The DNC data breach

For those that are not familiar with the space, campaigns typically use voter contact software to record the results of the conversations they have with potential voters on the phones, at the doors, and over the Internet. In this case, the voter contact software that both the Hillary and Sanders campaigns were using, NGP VAN, had a bug which allowed both campaigns to access each other&#x27;s private, proprietary data (in this case, I believe, modeling data).<p>The Data Director on the Sanders campaign discovered the error and (he claims) was verifying and documenting the bug, which was then reported to the Democratic National Committee (DNC) and NGP VAN. The DNC claims these actions were not in good faith, and as a reaction cut the Sanders campaign off from the system.<p>This is a BIG deal for a campaign, so close to the first elections. Campaigns rely on that data to inform nearly everything they do, and rely on access to such tools to conduct their voter outreach program. Being cut off from the system is crippling for a campaign, likely why the Sanders campaign so quickly sued to get its access reinstated [1].<p>[1] - <a href="http:&#x2F;&#x2F;www.politico.com&#x2F;story&#x2F;2015&#x2F;12&#x2F;sanders-campaign-threatens-to-sue-dnc-216942" rel="nofollow">http:&#x2F;&#x2F;www.politico.com&#x2F;story&#x2F;2015&#x2F;12&#x2F;sanders-campaign-threa...</a><p>edit: typos

If you believe the Sanders camp, this sounds a lot like the Instagram bug bounty issue [1] that appeared on HN recently. Someone from the Sanders campaign identified a bug and to prove their was an issue grabbed private data that they should have never had the ability to access. That is questionable ethically whether they looked at the data or not. The DNC also can&#x27;t immediately tell if it is the truth or if the data was taken maliciously. Given that, I don&#x27;t think it is unreasonable to temporarily shut out the Sander campaign until it was fixed. <i>Although if I was in charge, I would shut out all campaigns until the matter is fully investigated. It isn&#x27;t fair to disable one campaign if there was nothing malicious happening. (Never mind, see edit)</i><p>EDIT: Actually on seconding reading the Sander&#x27;s lockout was not for security reasons and was only done by the DNC in awaiting full details from the campaign. In that instance it wouldn&#x27;t make sense to suspend any other campaign&#x27;s access. They are punishing the Sanders campaign in hopes that it causes a quick confession of the exact details of what data the campaign accessed and retained. I still don&#x27;t think that response is as unreasonable as some Sander supporters are alleging.<p>[1] - <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=10754194" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=10754194</a>

I&#x27;m sure Sanders was just polling well, and this is the perfect opportunity for the DNC to pull the rug out under his campaign.<p>NGP-VAN is crap hack software anyways.

A significant problem with &#x27;dynasties&#x27; is that you start to get perceived, if not real conflicts of interest above and beyond governance itself.<p>As was pointed out in this reddit thread [1],The CEO of NPG VAN (Stu Trevelyan) is a strong supporter of Hillary Clinton and worked on the 1992 Clinton-Gore &quot;War Room,&quot; and then in the Clinton White House [2].<p>[1] <a href="https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;technology&#x2F;comments&#x2F;3xbt3w&#x2F;bernie_sanders_campaign_is_disciplined_for&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.reddit.com&#x2F;r&#x2F;technology&#x2F;comments&#x2F;3xbt3w&#x2F;bernie_s...</a><p>[2] <a href="https:&#x2F;&#x2F;personaldemocracy.com&#x2F;stu-trevelyan" rel="nofollow">https:&#x2F;&#x2F;personaldemocracy.com&#x2F;stu-trevelyan</a>

A bug of that nature, completely bypassing all permissions, made it past testing (I presume they test). Whatever happened afterward is noise to me. How the hell do you let that happen?<p>Hardly getting any blame is a neat trick. I wish I had that luxury.

Josh Uretsky and Russell Drapkin copied voter lists [1]. Did they intend to keep and misuse the lists that they copied? If they knew they were being audited, it&#x27;s unlikely they intended to misused the data and get away with it. Uretsky has experience as a programmer [2]. He might be telling the truth and was only documenting and determining the severity of the issue. On the other hand 20 voter lists is a bit extensive for a proof of concept.<p>[1] - <a href="http:&#x2F;&#x2F;www.bloomberg.com&#x2F;politics&#x2F;articles&#x2F;2015-12-18&#x2F;sanders-campaign-fires-data-director-after-breach-of-clinton-files" rel="nofollow">http:&#x2F;&#x2F;www.bloomberg.com&#x2F;politics&#x2F;articles&#x2F;2015-12-18&#x2F;sander...</a><p>[2] - <a href="http:&#x2F;&#x2F;heavy.com&#x2F;news&#x2F;2015&#x2F;12&#x2F;josh-uretsky-bernie-sanders-campaign-national-data-director-fired-photos-bio-age-who-improperly-accessed-clinton-data-democratic-dnc-system-access&#x2F;" rel="nofollow">http:&#x2F;&#x2F;heavy.com&#x2F;news&#x2F;2015&#x2F;12&#x2F;josh-uretsky-bernie-sanders-ca...</a><p>edit: added source

That bug seems to be setting back Bernie Sanders, which sucks.<p>The media going to have a field day with this.

Are there any grey-hat things that can be done keep campaign-parity in the mean time? Strictly hypothetically, I&#x27;d throw all of my technical skills at this problem if there was a clear path to a solution.

Interesting that Hillary would protest unauthorized access of data when she was running that email server that was not authorized, and arguably was holding much more important information than a voter database.