18 Million Targeted Voter Records Exposed By Database Error

itwbennett writes: Last week, a database containing 191 million voter records was exposed because of a misconfigured database that no on wants to claim ownership of. Around the same time, a second, smaller database containing fewer than 57 million records similar to those previously discovered was also found by researcher Chris Vickery. But the second database also includes 18 million records that hold targeted demographic information. And as was the case with the previous voter database, no one wants to claim ownership.

TLDR: It's Nation Builder's database

[xxxJonBoyxxx]

Better summary, from TFA:

>> the database appears to be from Nation Builder's 2014 update from February or March

Re:TLDR: It's Nation Builder's database

[Jonah+Hex]

Nation Builder sells data to others, so while the data originally came from NB no one is taking ownership of the database that is exposed to the public.

Speaking to Dissent, Nation Builder said that the IP address hosting the database wasn't one of theirs, and it wasn't an IP address for any of their hosted clients.

But is Nation Builder to blame? Not really... So while Nation Builder denied any claim to the IP and the leaked database, it's entirely possible they might know who developed it – but that would require an extensive records check. This is because a developer or campaign wishing to access the Nation Builder Election Center would need to register their contact details, such as name and email address. However, Nation Builder is under no obligation to identify customers, and once the data has been obtained, they cannot control what happens to it. In short, while they provided the data that's in my newly leaked voter record, they're not liable in any way for it being exposed. And to be clear, I don't blame Nation Builder for my leaked record either, I blame the person(s) who developed the database and poorly configured its hosting. I'm just not sure who they are yet.

Is it part of the uncoordinated coordination?

[140Mandak262Jamuna]

Election law is quite esoteric and it forbids "coordination" between people with similar goals. One way to defeat it is to collect the data and leave in a secret location but arguably a public location. The other party gets tipped off and they collect the "publicly" found info. Ted Cruz dumped tons of unedited video shoot in some public you tube account to provide material for his PAC to create advertisements for him without "coordination". Someone found it and comedians had a field day with it. They had specifically avoided copyright claims to allow the other party to use it legally. Now comedians happily playing with it.

Similarly Fiorina just accepts invitation to speak from different group, posts these invitations publicly in a google spreadsheet. Her SuperPAC uses this info to organize all the campaign work. Uncoordinated coordination!

This database could also be one of the deep pocketed presidential campaigns getting the info without paying for it, or provide the info without appearing to coordinate with them.

Just wish we would just scrap the elections and just sell the elections to the highest bidder at this point.

Re:Is it part of the uncoordinated coordination?

[xxxJonBoyxxx]

>> wish we would just scrap the elections and just sell the elections to the highest bidder

Do you really want the Service Employees International Union in charge?
https://www.opensecrets.org/or...

Re:Is it part of the uncoordinated coordination?

Anyone tipping less than 15% will be shot.

Re:Is it part of the uncoordinated coordination?

[gilgongo]

"Just wish we would just scrap the elections and just sell the elections to the highest bidder at this point."

I'm too lazy to Google for it now, but I quite liked the idea of giving all voters in elections a fixed number of "tokens" which they could give to candidates who stood for office. The tokens could then be redeemed by the candidates for funding from the state for their subsequent election campaigns. A sort of pre-election election. Think that guy looks interesting? Toss him one of your tokens and see if he comes up with a compelling campaign to persuade him to vote for you.

Re:Is it part of the uncoordinated coordination?

[Ralph+Wiggam]

One way to defeat it is to collect the data and leave in a secret location but arguably a public location.

This database is basically an empty shell of an election information DB. Remember the thing between Bernie Sanders and Hillary? They share the same basic DB, with factual information like age and address. Then each campaign can add their own secret information on top of that, which was inadvertently opened up. This mystery DB doesn't have any of that secret sauce.

Re:Is it part of the uncoordinated coordination?

[evilviper]

Just wish we would just scrap the elections and just sell the elections to the highest bidder at this point.

The great thing about elections is that the one with the most money DOESN'T necessarily win. Money sure helps, but there are innumerable examples of the big spender losing, even post-Citizens United.

Re:Is it part of the uncoordinated coordination?

[bigpat]

Just wish we would just scrap the elections and just sell the elections to the highest bidder at this point.

I'd prefer to see elections go to the lowest bidder. Give me a dollar each month, elect me, and I will vote however you and all the other people that gave me a dollar want me to vote.

Re:Is it part of the uncoordinated coordination?

[Obfuscant]

but I quite liked the idea of giving all voters in elections a fixed number of "tokens" which they could give to candidates who stood for office. The tokens could then be redeemed by the candidates for funding from the state

I kinda prefer that the tokens be called "dollars" and the "state" not be involved in deciding who gets them, or who they are taken from so they can be handed out.

Keeping track of the lists of people who can vote is hard enough without having to create another list of people who get tokens and how many. Doing such a thing at the state or federal level means the local voter lists have to be consolidated and become just another database that the state and feds can use to ... whatever. Lose track of and deny responsibility for failing to secure is just one possible bad outcome.

Re:Is it part of the uncoordinated coordination?

It's also how they transfer weapons in the Middle East. Leave them in an armory, and it gets "raided" by "terrorists". Pretty much what happened in Benghazi...

Do we want this private?

[bigpat]

These are voter registrations that are apparently available to any organization with the resources and connections to buy them or compile them... Aren't we better served if we just had the states make this information available for download? To my thinking it would be better to know what is known about us and what is being used to target us with political and commercial marketing rather than keep our information private. Although, certain law enforcement professionals have already expressed concern about having their addresses listed. So, at least that information should have been private.

Re:Do we want this private?

[DaHat]

Aren't we better served if we just had the states make this information available for download?

Most states put limitations on how the data can be used: ie only political, law enforcement, journalistic, etc. The issue in part becomes how do you prevent people from misusing the list(s)?

Finding the home address of a potential stalking target becomes easy, as is using the data for marketing or other commercial purposes (which most states prohibit).

Watermarking a CSV file in a way that a quick search for differences between a couple different copies of the list isn't so easy.

Re:Do we want this private?

[DaHat]

Do we need it available to anyone but election officials to make sure only registered voters vote?

Need? No, but if you are part of a campaign they are invaluable.

While most state/national parties maintain their own curated lists (usually based on input from the states + their own info on likelihood of voting their way), if you are an upstart candidate who doesn't have the support of the party, your campaign is going to be doomed from the start without being able to target registered voters.

Re:Do we want this private?

[jandrese]

Good luck enforcing those laws. Just buy a home and see how quickly your mailbox gets filled with flyers addressed directly to you offering home services.

Re:Do we want this private?

[Tablizer]

Fewer people will vote if spammers etc. can get their personal information.

Re:Do we want this private?

[crbowman]

While I'm generally a supporter of open records and transparent government. I'm don't understand what the rationale is for releasing this data. Why do I have to release my information to the public in order to avail myself of my basic right to vote? I could see that there would be some uses, research into voter demographics for redistricting and for study of fairness of voting but I'm not sure all this information is required to allow that, and even more I'm not sure the value outweighs the down side.

Re:Do we want this private?

[DaHat]

Tell me about it. When a renter I was slightly annoyed by 2-3 credit card offers a week... now I've got 2+ refinance offers in addition to at least 1 credit card offer, not to mention solicitations by real estate agents for when I am ready to sell my house. My wife was even puzzled by the fact we got a Christmas card from one of these agents this year.

The difference though is that property sales/ownership information generally doesn't have these sort of prohibitions on them.

Re:Bourgeois Democracy is a Fraud!

[MightyMartian]

And how did Lenin's alternative work out

then it just come down to the supreme court pickin

[Joe_Dragon]

then it just come down to the supreme court picking the winner with a dead line to get the case done by X time.

Re:then it just come down to the supreme court pic

[DaHat]

I'm sorry to see/hear that you still push with this revisionist bit of history.

The best you could have hoped for in 2000 was Bush as Pres & Lieberman as VP.

Under no constitutional or lawful sequence of events was Al Gore going to become President.

Re:Donald Trump in '16!

[bobbied]

Build a wall? Sure... But I'm still waiting on how you make Mexico pay for it.. The only ways I've come up with involve military force or some kind of new tax/tariff etc.. Just sending them a bill marked "over due, please pay now" is unlikely to be effective.

I beg you, ANY other republican contender over Trump... Please? I'll take him over the Hill, but he's my absolute last choice of the possible republican contenders.

Re:Eyes on Hillarious Clinton

[bobbied]

Didn't Bernie Sanders get in trouble with the DNC for accessing data he wasn't allowed to? Seems up his alley too.

Re:Eyes on Hillarious Clinton

[ganjadude]

im no fan of bernie, the man doesnt understand the difference between a secured and unsecured loan... having said that its more likely the DNC and hillary are throwing mud and seeing what sticks

Re:Who cares?

[bobbied]

Hill is that you?

What does it matter now?

FIFY

Re:Donald Trump in '16!

[DaHat]

But I'm still waiting on how you make Mexico pay for it..

While not a fan of Trump, I recognize that as a business person he starts with a more out there proposal which he can then back off from during negotiations... which this sounds to be too.

The only ways I've come up with involve military force or some kind of new tax/tariff etc.. Just sending them a bill marked "over due, please pay now" is unlikely to be effective.

You aren't thinking creatively enough.

If $23 billion is in fact being sent from the US to Mexico... just tack a 20% 'wall' tax and you pay for a $49 billion dollar wall in just 10 years.

Granted, such projections are based on more or less static accounting and discounts any changes in behavior.

Re:Donald Trump in '16!

[DaHat]

The Government can't get huge companies to pay their own taxes (that shelter money offshore and funnel through international channels),

Like it or not, those methods are legal at present.

but they're gonna tax the little people?

How well paid are the lobbyists for the 'little people'?

Re:stupid question here

[bobbied]

Where effective in the Netherlands, there are some legal impediments to doing such a thing in the USA which stem from our constitution.

We keep the same records as your "civil register" at the same "local level" but they are independently managed and are not coordinated. For instance, if you get married, this fact is recorded in the county you get married in, which may not be the county or even the state you live in. Also, your civil register produces an ID for every person over 14 years old which must be presented when doing any government function, something which is considered racist by some sectors of the USA's society. Because of our constitution, the records you put in the "civil register" really cannot be put in one place, but are kept independently.

In the USA, registration is OPTIONAL for just about everything including voting. Where registration is required it can usually be avoided if you try or have a specific religious objection to being registered.

Re:Donald Trump in '16!

[bobbied]

But I'm still waiting on how you make Mexico pay for it..

While not a fan of Trump, I recognize that as a business person he starts with a more out there proposal which he can then back off from during negotiations... which this sounds to be too.

The only ways I've come up with involve military force or some kind of new tax/tariff etc.. Just sending them a bill marked "over due, please pay now" is unlikely to be effective.

You aren't thinking creatively enough.

If $23 billion is in fact being sent from the US to Mexico... just tack a 20% 'wall' tax and you pay for a $49 billion dollar wall in just 10 years.

Granted, such projections are based on more or less static accounting and discounts any changes in behavior.

Like I said, if you are not willing to recover the cost of the wall by force of arms, all you can do is add a tax or tariff on economic activity.

But as others have pointed out, putting a tax on money transfers to/from Mexico really doesn't solve the problem because then folks would change their behavior and just send cash directly...

Re:then it just come down to the supreme court pic

Including the remedies in Florida law that the SCOTUS denied Fl the right to undertake? One of those was a full recount of all questionable counties (or something prettty damned close) and IIRC Gore would have won that count per the officially unofficial recount run by the journalists some years later.

Love the GOP - all for "state's rights" until those rights bite them on the butt, then trample those rights with the Federal Gummint! Yep!

Re:then it just come down to the supreme court pic

[DaHat]

Again, revisionist history that ignores reality, not to mention well established constitutional process and law.

Like I said, "Under no constitutional or lawful sequence of events was Al Gore going to become President."

A "Certificate of Ascertainment" had already been sent to congress and the Archivist of the United States, at that point the role of the state was over. Period.

The only remaining hope for the Gore campaign would be for the joint session of (the new) congress that is tasked with counting the votes challenge the result. If successful, each state delegation would cast a single vote for President. Given the breakdown of the 2000 House of Representatives election, it is almost certain that Bush would have won.

When it comes to VP, similar process in the senate, however due to the 50/50 split at the time, the President pro tempore of the Senate would cast the deciding vote. Who was that at the time? None other than the Vice President of the United States, Al Gore.

Re:Eyes on Hillarious Clinton

[budgenator]

My understanding is they were exposed to it through a miss-configure web-page, and one of his staffers looked at it, probably thinking that "that can't really be what I think it is" then realizing "that something I shouldn't be looking at". I dearly love to rake a Democrat over the coals, but this is a non-issue.

Re:then it just come down to the supreme court pic

[Obfuscant]

Including the remedies in Florida law that the SCOTUS denied Fl the right to undertake? One of those was a full recount of all questionable counties (or something prettty damned close)

Florida had already defined the electoral process and was following that process, as is the right of the state legislature to define. The federal government had no authority to overturn the state-defined process, nor did the Florida courts on a matter of process.

The recount was done. The result was certified. The only effect of forcing yet another recount was to delay the result from Florida until after the deadline for the Electoral College vote, effectively disenfranchising every Florida voter.

Love the GOP - all for "state's rights" until those rights bite them on the butt,

Florida has the right to determine its electoral process, and did so. It was Gore who was trying to change the process after the vote was counted.

And gotta love the Dems -- count every vote, until the votes are counted and the Republicans win, then take every vote to court to get it thrown out. Awful butterfly ballots -- that both parties agreed to prior to the election. Awful absentee process -- that both parties agreed to prior to the election. Got a problem with the process? Fix it before the ballots are cast, not after they go against you.

The great American whine

[plopez]

"I'm not responsible"
(this is where I rant and rave like a lunatic)
I wish Americans would grow up. They are a bunch of children who are irresponsible, spoiled, pandered to, expect everything handed to them, do not understand basic finance, lazy, and greedy. This is coming from an American who sees this everyday and is disgusted. Instead of fixing the problem you will see companies and lawyers standing around pointing fingers.
(end of rant)

Re:The great American whine

[KGIII]

To be fair, concerning this database being open to the public, I am not responsible.

Then again, it is public information. We could probably save a bit of time and energy by just making it a publicly available download in a few different formats - from txt to .sql to .csv. Hell, we could even make it downloadable in .pdf format.

There's a...

[ourlovecanlastforeve]

There's a limited set of people who have access to this database.

Lets put them all on trial.

Re:Eyes on Hillarious Clinton

[bobbied]

Do realize that this is ALL SPIN no matter what way you slice it. Who knows what the real story is, did they open up access on accident or on purpose? Did Sander's folks exploit that opening? Was there ever any security there to start with? Who knows? All you will get out of the press is what sells advertising and out of the candidates what generates the most buzz/fundraising they can manage. It's a game to them. It's like this canard that Sanders is not a career politician even though he's held elected office for 25 years, where Hillary IS a career politician having held elected office for what, 1 senate term of 6 years or so? It's all spin.

Personally, I don't care one bit either way on this story. Where I'd love to have Sanders as the democratic nominee (or as an independent candidate running to the Hill's left for that matter) I really don't have a dog in this hunt being I'll not be voting for either of them under any circumstances.

So... To make is short. I was trying to make a joke about the democrats and data security.... Saying that Sanders and the Hill are both as qualified as the other on this subject.

Re:In particular

[bobbied]

Even registering with the selective service is avoidable on religious grounds too.... Surely being a conscientious objector on religious grounds would be sufficient to be excepted from the requirement?

The Phone Book?

[ripvlan]

There's this other thing called the phone book. Granted it doesn't contain your DOB. But it does have most of your name, address, and phone#.

I fail to see the importance of this database that these folks found. Yes - your data is out there - companies collect it. It exists, are you surprised? Was a law broken in "leaking" this information (doesn't sound published - more like an accidental leak). In my state it is illegal to post public access into on the web - you have to come get it in person. But I don't know what restrictions exist after that.

The larger concern from my POV is using this kind of data to build a larger database (like Nexus). My name & address? - send me lots of junk mail. Phone number? Already get plenty of robo-calls. But start opening bank accounts in my name or making purchases - that will be a PITA. It's the criminal activity I worry most about.

VISA/Mastercard already have a huge pile of data on me. They know what I purchase and how much I spend. I know this because my employer used to buy "your" name & address & income & spending history for mass-marketing campaigns (targeted marketing -- give us 50,000 people who make $80k+/year and spend X dollars at stores like Apple and Williams/Sonoma).

The fastest way to deal with this is --- delete the database. Fight back, name your children...Little Bobby Tables - https://xkcd.com/327/

Re:The Phone Book?

[bigpat]

I am more concerned that this is public information and it isn't being made available online. Besides an "opt out" provision for your specific address to address the concerns of police officers, judges or anyone who is afraid of stalking or whatever, just like you might have for a telephone directory, this information could be used by individuals, local groups, and others to find people that are registered democrats and registered republicans or independents. This data is already being used to target those individuals based on party affiliation and voting history, but now all the power to do so is controlled by organizations with a big enough bankroll to gather the data and make it available to whomever they choose. And I certainly don't like the big party politics that results from centralized control by a few. Everyone from researchers and students at Universities, to local grass roots activists could use the information to save time and money in their activities. We are already paying for the information to be collected and stored, so why should only the rich and powerful be able to access it?

Re:Bourgeois Democracy is a Fraud!

[RockDoctor]

Compared to the Great Depression - not too badly. Once Stalin got his system going, it started to go off the rails, but in the 1930s it was increasingly obvious that communism was posing a real alternative to untrammelled capitalism. No wonder the powers of Capital were delighted to stoke Stalin's paranoia.

Since then, things haven't gone so well. Though the 2008-to-today financial crash is again showing some of the horrible problems with Capitalism.