Time to get out your deerstalker hat. Somewhere out there is a publicly available database with approximately 191 million voting records, with details like names, birthdates, addresses, phone numbers, and political party affiliation.
The problem? Nobody knows who owns the database, who set it up, how it got online, or why its information is public. According to CSO, which first reported on the story after being alerted to its existence by researcher Chris Vickery, it's likely that the information in the database came from the political data firm NationBuilder, but it's not necessarily the company's fault that the information is live. A customer possibly purchased this information and made it public, but it's unclear if they did so on purpose or by mistake.
"NationBuilder is under no obligation to identify customers, and once the data has been obtained, they cannot control what happens to it," writes CSO's Steve Ragan. "In short, while they provided the data that's in my newly leaked voter record, they're not liable in any way for it being exposed."
In a statement, NationBuilder founder and CEO Jim Gilliam said "the voter information included is already publicly available from each state government so no new or private information was released in this database."
"We strongly believe in making voter information more accessible to political campaigns and advocacy groups, so we provide cleaned versions of that publicly accessible information to them for free," Gilliam said. "We do not provide access to anyone for non-political purposes or that would violate any state's laws. Each state has different restrictions, and we make sure that each campaign understands those restrictions before providing them with any data. It is vital that everyone running for office knows who is registered to vote in their district."
As PCMag explained in our review of NationBuilder, the service is a cross between a content management system and customer relationship management package. An Election add-on lets you import voter files from the NationBuilder Election Center from the U.S., Canada, and the UK. That way you can tell whether a member in your database is a registered voter, and if not, send them a nudge.
That data, however, is not supposed to be used for commercial purposes.
"Most states or data brokers require that anyone obtaining voter data affirm that they're not going to use it for commercial gain and that they'll follow all related state laws," CSO's Ragan points out. "Yet, because the information Vickery discovered is in a database available to anyone on the Internet who knows how to find it, it's essentially unrestricted data."
Ragan expressed concern about the potential for abuse. "Stalking and the exposure of people who normally don't share their personal information is certainly an issue," he writes. "There are other long term issues too. The personal information in this database, including political affiliation, date of birth, could be used to construct a targeted Phishing campaign."
Unfortunately, there's nothing you can really do about the existence of this database beyond petitioning your representatives about data privacy. For security reasons, a link to this database was not published, so you can't even look to see if your information is in there.
"If you are a registered voter, we cannot offer you reassurance that your details have not been obtained and won't be misused. We don't know for how long this database has been left unsecured and how many people may have accessed and downloaded it. At this point, all we're pretty sure of is that the data in the database include data from Nation Builder," reads a report from DataBreaches.net. "Could it be one of their non-hosted clients leaking the database? Maybe. Could it be that someone hacked one of their clients and stored a copy of the database at this IP address? Maybe. Could it be that an employee of a client decided to make themselves a copy for their own purposes? Maybe. The possibilities are numerous."
DataBreaches has contacted a number of different agencies about the leak, including the FBI and the California Attorney General's Office—the latter, since the state puts fairly heavy restrictions on the use of voting records in any capacity.
0 comments:
Post a Comment