Your Voice, Your Vote for Data Security
Data breaches of private corporations have become exceedingly common these days. Almost mundane. However, for all the personal information exposed through these breaches, as well as how flawed security can be for the breached entity, it is now coming to light that a significantly greater risk to people’s data might just be posed by political campaigns. It makes a certain kind of perverse sense. Compared to private entities, the goal of a campaign, along with its interest in personal data, is more immediate and temporary. If a campaign staffer has to choose the most appropriate use for funds, it’s going to be on air time and get-out-the-vote efforts, with data protection probably drawing the shortest of straws. Voter data does not command as much care when your main concern is simply to leverage it to the best of your ability and win the election. When it’s all said and done, win or lose, it really couldn’t give less of a damn. Small wonder, then, to see such a lackadaisical view taken towards data security.
So, with the election cycle in full swing, we thought it was important to take note of some of the reports that have been made over the last several months about incidents like a February leak from Iowa’s Republican Party’s database that affected 2 million voters. Or how, in December, an independent security researcher discovered a database of 191 million voter records that was, amazingly, publicly available. Negligent as these organizations were with voter data, it’s still not as disheartening as learning that some state and local election offices even try to make a profit from it, while companies like Votermapping.com also try to take advantage, offering a full voter profile for cents each. Data in each ‘set’ includes “income, home values, occupation, lifestyle indicators, magazine subscriptions, and much more.”
The situation also ranges from the malicious to the laughable, such as when the vendor used by the Democratic National Committee removed its firewall between candidates’ databases, allowing staffers from Bernie Sanders’ campaign to see voter records on Hillary Clinton’s.
These are just a few such debacles, but all this apathy on display for voter data is depressing. At least it looks like the Obama Administration is bringing charges against the hackers behind a coordinated campaign of cyber attacks against several major U.S. banks (including Bank of American and JP Morgan Chase) and a dam in the Rye Brook, New York. To refresh: these attacks were carried out in 2012 and 2013, with distributed denial of service (DDoS) attacks hitting these financial institutions and the dam. In the latter case, it appeared the hackers were trying to gain control of the dam’s floodgates, but fortunately failed.
So that’s good news! We finally know who the perpetrators are, so we can…What’s that…? They’re in Iran…? Oh. Well, cyber attacks against critical infrastructure have been a growing concern in recent years, and we don’t seem to be quite prepared. In fact, National Security Agency chief Michael Rogers has said the question is “when, not if” another country launches a successful attack on U.S. infrastructure, like the one in Ukraine that temporarily left 225,000 people without power. Thankfully, we don’t seem to be as blithe to security in this scenario as people can be with voter data.