MPR's Polinaut blog has the scoop on a CD-ROM, sent out by the Minnesota Republican Party, that surveys voters on a number of issues and stealthily sends the data to the Republican Party to be used in voter ID lists.
Ingenious idea, yes. But apparently there is no privacy notice on the CD, which poses frightening risks to data privacy. From ThinkProgress:
The problem – the CD sends your answers back to headquarters, filed by name, address, and political views. No mention of that in the terms of use. No privacy policy at all. The story concludes: “So if you run the CD in your personal computer, by the end of it, the Minnesota GOP will not only know what you think on particular issues, but also who you are.�These practices fall way below the standard for today’s polling firms and web sites. The norm for polling firms is to anonymize the data and report only statistical totals. The norm for commercial web sites is to have a privacy policy, with Federal Trade Commission enforcement if the web site breaks its privacy promise.
Without a privacy policy, the state party can tell your views to anyone at all. If you give the “wrong� answers on abortion or other issues, they can tell your boss, members of your church, or anyone else. In fact, these answers could get distributed to campaigns in your town during get-out-the-vote efforts – precisely the place where “wrong� answers can be most damaging.
Worse still, something apparently went wrong with the programming, and some people have figured out how to access the GOP's data on an unsecure server:
What's worse, the information is on an unsecured Web site. I'm not going to tell you what site we found it on (until it's been secured), just to let you know that the data is there. And it can be found by anyone who can decompile the program on the CD. [...]We could -- if we were malicious (and we're not ) -- change the questions that are "on the CD" because they're really not on the CD. The program connects to a database and provides the questions.
Imagine if thousands of CDs arrived in homes with the question "do you like Siegried and Roy?"
We could steal the data. In fact, the mailing list of more than [...] 25,000 names is also on the site, and is easily downloaded into a spreadsheet. Cool. Twenty-five-thousand names and addresses. Free.
This is a significant security flaw. And it's coming to a mailbox near you in a few days.
Ridiculous. They don't tell you that the CD uploads your personal information to the internet, and they can't even be bothered to secure that information?
Props to North Star Politics for the catch.
Posted by smit2174 at March 1, 2006 12:53 AM | TrackBack
Comments