Monday, December 28, 2015

So much for privacy . . .


If you're a registered voter in the USA, it looks like your personal information has been compromised.

A whitehat hacker has uncovered a database sitting on the Web containing various pieces of personal information related to 191 million American citizens registered to vote. On top of the concomitant problems of disclosing such a significant leak to that many people, no one knows who is actually responsible for the misconfiguration that left the data open to anyone.

Researcher Chris Vickery ... has his hands on all 300GB of voter data, which includes names, home addresses, phone numbers, dates of birth, party affiliations, and logs of whether or not they had voted in primary or general elections. The data appears to date back to 2000. It does not contain financial data or social security numbers.

. . .

Right now, thanks to someone’s carelessness, it’s free to anyone who can find what Vickery did. That means anyone in the world can find out where a person in the US lives and what political beliefs they may have. If they can find the database, scammers and marketing folk alike will likely benefit most.

There's more at the link.

I fear that in the age of the Internet, personal privacy has become nothing more than a contradiction in terms . . .




Peter

8 comments:

Anonymous said...

A question for the panel :^)

Would it be legal to tell anyone having your personal information that any unauthorized disclosures will be liable for a penalty paid to you (the owner of the information) ? You would not be preventing anyone from using the information, only demanding that payment for unauthorized information being disseminated.

Fred said...

"...who is actually responsible for the misconfiguration that left the data open to anyone."

How does one correctly configure a database in which data are closed. The answer is that it can't be done. If not hack-able by a person right now then the technology itself will be obsolete in a matter of months. Of course with a little hard work there is no reason for the enterprising to wait to steal the info. There is no such thing as secure data.

Anonymous said...

I'm not sure that this is "unauthorized". For better or worse, this is public data. I'm in Michigan, they sell it for a fee - a few thousand $$, I think. I snapped up the Ohio data a few years ago, it was a free download from a state server.

At that time, CA wanted $12 for a DVD with their voter info, NC was also just a small fee.

kamas716 said...

I wonder if it's actually a list of Registered Voters, or a list of people who actually voted. If the former, I should clean as ND doesn't have voter registration. If the latter, I should be listed.

lpdbw said...

I WANT THIS!

I want to run a sweep of the database and discover all the people who registered to vote in New York, and also in Florida, and in fact voted both places.

I want to run a list of those St. Louis precincts with 110% turnout, all of which went to Obama. In 2008 AND 2012.

I think it would be interesting to identify the voters, and do some investigation as to which couldn't possibly have voted, due to death, incarceration, etc.

If we had a decent Justice department, they'd be doing this.

R said...

I value the confidentiality of my home address too much to register to vote in my state. If I did then the location my home would be available to family that I'd rather not find me.

genericviews said...

Most states gives this information out to anyone who requests it. This is the source of political spam and mailings for decades. The local party gets the list of "registered democrats" and pays the bulk rate to send them something.

And "registered republican" != "votes Republican".

Anonymous said...

Property tax records are usually public info too. Owner, physical address of property, Owner's mailing address, Estimated value of the property, and how much the yearly taxes are.

(I should clarify in Minnesota that's all public info. -- Other states the rules may vary.