We note with interest the recent decision in Doe v. Reed (No. 09-599), which marks the first time in a few years that the Supreme Court has directly (albeit somewhat uncertainly) addressed whether the government can permissibly require individuals to be publicly identified. Leaving aside what the legal implications of the ruling may be, we think the case carries an important lesson about technology and identity policy.
The case concerned whether individual registered voters can sign petitions to place an initiative or referendum on the ballot without having their identities as signatories made public.
Since the right to vote without having it be made public for whom you have voted is considered fundamental to democracy, it might seem natural that you would be able to sign a petition to put Initiative I or Referendum R on the ballot without having it be a public record which such measure(s) you have endorsed. But traditionally, the list of signatories for each individual ballot proposition has been considered a public record.
Why? The answer, we suspect, lies in the technological history.
Paper-based technologies have long made it possible to verify that each ballot is cast by a registered voter, and that only one ballot is cast by each voter, while making it impossible to identify, after the fact, which voter has cast any given ballot. This isn’t rocket science. Even when you submit an absentee ballot by mail in a signed (outer) envelope, for purposes of verification of your entitlement to cast that ballot, the ballot itself is enclosed in a second, inner (anonymous) envelope. Paper technology — the envelopes — makes it easy to separate verification of eligibility to vote from identifiability of the individual ballots or votes with specific voters.
On paper, it’s harder to separate the validation of signatures and elimination of duplicates from the counting of signatures. It could be done, through essentially the same techniques as are used for paper absentee ballots, but that would require a different system than the traditional petition with multiple signatures on each sheet. There’s really no policy reason behind the public identification of signatories that we have come to take for granted as “natural”. Rather, the lack of any possibility for anonymous endorsement of petitions is a corollary of the technique and format in which signed endorsements for a petition are collected.
There’s a lesson here of wide applicability. Providing for anonymity requires effort. It requires that the systems be designed to provide for the possibility of anonymity, and that authorization (Is this the signature of a unique registered voter?) be separated from identification (Which voters signed this particular petition?). If that isn’t a design criterion from the start, it’s likely to be simpler to munge those functions together in ways that preclude anonymity.