First and last names. Recent addresses and phone numbers. Party affiliation. Voting history and demographics. A database containing this information from 191 million voter records was mysteriously published over the last week, the latest example of personal voter data becoming freely available, alarming privacy experts who say the information can be used for phishing attacks, identity theft and extortion. No one knows who built the database, or precisely where all the data came from, and whether its disclosure resulted from an inadvertent release or from hacks. The disclosure was discovered by an information technology specialist, Chris Vickery, who quickly alerted the authorities and published his findings on Databreaches.net. NationBuilder, a nonpartisan political data firm, has said it may have been the source of some of the data, although the actual database that was released was not the company’s.
“The reality is there’s a tremendous amount of data that’s freely available,” said Craig Spiezle, executive director of the Online Trust Alliance. “For candidates, it’s what doors to knock on. For cybercriminals, it’s identifying a higher network of targets.” Indeed, nearly all of the data that was released was already publicly available. But having it compiled in one place makes it particularly valuable.
As a result of the Help America Vote Act of 2002, state governments are each required to maintain a single, “interactive computerized” voter registration list with “name and registration information.” It leaves what that “registration information” consists of to the discretion of the states. But as big data increasingly plays a large role in both politics and business, the presence of the publicly available information raises questions of both privacy and security. Some ask whether states have gone too far in making such data available.