This controversial op/ed analysis of the recent, and substantial, leak of registered voter information, comes to us from Dominick Bruno. It is his first contribution to The Cryptosphere, so let’s make him welcome.

Got Leaks by Edward Conde on Flickr

On December 28th, the internet was treated to a new leak: a Reddit user by the name of FoundTheStuff (who identified himself as Chris Vickery) had claimed to leak the complete voter registration information of every voter in the United States after attempts to have the database removed failed.  In the flash of outrage and interest immediately following the leak, it quickly became apparent that there were a number of issues at play.  Security researchers, privacy advocates, open data activists, netizens – pretty much just about everyone – had something to add.

The leak itself contained publicly available information; the only novel aspects being the method the data was acquired, and the free release of the aggregated data.  Perhaps more important, though, is the reaction of many to the release of the information and the issues the incident raises for the privacy and hacktivist communities.

The databases themselves were established as part of the 2002 Help America Vote Act, drafted in response to the controversial 2000 US election.  Typically, voter registration data is used by political campaigns to identify voters in their area for canvassing.  Local campaigns – and in most areas, any taxpayer – can get the data from county or state offices. Local groups typically will not have access to or need large aggregates of voter information for obvious reasons.  For efficiency, national campaigns typically buy large databases from brokers that will contain data aggregated from a number of states or regions.

Surely, the fact that one of these databases was left exposed on the internet is concerning from a security point of view, however it is more indicative of general laxity rather than being a serious breach itself.  Considering the aggregate nature of the database, and the likelihood it came from NationBuilder, it very likely has its source in a major campaign or lobbying group, and one wonders what other, potentially more sensitive, data is exposed.

In fact, given that Jim Gilliam, CEO of NationBuilder, actually released a complete database in 2012, which is continually updated, even the aggregate nature isn’t all that notable.  Gilliam, however, did not release it freely to the public; intending it only for political candidates (of any stripe) and community organizations. Users must register on his site and provide contact information.  In doing so, Gilliam explicitly stated his intents for it to be used for political campaigning and organizing. Claiming that currently only the two major parties have access to this type of data, he stated “What’s good and right is more people participating in the democratic process”.  Vickery’s leak comes with no such strings.  

This actually highlights the most common concerns expressed on social media and importance of this “leak”:  Many were ignorant that this information was publicly available; and of those who were aware, the possibility of effortless distribution of a comprehensive database were, in the words of  the leaker himself: “a hard pill to swallow”.  The extra hurdles required to acquire aggregated data – small as they are – provide a level of comfort to many.

Contrasting with this are the concerns of hacktivists and community organizers.  Voter registration databases have long been a research tool used by investigative journalists and activists.  In one example, a 2002 article in 2600 magazine entitled “Cracking Voter Fraud” demonstrated a method to utilize voter registration databases and community involvement to investigate voter fraud on a local level.  Similarly, a 2014 Anonymous pastebin (which implies they were aware of the 2600 article), builds upon the same techniques to demonstrate a method of d0xing law enforcement on a departmental level.  Clearly, these databases have a use in helping activists keep politicians and other officials accountable.  Blowback from this leak, it is feared, will lead to an even further clamp down on access to data.

So, as a simple netizen, how does this affect you?  If you are a registered voter in the United States, your data is most likely in the leak.  Chin up, it’s always been available, so nothing has changed but your awareness.  What you can do now is take steps:

1. Educate yourself about both the privacy and transparency issues involved – the American Civil Liberties Union and Electronic Frontier Foundation are good places to start.
2. Some states offer the ability to “opt-out” of listing to various degrees.  Research your state’s laws and opt-out procedures, if you so desire.
3. Learn about the voter registration systems and how they work in general: the National Conference of State Legislatures actually has a nice overview.

Whatever the particularities of the leak itself, its greatest use just may lie in highlighting the perpetual tension between the needs for citizen privacy and government transparency.  Whether the discussion will expand or fade away remains to be seen, and this will ultimately be a strong determinant in the significance of the leak.  One thing is for certain – issues such as this will continue to confront society, with no resolution in sight.  Where do you stand?

Categories: Attack, Bureaucracy, Communication, Crime, Cyber, Deep Web, Dox, Election, Essays, Hackers, Leaks, News, Opinion