198 Million Americans Hit By 'Largest Ever' Voter Records Leak

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server, reports say. From a ZDNet article: It's believed to be the largest ever known exposure of voter information to date. The various databases containing 198 million records on American voters from all political parties were found stored on an open Amazon S3 storage server owned by a Republican data analytics firm, Deep Root Analytics. UpGuard cyber risk analyst Chris Vickery, who found the exposed server, verified the data. Through his responsible disclosure, the server was secured late last week, and prior to publication. This leak shines a spotlight on the Republicans' multi-million dollar effort to better target potential voters by utilizing big data. The move largely a response to the successes of the Barack Obama campaign in 2008, thought to have been the first data-driven campaign. Further reading: Republican Data-Mining Firm Exposed Personal Information for Virtually Every American Voter - The Intercept; The RNC Files: Inside the Largest US Voter Data Leak - Upguard; Data on 198M voters exposed by GOP contractor Data On 198M Voters Exposed By GOP Contractor - The Hill.

Voter records are public

[GrEp]

Commonly referred to as the "VAN", State voter participation records, even for party primaries/caucus, are a matter of public record. Who you voted for may be confidential, but that you showed up and voted isn't.

Larger political organizations go the extra mile to annotate these records and aggregate them. They even have door to door pollsters that go around to those who have voted recently and target them with polling questions.

IMHO it is a good thing this is open to the wider public, and not just in the hands of a few with the deep pockets to aggregate it.

This leak shines a spotlight on...

[albacrankie]

In my case, the spotlight is on managers who say, "put everything on S3".

Re:I fail to see the importance of the data

[Lucas123]

So, you're saying it's marketing data. Yawn. There's no "narrative" here. Just looking objectively at what actually leaked and how important it is. This isn't social security numbers or healthcare information. It's information about who you'd likely voted for. And, you know what, children insult and ridicule because they're unable to make substantial arguments without it. Go look in the mirror.

Re:Multi Million$$

[squiggleslash]

Please do tell, oh victimized conservative, how calling the Republican effort "multi-million" and not, this time, calling the Democratic equivalent the same label, although it has been done many, many, times before, is somehow harmful to Republicans.

Is someone seriously not going to vote Republican because they heard they spent millions of dollars on a part of their campaign? Is someone seriously going to think the Democrats don't?

Re:Multi Million$$

The Democrats' effort isn't really relevant to the article because it wasn't their data that was exposed. In an article talking about R. Scalise being shot while practicing for a baseball game, do you expect them to also talk about a time that a Dem was shot in the past? If you want an article that might sound negative about the Dems, wait until something actually happens that involves them.

Re:I fail to see the importance of the data

[dgatwood]

It's information about who you'd likely voted for.

Which is, frankly, much worse than leaking Social Security numbers or health data. If they had leaked the SSN of everyone in America, it would force some real reform of the credit agencies, preventing them from treating an SSN as proof of identity, but overall, the public wouldn't be harmed. If anything, they would be helped by exposing the notion of "identity theft" as the credit-agency contrivance (fraud) that it is.

And the worst-case scenario for leaking health data is embarrassment if somebody got an STD, but that would quickly become uninteresting to people because it would also quickly demonstrate how many people do. You might occasionally have hiring bias by people who want to avoid their health insurance costs going up, but I would not expect that to be common (because it is quite illegal).

But exposing everyone's likely voting behavior is a grievous violation of personal privacy. Ask a Republican in a majority-Democrat region or a Democrat in a majority-Republican region, and ask them if they think that the people around them would be less likely to hire them if they knew their political affiliation. Ask them if it will affect their ability to socialize. And so on. Thus, voting data can be easily abused to pressure people into conformity.

Worse, that small-scale abuse has the potential to shift the balance of elections, which means that leaking this data potentially has a national impact as well as an individual impact. Based on that, I would argue that party affiliation and likelihood of voting for a given party is quite possibly the most private information that anyone can have about you, and that making that information available publicly is one of the worst breaches of the public's trust that a political organization can commit.