back to article US voter info stored on wide-open cloud box, thanks to bungling Republican contractor

A massive cloud-hosted database containing personal information on nearly 200 million people in America was left wide open by consultants hired by the US Republican National Committee, it is claimed. Security firm UpGuard said the records of 198 million US voters, including dates of birth, addresses and phone numbers, were …

Page:

  1. elDog

    Hey, don't blame the repuglicans - they're new at acting responsible

    Paul Ryan (the US Speaker of the House) just recently tried to justify tRump's activities by indicating that their fearless leader was just learning the ropes.

    Why would the RNC hire someone who know WTF they were doing?

    For once, I don't think this is based on malevolence - just incompetence. OK, not for once - many, many times it's one or both.

    1. BillG
      Joke

      Hillary

      Meanwhile, all the data mysteriously ended up on Hillary's email server.

      1. Version 1.0 Silver badge

        Re: Hillary

        You think the FBI will investigate this too?

        1. SolidSquid

          Re: Hillary

          They already decided Hillary wasn't guilty of anything, so why would they continue with this investigation when they've already made their decision?

          1. Bucky 2

            Re: Hillary

            They already decided Hillary wasn't guilty of anything, so why would they continue with this investigation when they've already made their decision?

            I think the GOP thought they could control Trump. It is possible that they do. His antics make for good TV, and should be pretty effective in hiding subtler mechanizations.

            Even if they don't, Trump is their dude. They have to continue hating Clinton. If they stop, they would have to accept that Clinton would have been better for the nation, and quite possibly, even healthier for the GOP itself.

            1. codejunky Silver badge

              Re: Hillary

              @ Bucky 2

              "They have to continue hating Clinton. If they stop, they would have to accept that Clinton would have been better for the nation"

              Thats a large leap. The republicans were mocked for offering a 'clown car' of candidates while the democrats dictated Hillary would win and anyone not voting the way they dictate must be *insert insults*. I dont care how good anyone thinks a candidate is that is not how an election should be run. Hopefully next election the democrats will offer choice instead of an extremist (to make Hillary look normal), Hillary and 3 seat fillers.

              1. Rattus Rattus

                Re: "Extremists"

                Which particular extremist were you referring to? Ted Cruz? Marco Rubio? If you were referring to Bernie Sanders, I should remind you that his views were actually pretty centrist. In fact he could have been any NuLabour candidate, and he wouldn't have been too far out of place even among the Tories.

                1. codejunky Silver badge

                  Re: "Extremists"

                  @ Rattus Rattus

                  "If you were referring to Bernie Sanders, I should remind you that his views were actually pretty centrist. In fact he could have been any NuLabour candidate, and he wouldn't have been too far out of place even among the Tories."

                  I was referring to Bernie (as I was referring to only the democrats) who in the US where he was trying to get elected is an extremist. That doesnt mean he is evil or that you must disagree with him, but he was certainly an extremist. His views were entirely different to how the US has and does work. There is nothing wrong with being an extremist politically and it can add to the debate. And we all know Bernie and Corbyn were added to their respected parties 'electables' to make the preferred candidates look better.

                  The reason you give for claiming he is centrist is because you compare him to labour and tories who are in the UK not the US. You might as well compare him to China's leadership, Russia or N Korea or any country in the world. It doesnt matter, he was running in the US and his views were pretty extreme.

                  If we want to look at the Republicans I was a fan of Rand Paul who was extremist as he was a libertarian while everyone else on both parties was authoritarian.

    2. Marshalltown

      Re: Hey, don't blame the repuglicans - they're new at acting responsible

      According to the story, Deep Root Analytics is a "Republican" firm. Their webpage is most impressive in what it doesn't say and the manner in which it redefines "audience." So, yes, Republicans are to blame. And given the obvious behaviour of DT, quite plainly "responsibility" in far-right mores has a special place too.

  2. Anonymous Coward
    Anonymous Coward

    200 million people in the DB?

    That means it was the full list of ALL registered voters in the whole US. Nice.

    Oh well, not like my name, address and DOB aren't out there already. Good thing they didn't have SSNs, or all hell would break loose!

    At 1.1 TB, the database has over 5K per voter....that's more than just what was listed in the article. I wonder what else is in there? Perhaps some proprietary RNC data about donation history, frequency of contact, etc.?

    1. HandleAlreadyTaken

      Re: 200 million people in the DB?

      From a BBC article: [The data contained] "citizens' suspected religious affiliations, ethnicities and political biases, such as where they stood on controversial topics like gun control, the right to abortion and stem cell research"

      1. vir

        Re: 200 million people in the DB?

        Each entry is a small .jpg of a printout.

        1. Marshalltown

          Re: 200 million people in the DB?

          "Each entry is a small .jpg of a printout."

          Not likely. Jpegs would be analytically useless without conversion to actual data. It would mean the contractor was even more stupid than it already looks like. Though, perhaps the company was really owned by Trump.

      2. Flywheel

        Re: 200 million people in the DB?

        [The data contained] "citizens' suspected religious affiliations, ethnicities and political biases

        "suspected"? Wow, what a lot of room for error. What could possibly go wrong?

      3. Anonymous Coward
        Anonymous Coward

        Re: 200 million people in the DB?

        From a BBC article: [The data contained] "citizens' suspected religious affiliations, ethnicities and political biases, such as where they stood on controversial topics like gun control, the right to abortion and stem cell research"

        What about their views on the subject of data protection and online privacy? Probably a moot point now.

    2. Marshalltown

      Re: 200 million people in the DB?

      What's interesting is that it appears to indicate that the "reds" have dossiers not just on their voters but also on democrats and independents and probably the hens in the barn. So, presumably we're looking at politics in the US an information warfare situation. Presumably the democrats are similarly well equipped.

      1. Gnosis_Carmot

        Re: 200 million people in the DB?

        I'm sure the Democrats have it too. It would be naive to think otherwise.

    3. Anonymous Coward
      Anonymous Coward

      Re: 200 million people in the DB?

      ref. I wonder what else is in there?

      cat videos

      p.s. so what do they have on Trump? Can I look it up?! :D

    4. John Brown (no body) Silver badge

      Re: 200 million people in the DB?

      "At 1.1 TB, the database has over 5K per voter....that's more than just what was listed in the article."

      According to the BBC article, it was spreadsheets. Excel overhead? Was it even a database or just a few immense spreadsheets? Or was it a database with reports produced in spreadsheet form all in one big trove?

      1. Marshalltown

        Re: 200 million people in the DB?

        Excel is THE classical program to misuse as a DBMS. My most common task when it comes to computers is explaining users why their "database" choked and has started giving them nonsense results, or shall I say results they finally recognized as nonsense. Loads of people "who have better things to do" jump into "databases" using Excel. After all, it counts, it sums, it has statistical routines. . I usally spend loads of time "sane-ifying" their data into useful, analyzable computer chow. Quite often they are shocked to discover that "all this time" what ever they thought their data was telling them was wrong. I get their data converted over to a DBMS, usually Access, which is pretty decent for a MS product, and then get called back several times before the differences between a spreadsheet and a DBMS finally sink in.

    5. fobobob

      Re: 200 million people in the DB?

      Since spreadsheets were mentioned... perhaps they used some crap-o spreadsheet template that still contains several megabytes of vestigial cruft that someone forgot to clean up? I get these all the time at work, 5+MB spreadsheet with one useful page, no formulae.. and like 5 disused pages of trash because someone couldn't be arsed to just make a new workbook.

      1. Androgynous Cupboard Silver badge

        Re: 200 million people in the DB?

        All the answers to your questions, and more besides, are in the article on upguard.com linked to from the original article. It's a very, very interesting read.

        Link here if you're too damn lazy too look for it yourself.

  3. Anonymous Coward
    Anonymous Coward

    Data mining?

    It would be interesting to match the names and DOBs to try to locate people registered in more than one state. I've long believed that the real voter fraud in the US isn't illegals voting, or people voting the names of the deceased, but people who have residences in two states voting in both. Especially since the number one "snowbird" state, Florida, is a swing state.

    You'd need other sources to confirm that the John Smith born on 1/1/1970 living in Milwaukee is the same John Smith born on 1/1/1970 living in Orlando, but such a list would be a very good starting point.

    Fortunately the only guaranteed fix for the problem - using SSNs - wasn't implemented or this list would include them.

    1. This post has been deleted by its author

      1. mr_souter_Working

        Re: Data mining?

        where did you learn basic maths?

        John Smith - born in 1970

        current year - 2017

        (2017 - 1970) is how many years again?

        that's right - it's 47 years.

    2. Version 1.0 Silver badge

      Re: Data mining?

      " the real voter fraud in the US" - is that fact that you always have to vote for the lesser of two evils.

      The best way to swing an election in the US is to simply remove people from the voting rolls based on ethnicity and voting history - the RNC have been doing this for years in many states using the type of information that this database contained.

      1. Anonymous Coward
        Facepalm

        Re: Data mining?

        "...you always have to..."

        No, you don't.

      2. Gnosis_Carmot

        Re: Data mining?

        "The best way to swing an election in the US is to simply remove people from the voting rolls based on ethnicity and voting history"

        Conversely you can leave names on the rolls of the deceased and people who moved away. The first election after my father died I found out, since we shared the same name, that someone had voted as him. I notified the poll workers that ballot should be voided as my father was deceased.

    3. Kernel

      Re: Data mining?

      "Fortunately the only guaranteed fix for the problem - using SSNs - wasn't implemented or this list would include them."

      Not a US citizen (and have no desire to even visit, much less become one), but I seem to recall reading once that the legislation that introduced SSNs specifically barred them from being used as proof of identity.

      1. Anonymous Coward
        Anonymous Coward

        "recall reading legislation ... SSNs specifically barred ... as proof of identity."

        Why the U.S. Can’t Kick Its Addiction to Social Security Numbers

        https://www.bloomberg.com/news/articles/2017-06-01/identity-theft-feeds-on-social-security-numbers-run-amok

      2. Mark 85

        @Kernel -- Re: Data mining?

        What you say is true but it's almost universally ignored. Kind of like speed limits on the roads.

      3. ecofeco Silver badge

        Re: Data mining?

        but I seem to recall reading once that the legislation that introduced SSNs specifically barred them from being used as proof of identity.

        It was made law and then eventually ignored.

    4. Tim99 Silver badge
      Joke

      Re: Data mining?

      To confirm their general incompetence, the GOP contractor initially copied an old DB schema onto a Linux cloud server, but had probably not heard of Unix/epoch time. The concept of null would have been beyond them, so they put a default of zero in the DOB field. Then after the database was initially set up, someone else said "We can't use this freetard system, you must upgrade to a real Windows system". The said contractor then looked for a data conversion tool, which replaced all of the zeros with the valid 1/1/1970 value...

    5. Marshalltown

      Re: Data mining?

      SSNs are not a guaranteed fix. When my dad retired he had to through numerous hoops because someone else had been using his SSN in a different part of the state. You very rarely need to present your Social Security Card.

      1. Anonymous Coward
        Anonymous Coward

        Re: Data mining?

        The number of people using the same SSN and having the same name would be very limited. If found, it would point to a different type of fraud that would also be desirable to excise from the system.

        As for rarely needing to present a SS card, that's definitely true. I lost mine as a teenager, but have gotten along just fine without it.

        1. Stevie

          Re: If found, it would point to a different type of fraud

          Not necessarily.

          In the pre-internet age it wasn't impossible for two people to be issued the same SSN because of paperwork latencies.

          I know this for a fact.

          At age 50 it should become apparent when the reports from the SSA start being sent out.

          Innocent until proven guilty. Even when it comes to duplicate SSNs.

    6. Naselus

      Re: Data mining?

      "I've long believed that the real voter fraud in the US isn't illegals voting, or people voting the names of the deceased, but people who have residences in two states voting in both."

      Except even instances of that are probably minuscule. Actual confirmed instances of voter fraud in the USA are something like 50 cases in the last 25 years. And most of those proved to be accidental - people voting without realizing they weren't registered.

      The simple truth is that the US does not really have a voter fraud problem of any kind; it's just a tired excuse for the GOP to try and make it harder for democrats to vote.

      1. Anonymous Coward
        Anonymous Coward

        Re: 50 cases in the last 25 years

        "Actual confirmed instances of voter fraud in the USA are something like 50 cases in the last 25 years."

        That number sounds incredibly low. If it's accurate, then it surely reflects poor detection rather than the actual level of fraud.

        1. Anonymous Coward
          Anonymous Coward

          Re: 50 cases in the last 25 years

          "That number sounds incredibly low. If it's accurate, then it surely reflects poor detection rather than the actual level of fraud."

          The GOP has had a pretty massive effort of voter fraud detection in order to try and justify their position. They've been training volunteer poll observers for a decade or more. They'd LOVE to uncover concrete examples of in person voter fraud to justify their push for things like requiring IDs. So far, they've been unsuccessful.

          Heck, it's hard enough to convince people to vote *once* in any given US election, let alone many times.

          1. Anonymous Coward
            Anonymous Coward

            Re: 50 cases in the last 25 years

            Knowing that it's happening and being able to actually identify perpetrators are two very different things.

            But you don't need to identify specific cases to know that an average of 2 cases of electoral fraud a year doesn't reflect reality. Just compare to other first-world democracies. Here are some figures from Australia:

            http://www.aph.gov.au/~/media/05%20About%20Parliament/54%20Parliamentary%20Depts/544%20Parliamentary%20Library/Research%20Papers/2014-15/VoterID-1.gif?la=en

            The number of people admitting to multiple voting doesn't vary that much from year to year, but the numbers referred to the police and the numbers referred by the police to the courts fluctuate wildly. The obvious conclusion is that the number of prosecutions for electoral fraud is more dependent on official policies and procedures, or on the resources allocated to dealing with it, than on the actual level of fraud.

            Confirmed cases of electoral fraud in the UK are also several times more frequent than the claimed American level, with an electorate several times smaller. The UK Electoral Commission has some good statistics on it.

            1. Naselus

              Re: 50 cases in the last 25 years

              "Confirmed cases of electoral fraud in the UK are also several times more frequent than the claimed American level, with an electorate several times smaller. The UK Electoral Commission has some good statistics on it."

              The statistics which show actual voter fraud by voters trying to vote multiple times is effectively zero? There's about 70 cases a year in the UK of people signing up to vote who are not permitted to do so; this is usually EU nationals living in the UK who are not aware that they aren't allowed to vote. That's about one person per million population.

              Again, this is not a real problem and it has basically no impact on results, which is why Republicans are really, really hot on the issue until someone actually suggests an official investigation, which will come back reporting that it's not an issue and recommending that the voter suppression laws the GOP are constantly pushing for are dropped. This is not even a controversial point; Republican politicians have publicly admitted that this is what they're doing (in order to prove they're not attempting to disenfranchise people based on race, they said they were doing it to disenfranchise Democrats instead).

              1. Anonymous Coward
                Anonymous Coward

                Re: 50 cases in the last 25 years

                "The statistics which show actual voter fraud by voters trying to vote multiple times is effectively zero?"

                The statistics show there are around half a dozen convictions or cautions for "Personation/legal incapacity to vote/multiple voting" per year. Relative to the size of the electorate, that's an order of magnitude more than the claimed level for the USA. Are American voters so much more honest, or are American elections so much more resistant to fraud?

                Read the Electoral Commission's example summaries of the convictions/cautions. The impersonation/multiple voting cases are all detected by polling station staff who happened to recognise someone who had already been in earlier in the day. If that's what you're relying on, then it's pretty clear you're only catching a fraction of the people who are using someone else's vote. If Britain is only catching a fraction of fraudulent voters, then the USA, with apparently a 15x lower level of fraud, is definitely not detecting all cases. And frankly none of us have any idea how many cases are not being detected.

        2. Naselus

          Re: 50 cases in the last 25 years

          "That number sounds incredibly low. If it's accurate, then it surely reflects poor detection rather than the actual level of fraud."

          Not really. The fact is, if you wanted to swing an election, then in-person voter fraud is the least effective and efficient way you could possibly do it. You spend several hours driving to a different polling station, queuing up again, pretend to be someone else, and Bam! you've successfully added a single vote to the total for all that effort. Even if you spent all day doing it, you're personally going to manage what, 10 extra votes in an electorate of 120 million? For the risk, there's no reward.

          It's a bit like the number of bank robberies where the culprit asks them to set up a new bank account using his own name and social security number and transfer all the money into it are very, very low - not because we have trouble detecting that kind of crime, but because it's not a crime people would actually perform.

        3. Marshalltown

          Re: 50 cases in the last 25 years

          "... it surely reflects poor detection rather than the actual level of fraud."

          Not necessarily. Fraudulent voting would mean much more in local elections than in national elections. With the exception - possibly - of California, the states with the highest numbers of "illegals" all voted for Trump. By and large, they have better things to with their time than trying to alter an election outcome. Beside which, when you look at the demographics of the 2016 election, it appears that "liberal" - in the US sense - basically stayed home or refused to vote for Clinton. Not getting Bernie, they apparently said "**** it" and either didn't vote for president or didn't vote at all. Also, as the Democratic campaign demonstrated, it is far easier to rig voting rules in the primaries than in the actual election. The Dems did precisely that and lost. Apparently, the Republicans were nearly as bad. I know many and less than half will admit casting a vote for president. They walked into the polls, voted on the issues that were important to them, but could not choke down voting for Trump or crossing party lines and voting for Clinton.

          Fraudulent votes are important in things like city council elections, venues where the out comes are of trivial significance except locally.

      2. Anonymous Coward
        Anonymous Coward

        Voter Fraud

        It really comes down to how you define and enumerate the fraud.

        In the last Federal election the recounts revealed that there were SEVERAL precincts in Detroit Michigan that had more votes registered for a single candidate than the entire population of registered voters in that precinct.

        Obviously common sense tells us that foul play was involved, as the precinct chairmen reporting the vote totals are going to know how many voters they have in their districts, and while you might be able to blame a single precinct as an single anomaly, when there are multiple precincts in a small geographic area with the same anomaly you have clear evidence of coordinated fraud.

        So, that fact that voter fraud was involved is a given.

        The question then comes down to whether each illegal vote is a instance of fraud, each precinct, each district, each state, etc.

        Note that I am not blaming or naming one political party over the other - this type of low-level grassroots fraud can occur in any party without the knowledge or participation of party leadership. The fraud also did not affect the outcome of the election, as the ratio of fraudulent votes as compared to the legitimate ones is so wide that it is statistically insignificant.

        Now where I WILL name parties is that trying to say that it is just The Republican Party and not the Democrat Party is either disinformation or willful ignorance. One of my former clients lived in Chicago where as a small boy one of his jobs was to sit inside the election booth and pull the lever for Democrat candidates every time he saw the lever for a Republican candidate move, so that the Democrats would always have more votes. It would not surprise me to find out that Republicans did the same types of things in other precincts.

        Additionally, the repeated claim that requiring a voter to provide identification is an attempt to suppress votes is clearly ridiculous. In this country you cannot get a job, open bank account, get a cellular phone, cash a check, or purchase something with anything other than cash without some sort of identification. The ONLY reason to continue to fight "voter id" laws is to enable and promote fraud. A significant percentage of the states have had voter id laws for decades or more, and I only see one political party fighting them in states where they don't already exist.

        1. Hawkeye Pierce

          Re: Voter Fraud

          Wow you must have some significant inside information given that the state audit into the discrepancy found no evidence of persuasive voter fraud and that human error and possibly machine error was the main cause.

          So no, common sense does not tell us that foul play was involved.

          1. Anonymous Coward
            Anonymous Coward

            Re: Voter Fraud

            If you are in charge of a voting station, you know how many people are registered to vote in your precinct. For you to turn in numbers higher than that without noticing is not going to happen - for multiple people to do it in the same area requires coordination.

            For a political investigation to find "no evidence" isn't at all uncommon as they only find what they want to find - however in this case there is evidence, just not proof of who all was involved.

            It didn't change the outcome so there are no actual damages, and no investigator is interested in digging too far lest they actually uncover something that someone in power doesn't want uncovered, but the end result is that from now until the end of time every election in those districts is going to be held under a spotlight and magnifying glass ensuring that "whatever happened" doesn't happen again -- and THAT is perceived to be a sufficient remedy.

          2. Anonymous Coward
            Anonymous Coward

            Re: Voter Fraud

            Actually, the audit found absolutely NO evidence of machine error, attributed EVERYTHING to human error, but blamed training and not coordinated fraud.

    7. Gnosis_Carmot

      Re: Data mining?

      It was common when I was in college in the 90s for both the Democrat and the Republican party people to tell to college students they could vote at both their home address and at their college address.

      What they always left out was that only applied to local elections. National level the students had to pick one.

    8. Richard Plinston

      Re: Data mining?

      > match the names and DOBs to try to locate people registered in more than one state.

      Apparently, there are 3 million registered in more than one state mainly because people move and even if they tell the old state they have gone the cleanup of the rolls is not done. This was the basis that Trump claimed, without any evidence at all, that all 3million voted democrat twice.

      Among that 3 million were Tiffany Trump and Steve Bannon.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like