Republican Data-Mining Firm Exposed Personal Information for Virtually Every American Voter

From [Intercept] THE GOP’S 2016 presidential upset wasn’t surprising just because it put Donald Trump in the White House; it also proved the party had vastly improved its ability to exploit data, including precision ad targeting campaigns on Facebook. Now comes the fallout of all that information hoarding: A California-based security researcher says Republican-linked election databases were inadvertently exposed to the entire internet, sans password, potentially violating the privacy of almost every single registered voter in the United States.

The data trove was apparently made public by accident by one of the data-mining companies that compiled it. It includes a mix of private information and data gleaned from public voter rolls: “the voter’s date of birth, home and mailing addresses, phone number, registered party, self-reported racial demographic, voter registration status” as well as computer “modeled” speculation about each person’s race and religion, according to an analysis provided to The Intercept.

The leak was discovered by Chris Vickery, an analyst at the U.S. cybersecurity firm UpGuard, who last year discovered an enormous breach of Mexican voter data and in 2015 a 300GB leak of records of 191 million voters. This new incident is more extensive, according the analysis, written by UpGuard:

UpGuard’s Cyber Risk Team can now confirm that unsecured databases containing the sensitive personal details of over 198 million American voters was left exposed to the internet. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of nearly all of America’s 200 million registered voters was exposed, including their names, dates of birth, home addresses, phone numbers, and voter registration details, as well as voter ethnicities and religions as “modeled” by the firms’ data scientists.

(DRA, TargetPoint, and Data Trust were not immediately available for comment.)

Two of the firms linked to the database, Deep Root Analytics and Target Point, were among three firms hired by the RNC to do most of its data modeling and voter scoring in 2016, according to a December Ad Age story, with a mandate to shore up unconvinced Trump-leaning voters, sway weak Hillary Clinton supporters, and capture undecided voters.

What UpGuard appears to have discovered, sitting on an Amazon cloud storage drive with no password or username required for access by anyone on the internet, was terabytes of the data used to map the voter proclivities and demographics key to finding voters in those buckets. Beyond personal information like religion, age, and probable ethnicity, certain database files among those made public include individual scores for nearly 50 different beliefs, according to UpGuard’s analysis:

Each of fields under each of the forty-eight columns signifies the potential voter’s modeled likelihood of supporting the policy, political candidate, or belief listed at the top of the column, with zero indicating very unlikely, and one indicating very likely.

Calculated for 198 million potential voters, this adds up to a spreadsheet of 9.5 billion modeled probabilities, for questions ranging from how likely it is the individual voted for Obama in 2012, whether the agree with the Trump foreign policy of “America First,” and how likely they are to be concerned with auto manufacturing as an issue, among others.

The below screenshot, provided by Vickery, shows just some of the alignments on which 198 million Americans were scored: [MORE]