A foundational rule of computer security is to never create a “single point of failure,” meaning a centralized system or node whose compromise would cause widespread damage. In a country that relies on computers to run elections and maintain voter rolls, that principle is crucial. No American election should depend on a centralized chokepoint that a corrupt insider, reckless contractor, or hacker could exploit or expose to disrupt voting nationwide.
Yet that is precisely what the Trump-backed so-called “Save America Act” would do. Buried in the bill is a little-noticed mandate requiring every state to transmit its complete voter registration rolls to the United States Department of Homeland Security (DHS)—currently led by Kristi Noem—for screening through the agency’s much-criticized “SAVE” voter-purge system. This would result in an unprecedented concentration of power and risk inside a single system controlled by the Trump administration.
The legislation mandates (on page 15, Section 4(b)) that within 30 days of enactment, each state “shall submit” its official list of registered voters to the DHS for comparison through the Systematic Alien Verification for Entitlements system, or SAVE, to identify and remove alleged noncitizens after “notice” and an “opportunity” to provide documentary proof of citizenship. (FN1)
The bill does not define what constitutes adequate notice or how long voters would have to respond. In practice, those supposed protections could prove illusory.
As far as I can tell, not a single Republican lawmaker has informed the public that the Save America Act would compel all 50 states to send their voter registration rolls to the DHS or that the DHS would then run the rolls through its “SAVE” voter purge system. (FN2)
It is not hard to see why Republican legislators would prefer that this mandate fly under the radar. The DHS has acknowledged that SAVE was recently reengineered with the involvement of the Musk-aligned Department of Government Efficiency (“DOGE”) and that it can now query data from an SSA database called “Numident.” That database was mishandled by DOGE per SSA’s own admission (in a recent court filing) and the allegations of a whistleblower disclosure from SSA’s then-Chief Data Officer Charles Borges.
The whistleblower disclosure preceded SSA’s admission. It alleged that DOGE created “a live copy of the entire country’s Social Security information from the Numerical Identification System (NUMIDENT) database, that apparently lacks any security oversight from SSA or tracking to determine who is accessing or has accessed the copy of this data … and how they are using it.” (Italics added.) According to Borges, Numident contains data on more than 300 million Americans, including their “name … place and date of birth, citizenship, race and ethnicity, parents’ names and social security numbers, phone number, address, and other personal information.”
In his disclosure, Borges alleged that DOGE created this live copy of Numident in violation of SSA “security protocols” and despite a security assessment that labeled the project “high risk.” He alleges that there are no “verified audit or oversight mechanisms” for this new SSA cloud environment and that, “no one outside the former DOGE group had insight into code being executed against SSA’s live production data.”
Borges says he was later told that DOGE had copied SSA’s database to “improve the way the agency exchanged data with other parts of the government.” (FN3)
These allegations raise an obvious and deeply unsettling question: Is the DHS’s SAVE voter purge system relying on this alleged copy of NUMIDENT, a version allegedly lacking oversight and audit trails,? At present, the public has no way of knowing for sure.
What we can confirm is not at all comforting. In a January 2026 court filing, SSA conceded that DOGE had accessed SSA’s official Numident database despite a court order prohibiting such access.
SSA’s court filing further acknowledged that an SSA DOGE team member had signed a “Voter Data Agreement” with an unnamed “political advocacy group” whose stated objective was to “find evidence of voter fraud and to overturn election results” and that members of SSA’s DOGE team were “using links to share [SSA] data through the third-party server ‘Cloudflare’”, which is “not approved for storing SSA data and when used in this manner is outside SSA’s security protocols.” (Italics added.)
SSA also revealed that “[b]ecause Cloudflare is a third-party entity, SSA has not been able to determine exactly what data were shared to Cloudflare or whether the data still exist on the server.” (Italics added.)
This alone should end the conversation about centralizing America’s voter rolls in a voter-purge system dependent on SSA data. If the federal government can’t determine what DOGE did with voters’ Social Security data, it has no business compelling every state to transmit its voter registration lists into the same DOGE-connected ecosystem.
(SSA made these admissions in its capacity as a defendant in data-protection litigation brought by the American Federation of State, County and Municipal Employees and others against SSA and DOGE. The League of Women Voters and Electronic Privacy Information Center have separately sued the DHS, Kristi Noem, and SSA for allegedly mishandling data.)
Even setting security aside, there is the question of accuracy. DHS has not published SAVE error-rate data. But independent analyses have reported significant problems, with error rates in some contexts reaching double digits (17% in one report and at least 14% in another). Given that American elections are frequently decided by razor thin margins, even a modest error rate could alter the outcome of crucial House and Senate races in 2026.
The bill compounds these risks by providing that citizens may not re-register after a faulty purge—or register in the first place—unless they present proof of citizenship in person to an election official. That requirement would take effect even as early voting is already underway in multiple states for the 2026 election.
Defenders of the bill emphasize that a Real ID that “indicates citizenship” would satisfy its proof-of-citizenship requirement. What they fail to disclose is that only a small number of states issue this type of Real ID. In New York, Michigan, Minnesota, Washington, and Vermont, residents may obtain what are known as “Enhanced” IDs, which can serve as proof of U.S. citizenship. Standard Real IDs issued in the other 45 states do not.
If you find this hard to believe, consider that the DHS itself has said that a typical Real ID does not establish citizenship. Rather, a standard Real ID typically proves that you are either a U.S. citizen or a lawful U.S. resident (who can’t vote in federal elections).
As a result, the vast majority of Americans would be unable to register to vote—or to re-register—under the bill without either (a) a passport, which is costly and time-consuming to obtain, or (b) a certified birth certificate that matches the name on their ID.
Tellingly, the bill omits marriage certificates fromits list of approved citizenship documents, creating a predictable voter-registration obstacle for millions of married women whose current last names do not match their birth certificates, as reported in a widely read article published by the Guardian.
After the Guardian and others exposed this indefensible extra burden on women, Republicans amended their bill to add language whereby states can devise alternative “processes” for voters who have changed their names, subject to guidance from the Election Assistance Commission. (Bill, pp. 11-15.) But the bill sets no deadline for states to implement those procedures. States could, in theory, postpone implementation until after the 2026 election.
Meanwhile, the legislation threatens election officials with civil suits and even potential prison time for registering a single voter without the required proof-of-citizenship documentation: even if the voter is a U.S. citizen. By contrast, it imposes no penalty for erroneous purges conducted through the SAVE computer system, despite the system’s reported problems.
History offers a cautionary tale.
In the 2000 presidential election, George W. Bush won Florida by just 537 votes after then–Secretary of State Katherine Harris relied on a flawed felon purge list that wrongly removed berween 1100 and 12,000 eligible voters from the rolls. More recently, in the run-up to the 2020 election, Georgia officials restored roughly 22,000 voters only after a voting rights group, Fair Fight Action, proved they had been purged in error.
Centralizing the voter rolls of all 50 states in a single federal screening system, one with significant security and accuracy concerns, invites exactly the kind of faulty purges that have afflicted past elections but on a nationwide scale.
As for the bill’s status, it has already passed the House but has stalled in the Senate, where Republicans lack the 60 votes required to overcome a filibuster. Its backers are now openly discussing an unconventional tactic: forcing Democrats into a so-called “talking filibuster” in the hope that physical exhaustion, rather than merit, will determine whether the bill becomes law. That strategy has been championed by the Center for Renewing America, founded by Trump official Russ Vought, which argues in a published policy memo that if Democrats cannot physically sustain continuous floor speeches for weeks on end, then Republicans could ultimately pass the measure with a simple majority of 51 votes.
Because Senate Majority Leader John Thune has so far declined to deploy this tactic, MAGA lawmakers and influencers are trying to pressure him into submission. Influencer Scott Presler recently announced plans for a “SAVE America Tour” featuring rallies across the country in support of the Save America Act, citing Thune’s refusal to bring the bill to the Senate floor. He closed his message with a pointed sign-off directed at Thune’s home state: “See you soon, South Dakota—peacefully.”
Americans who care about free, fair, and secure elections should not wait to see whether Thune caves under pressure. Call your senators at 202-224-3121 and make clear that you understand what this bill would do. Urge them to educate the public about the DHS’s flawed “SAVE” voter purge system and about the bill’s underreported requirement that all 50 states rely on it. Most important, tell them you expect them to use every available lawful tool to prevent this dangerous bill from becoming law.
FN1
The Act says that states can satisfy this requirement by abiding by the terms of their preexisting Memorandum of Understanding (MOU) with the DHS, if they have one.
Per the Brennan Center, at least 10 states accounting for over 37 million voters—including Texas and Alaska—- have already signed confidential MOUs with the DOJ “in connection with handing over their full voter files.”
The MOU says that “the DOJ will ‘test, analyze, and assess states’ [voter rolls]’ and send each participating state a list of voters who must be removed within 45 days,” which is much faster than existing law, which requires notice to the voter and two election cycles.
These MOUs say “nothing about how the DOJ will examine the voter rolls, nor does it say states would be given any reasons for demanded removals.”
The MOU “states that the voter files — which contain full names, addresses, dates of birth, driver’s license and partial Social Security numbers — may be provided to a contractor for work ‘related to the Department’s list maintenance verification procedure’” —without apparent safeguards for your data. (Italics added.)
FN2
Twenty-seven states have reportedly already agreed to use the SAVE system on a voluntary basis to remove from their rolls both alleged non-citizens and in some cases allegedly deceased voters. (Ten of these have also signed MOUs, as indicated in FN1.) The Save America Act would force the remaining states to use SAVE as well.
FN3
Borges contends that the following individuals were involved with the allegedly improper copying of SSA’s database:
- Edward Coristine aka “Big Balls,” a former intern at Elon Musk’s Neuralink,
- Aram Moghaddassi, a former senior engineer at Elon Musk’s X, who left SSA in January 2026, per his LinkedIn profile.
- Michael Russo, a former executive and senior advisor at Shift4Payments, a “payment processing company that is both an investor in [Elon Musk’s] SpaceX and a payment processor for [Musk’s] Starlink, as reported by ProPublica, and
- John Solly, who left SSA in September 2025 and is now the Chief Technology Officer at Leidos in its Health-IT Division, per his LinkedIn profile.
