The Republican National Committee’s in-house big data team just got caught by a cyber security firm leaking the private information of 200 million Americans. California-based UpGuard found the RNC’s data file unprotected in a publicly available URL within Amazon Cloud Services and downloaded the information – equivalent to 10 billion pages of text – and reported it to federal authorities.
The RNC’s leaked database includes all registered voters in the United States, with information from Democrats, independents, and presumably 3rd party voters. UpGuard’s report suggests that this may be the largest known political data leak to date, worldwide:
This disclosure dwarfs previous breaches of electoral data in Mexico (also discovered by Vickery) and the Philippines by well over 100 million more affected individuals, exposing the personal information of over sixty-one percent of the entire US population.
UpGuard’s discovery — of perhaps the largest known exposure of voter information in history—is corroborated by technical evidence, as well as by the public statements of the responsible firms and political staffers.
Republicans only secured the leaked information after it was reported to authorities. It contains information from the Republican Party, the Koch Brothers, and numerous other outside groups.
UpGuard’s lengthy report on the RNC’s data leak explains the complex manner how their party created a “captive” data company which the party created a subsidiary company – ironically named Data Trust – which their leaders do not control, to manage their data campaigns. They wrote that the Trump campaign relied on those firms:
In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump.
The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions.
senior advisor nepotism poster-child Jared Kushner ran that operation for the Trump campaign, which coordinated three “major voter suppression operations.” Just because the election is over, doesn’t mean that Republicans have stopped collecting the data, according to UpGuard:
In the 50 GB file titled “DRA Post Elect 2016 All Scores 1-12-17.yxdb,” each potential voter is scored with a decimal fraction between zero and one across forty-six columns. Each of the fields under each of the forty-six columns signifies the potential voter’s modeled likelihood of supporting the policy, political candidate, or belief listed at the top of the column, with zero indicating very unlikely, and one indicating very likely.
Typically, unique identifiers are used to shield the connection between real people and sensitive data about them, but in this case, the RNC’s leak included everything. UpGaurd’s blogger attested to the scary accuracy of the Republican Party’s modeling data, by using his name and 32-character unique RNC ID number to view his very own data file.
Another disconcerting possibility is that the RNC’s massive trove of unprotected data could’ve been exposed without a password in an effort at promoting covert intra-Republican Party data sharing, in the way that politicians use unlisted, but publicly available videos to let Super PACs download videos for independent advertising. The RNC’s data team also collected a mass of posts on Reddit and put those into a text file, for reasons that are not apparent.
Republicans spent an entire election complaining about Democratic nominee Hillary Clinton’s private email server – which was never known to be breached – when their own party was getting ready to quietly publish everything ever known about the American electorate online for the world to see.
GOP Congresspeople and the President have spent the entire year complaining about law enforcement unmasking the data of criminals, but didn’t take proper precautions to prevent unmasking intrusively collected information on every voting American.