Databases with voter information and the “database of ruin”
DataBreaches.net recently reported on two inadequately secured MongoDB databases that exposed voters’ information. The public’s reaction to these two incidents illustrated how little the majority of the public knows about what’s in a voter registration list and how such records are viewed by states. But the incidents also raise important questions as to whether existing laws provide adequate protection for data that is not necessary to ensure the integrity of elections.
As many people commented after the first report, state voter registration lists are public records as far as most state laws are concerned, and voters generally have no redress over most of their registration details being made public accidentally or intentionally – unless they happen to be residents of one of the few states that do place restrictions on the use of such information. But what about the second incident with those 19 million voter profiles? They had fields for religious affiliation/denomination, gun ownership, interest in hunting, fishing, or auto-racing, name of employer, income level, whether the person was a major donor to President George Bush’s campaign, whether the individual followed a bible_lifestyle and certain household_values, and even the voter’s geolocation.
While information in voter registration lists may be public records, voter profiles with individual data compiled by businesses or organizations are not public records, but some states might not even require notification under their breach laws as long as there were no Social Security numbers, driver’s license numbers, or bank account information involved. Suppose that exposed database had been downloaded and put up for sale on the Dark Web? Could individuals sue? Yes, of course, this is America, and we can sue anyone for anything at any time. But would such a suit be successful? Although loss of privacy should be considered a harm or injury in and of itself, our courts and laws are not there yet.
So let’s take the parade of horribles to the next level. What if the next voter profiles leak includes fields pertaining to whether you’ve ever been treated for a psychiatric problem or a sexually transmitted disease, or if you have been prohibited from buying a gun? And what if those profiles incorporated information obtained from voter registration lists? Now would your state do anything? Possibly, depending on your security breach notification laws and laws concerning information from voter registration cards, but it would likely be too little, too late.
Years ago, someone seeking voter records would have to go down to an office to get one or multiple voter registration records. And if some group was compiling additional details, it would be on paper and probably not widely disseminated. But back then, no one could go down to a local or state office and get the records of all voters in the country. And they certainly couldn’t get all the voter profiles. Today, with a click of a link and/or sloppy infosecurity, they can.
Do these voter profile databases like the one I recently reported on hasten what Paul Ohm once famously referred to as a “database of ruin?” I believe they do. Consider this recent press release from Stirista:
Stirista announced the release of a national voter file designed to help candidates of all political parties micro-target registered voters. Many voter files contain basic information such as party and voting history, but Stirista’s goal is to make this data more actionable by providing candidates 360+ targeting options to truly understand and reach persuadable voters receptive to their message. CEO Ajay Gupta said, “We wanted to go above and beyond party affiliation and help campaigns find their best supporters and donors by attaching information on culture, religion, interests, and political stances.” The political campaign tide has shifted towards personal 1-to-1 messaging, and these enhancements give political groups the opportunity to make their candidate count to niche interest groups.
The company has taken voter registration data from every county in the country, standardized and enhanced the voting patterns of individuals with contact and personal information such as email, digital cookies for online ad serving, demographics, and issue stances. This project gives political clients access to over 360 data points available for use in targeted campaigns both online and offline.
They say that like it’s a good thing – and from a commercial standpoint or political campaign standpoint, it may be. But what happens if someone who purchases that voter file fails to secure it properly or misuses it? Do we really want firms aggregating 360 points about us with our political affiliation and voting history, etc.?
Bev Harris of BlackBoxVoting.org has a great article on breaches involving voters’ data. She reviews cases where voter data has been stolen, hacked, leaked, or carelessly exposed by employees either taking data home, losing it, or just dumping it at the curb. Searching DataBreaches.net for “voter information” will show you additional breaches or leaks involving voters’ information, including a recent Georgia case involving 6.2 million voters in that state.
Bev lists a number of possible solutions to what she also recognizes as a serious problem. Apart from the common sense recommendations of not requiring SSN for registration and requiring secure data storage and disposal, Bev suggests:
Prohibit putting voter lists online with unrestricted access. It puts victims of spousal abuse and public safety officials, like policemen and district attorneys, at exceptional risk. Opt-out procedures do exist, if you can show “cause,” if you know about it, if you go through the rigamarole, and if no one makes a mistake in redacting your information. Keep the opt-out, but also, to protect all voters, ban posting of voter databases online.
DataBreaches.net agrees. Having voter lists freely available online may be a convenience to some, but that convenience to political organizations and businesses is outweighed by the threat to voters’ privacy and safety. State laws should uniformly prohibit such public sharing online.
Prohibit commercial use or sale of voter lists. We should not have to submit to commercial exploitation in order to exercise civil rights.
Agreed, but that doesn’t go far enough because it doesn’t restrict non-profit fund-raisers from amassing large amounts of data from other sources, aggregating it with state voter lists, then sharing it with other “partners” or “initiatives” who may also fail to properly secure the data.
Other ideas that Bev does not include, but I would, include:
- Change the voter registration process so that those registering to vote do not have to indicate their political party on the form. Provide a separate form for those wishing to sign up for a party so they can vote in primaries, receive mailings, etc., and let the parties manage those lists. A voter’s list can simply note whether a registered voter voted in state, county, and general elections.
- Have large-font clear notice at the top of the voter registration form that says that any information provided will be considered a public record that anyone and everyone can get (unless the state imposes restrictions), and allow registrants to apply for suppression at the same time they register – and on the same form. Law enforcement personnel I spoke with following the first leak informed me that they were never told by their employers that they could seek suppression of their information.
- In addition to allowing voters to check “Do not call” preferences, enable voters to check boxes saying “I do not give permission to [ ] commercial, [ ] fund-raising, and/or [ ] political organizations to contact me and I do not consent to them using my information in any way other than verification of whether I voted.” It’s OUR information and as Bev notes, we shouldn’t have to forfeit all of our privacy to be able to access our right to vote.
- Require every database containing records on more than 100 voters to have a statement at the top of the database indicating the owner or user of the database. As of today’s date, we still don’t know who was responsible for the two misconfigured databases Chris Vickery brought to this site’s and Salted Hash’s attention. As one consequence, the databases remained unsecured and available to criminals, despite our combined efforts to track down the responsible party or parties.
In response to the two data leaks first reported by DataBreaches.net and Salted Hash, there has been thundering silence from members of Congress. They have a conflict of interest because their political campaigns want our details – and the more, the better.
It falls to us – “we the people” – to contact our state legislators and urge them to better protect our personal information by limiting access and use and imposing security requirements that are enforceable.