Post by orvillethird on Dec 29, 2015 2:28:39 GMT
These articles are long, and a bit technical so I won't post them, just link to them.
www.databreaches.net/191-million-voters-personal-info-exposed-by-misconfigured-database/
www.csoonline.com/article/3018592/security/database-configuration-issues-expose-191-million-voter-records.html
Here's the summary. A guy on a mission to protect information from unauthorized access came across a voter database online. He was easily able to access it, and found a large number of entries with a great deal of information on over 190 million voters- or over 60% of the US population. This information did NOT include SSNs, but did include full names, addresses, dates of birth, political party affiliation (for those registered or voting in primaries) , and voter registration numbers.(1)
Who made this database? It's unclear, but it could be a specific company, based on some codes.
Who put it online and did not secure it? We don't know. It could be the group or a client of theirs- or a hacker.
Were any laws broken by this action? At least one state (South Dakota) prohibits its state voter data from being on the internet. Laws vary from state to state. (Alaska, Arkansas(2) and Colorado had no restrictions on use of voter data. California restricts use of voter data to political purposes, and restricts its availability to people in the USA.)
Does this have anything to do with a specific politician or party? I don't know. This was NOT connected to the Sanders incident(3), especially as the company involved in that runs Windows, not Linux.
I found out about this via a post from Cory Doctorow. Oddly, a few years back I (a pollworker) mentioned to my dad (who works in computer security) about the fact that the voter registration lists in my state were public and the data on them could be viewed by the public, which he was surprised to hear, as the information in it could be abused- and at least one person may have tried to do something in my area, per a teacher in my pollworker class(4).
I'm surprised this is not bigger news, not only due to scale, but due to the material involved. Then again, a lot of reporters are not used to the complexities of election law, or details of technology. (Also, to be fair, DoB and address are not that hard to get.)(5)
(1) To be fair, as a recent news story reported, voter registration databases do have errors in them. I (and others) were looking for information on the Colorado Springs shooter, and found his voter registration info- which marked him as a female.
(2) I was looking for information on an Arkansas resident earlier today. On the Secretary of State's page, I found out that Arkansas sold files with the list of registered voters, the history of each voter's voting (using only voter registration numbers), and a combined file. The voter list included DoB, address and phone number, was not restricted by Arkansas law, and cost all of $2.50. (By contrast, Alabama costs a bit over $29k.)
(3) As one of the articles points out, said incident was NOT deliberate by Sanders or his staff, and that the information Sanders's staff got was not voter data (both campaigns had the same voter data), but rather internal scores on said data from the Clinton camp.
(4) I was told by a pollworker that at least one person looked over data from primary elections to determine if any of his employees had voted in a certain party's primary. It was implied that he intended to fire them. Legally, I don't think any state prohibits discrimination in employment or other things based on political affiliation.
(5) My local library has a nice database of people and businesses available for free, with names and addresses of over 200 million people.
What are your thoughts? Suggestions for reform? Questions?
www.databreaches.net/191-million-voters-personal-info-exposed-by-misconfigured-database/
www.csoonline.com/article/3018592/security/database-configuration-issues-expose-191-million-voter-records.html
Here's the summary. A guy on a mission to protect information from unauthorized access came across a voter database online. He was easily able to access it, and found a large number of entries with a great deal of information on over 190 million voters- or over 60% of the US population. This information did NOT include SSNs, but did include full names, addresses, dates of birth, political party affiliation (for those registered or voting in primaries) , and voter registration numbers.(1)
Who made this database? It's unclear, but it could be a specific company, based on some codes.
Who put it online and did not secure it? We don't know. It could be the group or a client of theirs- or a hacker.
Were any laws broken by this action? At least one state (South Dakota) prohibits its state voter data from being on the internet. Laws vary from state to state. (Alaska, Arkansas(2) and Colorado had no restrictions on use of voter data. California restricts use of voter data to political purposes, and restricts its availability to people in the USA.)
Does this have anything to do with a specific politician or party? I don't know. This was NOT connected to the Sanders incident(3), especially as the company involved in that runs Windows, not Linux.
I found out about this via a post from Cory Doctorow. Oddly, a few years back I (a pollworker) mentioned to my dad (who works in computer security) about the fact that the voter registration lists in my state were public and the data on them could be viewed by the public, which he was surprised to hear, as the information in it could be abused- and at least one person may have tried to do something in my area, per a teacher in my pollworker class(4).
I'm surprised this is not bigger news, not only due to scale, but due to the material involved. Then again, a lot of reporters are not used to the complexities of election law, or details of technology. (Also, to be fair, DoB and address are not that hard to get.)(5)
(1) To be fair, as a recent news story reported, voter registration databases do have errors in them. I (and others) were looking for information on the Colorado Springs shooter, and found his voter registration info- which marked him as a female.
(2) I was looking for information on an Arkansas resident earlier today. On the Secretary of State's page, I found out that Arkansas sold files with the list of registered voters, the history of each voter's voting (using only voter registration numbers), and a combined file. The voter list included DoB, address and phone number, was not restricted by Arkansas law, and cost all of $2.50. (By contrast, Alabama costs a bit over $29k.)
(3) As one of the articles points out, said incident was NOT deliberate by Sanders or his staff, and that the information Sanders's staff got was not voter data (both campaigns had the same voter data), but rather internal scores on said data from the Clinton camp.
(4) I was told by a pollworker that at least one person looked over data from primary elections to determine if any of his employees had voted in a certain party's primary. It was implied that he intended to fire them. Legally, I don't think any state prohibits discrimination in employment or other things based on political affiliation.
(5) My local library has a nice database of people and businesses available for free, with names and addresses of over 200 million people.
What are your thoughts? Suggestions for reform? Questions?