In recent election cycles we’ve heard a lot about big data in political campaigns, and in the future it’s possible we’ll hear a lot more about big campaign data breaches, too.
Last week, a data breach nearly upended the race for US president on the Democratic Party side of the contest, after it was discovered that the campaign of Vermont Senator Bernie Sanders had accessed a private database of voter information collected by the rival campaign of Hillary Clinton.
The Sanders campaign fired the staffer who improperly accessed the private Clinton voter database, and Sanders personally apologized to Clinton when the two met on the debate stage on Saturday, 19 December.
Clinton said she was eager to “move on” from the incident, noting that American voters have much more pressing concerns on their minds.
But Americans who value their privacy might not want to move on quite so fast – let’s review what happened.
The Democratic National Committee (or DNC, the organizing body of the Democratic Party) maintains a big database of voters who are likely to vote for Democrats in future elections, based on a variety of information about those voters.
This “master list” of voters is rented out to individual campaigns at the state and federal level, like the Sanders and Clinton presidential campaigns, and the campaigns can combine that list with their own data to better target voters.
On Friday, 18 December, the DNC briefly suspended the Sanders campaign from accessing the party’s database of likely Democratic voters, after it discovered that someone at the Sanders campaign had gained access to a voter targeting database belonging to the Clinton campaign.
The DNC’s master list is maintained by a private company called NGP VAN, which provides data and fundraising tools to its clients, including thousands of political campaigns.
According to NGP VAN, it released a patch for its VoteBuilder software on Wednesday, 16 December, which itself contained buggy code that made proprietary voter scoring data available to unauthorized users.
In a span of 45 minutes, a staffer for the Sanders campaign was able to search and view scoring data that the Clinton campaign used to rank voters on their likelihood to turn out to the polls in Iowa, New Hampshire and other states holding early primary contests.
When notified of the incident by NPG VAN, the DNC directed the company to suspend the Sanders campaign’s access to the system until it could investigate whether the data was improperly used.
The Sanders campaign immediately swung into action, filing a lawsuit against the DNC with the US District Court in Washington, DC, to restore its access to the system.
Sanders is waging an uphill battle against Clinton – some prediction markets pick her as the favorite to win the nomination with more than 90% certainty.
Sanders has stayed in the fight thanks to his large base of small donors, but losing access to the NPG VAN system threatened to cost the Sanders campaign $600,000 in donations per day, “crippling our campaign,” Sanders said.
Sanders accused the DNC of stacking the deck in favor of the Clinton campaign, but the DNC relented and restored the Sanders campaign’s access to the system by Saturday, 19 December.
The DNC acknowledged that the data breach was possible because of a glitch in the software and was “not a hack.”
Any time private information is exposed, it makes little difference whether it is intentional or accidental to the people whose data is breached.
And with all of the data that campaigns and political organizations are gathering on voters, it’s time to ask more questions about how this private data is collected, and how it is secured.
Political campaigns gather lots of information about voters that can be used to determine how they might vote – from demographic information like gender, age and occupation, to data about the things they buy and what websites they use.
The presidential campaign of Republican Senator Ted Cruz has been gathering data on “tens of millions” of Facebook users, without their permission, in order to build “psychological profiles” of potential supporters, according to an investigation by The Guardian.
Yet there are no privacy regulations about what data political campaigns can collect or how they use that information.
Maybe we should also ask if political campaigns’ use of big data means the secret ballot, a vital aspect of free, democratic elections, is under threat.