Slashdot Mirror

← Back to Stories (view on slashdot.org)

154 Million Voter Records Exposed Due To Database Error (dailydot.com)

Posted by BeauHD on from the error-processing-command dept.

blottsie writes: Chris Vickery, a security researcher at MacKeeper, has uncovered a new voter database containing 154 million voter records, exposed as a result of a CouchDB installation error. The database includes names, addresses, Facebook profile URLs, gun ownership, and more. Who exposed the voter database? Vickery believes the suspect may be linked to L2, a company specializing in voter data utilization, after he noticed that the voter ID field was labeled "LALVOTERID." After calling the company, L2 said the database likely belongs to one of their clients, noting that there are very few clients big enough to have a national database like that. The database was secured within three hours of their phone call. L2's CEO Bruce Willsie said that the client told L2 that they were hacked and the firewall had been taken down. Their client is conducting their own research to figure out the extent of the incursion. The Daily Dot reports: "Why does this keep happening, and what is our government doing about it? No federal agency is enforcing data security in political organizations or non-profits, and so far, neither are state attorneys general."

95 comments

  1. What else is there and where do they get the data? by Anonymous Coward · · Score: 0

    “This was an old copy (from about a year ago) of the national file and it had only a very small number of our standard fields,” Willsie wrote to Vickery, adding, “I’ve asked that they report back to us with their findings and their plan for hardening their system in the future.”

    17 relevant information points is very small number of standard fields? Who are these people, and what kind of databases do they have for everyone?

  2. data breach!? by Anonymous Coward · · Score: 0

    Well I'll be dipped in shit and rolled in breadcrumbs. Who woulda thought? This almost never happens.

  3. Re:Thank you Republicans! by Anonymous Coward · · Score: 0

    No, i just hate you.

    I want you to die. To die.

  4. What's the problem? by DoofusOfDeath · · Score: 1

    "Why does this keep happening, and what is our government doing about it?"

    If one accepts that all information may be freely shared unless specific restrictions apply, and if the people named in the database hold no such restrictions on those data, then what's the problem?

    1. Re: What's the problem? by Anonymous Coward · · Score: 0

      Everything's there, and with the program from social security to find the number, which was in DOS, I suspect a credit monitoring service to do well this year.

    2. Re: What's the problem? by ememisya · · Score: 1

      I think this can be seen as "the government" demonstrating why it's a terrible idea to have digital records online for something as sensitive as voter information.

  5. Someone saw a probelm by Hasaf · · Score: 0

    It was reported and quickly fixed. There is very little story here.

    1. Re:Someone saw a probelm by Anonymous Coward · · Score: 0

      Very little story indeed. Except that we now know that there are organizations out there that know where every voter in the United States lives and their demographics (probability of ethnicity, family status and education level).

      If you thought the 2010 Census resulted in the utter ruination of congressional districts nationwide, get ready for 2020. It's going to be a doozy.

    2. Re:Someone saw a probelm by Anonymous Coward · · Score: 0

      "Except that we now know that there are organizations out there that know where every voter in the United States lives and their demographics"
      Are you really surprised? The federal government would know too, federal government agencies would. Access to many state's voter rolls is fairly easy to get access to also (provided by the states).
      For instance: https://www.ok.gov/elections/Candidate_Info/Voter_List/index.html

  6. Why does it keep happening? by hrieke · · Score: 4, Insightful

    My flippant answer:
    Cause companies refuse to pay market rate for those who actually know how to secure these things , & pay for the hardware and services.

    Honestly however, this is not a government issue, this is a private industry issue, and it's going to cost money.

    --
    III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIIIV IIVIIIIIIVIII...
    1. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      Based on events of the last month or so, I no longer think there is anybody who "actually knows how to secure these things."

    2. Re:Why does it keep happening? by plopez · · Score: 3, Insightful

      In software there are no consequences for idiocy. There are no laws governing the quality of software, e.g. requiring warranties or health and safety laws. In addition Software "Engineers" are not true engineers as there is no licensing procedure and unlike true engineers no liability for a poor design. So these so called Software "Engineers" can slap code together and get away with out getting sued. The same is true of Network "Engineers", Security "Engineers" etc.

      There is no such thing as "Software Engineering".

      --
      putting the 'B' in LGBTQ+
    3. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      This is EXACTLY the issue.
      Companies don't want to pay $150,000-$200,000 salaries to programmers and admins that know what they're doing.

    4. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      Lets be real here. If Sony, various governments, and many companies can get hacked, with the best security on the planet, hell even the US Government with OPM getting defeated, there is no chance of anyone actually having a serious fight.

      Sounds bad, but that's reality. If there is a database, it will get pwned.

    5. Re:Why does it keep happening? by The_Revelation · · Score: 1

      I don't know that I completely agree. I think Software Engineers are forgiven mistakes given the complexity of the environment within which they work, however there is liability in any industry, and depending on the level to which you are producing products (ie. medical, scientific), they are held to a certain level of quality.

      The way the industry typically regulates software is by requiring testing. However, testing can't always predict edge cases, for which modern operating systems have a plethora of.

      Additionally, the product that the engineer produces can only be as good as the tools on which it is running, and often the fault will either come from hardware or the bugs in the runtime environment.

      Besides all of this, typically Computer Systems Engineers who choose to major in software still have to do all the other STEM subjects the rest of the faculty does.

      Often, the real problem is that the products are designed by Companies rather than individual Software Engineers. That said, look at the guys that made The Pirate Bay, or Napster. They were clearly held accountable for their software.

    6. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      Software Engineering exists, but the software that comes out of it is so expensive and clunky that most people prefer "artisan" software. It is also quite unfair to compare software to the things that engineers make: Software is vastly more complex, like you have no idea how much more complex, and in software it counts as a flaw when it breaks under sophisticated and direct attacks. If engineers were held to the same standard, bridges would have to be built like bunkers, and we'd all drive tanks.

    7. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      Private companies having access to 150 million voter records, which were collected by the government for government purposes, seems to be a government issue to me. It doesn't seem unreasonable to attach strings to accessing the data like "if the data leaks, then you're on the hook for identity theft protection for life for anyone whose data leaked" or something.

      Fixing the system so that the social security number isn't a universal password that also happens to be a public identifier is another ball that is squarely in the government's court at the moment.

    8. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      Pass a law that states:
      Any company that loses data pertaining to customers/other users shall be forced to publish equivalent data from the board.
      You accidentally publish the credit card info of your customers? You publish the credit card info of the members of your board of directors.

      We'll see how much effort you put into security then.

      Although this would have the down side of naked pictures of Tim Cook being published after the fappening...

    9. Re:Why does it keep happening? by The-Ixian · · Score: 2

      This reminds me of the time that I worked in the returns department of a consumer goods manufacturing company.

      The product was good but all I ever saw was the crap. Pallets and pallets of non-working things.

      I didn't have a very good opinion of the company's product at that time.

      However, the number of items returned was a tiny fraction of the amount of product sold.

      My point is that when all you hear about is breach after breach, it is easy to come to the conclusion that everything is easily breached.

      I don't think that is true. Just think about all of the databases in the world.

      I would be willing to bet that the odds of being breached are still fairly low if you actually spend the resources on taking reasonable security measures.

      I think that what we are seeing is an intersection between growing computer savvy (as everyone who grows up with the technology really grok it) and status quo (legacy) network concepts.

      I think it is absolutely possible to secure a network if the will to do it is there.

      --
      My eyes reflect the stars and a smile lights up my face.
    10. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      When you have millions (in many cases hundreds of millions) of records representing information about individuals in many instances of databases like that, and all it takes is one breach to send that information out / make it available to parties with ill-intent, and in addition to that, having the number of vulnerabilities across software and platforms, in addition to the massive number of differences in the build-out of the servers across all these companies, what you have is the perfect storm of insecurity for the random individual.

      It may be possible to secure a network and thus secure servers, but in the real world, that doesn't happen as it's not a financial priority.

    11. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      This. Though it should be a LOT more than "identity theft protection" - that's a fig leaf.

    12. Re:Why does it keep happening? by CaptainDork · · Score: 2

      This.

      Data breaches will halt very soon after litigation becomes the norm.

      At this writing, gatekeepers are not held responsible.

      For every breach, the custodian of the data should pay out the nose.

      Until then?

      Yawn.

      --
      It little behooves the best of us to comment on the rest of us.
    13. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      Indeed. If my new car gets a flat, gets a broken windshield, gets a dent in the door, is stolen, gets in an accident, has a breakdown, or the driver puts water in the gas tank, then the engineer that designed the car should be liable...makes perfect sense.

    14. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      If it was a bridge everyone would be screaming.

    15. Re:Why does it keep happening? by Thud457 · · Score: 1

      You're a real nasty piece of work.
      I like the way you think.

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    16. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      Apples and oranges. Now if someone could open your door by, say, tapping on a certain spot under the car while adjusting one of the mirrors, then yes that is something the engineer should fix.

    17. Re:Why does it keep happening? by bondsbw · · Score: 1

      I don't recall most bridge engineers needing to deal with authentication, authorization, encryption (in transit and at rest), hashing, firewalls, routing tables, protocol configurations, and numerous other things that can be incredibly complicated while being very easy to misconfigure.

      Do bridge engineers come back out to add new features to bridges every few weeks?

      Has a bridge ever been moved from crossing a busy highway to crossing a river?

      Are there bridge hackers who can unleash botnets to exploit vulnerabilities in hundreds of thousands of bridges around the world at the same time? How many orchestrated DOS attacks are conducted on bridges?

      Hell, most bridges are vulnerable to something as simple as exploding a fuel truck nearby. (Which happened again to the exact same bridge less than 3 years later.)

      Yes, people would be screaming. Bridges would need to be tremendously more complicated and would be subject to attacks that can be performed at nearly the speed of light. But that isn't the case; your analogy is flawed.

      Frankly, it's easy when your discipline is built on top of a very consistent foundation such as physics. Software engineering is built on layers upon layers of mathematical and organizational abstraction, each layer making it easier to reason about things but potentially introducing issues which are outside of what you expected to deal with. (Not to mention that the number of computer systems in the world is so large that we simply can't produce enough qualified engineers to adequately harden all of them, or even most of them.)

      --
      All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    18. Re:Why does it keep happening? by Anonymous Coward · · Score: 0

      In my opinion, bridge engineering and software engineering ARE different, but both can still be called 'engineering.' It is possible (and difficult) to construct software to very high safety and reliability standards - xref. avionics and spacecraft control systems.

      The major difference between structural engineering and software engineering is in who sets the standards for acceptable failure/error rates. With bridges, buildings and other structures the standards are largely set by the government, prioritizing safety. With most software, the standards are set by corporate management, prioritizing low cost and time-to-market, and if a risk analysis is performed it's based on the financial liability to the company. You get what you pay for. Too bad sensitive personal information is "protected" by such software.

    19. Re:Why does it keep happening? by DontTrustWhatIType · · Score: 1

      That's part of the problem - the other is that there are too many people who claim to know what they are doing when it comes to privacy and security, too few who actually do, and no one who is hiring can tell the difference. Getting a cert or a degree does not make you an expert.

  7. Because "Oops" by penguinoid · · Score: 4, Insightful

    The reason it keeps happening is that when it happens, the CEO (who, incidentally, decided that security was an expense to be minimized) merely says "Oops, sorry." and then there are no consequences.

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    1. Re:Because "Oops" by tomhath · · Score: 1

      What consequences do you think there should be in this case? The data was already publicly available - L2 was selling it to anyone willing to write a check.

    2. Re:Because "Oops" by quantaman · · Score: 2

      The reason it keeps happening is that when it happens, the CEO (who, incidentally, decided that security was an expense to be minimized) merely says "Oops, sorry." and then there are no consequences.

      I think that's it. It's not that companies don't care about security, it's just that they can't really afford to care that much. Good security doesn't make them any money and bad security doesn't cost that much, in a world of finite resources the things with poor ROI are the ones that get neglected.

      --
      I stole this Sig
    3. Re:Because "Oops" by whoever57 · · Score: 1

      L2 was selling it to anyone willing to write a check.

      So the data had value. How about deducting the lost value from his bonus?

      --
      The real "Libtards" are the Libertarians!
    4. Re:Because "Oops" by plopez · · Score: 3, Insightful

      What needs to happen is that failure must be made expensive.

      --
      putting the 'B' in LGBTQ+
    5. Re:Because "Oops" by AmiMoJo · · Score: 1

      The problem is that personal data is hard to put a value on. Due to mass insecurity its value on the black market is quite low now, and it's always difficult to prove damages resulting from loss of it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  8. Why? Because they can't do it themselves by John+Jorsett · · Score: 3, Informative

    The feds do a lousy job of it themselves, in fact a much worse job. The Office of Personnel Management leak exposed millions of security-cleared personnel's records, including mine. I've already had somebody try to get credit in my name, probably from that breach (but could be from one that my former employer suffered as well). The OPM leak contained exponentially more revealing info than this one. I haven't heard of anyone getting fired for it, either, just the director getting to "step down". BFD.

    1. Re:Why? Because they can't do it themselves by gtall · · Score: 1

      Yep, because all federal agencies are the same, right? And if some agency of the fed. gov. was given the task of writing the regs and enforcing them for security, Congress would take years to write the legislation to make it happen because the Conservatives would be screeching about fed. overreach, the right of people to be insecure, etc. The Liberals would get their panties in a knot over privacy and making sure it was multi-culti. Then the agency would be burdened with several Congressional committees' oversight because every two-bit committee chair would think they should have a say. Once enacted, special interest groups would sue on whatever grounds makes them happy. Several years later, the fed. agency is now tasked.

      Now let's say the first company to get the shaft over bad security by our fed. agency decides its legal team should have a go. That's several more years of legal fees. The outcome is uncertain and companies would quickly realize it is cheaper to pay their legal dept (they are there all the time anyhow) than actually fix security.

      Now...about the federal gov's security, it really has nothing to do with how it would enforce security, does it?

    2. Re:Why? Because they can't do it themselves by Anonymous Coward · · Score: 0

      I wouldn't worry too much about the OPM breach and identity theft. The stolen information is probably kept securely at a foreign intelligence service.

  9. Re:What else is there and where do they get the da by Sperbels · · Score: 1

    Of course I know that such information can be stitched together from various databases and online sources if one makes a concerted effort to do so. I kind of surprised they've done that though.

  10. So ALL the voters? by Anonymous Coward · · Score: 4, Informative

    As of a couple years ago there were 146 million registered voters in the US. A 150m+ breach means EACH AND EVERY VOTER IN THE UNITED STATES.

    1. Re: So ALL the voters? by Anonymous Coward · · Score: 5, Interesting

      What voter database contains gun ownership?

    2. Re:So ALL the voters? by Anonymous Coward · · Score: 0

      Nah, just all the Chicago voters.

    3. Re: So ALL the voters? by packrat0x · · Score: 1

      What voter database contains gun ownership?

      This database was created from 100's of other databases. Some states require you to register your firearms. Apparently those databases got included as well.

      --
      227-3517
    4. Re: So ALL the voters? by Anonymous Coward · · Score: 1

      And this is exactly why mandatory firearm registration is such a huge no-go issue to anyone who actually cares.

    5. Re:So ALL the voters? by Anonymous Coward · · Score: 0

      Including the dead ones.

    6. Re:So ALL the voters? by T.E.D. · · Score: 1

      OMG! I found another breach! Right here: ON THE STATE OF OKLAHOMA'S OWN WEBSITE!

      You see, it turns out voter registration database are a matter of Public Record. Not only are they not private, but states are legally required to provide them to citizens upon request.

    7. Re:So ALL the voters? by Anonymous Coward · · Score: 0

      L2 provides a service by parsing and standardizing those public records, cross-referencing them with other sources, and selling the result.

    8. Re: So ALL the voters? by Anonymous Coward · · Score: 0

      Because it is so hard to gather meta data from the post office regarding nra mailings. But go on only caring about the second amendment while the others get decimated.

  11. MacKeeper is the malware by Anonymous Coward · · Score: 0

    that exposed this issue I presume?

    We first should get rid of that invading piece of junk that is pushing me around every since I got a Mac.

  12. "it wuz haxx0rz!" by Anonymous Coward · · Score: 0

    No, it was just you.

  13. There was no installation error by campuscodi · · Score: 2

    From the article: "Willsie stated that the client told L2 that they were hacked and the firewall had been taken down. The client was now conducting their own research to determine the extent of the incursion." It was a hack, not an installation error.

    1. Re:There was no installation error by plopez · · Score: 2

      Unless the installation was so negligent it allowed an attack. This is clearly a case of trotting out the Evil Hackers(tm) to deflect focus on the company's stupidity.

      --
      putting the 'B' in LGBTQ+
  14. Meh! by riverat1 · · Score: 1

    The names of registered voters, their party registration and whether they voted in an election is already publicly available information. The rest of what was listed in the story is just a matter of leg work that anyone can do if they want to. It doesn't seem like a big deal to me.

  15. publicly available information by clovis · · Score: 5, Interesting

    People keep saying it was gathered from publicly available databases.

    What publicly available database has gun ownership? Neither the states nor the feds knows who owns guns. It's against the law (I know, lol) for them to maintain a database of gun owners.

    And how about household income? Where can a person get the household income of other people from a publicly available database?

    1. Re: publicly available information by Anonymous Coward · · Score: 0

      But... But... We have to keep that information because... Uh... Orlando! And terrorists!

    2. Re:publicly available information by Anonymous Coward · · Score: 0

      Data that is publicly available in that it can be bought by anyone. Not in the sense that it shows up in a google search.

      As for who knows all this stuff, Vias, Mastercard, etc. Ever bought ammo with a credit card? Gun Owner.

    3. Re:publicly available information by Anonymous Coward · · Score: 0

      Ding ding ding.

      The orgs with the most fascinating data stores are the ones that everyone transmits their life details through on a daily basis, and unless a transaction is contested "that's you" so far as to be admissible evidence of "your" actions (purchases) in court (else your PIN or whatever has been hacked? or in the US I guess your signature has been falsified?).

      There are lesser players as the frequency, generality, and commonality of commercial interaction decreases. Grocery stores and gas station chains are high on the list (you can learn a LOT about a person by what food and drink they consume, and how much and roughly where they're driving)

      Some of the most interesting new players in this field are (passive) cellphone trackers (one major chain does this where I live, and got rid entirely of their 'customer rewards' marketing data card), facial recognition advertisers, apps with access to location data (latency data can be enough!), and IoT.

    4. Re:publicly available information by guevera · · Score: 1

      Voter registration information is a public record. It is publicly available. In some states you have to send a letter and a few bucks for the DVD it's copied on. In others you have to check a TOS like form to promise not to use the data for commercial communications. Etc.

      Voter registration is public information and it should be.

      Who owns guns absolutely should not be held in any government database. There are laws that restrict exactly that (on the federal level). But don't kid yourself. California explicitly records the sale of every gun in a state DOJ database. Is it legal? Probably not. And if you've got 10 years and a few million bucks to spare on a quixotic pursuit of justice, you can try and prove it.

    5. Re:publicly available information by jratcliffe · · Score: 1

      Gun ownership info could be gathered from a number of sources. Those response cards on warranties where people indicate their interests, subscriber lists for magazines (which you can buy), etc. etc. It wouldn't be entirely accurate (there are lots of people who own guns who subscribe to Guns & Ammo, and people who don't own guns who do subscribe), but you can get a pretty decent approximation.

      Household income's not that hard to get either (although not the official numbers).

    6. Re: publicly available information by 31415926535897 · · Score: 1

      Gun ownership may not be known by governments generally, and shouldn't be. However, my great state of Illinois requires registration. Gun owners are registered in the Firearm Owner Identification (FOID) database. If you are caught with ammo in your car and you don't have a FOID card, you're the lucky recipient of a fresh felony charge (can happen if your spouse leaves ammo in the car).

      That doesn't explain the other 49 states, and Illinois' data shouldn't be public, but unfortunately our government knows who owns guns. In theory you might have a FOID and no gun, but that's probably a very small percentage. (And I should add: the gang bangers in Chicago who get their guns illegally definitely don't have this ID)

    7. Re:publicly available information by Software · · Score: 1

      It's probably a compilation of data from public records (such as voting registration) and private records (household surveys, etc.).

  16. Why does this keep happening...? by fustakrakich · · Score: 1

    That's what I asked when Die Hard 2 came out...

    --
    “He’s not deformed, he’s just drunk!”
  17. Hmmm by Anonymous Coward · · Score: 0

    I wonder why they need so much data attached to voting records? If I were a politician and I had access to that data I wonder what I would do? Seems legit though that they need your facebook and gun ownership status to count votes and such.

  18. Should have hired me instead, assholes. by Narcocide · · Score: 0

    This amateur-hour shit makes me sick. Saved some money outsourcing your IT work to Pakistan, eh, fuckers?

  19. Wait... by vomitology · · Score: 1

    Facebook IDs are part of a voting record?

    --
    ~Knowledge is knowing that a tomato is a fruit, but Wisdom is knowing not to put it in a fruit salad.
  20. Mackeeper = Malware by MacColossus · · Score: 2

    Mackeeper is the number 1 source of adware and malware on the Mac. This "security researcher" works for a company that is evil as f*ck. I'm guessing he hacked and shared the database and then claimed white hat glory for finding the breach. SMH.

    1. Re:Mackeeper = Malware by jasnw · · Score: 1

      Wish I had mod points. I was just about to suggest that before anyone takes this report too seriously, a report based on one source, that they go and google MacKeeper. I think I would throw the bullshit flag on this unless it's confirmed by a real, and honest, cybersecurity firm. There's lots of things in this that don't make much sense.

    2. Re:Mackeeper = Malware by tgv · · Score: 2

      Was going to write the same. MacKeeper is paid malware, plain and simple. I don't know why they'd have security researchers, nor why such a researcher would be interested in such matters.

  21. Re:Thank you Republicans! by Anonymous Coward · · Score: 0

    Preferably pinned in an auto accident and burning to death.

  22. Re: Thank you Republicans! by Anonymous Coward · · Score: 0

    Astroturf. Go incite your flamewars somewhere else.

  23. Because US privacy laws suck by cliffjumper222 · · Score: 3, Informative

    For comparison, while data protection and privacy are fundamental rights in the EU, there is no equivalent protection in the US.

    EU data protection consists of several principles, which include, rules on data quality standards, on sensitive data, independent supervision, the purpose limitation principle, rules on inter-agency exchange or transfer of data to third states, time limits for the retention of data, effective judicial review and access possibilities, independent oversight, proportionality elements, notification requirements after surveillance or data breaches, access, correction and deletion rights as well as rules on automated decisions, data security as well as technical protection. These rights and principles are subject to restrictions, but these restrictions are limited by proportionality elements and are continually subject to judicial review. Some of these EU rights, such as notification, supervision or judicial review can also be found in certain US Acts, for instance in the ECPA, however, they only exist in a mitigated form.

    Most of the EU data protection guarantees simply do not exist in US law. Good for businesses, bad for humans.

    1. Re:Because US privacy laws suck by Anonymous Coward · · Score: 0

      Privacy laws are unenforceable. If you use social media you've already lost it, laws or not.

  24. Re:What else is there and where do they get the da by Anonymous Coward · · Score: 0

    First name + middle names
    Last Name/Family Name
    Date of Birth
    Gender
    Apartment Number
    Street Number
    City
    State
    Zip/postal code
    Home phone
    Mobile/cell phone
    Work phone
    Email
    Party affiliation

    Would be what I expect at the very least in a US based voter database. That's 14.
    The fact that they store districts in the database rather than generating on the fly from the address adds a few.

    So 17 isn't that surprising at all.

  25. Or maybe it should say 154 million voter records.. by guevera · · Score: 1

    ...exposed because they're public record.

  26. WTF by GrandCow · · Score: 2

    >Chris Vickery, a security researcher at MacKeeper

    Are you fucking kidding me?

    An article quotes someone who is a "security researcher" for one of the biggest malware companies plaguing macs, and instead of being told to eat every dick on the planet, they're given a link on slashdot so they look somewhat legitimate??? GREAT FUCKING JOB!

    --
    "Well kids, you tried your best, and you failed. The lesson is, never try." -Homer Simpson
  27. Re: What else is there and where do they get the d by Anonymous Coward · · Score: 0

    Why would a database of voter records include a party affiliation field? Don't know how you do it in the US, but in the UK we only store the relationship between voter number and vote slip number, and even that is only on paper and burnt a year later along with the vote slips.

  28. it was a typo by Provocateur · · Score: 1

    LOLVOTERID, dammit, not his sister LALVOTERID.

    "best in class", my ass. Couldn't even spell, ffs

    --
    WARNING: Smartphones have side effects--most of them undocumented.
  29. NRA membership database perhaps? by wiredog · · Score: 1

    Or firearms manufacturers.

    --

    Best Slashdot Co
  30. Re: What else is there and where do they get the d by packrat0x · · Score: 1

    Why would a database of voter records include a party affiliation field? Don't know how you do it in the US, but in the UK we only store the relationship between voter number and vote slip number, and even that is only on paper and burnt a year later along with the vote slips.

    Party affiliation is public record in the states. How easy it is to obain the records varies, but some (like Florida) are downloadable, including home address (determines which local elections you are able to vote in).

    --
    227-3517
  31. Security researcher? by dnaumov · · Score: 1

    MacKeeper is the biggest distributor of Mac MALWARE. WTF?

  32. More exclusive than the one-percenters by lucm · · Score: 2

    They think only white men that own land can vote.

    It's been infiltrated and corrupted by commies and anarchists over the years so it lost its purity, but that's the spirit of the electoral college.

    --
    lucm, indeed.
  33. Re:What else is there and where do they get the da by lucm · · Score: 1

    That's enough information for the Democrats Youth death squads. Currently they're just trying to kill trump, but anyone who vote against Clinton/Sanders will soon be a target too.

    --
    lucm, indeed.
  34. no registration or no public info? by stomv · · Score: 1

    The government has a whole bunch of info that it collects but doesn't make public. Drivers license info. Social security info. Information about minors. Tax information. Are you arguing that "anyone who actually cares" is against the Federal Government collecting information on gun ownership or on making that information public? Because if its the former, does "anyone who actually cares" also oppose all government collection of information?

    --
    Support a few technologists in Washington.
    1. Re:no registration or no public info? by Anonymous Coward · · Score: 0

      the federal government is not allowed to create a comprehensive gun owner registry, by law. Firearm Owners Protection Act. They can only track *certain* guns.

      If they are, then they are breaking the law.

      There is no law preventing the Federal Government from creating a Social Security registry or Driver's License registry.

  35. Voter registrations are NOT private by T.E.D. · · Score: 2
    Note that a state's voter registration records are NOT private data. Its public record, and anybody has a right to ask for it. For example, here's a link to where you can get the entire registration database for my state.

    Voter registration records include voters' name, address, date of birth, political affiliation, voter ID number, precinct and voting history, technology center district, school district and municipality.

    I used to have a copy for my precinct on my hard-drive. A candidate just up and emailed it to me, unasked.

    1. Re:Voter registrations are NOT private by ledow · · Score: 1

      Correct.

      But in the entire EU, for instance, linking such data to anything else - including date of birth, or facebook profile, etc. instantly takes it out of the "it's just public data" into it's "protected data".

      And in the EU - under our data protection laws that the US currently refuse to abide by causing all sorts of problems with cloud services - this breach would cost you MILLIONS of dollars. Literally, a hospital was fined hundreds of thousands for losing a handful of medical records that they COULDN'T prove were encrypted when they were put onto a disc for transfer (that was then lost in the post). Get that? A huge fine for not being able to reasonable prove the disc was encrypted before you sent it?

      The "solution" that the summary is looking for? Proper data protection laws like everyone else has.

      Literally, I work in schools. I can be PERSONALLY liable if data leaks out that includes, say, a child's name and the class they are in , or their date of birth, or their latest exam score. It's all classed as "personal data" and thus, if held on a computer, subject to the Data Protection Act and, as such, if the leak is due to an ability to disprove it was any minor failing on my part, I can be held liable myself. Let alone the company I work for. Let alone if you're just slack and don't follow best practice.

      That's how you stop that shit leaking out. You enforce the damn laws.

      Literally, have been > this close to having an unrelated member of staff sacked because they ignored the IT user agreement with regards to this and typed in some kid's names and dates of births on a website registered in Panama (i.e. not subject to EU Data Protection). As it was, there was a massive fuss, full backup from my superiors all the way to the top, immediate cessation of use of the service, and complete audit of what services we use along with every-staff warning. Are we a multi-national? Nope, we're a small prep school (ages 5-13). Did data actually get out or get made public? Nope. Did the potential legal consequences scare the shit out of the school leadership? Absolutely.

      Is this the norm in Europe? Yes. You can find any number of cases and "it was a rogue employee" just doesn't cut it as a defence any more.

      But America won't respect that we have to do this with any data on our people, so we can't use your cloud services for many things AT ALL, you won't provide guarantees that you'll follow EU law while in the EU (Google have, OneCloud have, but others - e.g. iCloud - had not last time I checked - this is why AWS has so many European centres). And you keep asking us for full personal data for flying to America and refuse to secure that in anywhere near the same fashion.

      Data protection is something to take seriously. But in a country where your SSN is this magic secret number that can be abused to do powerful things, it's shocking that they still haven't learned that.

  36. Re:What else is there and where do they get the da by Anonymous Coward · · Score: 0

    they're just trying to kill trump

    No need. He's doing that himself.

  37. Re:Thank you Republicans! by Anonymous Coward · · Score: 0

    Too quick.

    With his/her scrotum/labia nailed to the top of a fire ant mound, covered in honey.

  38. Re: What else is there and where do they get the d by Woldscum · · Score: 1

    It is for party primaries. So only party members can vote only for their party. You are given different ballets depending on your affiliation. This is different in each state.

  39. Re:What else is there and where do they get the da by Woldscum · · Score: 1

    Proof of Residency
    First name + middle name + Last Name
    Date of Birth
    Physical Dwelling Address
    USPS Mailing Address (PO Box if used)
    City
    State
    Zip/postal code
    Party affiliation (Or None)

    This is what I provide to my local Registrar of Voters. I also need a photo ID that matches the above info when I vote.

  40. Re: What else is there and where do they get the d by whitesea · · Score: 1

    It is for party primaries. So only party members can vote only for their party. You are given different ballets depending on your affiliation. This is different in each state.

    Blue Swan vs Red Swan?

  41. Re:What else is there and where do they get the da by Anonymous Coward · · Score: 0

    That's enough information for the Democrats Youth death squads.

    The death squads have their hands full with all of the Obamacare patients whose fates they're deciding.