> You do not want local govt each building their own “secure” system
I really do. A centralised, insecure [1] database could lead to America losing a war.
A distributed system of low-reliability nodes is more robust than a centralised system that's very reliable. "ARPANET," after all "was built to explore technologies related to building a military command-and-control network that could survive a nuclear attack." (That's not what it wound up becoming.)
Local control and storage should be a requirement.