New Major Compromise: Hill and the DNC Still Haven't Learned Digital Security

The actual web address is hillaryclinton.com/calls/ so yes, the open call bank really belongs to Hillary; and no, Hillary and the DNC have not learned anything from the various recent digital indiscretions and hacks…  unsecured bathroom email servers notwithstanding.   Hillary is demonstrating that she cares nothing about contact data security for the voters in 20 states.

At first it was just their own data that Hillary and the DNC could not safeguard.  Now it’s your data if you live in any of those 20 states.

Hilary is demonstrating openly and clearly that she cares nothing about easily employed security and is fully willing to place contact info for the voters in 20 states in jeopardy – a voter data harvest that does not even require a hack.  And that does not require any accurate identifying info to gain access to the data.

At the web address above, there is no security to prevent someone using a free web spider to harvest *all* names and phone numbers for the voters in 20 states.  Most modern free web spiders can harvest phone numbers as well as email addresses – and a recent court appeal agreed that it is not ‘hacking’ if the data harvested is not secured behind some sort of security apparatus.  In the case of Hillary’s phone bank, not even the most trivial of security mechanisms is employed.

Just so you know (since many know I’m a digital guy) the systems my teams have employed in the past all required confirmation of a good email address, and the good phone bank systems call the phone banker (incoming call to your phone from the phone bank) so the system also has a good phone number recorded for the phone bank caller as well as a good email address.  That’s what a properly designed and audited system would do.

But Hillary, and her team, and the DNC do not care about protecting sensitive voter contact info to judge by their actions.

But it get’s much much worse.  Before going further, it’s important to note that I do not suggest that anyone engage in any shenannigans with Hillary’s horribly open resource.  Quite the opposite.

Here’s how it gets much worse: when enrolling to use Hillary’s vaunted call bank, they do not check your email address – you can give any false or spurious email address (you get no email to confirm that you gave a good email address) and are admitted to see the voter data instantly without a confirmation email being clicked.  You know the process – you have to go through that short ‘ordeal’ to gain access to the most trivial blog… but Hillary’s team doesn’t even empoly that simple measure – a security measure that is installed by default on most systems – they probably had to work hard to defeat even that basic security check.

When in the phone bank itself, you do not have to actually complete a call to record it as completed and move on to harvest the next phone number.

In spite of my insistence above, I’m sure there are plenty of strategists who will pay a visit anyway to learn Hillary’s most important states and what she is saying to the people in those 20 states.

So if you see Hillary acting smug about her numbers or ‘internal polling’ next week, you’ll know that someone wrote about 30 lines of PHP code to skew her internal numbers without dialing a single phone number.

Hillary, her team, and the DNC are demonstrating openly that they care not a whit about voter data security

But the idea of someone who is so sloppy and careless being in overall charge of government cyber-operations is a chilling thought.

Very chilling.

H/T to @kaltkrieger and @ANONAMERICANHQ who reported first on Twitter.

Ron Robinson was the National Digital Director for the Draft Carson Campaign.  He does many quiet digital projects for campaigns, and is working now on a media project that will soon launch for crowdfunding (it’s cool – watch for it!)