A single bad match in the SAVE Program voter rolls push could put an eligible citizen on a purge list before the 2026 midterms, while handing the federal government a larger pool of sensitive voter data.
CybersecurityJune 18, 2026· 9 min read· By XOOMAR Insights Team
SAVE Program Voter Roll Push Threatens 2026 Midterms
Updated on June 18, 2026
XOOMAR Intelligence
Analyst Take
79/ 100
4 sources analyzedMedium confidenceTrend10Freshness98Source Trust88Factual Grounding91Signal Cluster60
Election and privacy experts told The Verge that the Trump administration’s expanded use of the Department of Homeland Security’s Systematic Alien Verification for Entitlements, or SAVE, risks turning a benefits-verification tool into a de facto election-screening system. The stated aim is to catch noncitizens on voter rolls. The danger is that the system can flag citizens too.
“The federal government doesn’t have the authority to do any of that and doesn’t have the expertise either,” said Eileen O’Connor, senior counsel at the Brennan Center. “Inserting themselves into the day-to-day functioning of state elections is unprecedented and disturbing.”
Why could SAVE put eligible voters at risk in the 2026 midterms?
The immediate risk is simple: a registered voter gets flagged as a “potential noncitizen,” then has to fight a government database to keep a right they already have.
That matters because the Department of Justice has demanded nearly every state provide complete voter information to cross-reference against SAVE, according to The Verge. The DOJ has also pushed states to purge voters deemed ineligible within 45 days. State voter rolls can include Social Security numbers, driver’s license numbers, and in some cases voter participation history.
The fraud case behind this push is thin. The Verge cites multiple studies and state investigations finding that extraordinarily few noncitizens vote in US elections. It also cites a 2014 analysis published in The Washington Post that found 31 credible instances of voter impersonation out of a billion cast ballots since 2000.
That creates the core asymmetry. The problem being targeted appears rare. The fix could touch millions of records.
XOOMAR analysis: The key issue is not whether states should maintain clean voter rolls. They should. The issue is whether a federal immigration-status tool, built for another purpose, should become a mass filter for election eligibility. In elections, a false positive doesn’t just create bad paperwork. It can block a lawful vote.
How does the SAVE program work, and why is it being used for voter checks?
SAVE was created in 1987 to verify eligibility for public benefits. Agencies query federal databases to determine a resident’s immigration status. US Citizenship and Immigration Services, part of DHS, administers the program.
The Trump administration has expanded that use into election screening. Zach Kahler, a USCIS spokesperson, told The Verge the administration “is dedicated to securing America’s elections,” and called it “critical that states have the information needed to administer fair and secure elections.”
The DOJ also defended the effort. Spokesperson Natalie Baldassarre told The Verge the agency has authority under laws like the National Voter Registration Act to “ensure that states have proper voter registration procedures and programs to maintain clean voter rolls containing only eligible voters in federal elections.”
Opponents say that goes too far. The Brennan Center says 16 states have agreed to hand over full voter registration lists, while Texas and Alaska agreed to implement the purge.
Here’s the mismatch:
| System | Built for | Risk when used for voter rolls |
|---|---|---|
| SAVE Program | Checking immigration-status data for benefits and services | Outputs may require verification and may not prove ineligibility |
| State voter rolls | Administering elections under state and local processes | Bad federal matches can trigger challenges or removals |
| DOJ purge demand | Federal enforcement of voter-roll rules, according to DOJ | A 45-day purge window can compress review and correction |
The phrase SAVE Program voter rolls captures the problem. It joins two systems with different missions, different data flows, and different consequences for error.
What kinds of SAVE database errors could wrongly flag registered citizens?
The biggest technical problem is that SAVE is not a definitive citizenship oracle.
The Verge reports that SAVE pulls, among other sources, from the Social Security Administration, which acknowledges its information is only a “snapshot in time.” The SSA says it can give “an indication of citizenship,” not “definitive information.” That distinction is not legal hair-splitting. It is the difference between a lead and proof.
Recently naturalized citizens face the clearest risk. A person can be legally eligible to vote, while a federal database still reflects an earlier status. DHS itself acknowledges that users of the program must verify any output besides “United States Citizen.”
“The administration has proceeded in the face of that known risk, some might say by design, rather than just out of negligence,” said John Davisson, deputy director and director of enforcement at the Electronic Privacy Information Center. “And it’s resulting in people losing the right to vote.”
The risk is already visible. The Verge says outlets including NPR and The Texas Tribune have identified US citizens erroneously flagged via SAVE.
XOOMAR analysis: A database flag should be treated as a prompt for careful review, not as a purge trigger. Once the flag moves from a back-office signal into an election deadline, the burden can shift to the voter. That is where a data-quality issue becomes a rights issue.
For security teams, the pattern is familiar: more data ingestion can create more exposure if controls are weak. We’ve covered that operational trap in Budget Bomb Hides Inside SIEM Data Ingestion Costs, and the same basic lesson applies here. Scale without discipline creates risk.
What would a SAVE-related voter purge look like in practice?
Texas gives the cleanest real example from the source material.
In October of 2025, Texas Secretary of State Jane Nelson said an audit of more than 18 million voter records against SAVE data identified 2,724 registered “potential noncitizens.” The state told local counties to investigate the discrepancies further and refer confirmed noncitizens to the state attorney general.
Nelson said: “The Trump Administration’s decision to give states free and direct access to this data set for the first time has been a game changer.”
Critics see the same event differently. A “potential noncitizen” label is not a final finding. It is a database output that may require more verification. If a citizen is caught in that group, the next steps matter: notice, review, time to respond, and whether local officials treat the SAVE result as evidence or suspicion.
Davisson warned that the chilling effect can extend beyond those removed.
“If people feel that they’re going to be potentially subject to prosecution and investigation, despite the fact that they’re legally entitled to vote, it will tend to drive down registration rates,” he said. “It will tend to create a culture of fear that limits democratic participation.”
That is the practical election risk. The SAVE Program voter rolls effort does not need to remove millions of voters to matter. It can change behavior if eligible people fear they will be investigated for participating.
How could centralized voter data create privacy and intimidation risks?
The privacy danger comes from aggregation.
State rolls already contain sensitive information. The Verge reports that complete voter files can include Social Security numbers, driver’s license numbers, and sometimes voter participation history. Moving those files into federal cross-checking processes creates more places where the data can be stored, accessed, mishandled, or attacked.
O’Connor, who previously worked in the voting section of the DOJ Civil Rights Division, told The Verge the DOJ rarely asked states for complete voter rolls before Trump, except typically for a court case or specific investigation.
“This is just a vacuuming effort,” O’Connor said.
Large collections of personal data also attract hackers. The Verge points to the 2015 breach of the US Office of Personnel Management, which exposed sensitive information on more than 22 million people, including federal employees, contractors, and their friends and families.
The election threat picture is wider than SAVE. Check Point reported that in early 2026, newly registered domains containing election-related terms surged around voter-facing language, including roughly 4,010 domains containing “vote” between April 13 and May 14. That does not prove malicious intent, but it expands the attack surface for phishing, impersonation, and misinformation.
For readers tracking defensive tooling, our guide to Best SIEM Tools That Won't Drown Lean Security Teams is relevant context. Election data security is not only about having logs. It is about having teams and controls that can actually act on them.
What safeguards would reduce the risk of SAVE disrupting the 2026 election?
The safest rule is also the clearest: no voter should be removed solely because of a SAVE output.
A workable guardrail set would include:
- Human review: Treat SAVE results as leads, not final determinations.
- Clear notice: Tell affected voters exactly what was flagged and how to respond.
- Time to correct: Avoid compressed deadlines that collide with registration or ballot timelines.
- Data minimization: Send only what is needed, retain it briefly, and restrict access.
- Transparency: Publish how many voters were flagged, how many were cleared, and how many were actually found ineligible.
- Security controls: Protect transferred voter files like high-value identity data, not routine paperwork.
The unresolved question is whether federal and state officials will treat SAVE as a narrow verification aid or as a purge machine. The difference will define the risk.
If the 2026 midterms become a test of SAVE Program voter rolls screening, the practical thing for voters is to check registration status early with local election officials, as Davisson suggested. For officials, the harder task is resisting the false comfort of a big database. Election security should reduce real vulnerabilities without making eligible voters less secure.
Impact Analysis
- Eligible voters could be wrongly flagged and forced to prove their citizenship before the 2026 midterms.
- States may be pressured to share sensitive voter data, including Social Security and driver’s license numbers.
- The policy targets a form of voter fraud that studies suggest is extremely rare.
Voter Impersonation Findings Since 2000
Credible impersonation instances
count31
Ballots cast
count1,000,000,000
Sources
- [1] The Verge
- [2] The midterms are going to be a data security nightmare - AIVAnet
- [3] The 2026 U.S. Midterms Have a Cyber Problem, But it’s Not at the Ballot Box - Check Point Blog 2026 U.S. Midterms Under Cyber Siege: Disinformation, Phishing Surge
- [4] Hackers are already laying groundwork to disrupt the 2026 midterms, research says
Written by
XOOMAR Insights Team
Research and Editorial Desk
The XOOMAR Insights Team pairs automated research with human editorial judgment. We track hundreds of sources across technology, fintech, trading, SaaS, and cybersecurity, cross-check the facts, and explain what happened, why it matters, and what to watch next. We do not just rewrite headlines. Every article is fact-checked and scored for reliability before it goes live, and we link back to the original sources so you can verify anything yourself.
Explore More Topics
Related Articles
CybersecurityPolice Rip SocGholish Malware From 14,971 WordPress Sites
Police cleaned SocGholish from 14,971 WordPress sites and seized 106 servers, cutting a major Evil Corp infection chain.
Jun 18, 20266 min
Cybersecurity12M Patients Face Ransom Threat in iRhythm Cyberattack
iRhythm says hackers stole patient data from third-party apps and demanded ransom, raising questions over a breach tied to 12M patients.
Jun 16, 20267 min
Cybersecurity5GB Cal Water Hack Leak Exposes 2M Customers to Risk
Handala claims it hacked Cal Water and leaked 5GB of data, but real utility system access remains unconfirmed.
Jun 13, 20266 min
CybersecurityConti Ransomware Coder Cops to $150M Extortion Spree
A Ukrainian man admitted helping Conti's ransomware operation, tied to 1,000-plus victims and at least $150 million in payments.
Jun 13, 20265 min
CybersecurityTrump Spy Pick Sends Section 702 Renewal Into Chaos
Section 702 faces its first lapse after a failed House vote and backlash to Trump's brief push for Bill Pulte as spy chief.
Jun 12, 20265 min
TechnologyStartup Accelerator Choices Can Make or Break Your 2026
The right accelerator can compress growth. The wrong one burns equity, time, and momentum before founders even reach Demo Day.
Jun 18, 202622 min
FintechKoinly vs CoinTracker Exposes a Costly Staking Tax Trap
Koinly looks stronger for messy staking and DeFi portfolios. CoinTracker wins on simplicity, mobile access, and exchange-heavy tax workflows.
Jun 19, 202622 min
SaaS & ToolsNotion AI vs ClickUp AI Splits Teams by Workflow Fit
Notion AI wins for docs and knowledge work. ClickUp AI fits teams that run on tasks, sprints, dashboards, and reporting.
Jun 19, 202621 min
SaaS & ToolsAI Project Management Tools Stop Remote Work Chaos
AI project management tools can slash remote-team admin work, from status updates to risk tracking, if you pick for automation and async fit.
Jun 19, 202622 min
SaaS & ToolsPick the Wrong Small Business Cloud Platform, Pay Later
Choose a cloud platform by matching website needs, team skills, storage, security, traffic, and budget before comparing brands.
Jun 19, 202624 min
Don't miss the signal
Get our weekly roundup of the stories that matter across tech, fintech, and trading. No noise, just signal.
Free forever. No spam. Unsubscribe anytime.