Massive Voter Database Left Unsecured

An un­se­cured data­base con­tain­ing in­form­a­tion on more than 190 mil­lion U.S. voters has been float­ing around the in­ter­net, and nobody seems to know how it got there. That’s a troub­ling sign as polit­ic­al cam­paigns be­come in­creas­ingly de­pend­ent on col­lect­ing, ana­lyz­ing, and util­iz­ing per­son­al voter in­form­a­tion.

In­ter­net re­search­er Chris Vick­ery found the data­base on Dec. 20; it has since been taken down. The data­base con­tained in­form­a­tion that cit­izens provided to states when they re­gistered to vote: names, ad­dresses, phone num­bers, and po­ten­tially demo­graph­ic info and vot­ing his­tory.

The in­form­a­tion would be time-con­sum­ing to ag­greg­ate (it can be pur­chased from state gov­ern­ments) but it is only truly use­ful to cam­paigns when com­bined with oth­er data sets ob­tained from me­dia com­pan­ies, poll­sters, and dir­ect voter con­tact.

Vick­ery, re­cog­niz­ing the voter file in­form­a­tion that is used by cam­paigns to plot out­reach and strategy, began con­tact­ing polit­ic­al data vendors to fig­ure out where it came from, and found tell­tale data la­bels used by a com­pany called Na­tion Build­er.

“While the data­base is not ours, it is pos­sible that some of the in­form­a­tion it con­tains may have come from data we make avail­able for free to cam­paigns,” Na­tion Build­er CEO Jim Gil­li­am wrote on his com­pany’s web­site. “From what we’ve seen, the voter in­form­a­tion in­cluded is already pub­licly avail­able from each state gov­ern­ment so no new or private in­form­a­tion was re­leased in this data­base.”

Ac­cord­ing to cam­paign spend­ing data, Na­tion Build­er’s biggest cli­ents in the cur­rent elec­tion cycle are the Mas­sachu­setts Re­pub­lic­an Party, Rep. Dav­id McKin­ley of West Vir­gin­ia, and the Lyn­don La­Rouche Polit­ic­al Ac­tion Com­mit­tee—which is as­so­ci­ated with the con­tro­ver­sial con­spir­acy the­or­ist and per­en­ni­al pres­id­en­tial can­did­ate.

There are a patch­work of state laws that lim­it us­ing the data for com­mer­cial or non­polit­ic­al use, and the un­se­cured data is wor­ry­ing to se­cur­ity pro­fes­sion­als and pri­vacy ad­voc­ates. But it’s im­port­ant to re­cog­nize that all of this in­form­a­tion is avail­able to the pub­lic. Ul­ti­mately, this is ap­pears to be a much less wor­ry­ing in­cid­ent than the data breaches that have plagued ma­jor re­tail­ers and the U.S. gov­ern­ment.

This is also not ex­actly the kind of data that got Sen. Bernie Sander’s cam­paign in hot wa­ter a few weeks ago. While that in­volved a sim­il­ar data­base of voter in­form­a­tion, the real is­sue was the Sanders cam­paign’s abil­ity to see pro­pri­et­ary in­form­a­tion gathered by Hil­lary Clin­ton’s cam­paign about which voters sup­port her and are likely to vote.

It’s not clear how re­cently the ex­posed data­base was up­dated; voter file in­form­a­tion tends to quickly grow stale, as voters die, move, or change their polit­ic­al al­le­gi­ances. The kind of re­gis­tra­tion data found in ex­posed data­base is typ­ic­ally only the a start­ing point for the com­pre­hens­ive voter files main­tained by the two ma­jor U.S. parties and their vendors. The parties, in turn, rely on cam­paign can­vass­ers to up­date the files.

But as the free-for-all search for per­son­al in­form­a­tion be­comes ever more im­port­ant to politi­cians—in­deed, some cam­paign vendors brag that they are psy­cho­ana­lyz­ing voters from afar—voters will be in­creas­ingly con­cerned about the se­cur­ity of their per­son­al in­form­a­tion.

(Image via Joseph Sohm/Shutterstock.com)