSN, names, addresses, DOB, criminal records, immigration histories. States like TX and TN uploaded entire voter rolls into SAVE before SORN was published. Initial TX results: 96.3% confirmed citizens, 3.1% unresolved, 0.04% flagged noncitizen. TX county showed ~25% false positive rate for noncitizen flags.

Complete voter data pipeline architecture: States upload full voter rolls (name, DOB, address, DL#, SSN4) via JEFS to DOJ CRT → DOJ shares with DHS → DHS runs bulk searches through expanded SAVE system (powered by IBM VIS/FALCON) → SAVE queries SSA NUMIDENT database and immigration records → Person Centric Entity Resolution creates unified identity profiles → Results sent to DOJ → DOJ sends 45-day removal list to states. Contractor access occurs at multiple points in this pipeline.

DOJ MOU contractor provision enables unnamed contractors to access state voter data: Draft DOJ MOU sent to 12+ states authorizes sharing voter registration list (VRL) data with 'a contractor' who needs access 'to perform duties related' to voter list maintenance verification. MOU does not name contractors, impose credentials requirements, or specify data protection measures. Wisconsin rejected the MOU; DOJ sued. Federal judge dismissed DOJ demand for California voter data as 'unprecedented and illegal' (Jan 2026). DOJ has sued at least 8 states for refusing voter data.

Bondi explicitly linked ICE enforcement operations to voter roll demands: In Jan 2026, hours after ICE shot and killed a man in Minneapolis, AG Bondi demanded Minnesota hand over voter rolls — first time administration explicitly tied immigration enforcement to voter data access. MN Secretary of State called it 'this ransom note.' Senate Democrats accused DOJ of seeking 'voter rolls as a condition to ending the dangerous recent deployment of ICE officers.' DOJ denied quid pro quo. This confirms operational linkage between DOJ voter data demands and DHS/ICE enforcement.