For an unknown amount of time, anyone in any part of the world had access to 191 million Americans’ locations and political beliefs.
(TNS) -- It’s a sad feature of contemporary life that data breaches are as common as changes in the weather. Still, the news that a misconfigured database resulted in the exposure of about 191 million registered voters’ personal information is incredibly alarming.
For years, skeptical political theorists have warned that, although new technology held great potential for voting, it came with many potential threats to voter privacy and security. Unfortunately some of these valid concerns were hijacked by conspiracy theorists, especially after a notorious series of scandals were linked to Diebold voting machines in the 2004 presidential election.
But given this week’s news [in late December], it’s time to return to the question of how technology can compromise voter security, with an eye to developing constructive solutions.
On Dec. 20, a security researcher named Chris Vickery discovered holes in the security of a massive database of voter registration information.
The database contained information required for voter registration, including names, home addresses and phone numbers, dates of birth, political affiliation, and participation in primaries and elections dating back to 2000. Thankfully the database didn’t include driver’s license numbers or financial information.
Voter registration lists are public record in most states, but many have restrictions on how the data can be accessed and used. For an unknown amount of time, anyone in any part of the world had access to 191 million Americans’ locations and political beliefs. That’s a direct threat to voter privacy.
Vickery shared his findings with Databreaches.net, which called the FBI and California’s attorney general, Kamala Harris. California is one of the few states to strictly restrict data disclosures on voter registration, and more than 17 million California voters’ information was exposed.
Alex Padilla, California’s secretary of state, confirmed that his office didn’t post the records online. In a statement, Padilla said that his office was discussing the matter with the attorney general and that it was standing “ready to provide any assistance necessary.”
The first matter of business should be finding out the source of the leak — unfortunately it’s not yet clear to whom the database belongs. It seems unlikely that any of the political software firms would willingly admit to the breach, so Harris’ office may need to push for an investigation.
Beyond determining the source of the leak, state leaders should be asking more questions about the relative strength of software firms’ security procedures. Are there best practices? Who’s following them — and who’s not?
Finally, California must consider requiring security thresholds before turning over voter data to the marketing firms and political consultants who develop these databases for campaigns. Although we can all agree that political campaigns have a valid reason for accessing voter data, what’s most important in a democracy is for voters to have confidence in the privacy of their ballots.
©2015 the San Francisco Chronicle. Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.