We had missed this earlier
Deep Root Analytics, a marketing firm contracted by the Republican National Committee, has inadvertently exposed the personal data of 198 million US citizens or over 61% of the country’s population, Gizmodo reports. The personal data includes home addresses, date of birth, and phone numbers, as well as detailed analyses of possible individual voting patterns based on key topics such as gun control, right to abortion, religious affiliation and ethnicity among others. This data was lying in a publicly accessible Amazon cloud server.
This leak was first discovered by UpGuard’s cyber risk researcher Chris Vickery.
The report mentions that the data was gathered from several sources, including from the banned subreddit r/fatpeoplehate and American Crossroads, a super PAC which independently raised funds from donors to advocate for certain Republican Party candidates, among others.
The data was collected during the campaigning phase of the US Presidential elections, which concluded in November last year, and was last updated in January this year, when President Donald Trump was inaugurated.
Deep Root told Gizmodo that the data included proprietary information and publicly available voter data, and that since this was brought to their attention they have updated access settings.
It needs to be pointed out here that while the data could have been accessed by anyone, there is no clear evidence that it was accessed or any data stolen from the database before Vickery discovered it. However, that doesn’t mean that the privacy concerns in this case are any less pertinent.
The Election Commission in India has been guilty in the past
Back in May 2014, a Hyderabad-based web analytics company, Modak Analytics had claimed that it had created a “big data-based electoral data repository” after scraping information of 81.4 crore voters from the Election Commission’s website. The company told The Economic Times that it planned to analyze this data to help parties or candidates “raise funds, design a tailored communication to target a select few voters, rework advertisements and create detailed models for voter engagement in battleground states as well as in gender and voter clusters to increase the power of micro-targeted strategy.” For example, at the constituency level, Modak was able to provide a caste-based split, the number or percentages of Muslim voters in a constituency, show a break-up in terms of age, and list constituencies with the most celebrities.
It’s worth noting that the idea of micro-targeting voters based on electoral data had been suggested in the past by Netcore founder Rajesh Jain as well.
This is deeply worrying, to say the least, and the Election Commission should work with cyber risk experts (from outside India if need be) to ensure that voter data on its platform is secure. Especially now that Aadhaar is a significantly bigger beast, with biometric data of over 115 crore Indians already recorded (UIDAI claim).
Image Credit: Flickr user Scott Sterbenz