Data of nearly all registered US voters left unsecured for weeks in RNC trove
Personal data, including names, birth dates, addresses, voter registration details and social media posts, made vulnerable due to improper security settings
A data trove owned by the Republican National Committee (RNC) containing personal details of nearly every registered voter in the US was left unsecured for nearly two weeks earlier this month due to an improperly configured security setting, internet security firm UpGuard revealed on Monday.
The data, which includes names, birth dates, addresses, voter registration details and social media posts, was available for download by anyone who knew to look for it from 1 June through 14 June when the oversight was corrected.
The roughly 1.1 terabytes of data was compiled by Republican data firm Deep Root Analytics on behalf of the RNC in their efforts to elect Donald Trump, as part of a data modernization project the party began after Mitt Romneys 2012 loss.
The RNC data repository would ultimately acquire roughly 9.5bn data points regarding three out of every five Americans, scoring 198 million potential US voters on their likely political preferences using advanced algorithmic modeling across forty-eight different categories, UpGuard explained in a post about the files.
The 198 million individuals captured in the data represent virtually the entire registered voter population. A security update left the information public on a server which should have been, and previously was, secure.
Theres a whole load of characteristics to this data thats quite shocking to see. Theyve been systematically compiling it for a long time. How they are collecting it, were not too sure, but the fact that it contained components from Reddit posts and a whole lot of other social media capabilities makes it quite different from other commercial or potentially free sources, said UpGuard CEO Mike Baukes.
Baukes said the issues the discovery presents are twofold. One is the fact that such comprehensive databases are being compiled and populated by private companies for political and commercial reasons, which Baukes describes as almost akin to mass surveillance. The second issue is the breach that made the information potentially available to anyone on the internet looking for it.
By investing in its database the GOP was mostly playing catch-up with Democrats who had a robust voter database behind their successful get out the vote efforts in 2008.
This is not the first time a data trove like this has been discovered, and in fact not the first time one has been discovered by Chris Vickery, the cybersecurity expert who uncovered it for UpGuard. In 2015 Vickery found a similar mystery database of 191 million US voter registration records which also included names, home addresses, phone numbers, dates of birth, party affiliations, and voting logs.
But Vickery said this trove is somewhat different. This one is magnitudes larger in terms of profiling and microtarget analysis, Vickery told the Guardian. Its more sensitive and more invasive.
Most of the data in the file is ultimately publicly available, including voter registrations and party affiliation. Anyone who has done political canvassing in recent years, for example, knows that campaigns usually have access to voter registration records with addresses and party affiliations- these records are the foundation that modern get out the vote efforts are built on. In addition, a number of paid and free internet search sites can net a user name, address, phone numbers, social media postings and other aspects of a 21st century digital footprint.
The main thing Deep Root Analytics, along with a few other GOP-hired firms, added was the consolidation of all these records into one place, and predictive data from algorithms they had designed to interpret things like voters likely position on certain issues.
Nonetheless, said Baukes, the fact that they left this data on a misconfigured server for anyone on the internet to get access to is actually disturbing.
If the wrong type of group got ahold of that … thats a list of names, addresses and, religious preferences. Thats a chilling outcome that could happen with the violence that were seeing at the moment.