Slashdot Mirror

← Back to Stories (view on slashdot.org)

198 Million Americans Hit By 'Largest Ever' Voter Records Leak (zdnet.com)

Posted by msmash on from the how-about-that dept.

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server, reports say. From a ZDNet article: It's believed to be the largest ever known exposure of voter information to date. The various databases containing 198 million records on American voters from all political parties were found stored on an open Amazon S3 storage server owned by a Republican data analytics firm, Deep Root Analytics. UpGuard cyber risk analyst Chris Vickery, who found the exposed server, verified the data. Through his responsible disclosure, the server was secured late last week, and prior to publication. This leak shines a spotlight on the Republicans' multi-million dollar effort to better target potential voters by utilizing big data. The move largely a response to the successes of the Barack Obama campaign in 2008, thought to have been the first data-driven campaign. Further reading: Republican Data-Mining Firm Exposed Personal Information for Virtually Every American Voter - The Intercept; The RNC Files: Inside the Largest US Voter Data Leak - Upguard; Data on 198M voters exposed by GOP contractor Data On 198M Voters Exposed By GOP Contractor - The Hill.

119 comments

  1. "Leak" by Anonymous Coward · · Score: 2, Informative

    Pay a nominal fee to the right company and you have access to all voter records nationwide.

    This is "a matter of public record" in the information age: zero privacy.

    1. Re: "Leak" by Anonymous Coward · · Score: 1, Informative

      Already public data was made public! Make a big deal out of it, because Republicans!

    2. Re:"Leak" by xystren · · Score: 1

      Another example of issues with electronic storage. Information stored on paper, inherently has security within the medium itself. It is very difficult to walk out with a warehouse of paper files without being noticed (or the amount of time it would take), where as with electronic , you can walk out with the equivalent of multiple warehouses of paper records in your pocket.

      Unfortunately big data is not going away. Worst part for us, we have no idea where that information is stored, who has access to it, and who it has been shared with. Virtually every privacy policy has some clause about sharing information with "our partners" or "3rd parties." Well that is wonderful... it doesn't identify who has that access, where it is stored, and who further down the line it may be shared with.

      It is to the point, that privacy no longer exists.... and hasn't existed for a long while now. And to try and reign it back in is virtually impossible because we have no idea who has that information, where it is stored, and what information there is.

      I guess I should put on my tin-foil hat (shiny side out) and go sit in the corner in a round room.

    3. Re: "Leak" by HornWumpus · · Score: 2

      It could be a violation of the analytic firms licence for the collated data...

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    4. Re: "Leak" by ShanghaiBill · · Score: 4, Informative

      According to TFA, the "leaked" data contained much more than just public data. It contained info on religion, political persuasions, issues that you care about, etc. TFA doesn't say where that info came from, but most likely from donation records, social media scraping, and on-line tracking.

      As far as we know, the data was temporarily exposed, but wasn't actually leaked, and is not publicly available. That is too bad. I would be really curious to see what they think of me.

    5. Re: "Leak" by Anonymous Coward · · Score: 1, Interesting

      It contained info on religion, political persuasions, issues that you care about, etc.

      Well... rather it contained their guesses about religion, political persuasions, issues, etc. There's no prohibition against making such guesses about someone. They are probably as you say basing it on donation records, social media scraping, and other voluntary disclosures by individuals.

      I was also curious to see what they thought of me, but as you say it appears there was no leak.

    6. Re: "Leak" by CyberNigma · · Score: 1

      "but most likely from donation records, social media scraping, and on-line tracking"

      only the first item is most likely (but not necessarily) non-public data. the latter two could very well depending on how it was posted/obtained. privacy settings and who they shared posts with determine whether it was public or not.

    7. Re: "Leak" by Vlad_the_Inhaler · · Score: 1

      The people who collected the data stated it was "only" available for a maximum of just over two weeks. Well - they would say that. I suppose it would have been illegal if Vickery had nosed around a bit more and looked at their logs.

      --
      Mielipiteet omiani - Opinions personal, facts suspect.
    8. Re: "Leak" by fustakrakich · · Score: 1

      I would be really curious to see what they think of me.

      Sorry, you are #198,000,001, so you didn't make the list.

      --
      “He’s not deformed, he’s just drunk!”
    9. Re: "Leak" by Anonymous Coward · · Score: 0

      Well... rather it contained their guesses about religion, political persuasions, issues, etc.

      Well, who knows if those infos are just a guess? I don't trust anyone who has that kind of infos anyway because there must be strong evidence before making that kind of a conclusion.

    10. Re:"Leak" by Anne+Thwacks · · Score: 1
      Unfortunately big data is not going away.

      Au contraire, mon frere - the problem is that big data is travelling around the world all too freely!

      --
      Sent from my ASR33 using ASCII
    11. Re: "Leak" by Anonymous Coward · · Score: 0

      They are pretty good at making the conclusions. Not perfect: people sometimes have seen their advertising profiles and find plenty of mistakes. But they can infer a lot. As well you shouldn't trust them, and should act to avoid providing them any more data than is absolutely necessary.

      Avoid data-gathering online services, that's a big help already. Block ads, block tracking scripts and "analytics". Avoid Gmail, avoid Facebook, avoid anything like them.

    12. Re: "Leak" by Anonymous Coward · · Score: 0

      "Leaked" indeed. They're looking to round up the names of all Trump supporters. How dare they vote for a candidate that wants actual change, and has the balls to do it.

    13. Re: "Leak" by Anonymous Coward · · Score: 0

      The balls, yes. But the interest? Nope. Once he campaigning is done, he's just a textbook Republican. Might as well be George W Bush if W had hired a very angry 13-year-old to run his Twitter account.

  2. Misleading title by chispito · · Score: 2, Interesting
    There's no indication that it was accessed prior to disclosure, so it may or may not have been, strictly speaking, "leaked." I'd be interested in exactly what kind of data this is, as I'm struggling to think of who I would want to have marketing info on me less than one of the Big Two political parties.

    From TFA

    We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked," he said.

    --
    The Daddy casts sleep on the Baby. The Baby resists!
    1. Re:Misleading title by deadwill69 · · Score: 2, Interesting

      And how would anyone need to hack a system with no username and/or password:

      "What UpGuard appears to have discovered, sitting on an Amazon cloud storage drive with no password or username required for access by anyone on the internet,"
      https://theintercept.com/2017/...

      I don't think anyone needs to hack that to get it.

    2. Re:Misleading title by HornWumpus · · Score: 1

      That ship sailed.

      Munging up a URL has been 'hacking' for decades now.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    3. Re:Misleading title by chispito · · Score: 1

      And how would anyone need to hack a system with no username and/or password:

      "What UpGuard appears to have discovered, sitting on an Amazon cloud storage drive with no password or username required for access by anyone on the internet," https://theintercept.com/2017/...

      I don't think anyone needs to hack that to get it.

      Read between the lines. He means the data does not appear to have been ACCESSED prior to disclosure. He used the word "hacked" to control the narrative and keep the focus off how incompetent they were. Just like people who "hack" celebrity accounts by guessing easy passwords or security questions.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    4. Re:Misleading title by evolutionary · · Score: 3, Interesting

      "Leak" (not "leaked" as is deliberately published) was use to indicate something like a leaky faucet. There is a relatively formal term in the IT security field called "data leakage" which means sensitive data creeping outside of company/owner boundries without the intent of the owner Whether it be through casual email, carelessly posting files to a public server for at home convenience, or sending out files into a public space without encryption/password. The new buzzword for this rapid growing field of data loss (or leakage) prevention is DLP. (Data Loss Prevention)

      What the article is saying is the firm was as careless with their collected data as many people are when posting on facebook. It didn't even have to be "hacked" it was wide open. BTW, the claim that to the best of their knowledge only one person has accessed that data is a pretty lame response. The fact that the data was publicaly exposed for anyone to see at all shows amateur level of negligence.

      People with this mass amount of data should have better protocols for data exchange of authorized parties (obviously).

      There could well be legal repercussions from this because who you vote for is the most sacred form of privacy in a democracy. This compromises people's ability to vote without possible retaliation from friends, colleagues, employers or even governments. This is a seriously BIG deal. When your voting preferences cannot be kept private, you can't vote freely. I personally believe everyone should vote, but if you voting records are up for grabs in cyberspace, anyone could be pressure you. Hopefully people will stop foolishly giving their voting data or political preferences to marketing firms directly or indirectly. There is being friendly, then there is being careless.

      --
      "Imagination is more important than knowledge" - Einstein
    5. Re:Misleading title by rholtzjr · · Score: 1

      Agreed, it sound to me their wasn't even a faucet that you had to turn in order to access data, so a "leak" is a misnomer. There was just an open pipe directly into the data itself. Now I would be more curious as to WHO set this environment up and neglected to follow ANY security procedures what so ever. This was inexcusable 20 years ago, I do not think that standard has changed.

    6. Re:Misleading title by chispito · · Score: 1
      You may be right. however

      There could well be legal repercussions from this because who you vote for is the most sacred form of privacy in a democracy.

      It's still a private ballot. If you told someone who you voted for and they intentionally or unintentionally tell someone else... that's as much your fault as theirs.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    7. Re:Misleading title by evolutionary · · Score: 1

      I do agree with you in spirit, but with the amount of data being careless left "in the wild" on Amazon data servers these days it seems to be "common practice" to leave sensitive data in some insecure space. It's almost as if people WANT leave this data for others to get. I mean, even non-techies know the word "encryption" these days but I have seen (and patched in many cases) all sorts of data being left in the wild because some unthinking person said "what are the odds?", or "who is going to care" or " they don't know it's there". I'm not just talking casual users who put stuff on GoogleDrive or Amazon file servers, I'm talking developers as well. Sometimes you get the, "I'll fix it when I have time" excuse. It's crazy how mass storage has made people who have the least skill/judgement able to do so much damage to confidentiality and privacy.What's crazier, is that business owners can't seemed to be bothered to do a periodic audit until there is public exposure.

      --
      "Imagination is more important than knowledge" - Einstein
    8. Re:Misleading title by evolutionary · · Score: 1

      True but...when you get these companies they always tell you your answers are treated "confidentially" so they say "trust us" and give you assurances that often get proved incorrect. But of course the phone operators are told the data IS secure. How would they know? Whenever I get calls there types of data I'm always asked and I say "no answer". "how will you vote", "what party are you most likely to support", "what is your income/revenue". Especially the income. People often have trouble saying "no" and that is the danger. Some data should never be given no matter how "confidentially" it will be treated. Hopefully the media will be a good teacher of what data to give to phone survey takes, and what to keep close to the chest.

      In relation to giving out private data, people should be using VPNs for all surfing and delete ALL cookies when they stop using a browser (better yet, when you leave a site). Plus, have a javascript blockers in your browsers(NoScript or uMatrix work well) while blocking DoubleClick at all times. (gez, we have so many things out there collection data without your explicit consent). I would be surprised if those amazon echo devices are collecting other "ambient" or "telemetry" data.I know it sounds unrelated, but these companies will collect the data ANY way they can, including what they can get from creative use of javascript, cookies and devices you install in your home. I could go on about Windows 8/10 but that is another topic.

      --
      "Imagination is more important than knowledge" - Einstein
    9. Re: Misleading title by Anonymous Coward · · Score: 0

      But it also used words like "hit" indicating there was a direct breach, not neglect so it's still misleading and needs clarification.

    10. Re:Misleading title by xtsigs · · Score: 1

      People with this mass amount of data should have better protocols for data exchange of authorized parties (obviously).

      People should not have vast amounts of data. Period.

  3. No Biggie by Anonymous Coward · · Score: 2, Informative

    The Donald confirms they were all fake democrat registrations anyway.

    1. Re: No Biggie by Anonymous Coward · · Score: 0

      Maybe it's a fake joke about fake news.

  4. Voter records are public by GrEp · · Score: 4, Insightful

    Commonly referred to as the "VAN", State voter participation records, even for party primaries/caucus, are a matter of public record. Who you voted for may be confidential, but that you showed up and voted isn't.

    Larger political organizations go the extra mile to annotate these records and aggregate them. They even have door to door pollsters that go around to those who have voted recently and target them with polling questions.

    IMHO it is a good thing this is open to the wider public, and not just in the hands of a few with the deep pockets to aggregate it.

    --

    bash-2.04$
    bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
    1. Re:Voter records are public by Anonymous Coward · · Score: 0

      This is another FUD story by The Intercept and pushed upon us by msmash without regard to authenticity or relevance.

      We should all be grateful that many slashdot commentators clinging on to what once was can see through the deception.

    2. Re:Voter records are public by SYSS+Mouse · · Score: 1

      Also to decide whom to pressure/suppress so that they will not vote

    3. Re:Voter records are public by Anonymous Coward · · Score: 1

      The names of people on the vote roll are public. The addresses belonging to those names are semi-public (they are public, by most definitions, but generally not available in an unlimited manner to the general public, because some on the list may be private (unlisted, or could be used to connect stalkers to their prey). The private markup to those voters added by the GOP is most certainly not public.

  5. American voters from all political parties by Errol+backfiring · · Score: 2

    American voters from all political parties

    What? Both of them?

    (I know there are more political parties in the USA, but Americans themselves do not seem to know it.)

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    1. Re:American voters from all political parties by 93+Escort+Wagon · · Score: 1

      (I know there are more political parties in the USA, but Americans themselves do not seem to know it.)

      The way our electoral college works means we effectively have only two national political parties. This does not have any effect on other elections, so you will occasionally see senators or congressmen from third parties - and, as you drill down to more local elections, this becomes more common (but not THAT common, even so).

      --
      #DeleteChrome
    2. Re:American voters from all political parties by Anonymous Coward · · Score: 0

      It has relatively little to do with the electoral college (which has had a couple of instances of grabbing someone from some tiny, upstart party just because he was the one everybody hated the least.)

      Mostly it's the fact that the two major parties have a pretty solid lock on who's even allowed on the ballot in most states. Democrats and Republicans are the two largest parties in every state, and they hold most of the state governmental seats, and they set the rules about how elections are run. Predictably, they've deliberately made every part of the process difficult and expensive so that only groups with deep pockets will be able to afford to be on the ballot in every state. (In the name of avoiding voter confusion by not having a hundred names on the ballot, of course.) So the third party votes get split based on what alternatives manage to scrape together enough funding to get through the process in each and every state, resulting in nobody ever managing to get a significant part of the vote.

    3. Re:American voters from all political parties by thegarbz · · Score: 1

      Americans know that quite well. What you don't seem to know is that they are irrelevant due to the system which will prevent them from ever being in power.

      First past the post will always tend to a 2 party system eventually.

    4. Re:American voters from all political parties by sabbede · · Score: 1
      It's not because of the Electoral College. It's due to how we elect people from the local level on up to Congress. It even has a name - Duverger's Law. Single member districts with first past the post voting = a 2 party system.

      https://en.wikipedia.org/wiki/...

    5. Re:American voters from all political parties by sabbede · · Score: 1

      Close, but it's actually due to how we elect. It's called Duverger's Law.

  6. So... basically all of us? by daemonhunter · · Score: 1

    198 million records of people over the age of 18 and registered to vote... isn't that basically "everyone who's registered to vote?" Or dang near?

    Anyone with more spare research cycles? How many registered voters are in america currently?

    1. Re:So... basically all of us? by daemonhunter · · Score: 2

      http://www.politico.com/story/... is the first I found, and that's 10/2016, at 200 million.

    2. Re:So... basically all of us? by Rick+Schumann · · Score: 1

      Just checked that myself. It's more or less 230 million.

    3. Re:So... basically all of us? by HornWumpus · · Score: 1

      That's really interesting. Population about 310 million...about 70 million under 18...230 million registered...

      How many non citizens again? How many ineligible?

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    4. Re:So... basically all of us? by OrangeTide · · Score: 1

      How many non citizens again? How many ineligible?

      Only black felons are ineligible. All the white felons and illegal immigrants are automatically registered to vote.

      --
      “Common sense is not so common.” — Voltaire
    5. Re:So... basically all of us? by Anonymous Coward · · Score: 0

      You have some sauce on that? I know many white felons and they are not registered to vote.

  7. Swell by Greyfox · · Score: 1

    Can we class-action sue them if they leaked our data? If we get the usual $10 gift certificate to Hot Topic, that'd be a cool couple billion dollars. It would also propel Hot Topic to the top of the stock market.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

    1. Re:Swell by Rick+Schumann · · Score: 0

      Hot Topic

      With the direction most Americans' waistlines is going, it'd better be a gift certificate for Torrid, not Hot Topic. *drum hit*

    2. Re:Swell by Revek · · Score: 1

      Wow! Great idea, for 10 bucks I can buy one of those Mario Brothers mushroom tins with the really shitty candy inside.

    3. Re:Swell by Anonymous Coward · · Score: 1

      Probably not successfully. The "leak" (the data may not even have actually been accessed, so no harm done) was comprised of public information such as "names, dates of birth, home addresses, phone numbers, and voter registration details", coupled with inferences they made themselves from data voluntarily disclosed by voters, which they are free to do with as they wish as it is the result of their own research and algorithms.

      It's very unlikely such a lawsuit would succeed though of course you could always try.

    4. Re:Swell by Anonymous Coward · · Score: 0

      Good luck proving "damages".

  8. They shouldn't be allowed any voter information by Revek · · Score: 0

    They have no inherit right to that information. Its really non of their business at all. They shouldn't be allowed to gather any information on voters unless the voter allows them. I know its unlikely since they now want to be able to harass us with messages straight to our voicemail.

    1. Re:They shouldn't be allowed any voter information by Opportunist · · Score: 1

      Of course they don't. That's why they paid for it.

      I love how our society progresses. In the dark ages, you could be bought and sold by the aristocracy. In our enlightened society of today, only your data can be traded anymore.

      Well, mostly 'cause you don't have to feed and shelter data, but hey...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:They shouldn't be allowed any voter information by Anonymous Coward · · Score: 0

      "Inherent" is the word you're looking for.

    3. Re:They shouldn't be allowed any voter information by Revek · · Score: 1

      Thanks its always nice to know the grammer ------- nazi will ignore the content to address the small things.

      No commas were harmed in this rebuttal.

    4. Re:They shouldn't be allowed any voter information by Anonymous Coward · · Score: 0

      They have no inherit right to that information.

      For much of it, the actually do have an inherent right to it, because it is gathered from public records. You or I or anybody could obtain the same data, if we put the effort in. I've looked up such data in public records, and if I can, so can they. For the rest, it was the result of their own predictions, things like "is Joe likely to support infrastructure improvements", or "is Jane likely to support school lunch programs". These are educated guesses, not absolute guarantees of how anyone would think, and anyone is free to make such guesses themselves.

    5. Re:They shouldn't be allowed any voter information by Anonymous Coward · · Score: 0

      Grammar

    6. Re:They shouldn't be allowed any voter information by Anonymous Coward · · Score: 0

      "Grammar" is how it's spelled, and it wasn't a matter of incorrect grammar, it was a matter of incorrect word usage. Class is now dismissed. :-)

    7. Re:They shouldn't be allowed any voter information by BronsCon · · Score: 1

      For non-native English speakers it may not be clear that, although "They have no receive as an heir at the death of the previous holder right to that information" makes little sense, the intended meaning was actually "They have no existing in something as a permanent, essential, or characteristic attribute right to that information."

      Mind you, neither of those sentences makes a lot of sense when you replace the word with its full and proper definition, but the problem does become apparent. One of them can be parsed to make sense while the other cannot.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    8. Re:They shouldn't be allowed any voter information by Anonymous Coward · · Score: 0

      Actually voter records, other than who you actually voted for are public record. You could go down to your local elections office and do a FOIA request to get the info for probably nothing more than the duplication costs for the info.

    9. Re:They shouldn't be allowed any voter information by EvilSS · · Score: 1

      They have no inherit right to that information. Its really non of their business at all. They shouldn't be allowed to gather any information on voters unless the voter allows them. I know its unlikely since they now want to be able to harass us with messages straight to our voicemail.

      Then you should start talking to the states because voter records are public info and can be access for free by most local party committees and campaigns/parties/action groups/etc can pay the state for state-wide records in a wide variety of formats. Much of the time it's available on the county clerk website for anyone who pinkie-swears it's for a legitimate use (i.e. you are not allowed to use it for commercial purposes such as solicitations for products, etc).

      --
      I browse on +1 so AC's need not respond, I won't see it.
    10. Re:They shouldn't be allowed any voter information by gnick · · Score: 1

      Incorrect word usage isn't an example of bad grammar? Maybe I need to stay after class.

      --
      He's getting rather old, but he's a good mouse.
    11. Re:They shouldn't be allowed any voter information by Revek · · Score: 1

      My god, I've got them monologuing!

  9. Re:Multi Million$$ by Opportunist · · Score: 0

    What? Did the bus already arrive?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  10. use this info by Anonymous Coward · · Score: 0

    to hunt down and kill all those shit stains

    1. Re:use this info by sabbede · · Score: 1

      Because what's more fun than a civil war? Last one only killed 2% of the population, so that's only 6 million of us murdered by friends and neighbors today. Plus a few thousand gang rapes. All in good fun and it bypasses all that annoying political discourse and civil society nonsense.

  11. Where can I get my hands on that? by ne1av1cr · · Score: 1

    That's some great data right there.

  12. I fail to see the importance of the data by Lucas123 · · Score: 1, Interesting

    The data is relatively common and something you can find in any census or online "white pages," with perhaps the exception of the political party you're registered with. How is this information sensitive in nature?

    1. Re:I fail to see the importance of the data by Anonymous Coward · · Score: 1

      You are absolutely correct. I've worked as an precinct inspector and precinct coordinator since 1996, and all voter data is PUBLIC RECORD. The registered voter roster is posted on the front door of every precinct on election day, and anyone can read it. The full county voter registration database is freely provided to every candidate running for office, to every political party with ballot access and to anyone else who wants to pay $200 to the county registrar of voters for a CD-ROM of the entire database.

      There is NOTHING confidential about this data. Anyone can read it. Why would some one or some organization even try to "hack into" it when they can get it just by asking for it?

    2. Re:I fail to see the importance of the data by Anonymous Coward · · Score: 0

      aaaand you didn't read any of the articles did you? there is a significant amount of non-public data, such as inferred preferences, race, voting habits, social status, etc. this data is only available to Big Data aggregators or services that pay for this kind of demographic analysis. it's not public, its private data inferred from meta data. but your child-brain has probably glossed over by now since this doesn't fit your narrative.

    3. Re:I fail to see the importance of the data by Lucas123 · · Score: 2, Insightful

      So, you're saying it's marketing data. Yawn. There's no "narrative" here. Just looking objectively at what actually leaked and how important it is. This isn't social security numbers or healthcare information. It's information about who you'd likely voted for. And, you know what, children insult and ridicule because they're unable to make substantial arguments without it. Go look in the mirror.

    4. Re:I fail to see the importance of the data by rholtzjr · · Score: 1

      Not really, census data is not open to the public and penalties are in place for any who expose it. "White pages" (that I have seen) usually only expose the age, not the exact birth date. As birth date is a piece of the puzzle for identity thieves, I am not sure this is as innocuous as you are presenting.

    5. Re:I fail to see the importance of the data by Anonymous Coward · · Score: 0

      But but Russia!

    6. Re:I fail to see the importance of the data by Carewolf · · Score: 1

      The data is relatively common and something you can find in any census or online "white pages," with perhaps the exception of the political party you're registered with.

      How is this information sensitive in nature?

      It is combined with all the data they bought from 3rd party aggregators, like facebook, ad companies and everybody else tracking and contains everything you have ever done that has been registered by soulless entity.

    7. Re:I fail to see the importance of the data by SnarkSide · · Score: 1

      Addresses and dates of birth are more than basic marketing data. Nothing is going to change with this shit until until there is some consequence. The law doesn't recognize information disclosure that increases risk of identity theft to be harm, so doesn't allow class action suits. The view is no harm, means no standing, but that is bullshit. Information exposure itself is harm and negligent handling of personal data should be a criminal act.

    8. Re:I fail to see the importance of the data by dgatwood · · Score: 3, Insightful

      It's information about who you'd likely voted for.

      Which is, frankly, much worse than leaking Social Security numbers or health data. If they had leaked the SSN of everyone in America, it would force some real reform of the credit agencies, preventing them from treating an SSN as proof of identity, but overall, the public wouldn't be harmed. If anything, they would be helped by exposing the notion of "identity theft" as the credit-agency contrivance (fraud) that it is.

      And the worst-case scenario for leaking health data is embarrassment if somebody got an STD, but that would quickly become uninteresting to people because it would also quickly demonstrate how many people do. You might occasionally have hiring bias by people who want to avoid their health insurance costs going up, but I would not expect that to be common (because it is quite illegal).

      But exposing everyone's likely voting behavior is a grievous violation of personal privacy. Ask a Republican in a majority-Democrat region or a Democrat in a majority-Republican region, and ask them if they think that the people around them would be less likely to hire them if they knew their political affiliation. Ask them if it will affect their ability to socialize. And so on. Thus, voting data can be easily abused to pressure people into conformity.

      Worse, that small-scale abuse has the potential to shift the balance of elections, which means that leaking this data potentially has a national impact as well as an individual impact. Based on that, I would argue that party affiliation and likelihood of voting for a given party is quite possibly the most private information that anyone can have about you, and that making that information available publicly is one of the worst breaches of the public's trust that a political organization can commit.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    9. Re:I fail to see the importance of the data by etudiant · · Score: 1

      There are about 200 million voter records and 24 terabytes of data, so about 100,000 bytes/voter.
      That is lot more than just vote records or census data.
      The person who uncovered this data pool did note that it included among other things projections of each voters opinions and likely vote patterns, with surprising accuracy insofar as he was concerned, based on what his own profile showed.

  13. GAME OVER MAN! GAME OVER! by Anonymous Coward · · Score: 0

    We're all gonna DIE!

    (You did not write this, douchebag! - I did!)

  14. This leak shines a spotlight on... by albacrankie · · Score: 3, Insightful

    In my case, the spotlight is on managers who say, "put everything on S3".

    1. Re:This leak shines a spotlight on... by Anonymous Coward · · Score: 0

      Steve Bozo, the POS that own amazon, also owns the Washington Post, which is an almost exclusively an attack platform against Trump, and anything non liberal. hmm.

  15. Poor Hillary by kenh · · Score: 0

    The move largely a response to the successes of the Barack Obama campaign in 2008, thought to have been the first data-driven campaign.

    And look, it worked - too bad Obama's former campaign workers (now ensconced in his "Organizing For America" non-profit, which was fully-formed from his 2012 "Obama For America" campaign) were unavailable to Hillary...

    --
    Ken
    1. Re:Poor Hillary by jeff4747 · · Score: 1

      They were available. They just weren't sufficiently adoring to run her campaign.

  16. Re:Multi Million$$ by rbrander · · Score: 2

    Well, the democratic effort has been famous and bragged-about for several years, during which time it's never been described as anything but huge. It's like you're complaining about some story talking about the "Multi-Hundred-Billion-Dollar Russian Submarine program, seen as an effort to catch up with American submarines"...for not stressing for the thousandth time that America spends more on military (including submarines) than anybody. That's real famous, too.

    (PS: The Russians do not have hundreds of billions to spare for submarines; that part was very fictional.)

  17. What to do about breaches by jake501 · · Score: 1

    It is scary when you start to realize how our information is not safe. It seems like new compromises are happening daily. But luckily there is a place where you can check if your information has been previously breached from other similar data leaks and breaches for free at https://heroic.com/

    1. Re:What to do about breaches by walterhpdx · · Score: 1

      I honestly can't tell if that's a legitimate site, or if it's just another hacking/spammer site. "Sure, we'll scan for your email address in our record" - but the on the next screen you have to provide up to 10 more addresses without them giving you any details. Seems shady.

    2. Re:What to do about breaches by Obfuscant · · Score: 3, Funny

      It has https in the url, so of course it is a safe site. Don't you know nothin bout the interwebs?

    3. Re:What to do about breaches by walterhpdx · · Score: 1

      Well I know it's a series of tubes. Does that count?

  18. Why does everybody ignore all the warnings? by rbrander · · Score: 3

    After Sony, we quickly heard their security was worthless - every VP who wanted to watch some video somewhere could get another hole punched in the firewall.
    Then the Democrats were "hacked" by.... asking for the top guy's password, which was promptly given!
    Warning after warning that we aren't taking this seriously. I'd love to make some stupid partisan remark about this ("these are the people who mocked Clinton for a potential data exposure that never happened?!!?") but the fact is that everybody has done incredibly stupid crap like this, are still doing it, and will continue.

    Until we get some kind of worse event, I guess. What will it take!?!

  19. Re:Multi Million$$ by Anonymous Coward · · Score: 0

    maybe its more about reinforcing the intended message that Republicans should be perceived as wealthy money-bags types, while the Democrats are the simple ground roots folks.

  20. Re:Multi Million$$ by Anonymous Coward · · Score: 0

    Aren't the democrats assumed to be spending Billions?

    Also, they're not relevant to the topic at hand, because they haven't leaked voter records yet. You're off-topic, unless you think every company that spends millions of dollars is somehow what this story is about.

  21. Re: Multi Million$$ by Anonymous Coward · · Score: 0

    Russia is increasing their submarine arsenal? Well shit post the story to slashdot so you can say how trump is funding them. It'll be a riot.

  22. Re:Happy Monday from The Golden Girls! by Anonymous Coward · · Score: 0

    It's "you're a pal and a confidant".

    Cosmonaut... ha!

  23. Re:Multi Million$$ by squiggleslash · · Score: 4, Insightful

    Please do tell, oh victimized conservative, how calling the Republican effort "multi-million" and not, this time, calling the Democratic equivalent the same label, although it has been done many, many, times before, is somehow harmful to Republicans.

    Is someone seriously not going to vote Republican because they heard they spent millions of dollars on a part of their campaign? Is someone seriously going to think the Democrats don't?

    --
    You are not alone. This is not normal. None of this is normal.
  24. Re: Multi Million$$ by Anonymous Coward · · Score: 0

    Either way, this is perfect. Now we can name and shame all of the Trump voters!

  25. Re:Multi Million$$ by Captain+Splendid · · Score: 1

    Well, they certainly are heavily stacked in favour of "billionaires willing to bankroll all manner of tv and print organizations." The Dems only have one.

    --
    Linux, you magnificent bastard, I read the fucking manual!
  26. Re:Multi Million$$ by Anonymous Coward · · Score: 2, Insightful

    The Democrats' effort isn't really relevant to the article because it wasn't their data that was exposed. In an article talking about R. Scalise being shot while practicing for a baseball game, do you expect them to also talk about a time that a Dem was shot in the past? If you want an article that might sound negative about the Dems, wait until something actually happens that involves them.

  27. Re: Multi Million$$ by Anonymous Coward · · Score: 0

    And all the Hillary voters too, unless you agree that all 198 million leaked voters voted for President Trump.

    There is enough shame for both sides.

  28. Public Record is a Leak? by Bobberly · · Score: 1

    Florida voter records are public record and available freely to anyone that asks. That isn't a leak, it's called open government. What's the issue here again?

    1. Re:Public Record is a Leak? by Train0987 · · Score: 1

      There are still a few countied in Florida where voter rolls are NOT public info. that dates back to the Voting Rights Act and voter intimidation. A few counties are still highly protected. Florida is the exception, however.

    2. Re:Public Record is a Leak? by dave420 · · Score: 1

      If you'd read the article (I know, I know) you'd see there is a lot more than just public records in this data, hence the article in the first place.

  29. Re: Multi Million$$ by Anonymous Coward · · Score: 0

    Maybe you're going to ridiculous lengths to ignore the obvious for purposes of confirmation bias.

  30. Confirms that you should not vote. by Anonymous Coward · · Score: 0

    Besides all the other reasons you shouldn't vote...

    1. Re:Confirms that you should not vote. by OrangeTide · · Score: 1

      R.I.P. Democracy. We hardly knew ye

      --
      “Common sense is not so common.” — Voltaire
  31. not so simple by Anonymous Coward · · Score: 1

    It is not ONLY state records it contains additional profiling information. The additional information is the thing to worry about here. Regardless of the accuracy of the information it could be abused in many ways. It could find it's way into other profiling systems and you could be denied a job because the employer doesn't like certain groups and their only source of that information is breaches such as this one.

    The billions spent on elections likely will produce the best profiling data on citizens along these lines that there is available (or it will be.)

    It is not actually published to the public, I've done consulting work in my state and you have to sign for it and there are restrictions to it's use. It is not allowed to be used for hiring data-- such as not hiring people who are over/under your desired level of political activity (although that is totally LEGAL to discriminate on, the data they collect has strings attached to deter such legal abuses.) The GOP wants their door knockers to enter in your car in the driveway and other info to help their demographic database; they purchase any credit related info they can get cheaply... they would love your purchase history from visa / mastercard to be in there too someday (I was at a meeting where this was suggested.) They lack volunteers so they are huge on automated systems; the Dems have tons of volunteers and probably are not half as organized (even if they have some big data, they are not likely utilizing it effectively.)

    Ever do those polls on the phone? Sometimes they know already - it's just an exercise in testing and training their profiling. They don't know how you vote but they are modeling it and they love to get your confirmation to further enhance their predictions on your behavior.

  32. Political party.... by gatfirls · · Score: 1

    While that information may be publicly available to one degree or another I don't think I would want it *freely* available to the next lunatic with a political axe to grind who lives down the street.

  33. Re: Multi Million$$ by Anonymous Coward · · Score: 0

    Trump voters have no shame.

  34. I'm safe! by Anonymous Coward · · Score: 0

    Whew! I knew there was a good reason I decided not to vote!

  35. Bit Misleading by omaha393 · · Score: 1

    From Wapo: "It is not known whether the information has been accessed by anyone but Vickery." So not really a confirmed hit/leak, just a serious vulnerability at this point.

    1. Re: Bit Misleading by Ol+Olsoc · · Score: 1

      From Wapo: "It is not known whether the information has been accessed by anyone but Vickery." So not really a confirmed hit/leak, just a serious vulnerability at this point.

      All you have to do is believe them. Me - nah. Although I suppose whoever the Republicans are sending this to has what I just typed in 3..2..1..

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  36. MEGA LEAK by Anonymous Coward · · Score: 0

    So the GOP left the entire database of American voters exposed to whom ever chose to grab it. I say LOCK UM UP, this is Mega gross negligence and then some.

  37. Re:Multi Million$$ by Anonymous Coward · · Score: 0

    Also, they're not relevant to the topic at hand, because they haven't leaked voter records yet.

    This "leak" is the same non-story as it was when the Dems "leaked" voter data. All of this data is public already, both the GOP and Democrats spend a bunch of time and effort aggregating the data into one place for easy access for their own internal purposes.

    Now, there might be a story regarding what records they are aggregating, as it could possibly reveal information about their plans and strategies. But such a story would have a headline reading something like "leaked data show GOP doing blah blah." The headline in this case is an obvious attempt to try to smear the Republicans by implying they are giving up private information due to incompetence. (Both of which are probably true, but are aside from this discussion)

  38. On purpose by Ryanrule · · Score: 1

    Seems intentional. Why make the russians hack when you can just be incompetent.

  39. Winning winning by Ol+Olsoc · · Score: 1
    Winning.

    There is absolutely no reason for regular people to safeguard anything about themselves, because the Government, and the Universities, and the hospitals, and the department stores simply give it away for free.

    And I suspect that the Republican party simply made a few of their best friends aware of this tiny little "mistake", and their new owner is very, very pleased.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
  40. Self Fulfilling Prophesy by Anonymous Coward · · Score: 0

    Voter records are released with restrictions on use and are usually traceable to the persons/organizations they are released to. There are seeded registrations that if contacted for inappropriate reasons (sales, non-governmental, non-political, non-educational, etc..) reasons will flag the particular file as being misused and may result in fines/prosecution.

    Having this file leaked to the public domain without the ability to trace who is using the list removes this detection & deterrent mechanism. The file can now be used to target low-propensity voters for voting fraud. These voters who are unlikely to show up to the polls or cast a mail ballot would not throw up alarms if someone shows up at a polling location to cast a ballot. One person could go from poll to poll and cast votes under these persons. Most states do not require identification, and many do not validate poll book signatures before allowing a ballot to be cast. This is the way it must be in practice because poll workers are not identity validation experts (fake ids easily pass the untrained eye). Poll workers are also not trained/certified to validate signatures in their many forms and permutations and would result in barriers to voting.

    Mail ballot voter fraud is much MUCH less likely due to the signature verification against on-file signatures by centrally managed & trained workers.

    So, all this non-existent fraud could come to be a minor reality given this leak. Although the effort required to pull this fraud off would require immense manpower.

    1. Re:Self Fulfilling Prophesy by ssufficool · · Score: 1

      So umm, just send out an email to all the voters telling them to reset their password???

  41. Re: Happy Monday from The Golden Girls! by Anonymous Coward · · Score: 0

    Damned Putinbots.