U.S. intel holds secret evidence China accessed voter files as Senate weighs election security law

The United States expressed outrage when Great Britain revealed two years ago that its voter registration databases were hacked by China in what became a global scandal. But it turns out the U.S. intelligence harbored its own secret at the time, knowing since 2020 that Beijing also gained access to American voter registration data, according to documents reviewed by Just the News and interviews with officials with direct knowledge.

“[Redacted] Chinese intelligence officials analyzed multiple U.S. states' [Redacted] election voter registration data, [Redacted] to conduct public opinion analysis on the 2020 US general election,” stated a once highly classified April 2020 National Intelligence Council memo entitled "Cyber Operations Enabling Expansive Authoritarianism." 

You can read that document here.

That memo, heavily redacted and quietly declassified by the Biden administration two years after it was written, has escaped most public notice.

That means six years later that the U.S. intelligence community has yet to fully inform the American people or the Congress on the breadth of evidence it possesses of China’s actions, how Beijing got the data, and what operations it has taken or contemplated. 

The gap in public knowledge is particularly politically sensitive as the Senate this week debates a new election security bill that is a top priority for President Donald Trump. Officials told Just the News that Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe are working to declassify a potentially explosive tranche of documents showing what China did, and who in U.S. government knew and when.

The secrecy surrounding China's access to voter registration has been so persistent that even Republican National Committee Chairman Joe Gruters, President Donald Trump's point man for the 2026 mid-term elections, said he was unaware of the intelligence. "What's crazy is the fact that China has access to these voter rolls, but we don't," Gruters told John Solomon Reports podcast in an episode set to air Tuesday.

Current and former U.S. officials told Just the News that U.S. intelligence agencies possess several raw reports dating to spring 2020 showing China gained access to American voter registration data spanning several states as well as a few finished intelligence products referring to such breaches, including at least one presidential daily briefing. 

But the single passage in the DNI document declassified by the Biden administration is the sole piece of evidence in the public sphere.

Voter registration data is not the same as ballots, where Americans choose their candidates. But it contains sensitive personally identifying information, including driver's license data and partial Social Security numbers. The data is considered so sensitive that several Democrat states are currently trying to keep the Trump Justice Department from obtaining it and liberal groups claim it is a holy grail of election integrity.

In the hands of a foreign power, such data could be used to mimic social personas designed to influence elections or to make absentee ballot requests to cast fake votes, something the FBI feared China might be doing during the 2020 election, according to recently declassified documents.

CIA blocked efforts to inform President Trump and stopped many of these reports from being made available to Congress

"There's as much evidence of China's access to U.S. voter reg files as what eventually prompted outcry in Britain," one intelligence official who worked for Biden and declined to be named told Just the News. The former official said it was known certainly by February 2020, when there was a White House briefing, and loud enough by April 2020 to be included in the cyber-hacking report. 

"It's quite remarkable it has been kept a secret this long," that official added.

One of the intelligence officers who worked on the China cyber hacking portfolio under Trump and tried to raise the alarm bell as a whistleblower only to be blocked by colleagues in various spy agencies confirmed that the evidence of Beijing obtaining voter data is solid and extensive.

"We knew by April 2020 that Chinese intelligence had voter registration data from multiple states and was analyzing it with an eye toward the 2020 election," former NIC officer Christopher Porter told Just the News. "But CIA blocked efforts to inform President Trump and later stopped many of these reports from being made available to Congress."

"During the Biden administration, when I raised concern about the legal requirement to share these and other reports with Congressional oversight, they changed my job to exclude me from elections and then fired me," he said.

Gabbard’s team at DNI was briefed on China's access to the voter registration data and is working to declassify raw reports for potential public dissemination, officials said.

CIA officials told Just the News they are working on answers to questions submitted by Just the News, including the number of states that might be impacted and whether any states were informed. Ratcliffe is uniquely versed on the issue, having written a report at the end of the 2020 election as Trump's then director of national intelligence siding with Porter and suggesting China was more involved in trying to influence the election than U.S. spy agencies were willing to admit.

"Director Ratcliffe was among the first to raise alarms about China’s efforts to influence the 2020 election. While serving as DNI, he publicly held the Intelligence Community accountable following the Foreign Threats to the 2020 U.S. Elections ICA, citing inconsistencies, violations of analytic tradecraft standards, and an assessment that failed to fully reflect the scope of China’s election influence activities relative to Russia’s," CIA Director of Public Affairs Liz Lyons said.

"At CIA, Director Ratcliffe is committed to ensuring intelligence assessments are produced and evaluated objectively and in accordance with rigorous analytic tradecraft standards," she added. "The integrity of our elections is critical to our republic, and Director Ratcliffe has made clear that America’s adversaries will be exposed and held accountable for any attempt to undermine it."

The revelation of Chinese access to U.S. voter data comes as senators are set to debate the Save America Act this week, a top priority for Trump because it would impose citizenship checks and IDs for voters.

Several senators privately told Just the News they've never been told about any Chinese effort to access voter registration data.

Ample intelligence of China's access to voter data but internal disagreement about intentions

U.S. intelligence has acknowledged at least two other foreign powers have breached American voter data: Russia and Iran, the latter whose hackers downloaded 100,000 voter profiles from one state in 2020, according to an unsealed indictment. The dangers of such hacking were laid bare in the intelligence agencies' assessment of those two breaches, without ever mentioning China.

“This data can be used by foreign actors to communicate false information to registered voters,” then-DNI Ratcliffe, now the CIA director, said during an October 2020 briefing that mentioned Iran and Russia's access to such data. China was not mentioned in that briefing. Ratcliffe would later be briefed about China's effort to obtain the voter data when he wrote his dissent, officials said.

Current and former officials told Just the News that the evidence of China accessing and analyzing voter registration data is voluminous and concrete but that the intelligence community's assessment of Beijing's intentions and utilization of the data for malign influence is a matter of dispute.

Officially, the U.S. intelligence community has declared that China put itself into a position to exert malign influence in elections but did not act on that capability in the 2020 election. As the declassified April 2020 report suggested, the agencies in their official assessment believed China stuck to mere analysis of the voter data and took no overt actions to interfere.

But that conclusion is disputed by at least three intelligence officials, led by Porter, who wrote a dissenting report suggesting there was some evidence China did meddle in the 2020 election. That split began emerging in the summer of 2020, officials confirmed.

Neither side of the intelligence community believes China took actions that changed votes on machines. But the revelation that the United States knew that China gained access to voter registration data like what Great Britain admitted to in 2024 could impact the debate in Washington and further raise questions about the political tainting of spy agencies, according to officials who have seen the evidence.

FBI raised concerns of China plot to organize fake mail-in ballots for Biden in 2020

Last June, FBI Director Kash Patel turned over to Congress a long-hidden intelligence report from 2020 which raised concerns that China had plans to mass-produce fake U.S. driver's licenses to carry out a scheme to swing the election to Biden with fake mail-in ballots.

The FBI information report had been sent as an uncorroborated advisory to U.S. intelligence agencies on August 24, 2020. It was then suddenly recalled in September 2020 — the day after then-FBI Director Chris Wray testified to Congress that he had not seen any large-scale voter fraud efforts.

The raw and unverified intelligence report was bluntly titled “Chinese Government Production and Export of Fraudulent US Driver's Licenses to Chinese Sympathizers in the United States, in Order to Create Tens of Thousands of Fraudulent Mail-in Votes for US Presidential Candidate Joe Biden, in late August 2020.”

The report was soon recalled, with spy agencies told to delete the information before they had a chance to properly investigate its claims.

U.S. Customs and Border Protection (CBP) had said in July 2020 that “fraudulent driver’s licenses […] continue to be found by CBP officers” at Chicago O’Hare International Airport. From January through June 2020, CBP said its officers had “seized 1,513 shipments with fraudulent documents — a total of 19,888 counterfeit US drivers’ licenses” and that “the majority of these shipments were arriving from China and Hong Kong.”

The CBP press release did not directly link the fraudulent licenses to potential voter fraud efforts.

Open-source intelligence shows ties and actions by Chinese intelligence agency favoring Biden

Some other open-source intelligence reviewed by Just the News shows that Chinese government-linked cyber hackers and Chinese social media troll farms took aim at the U.S. presidential election in 2020 and sought to swing it against Trump and in favor of Biden. There are also strong indicators that Chinese intelligence and law enforcement agencies — including China’s Ministry of State Security (MSS) and its Ministry of Public Security (MPS) — also played a role.

The long-running and Chinese state-sponsored “Spamouflage Dragon” and “Dragon Bridge” online influence campaigns conducted around the world — and aimed at Trump Administration policies and Trump himself during the 2020 election — have been repeatedly tied to Chinese law enforcement and China’s MPS, including its 912 Special Working Group.

The DOJ has argued in court filings that members of the MPS’s 912 Special Project Working Group had coordinated with officials in China’s United Front Work Department in 2020 on topics related to the COVID-19 pandemic, the U.S. government’s response to Hong Kong protests, the George Floyd riots, and “the 2020 presidential election.”

Cybersecurity researchers also labeled a variety of Chinese cyber actors as being Advanced Persistent Threat (APT) groups — and a number of these have engaged in election influence efforts over the past decade, including attempting to meddle in the U.S. in 2020 as well as in elections in the UK, Canada, Australia, Hong Kong, Taiwan, Cambodia, and elsewhere.

The DOJ said APT31 was part of a “cyberespionage program run by” the Chinese MSS through the Hubei State Security Department, while the State Department declared that APT31 was a “collection of Chinese state-sponsored intelligence officers, contract hackers, and support staff.”

"A prolific Chinese cyber threat group"

CISA and the FBI assessed that the “tactics, techniques, and procedures” of APT40 cyber actors were “associated” with China’s MSS and with China’s Hainan State Security Department in particular.

The Mandiant cybersecurity firm found that APT41 was “a prolific Chinese cyber threat group that carries out state-sponsored espionage activity.” The DOJ later said that an indicted member of APT41 “boasted of connections to” the Chinese MSS.

The DOJ also revealed in indictments years after 2020 that China’s MPS and MSS had seemingly taken aim at U.S. politics during that election season.

Mandiant said in March 2020 that “beginning this year, FireEye observed Chinese actor APT41 carry out one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.” A later assessment by the firm in 2024 cited that 2020 report and said that “APT41 conducted large-scale vulnerability exploitation and scanning activity that compromised U.S. government organizations ahead of” the 2020 “U.S. election cycle.”

The ODNI’s National Intelligence Council (NIC) wrote its aforementioned bombshell assessment in April 2020 — with it not being declassified until then-DNI Avril Haines did so in October 2022 — titled “Cyber Operations Enabling Expansive Digital Authoritarianism.”

“China and other authoritarian governments are using cyber espionage, attacks, and influence operations to extend the coercive reach of their ideological enforcement and political control efforts beyond their borders. In some cases, they are impinging on Western democracies' sovereignty and interests to enhance their domestic stability,” the ODNI had found in early 2020.”

The ODNI made it clear that, by early 2020, it knew that Chinese intelligence officials had analyzed the voter registration data for multiple U.S. states, and that it had apparently used that information to carry out analysis on U.S. public opinion related to the 2020 race between Trump and Biden.

Pro-Chinese spam network, 186 YouTube channels removed

Graphika publicly released an April 2020 titled “Return of the (Spamouflage) Dragon Pro-Chinese Spam Network Tries Again.”

The report said one of the accounts in Spamouflage “shifted its focus in late January to talking about the coronavirus” and that “in March, as the Chinese government’s narrative shifted to arguing that China had responded better than the United States, it tweeted about the reported wave of xenophobic attacks on Chinese Americans linked to the outbreak.”

Graphika wrote: “In late January and early February, the network also expressed confidence in China’s ability to handle the virus. By March, the tone had changed: it proclaimed China’s ‘victory’ in the ‘war’ against the epidemic, praised China’s status as a role model for other countries, and contrasted China’s ‘victory’ with the struggles of Western countries, especially the United States.”

The Google Threat Analysis Group wrote a 2020 report which said that, in April, the group “terminated 186 YouTube channels as part of our ongoing investigation into coordinated influence operations linked to China.” The Google group said that in May 2020 “we terminated 1,098 YouTube channels” as part of  the inquiry into “coordinated influence operations linked to China.” The Chinese influence efforts there included criticizing the U.S. over COVID-19.

The group added that in June 2020 “we terminated 1,312 YouTube channels” as part of the Chinese influence operations investigation, again saying “a subset posted political content primarily in Chinese similar to the findings” in the Graphika report, “including content related to racial justice protests in the U.S.”

Spamouflage targets Trump ahead of 2020 presidential election

The NIC later wrote a 2022 assessment (declassified in 2023) which admitted that “since 2020, PRC senior leaders have issued broad directives to intensify efforts to influence U.S. policy and public opinion in China's favor.”

Graphika noted that “this is the first time the network has published substantial volumes of English-language content alongside its ongoing Chinese coverage — a clear expansion of its scope.”

“Social media accounts from the pro-Chinese political spam network Spamouflage Dragon started posting English-language videos that attacked American policy and the administration of U.S. President Donald Trump in June, as the rhetorical confrontation between the United States and China escalated,” the firm said.

The firm said that “in early 2020, it started commenting on the coronavirus pandemic, praising the CCP’s response at a time when it was being accused of covering up the outbreak” and the Chinese influence operation “includes a wealth of videos in English and targets the United States, especially its foreign policy, its handling of the coronavirus outbreak, its racial inequalities, and its moves against TikTok.”

“It focused on the twin crises rocking the United States: the Covid-19 pandemic and the protests that followed the police killing of George Floyd,” the firm added.

“But Trump is still addicted to his re-election, don’t think how to control the epidemic and this riot,” one video by Spamouflage which took direct aim at Trump and his campaign said. “Instead, planning to restart the campaign, and even applied ‘blame pushing’ to domestic supporters […] Instead of appeasing people’s anger, he is devoted to arousing the public anger.”

The firm said dozens of Spamouflage YouTube channels launched an August 2020 video titled, “When I voted for Trump, I almost sentenced myself to death." The video included opinion polls showing Trump trailing Biden, with a voice-over claiming that “the Trump administration has had the worst of it just before the election.”

DOJ formally accuses China's MPS and MSS of taking action during 2020 election

The Justice Department later filed an indictment in 2023 which said that members of the Chinese MPS’s 912 Special Project Working Group had coordinated with officials in the United Front Work Department back in 2020 — with an FBI special agent arguing that “this coordination likely included topics related to the COVID-19 pandemic, the U.S. government’s response to developments in Hong Kong, civil unrest in the United States following the death of George Floyd, and the 2020 presidential election.”

The DOJ then later filed an indictment against Chinese MSS officers later in 2024 related to a host of criminal influence efforts. The DOJ revealed then that “the allegations in the indictment regarding the malicious cyber activity targeting political officials, candidates, and campaign personnel are consistent with” a joint report by DOJ and DHS about the 2020 election which had cited incidents when Chinese government-affiliated actors “materially impacted the security of networks associated with or pertaining to U.S. political organizations, candidates, and campaigns during the 2020 federal elections.”

The indictment charged seven Chinese hackers — identified as being part of APT31 — with “conspiracy to commit computer intrusions and conspiracy to commit wire fraud” for their involvement in an effort spanning fourteen years and “targeting U.S. and foreign critics, businesses, and political officials.” The DOJ said dozens of MSS intelligence officers had been involved.

“Through their involvement with the APT31 Group, since at least 2010, the defendants conducted global campaigns of computer hacking targeting political dissidents and perceived supporters located inside and outside of China, government and political officials, candidates, and campaign personnel in the United States and elsewhere and American companies,” the DOJ said.

The DOJ added that “the targeted U.S. government officials” ranged across a host of federal departments and agencies, including the White House, and that “targets also included election campaign staff from both major U.S. political parties in advance of the 2020 election.”

The indictment laid out specific efforts taken by the MSS-linked hackers in 2020, noting that “the Conspirators began targeting email accounts belonging to several senior campaign staff members for a presidential campaign” in March 2020. The DOJ said that “the Conspirators targeted email accounts belonging to senior campaign staff members for a presidential campaign” beginning in May 2020.