Slashdot Mirror

← Back to Stories (view on slashdot.org)

198 Million Americans Hit By 'Largest Ever' Voter Records Leak (zdnet.com)

Posted by msmash on from the how-about-that dept.

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server, reports say. From a ZDNet article: It's believed to be the largest ever known exposure of voter information to date. The various databases containing 198 million records on American voters from all political parties were found stored on an open Amazon S3 storage server owned by a Republican data analytics firm, Deep Root Analytics. UpGuard cyber risk analyst Chris Vickery, who found the exposed server, verified the data. Through his responsible disclosure, the server was secured late last week, and prior to publication. This leak shines a spotlight on the Republicans' multi-million dollar effort to better target potential voters by utilizing big data. The move largely a response to the successes of the Barack Obama campaign in 2008, thought to have been the first data-driven campaign. Further reading: Republican Data-Mining Firm Exposed Personal Information for Virtually Every American Voter - The Intercept; The RNC Files: Inside the Largest US Voter Data Leak - Upguard; Data on 198M voters exposed by GOP contractor Data On 198M Voters Exposed By GOP Contractor - The Hill.

18 of 119 comments (clear)

  1. "Leak" by Anonymous Coward · · Score: 2, Informative

    Pay a nominal fee to the right company and you have access to all voter records nationwide.

    This is "a matter of public record" in the information age: zero privacy.

    1. Re: "Leak" by HornWumpus · · Score: 2

      It could be a violation of the analytic firms licence for the collated data...

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    2. Re: "Leak" by ShanghaiBill · · Score: 4, Informative

      According to TFA, the "leaked" data contained much more than just public data. It contained info on religion, political persuasions, issues that you care about, etc. TFA doesn't say where that info came from, but most likely from donation records, social media scraping, and on-line tracking.

      As far as we know, the data was temporarily exposed, but wasn't actually leaked, and is not publicly available. That is too bad. I would be really curious to see what they think of me.

  2. Misleading title by chispito · · Score: 2, Interesting
    There's no indication that it was accessed prior to disclosure, so it may or may not have been, strictly speaking, "leaked." I'd be interested in exactly what kind of data this is, as I'm struggling to think of who I would want to have marketing info on me less than one of the Big Two political parties.

    From TFA

    We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked," he said.

    --
    The Daddy casts sleep on the Baby. The Baby resists!
    1. Re:Misleading title by deadwill69 · · Score: 2, Interesting

      And how would anyone need to hack a system with no username and/or password:

      "What UpGuard appears to have discovered, sitting on an Amazon cloud storage drive with no password or username required for access by anyone on the internet,"
      https://theintercept.com/2017/...

      I don't think anyone needs to hack that to get it.

    2. Re:Misleading title by evolutionary · · Score: 3, Interesting

      "Leak" (not "leaked" as is deliberately published) was use to indicate something like a leaky faucet. There is a relatively formal term in the IT security field called "data leakage" which means sensitive data creeping outside of company/owner boundries without the intent of the owner Whether it be through casual email, carelessly posting files to a public server for at home convenience, or sending out files into a public space without encryption/password. The new buzzword for this rapid growing field of data loss (or leakage) prevention is DLP. (Data Loss Prevention)

      What the article is saying is the firm was as careless with their collected data as many people are when posting on facebook. It didn't even have to be "hacked" it was wide open. BTW, the claim that to the best of their knowledge only one person has accessed that data is a pretty lame response. The fact that the data was publicaly exposed for anyone to see at all shows amateur level of negligence.

      People with this mass amount of data should have better protocols for data exchange of authorized parties (obviously).

      There could well be legal repercussions from this because who you vote for is the most sacred form of privacy in a democracy. This compromises people's ability to vote without possible retaliation from friends, colleagues, employers or even governments. This is a seriously BIG deal. When your voting preferences cannot be kept private, you can't vote freely. I personally believe everyone should vote, but if you voting records are up for grabs in cyberspace, anyone could be pressure you. Hopefully people will stop foolishly giving their voting data or political preferences to marketing firms directly or indirectly. There is being friendly, then there is being careless.

      --
      "Imagination is more important than knowledge" - Einstein
  3. No Biggie by Anonymous Coward · · Score: 2, Informative

    The Donald confirms they were all fake democrat registrations anyway.

  4. Voter records are public by GrEp · · Score: 4, Insightful

    Commonly referred to as the "VAN", State voter participation records, even for party primaries/caucus, are a matter of public record. Who you voted for may be confidential, but that you showed up and voted isn't.

    Larger political organizations go the extra mile to annotate these records and aggregate them. They even have door to door pollsters that go around to those who have voted recently and target them with polling questions.

    IMHO it is a good thing this is open to the wider public, and not just in the hands of a few with the deep pockets to aggregate it.

    --

    bash-2.04$
    bash-2.04$yes "Don't you hate dialup connections?"| write USERNAME
  5. American voters from all political parties by Errol+backfiring · · Score: 2

    American voters from all political parties

    What? Both of them?

    (I know there are more political parties in the USA, but Americans themselves do not seem to know it.)

    --
    Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
  6. Re:So... basically all of us? by daemonhunter · · Score: 2

    http://www.politico.com/story/... is the first I found, and that's 10/2016, at 200 million.

  7. This leak shines a spotlight on... by albacrankie · · Score: 3, Insightful

    In my case, the spotlight is on managers who say, "put everything on S3".

  8. Re:Multi Million$$ by rbrander · · Score: 2

    Well, the democratic effort has been famous and bragged-about for several years, during which time it's never been described as anything but huge. It's like you're complaining about some story talking about the "Multi-Hundred-Billion-Dollar Russian Submarine program, seen as an effort to catch up with American submarines"...for not stressing for the thousandth time that America spends more on military (including submarines) than anybody. That's real famous, too.

    (PS: The Russians do not have hundreds of billions to spare for submarines; that part was very fictional.)

  9. Why does everybody ignore all the warnings? by rbrander · · Score: 3

    After Sony, we quickly heard their security was worthless - every VP who wanted to watch some video somewhere could get another hole punched in the firewall.
    Then the Democrats were "hacked" by.... asking for the top guy's password, which was promptly given!
    Warning after warning that we aren't taking this seriously. I'd love to make some stupid partisan remark about this ("these are the people who mocked Clinton for a potential data exposure that never happened?!!?") but the fact is that everybody has done incredibly stupid crap like this, are still doing it, and will continue.

    Until we get some kind of worse event, I guess. What will it take!?!

  10. Re:I fail to see the importance of the data by Lucas123 · · Score: 2, Insightful

    So, you're saying it's marketing data. Yawn. There's no "narrative" here. Just looking objectively at what actually leaked and how important it is. This isn't social security numbers or healthcare information. It's information about who you'd likely voted for. And, you know what, children insult and ridicule because they're unable to make substantial arguments without it. Go look in the mirror.

  11. Re:What to do about breaches by Obfuscant · · Score: 3, Funny

    It has https in the url, so of course it is a safe site. Don't you know nothin bout the interwebs?

  12. Re:Multi Million$$ by squiggleslash · · Score: 4, Insightful

    Please do tell, oh victimized conservative, how calling the Republican effort "multi-million" and not, this time, calling the Democratic equivalent the same label, although it has been done many, many, times before, is somehow harmful to Republicans.

    Is someone seriously not going to vote Republican because they heard they spent millions of dollars on a part of their campaign? Is someone seriously going to think the Democrats don't?

    --
    You are not alone. This is not normal. None of this is normal.
  13. Re:Multi Million$$ by Anonymous Coward · · Score: 2, Insightful

    The Democrats' effort isn't really relevant to the article because it wasn't their data that was exposed. In an article talking about R. Scalise being shot while practicing for a baseball game, do you expect them to also talk about a time that a Dem was shot in the past? If you want an article that might sound negative about the Dems, wait until something actually happens that involves them.

  14. Re:I fail to see the importance of the data by dgatwood · · Score: 3, Insightful

    It's information about who you'd likely voted for.

    Which is, frankly, much worse than leaking Social Security numbers or health data. If they had leaked the SSN of everyone in America, it would force some real reform of the credit agencies, preventing them from treating an SSN as proof of identity, but overall, the public wouldn't be harmed. If anything, they would be helped by exposing the notion of "identity theft" as the credit-agency contrivance (fraud) that it is.

    And the worst-case scenario for leaking health data is embarrassment if somebody got an STD, but that would quickly become uninteresting to people because it would also quickly demonstrate how many people do. You might occasionally have hiring bias by people who want to avoid their health insurance costs going up, but I would not expect that to be common (because it is quite illegal).

    But exposing everyone's likely voting behavior is a grievous violation of personal privacy. Ask a Republican in a majority-Democrat region or a Democrat in a majority-Republican region, and ask them if they think that the people around them would be less likely to hire them if they knew their political affiliation. Ask them if it will affect their ability to socialize. And so on. Thus, voting data can be easily abused to pressure people into conformity.

    Worse, that small-scale abuse has the potential to shift the balance of elections, which means that leaking this data potentially has a national impact as well as an individual impact. Based on that, I would argue that party affiliation and likelihood of voting for a given party is quite possibly the most private information that anyone can have about you, and that making that information available publicly is one of the worst breaches of the public's trust that a political organization can commit.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.