A little over a month after it became known that the social security numbers, drivers license numbers and dates of birth of more than six million Georgia registered voters were sent to news organizations and political parties in what is known as the Peach Breach, a much bigger database of voter information was discovered in the wild. Databreaches.net reported that a database with 191 million records containing voter information was available publicly on the internet. After this report, public access to the database was removed.
While the information in the database didn’t include social security or drivers license numbers like the Peach Breach did, it did include dates of birth, phone numbers, email addresses and possibly more. Is this significant? Or as was pointed out in a tweet, is it no more than someone accidentally leaking Facebook?
A story in this morning’s New York Times tries to answer that question. In addition to talking about how voter information is aggregated and used by political campaigns, it talks about how the information can be used for less noble purposes:
Big data advocates argue that what is in most voter files is nothing more than the White Pages of a phone book augmented with party affiliation and voting history (not which candidate people voted for, but whether they voted.) But for privacy experts, that alone, especially when compiled in one place, is cause for concern.
“Simply by digitizing the data, collecting it in one place, making it freely available in one place — it’s a Christmas gift for thieves,” said Neal O’Farrell, the executive director of the Identity Theft Council. “I interviewed an identity thief, and he said credit card numbers are for chumps. It’s much easier to get caught. The cybercriminals really want to know who you are. And voter information and any kind of information that fills in all the blanks makes it easier for phishing, for social engineering, and for extortion.”
There is no doubt that this type of data has become essential to modern political campaigns. Democrats and some others use NGP/Van to aggregate voter data and enable voter contact. NationBuilder is a popular tool used by a wide variety of candidates and organizations to build support. And don’t forget that the voter data exposed in the Peach Breach except for personally identifiable information is required by Georgia law to be made available to those willing to pay a fee.
Many people, myself included, are willing to provide personal information to social media sites like Facebook in order to be able to enjoy social media. Plenty of people use a Kroger Plus Card or other shopper card to get discounts at retail while providing a wealth of personally identifiable information about what we purchase and use on a daily basis. And while the benefits can be great, there are also risks, as not only the unauthorized release of voter information but the legally required distribution of voter records shows.