Why The Greatest Threat To Personal Data May Be Political Campaigns

Running for political office has changed. The name of the game now is voter data. Political campaigns are now nothing more than huge data gathering machines. These campaigns suck up every detail about the voter they can get their hands on. Some details are rather mundane such as your home address or your political affiliation. But some data gets up close and personal like your sexual orientation, mental health, or if you own a gun. But sadly, politicians — like major corporations — are very bad secret keepers.

The personal data of over 100 million American voters has been compromised online. The sad fact about this news is that political campaigns themselves are responsible for the data leaks, not hackers.

In February, Iowa’s Republican Party was responsible for a data leak that affected over 2 million voters. The party simply failed to properly secure the database.

In December, an independent security researcher discovered a publicly available database of 191 million voter records. That database exposed full names, home addresses, mailing addresses, unique voter IDs, state voter IDs, as well as a voter’s gender, date of birth, phone numbers, date of registration, political affiliation, and voter history dating back to 2000. It is still unclear who owns the data, but according to CSOonline.com, it may have come from the NationBuilder.com website.

In November, Georgia GOP Secretary of State Brian Kemp, a privacy champion, acknowledged that his office illegally disclosed Social Security numbers and other private information of more than 6 million Georgia voters.

One of the reasons campaigns are so sloppy with voter data could be the nature of political campaigns. Political campaigns are short-term efforts that dry up after the votes are counted. After that the data is no longer a high priority.

The effort of a campaign is focused on gathering the data. Most campaigns are not heavily invested in cyber security. Many politicians have privacy policies on their websites — but a privacy policy and data security are two different animals.

Campaigns generate enormous amounts of money. But even with hundreds of millions of dollars pouring into campaigns, both national and local, not a lot of it is spent on data security. Security of voter data comes down to available resources — i.e.  money. Data security simply isn’t a priority for many campaigns. If a campaign had a choice of securing data or buying television time, someone is going to ask, “How many votes will a security manager bring in?” The answer is obvious.

Political data leaks carry the same dangers as corporate data breaches. Investigators have discovered voter data on the dark web. Like consumer data leaks, this exposed information could be used to carry out phishing attacks, hijack a voter’s online accounts, steal identities and other mischief.

Data breaches have even caused squabbles between political candidates. Democratic presidential candidate Bernie Sanders’ campaign was caught accessing the voter database of opponent Hillary Clinton. The Sanders campaign was temporarily banned from using the Democratic National Committee’s database because campaign staffers had illegally viewed her data.

Two of Sanders’ staffers were fired and Sanders apologized. But the real problem was that the database was not properly secured. According to CNN, the firewall separating the data between Clinton and Sanders was dropped by the vendor, NGP VAN, allowing access to the data.

Another major problem facing voter data security is that most states have their own set of standards, and some have no regulation in place at all. For example, Alaska, Arkansas, Colorado, and many other states have no restrictions on voter data. California, on the hand, restricts voter data to political purposes only and cannot be transferred outside the U.S. Much like data breach laws, there is no federal standard.

It’s shocking that with all this voter data exposed, state and local elections offices actually sell voter data. Fees to obtain 3 million voter registration records in Alabama will cost just over $29,000.

Private corporations are also in on the act of selling voter data. Votermapping.com sells a complete voter profile for just 2.5 cents per voter. For that price the buyer gets data that includes income, home values, occupation, lifestyle indicators, magazine subscriptions, and individual cell phone numbers.

Data breaches have become common news. Not only have consumers seen personal data stolen from corporations but also our federal government and now our political leaders appear just as guilty of poorly handling our personal data. And what is not lost by political parties and organizations is bought and sold openly.