Advertisement

GOP data leak exposes personal info of 200 million voters

Discovery of unsecured database raises big-data concerns

Voter_Registration_Form


By Heather Hamilton, contributing writer

The analysis of big data has changed the way that political campaigns operate, allowing targeted strategies that better address voters’ concerns. Of course, providing such insights requires huge databases that store detailed information on voters across the United States.

UpGuard, a cybersecurity firm, confirmed on June 19 that Deep Root Analytics, a data processor and aggregator contracted by the Republican National Committee, left vulnerable the information of nearly 200 million voters in the United States.

On June 12, UpGuard cyber-risk analyst Chris Vickery found an open cloud repository while searching for misconfigured data sources. After Vickery notified federal authorities, Deep Root Analytics secured the database against public access.

The database contains more than a terabyte — or 500 hours of video or 10 billion pages of text — of voter data. Despite the personal nature of the information, the database was stored on an unsecured Amazon server. According to ExtremeTech, UpGuard accessed it without a password. UpGuard has not released the files for download but has provided a full analysis of the leak.

According to Gizmodo, the RNC paid Deep Root $983,000 last year, though the server contained records from other sources that were paid millions more. The data contained in the archive came from multiple sources within the Republican Party, including super PAC research, survey results, and even Reddit posts. ExtremeTech suggested that the data ultimately presents a spreadsheet of individual voters’ likes and dislikes. UpGuard reported that the data files include “modeled ethnicity” and “modeled religion” data fields — two categories that have historically created controversy in the context of data collection.

UpGuard reported that it located a folder that contained CSV files with anonymized 32-character voter IDs, each with a corresponding list of likely feelings on hot-button issues such as abortion and gun control. Alarmingly, there was also a “Contact File” linking the anonymous IDs to the voters’ names, addresses, and birth dates.

The GOP primarily used the voter information to target voters in preparation for the 2016 election, though the data was also used to gauge voter sentiment around Trump’s policies around the time of the inauguration. Voters were assigned a score indicating their level of agreement with such positions as stopping illegal immigration and repealing the Affordable Care Act.

UpGuard said it is likely that other such databases exist and that those may also be insufficiently secured. That being said, it is unlikely that UpGuard is the first or the only entity to have gained access to these files. What does that mean for you? Chances are, your political affiliations are now well-known.

“That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling,” writes UpGuard. “The ability to collect such information and store it insecurely further calls into question the responsibilities owed by private corporations and political campaigns to those citizens targeted by increasingly high-powered data analytics operations.”

Sources: UpGuard, ExtremeTech,Gizmodo
Image Source:
Wikimedia

Advertisement



Learn more about Electronic Products Magazine

Leave a Reply