“Every campaign needs to treat security and privacy needs seriously, and have meaningful training for workers. We strongly recommend that every campaign have a chief privacy officer to monitor just these issues,” she said.
We strongly recommend that every campaign have a chief privacy officer to monitor just these issues.
Brenda Leong, senior counsel and director of operations, Future of Privacy Forum
Ansorge agrees. “These databases have afterlives that are not under the control of the government or the party,” he said. “There is always a risk of abuse, by domestic and foreign actors. Here there is a perfect storm of data collected for a specific purpose potentially being abused for another.”
Unfortunately, there is ample evidence that it is more than just potential. Just three weeks ago, MacKeeper security researcher Chris Vickery discovered that a client of the data brokerage firm L2 was hosting a database with 154 million U.S. voter registration records and, “leaking information on a dizzying array of intimate details, including gun ownership, Facebook profiles, address, age, position on gay marriage, ethnicity, email addresses and whether a voter is ‘pro-life.’”
That wasn’t the only case. Six months earlier, Vickery discovered a “misconfigured” voter database with 191 million voter records - including his - that was, “just sitting in the public, waiting to be discovered by anyone who happens to be looking,” according to CSO’s “Salted Hash” columnist Steve Ragan.
Vickery told Ragan he was outraged to see his own record with, “details that could lead anyone straight to me. How could anyone with 191 million such records be so careless?”
Yet another breach, of 56 million records, included 19 million profiles that had not only voting history but also personal information like “Christian values, Bible study and gun ownership.”
Hall said those cases, along with nation-state hacking of campaign information systems, make it obvious that voters should be concerned about the data collection of modern political campaigning.
“Campaigns only seem to care about the security of data when they're protecting it from their political rivals,” he said. “Voters should be especially concerned because there are zero repercussions for campaigns mistreating or improperly protecting these data. The FTC has no jurisdiction over non-profits – there are serious First Amendment problems with government telling political speakers (campaigns) what to do.
“And there is zero chance that politicians will pass laws that reduce their capacity to micro-target, even if it means more robust protection of voter data.”
Beyond that, political databases are more likely to be hacked because they are shared more than those collected by commercial companies. Leong noted that, “companies routinely promise not to share your data, but campaigns and political advocacy organizations share data as a standard, so reading the disclosures or policies when submitting data is more important than ever.
Sign up for MIS Asia eNewsletters.