|
?:reviewBody
|
-
On 18 December 2015, presidential candidate Bernie Sanders' campaign became embroiled in a controversy with the Democratic National Committee (DNC) over alleged improper access of voter data by the Vermont senator's staffers. A New York Times article published on that date (Clash Erupts Between Bernie Sanders Campaign and Democratic Party) reported that the allegations originated with a dropped firewall in proprietary campaign software managed by the outside firm NGP VAN. The paper's reporting indicated that the data contractor was making a tweak to its system that inadvertently created a situation in which the campaigns could see each others' information but only the Sanders campaign accessed data that was proprietary. The precise circumstances under which that data was accessed (or how the disputed access occurred) was not detailed in initial reports. After news broke, the Sanders campaign terminated staffer Josh Uretsky, who was managing three other staffers (with all four being accused of improperly accessing Hillary Clinton's campaign data). Uretsky asserted in an interview that he had merely been trying to verify the breach, not obtain any information that should have remained private: In an interview with MSNBC, Uretsky again asserted that the actions were taken purposefully in order to generate proof that a breach was possible, but we were unable to locate any corroboration of his claim made by anyone knowledgeable about the particular software package in question: As a result of NGP VAN's dropped firewall and the data access controversy, the New York Times reported that the Democratic National Committee [DNC] acted swiftly to deny the Sanders campaign future access to the party's 50-state voter file, which contains information about millions of Democrats and is invaluable to campaigns on a daily basis. Uretsky maintained that the DNC's immediate sanctions effectively paralyzed key functions of the Sanders campaign at a critical juncture: A Washington Post article (titled DNC Penalizes Sanders Campaign for Improper Access of Clinton Voter Data) described the dispute as a strategic setback for Sanders which raised questions about the DNC's ability to provide strategic resources to campaigns and state parties. The paper also reported that Uretsky claimed the Sanders campaign was investigating the impact of the breach on their own data, not attempting to improperly access Hillary Clinton's campaign information: Much of the reporting centered around NGP VAN's propriety software and its functionality, operative details to which most news outlets weren't specifically privy. DNC chair Debbie Wasserman Schultz told CNN's Wolf Blitzer that Sanders staffers downloaded and exported the data in question: Given the proprietary and specialized nature of NGP VAN's software, Wasserman Schultz's unlocked door analogy was difficult to assess. CNN's coverage quoted a message from Wasserman Schultz to DNC members in which she accused the Sanders campaign of systematically engaging in improper data access: Much of the reporting about the dispute hinged on the reliability and functionality of NGP VAN's software. Unlike with commonly used software (such as Microsoft's Excel or Word), the only source available from which to gauge the level of potential malfeasance was DNC statements in news reports. However, a statement issued on 18 December 2015 by NGP VAN about the controversy appeared to contain some meaningful contradictions to Wasserman Schultz's assertions. Among those discrepancies was the firm's description of the data in question, and another was the use of the term export: The statement reiterated that during a brief window of unspecified duration, a limited amount of unauthorized data was viewable. However, NGP VAN stated that the affected data was not exportable, savable, or actionable: On Reddit, an r/technology thread about the controversy included comment from a self-identified 2008 Obama campaign staffer who claimed such breaches were both common but of limited strategic value: Another comment in that thread asserted that lack of public knowledge with respect to the software's interface made assessing the chain of events problematic for both the media and voters: On 18 December 2015, the Sanders campaign filed suit against the DNC [PDF via Politico] requesting immediate injunctive relief (including restoration of access to the data). The suit referenced the Defendant's [DNC] ongoing breach of the Parties; Agreement Regarding Use of DNC National Voter File Data and held that under the terms of an agreement entered into by the Sanders campaign and the DNC on or about 26 October 2015, both parties were contractually entitled to a ten-day period in which to remedy contractual breaches: Another portion of the suit pertained to what was referred to as the Prior Incident in the body of the filing. The Sanders campaign's suit held that a similar breach favoring the Clinton campaign in 2008 occurred but did not prompt sanctions for her campaign and constituted persistent data security lapses on the part of the DNC: In summation, all parties agree that for a short window of time (spanning between 30 and 45 minutes) on or around 16 December 2015 four staffers for the campaign of Bernie Sanders had access to restricted data hosted by a third-party campaign company. The senior staffer in charge of the other three was fired following disclosure of the breach, that staffer maintained that staff were aware their actions were tracked and sought to create a record of the breach. The DNC immediately moved to suspend Sanders' access to the program, effectively crippling his campaign in the lead up to primaries and inhibiting the campaign's ability to engage in voter outreach. The Sanders campaign filed suit against the DNC; the suit alleged that the DNC failed to provide ten days for the Sanders campaign to rectify the breach as stipulated in an October 2015 contract, and further claimed that Hillary Clinton's 2008 campaign engaged in a similar transmission of unauthorized data with no sanctions applied. While the controversy was widely reported, little was known about the function of NGP VAN's proprietary software, how it operated, or what the staffers' intent in accessing the data ultimately entailed. The suit is pending, and Sanders' campaign remains restricted from accessing the voter data. Update: Shortly after midnight on 19 December 2015, ABC News reported that the Sanders campaign and the DNC reached an agreement. The Sanders campaign stated that the DNC capitulated, and the DNC indicated the campaign was in compliance with its request and it would in turn restor[e] the Sanders campaign’s access to the voter file: A New York Times reporter tweeted a copy of the DNC's statement on the agreement: On 29 April 2016, the Sanders campaign withdrew its suit against the DNC following a months-long investigation into the purported data breach. The Hill reported: The DNC declined to make their findings public, and said in a statement: The Washington Post further reported that the DNC declined to release the study itself by the firm CrowdStrike.
(en)
|
![[This page as RDF]](http://data.gesis.org/claimskg/static/rdf-icon.gif){kind=icon}