Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday December 26 2015, @10:22AM   Printer-friendly
from the something-there-is-that-doesn't-love-a-wall dept.

As you probably already know, Bernie Sanders' presidential campaign was involved in some recent hijinks involving improper access to campaign data from the Hillary Clinton campaign, after a buggy software patch applied by the contractor maintaining the Democratic Party's voter database, NGPVAN, inadvertently opened a data firewall. The Democratic National Committee (DNC) suspended the Sanders' campaign access to Democratic voter lists (a subscription that the campaign had paid for); Sanders responded by suing the DNC; after a brief negotiation, the DNC restored the Sanders campaign access; and Sanders apologized to Clinton for the hack in Saturday night's debate. Clinton accepted the apology, and noted that most Americans don't care anyway.

Present company (possibly) excepted. Veteran Democratic campaign consultant David Atkins, who evidently has hands on experience using the software in question, pieced together what he thinks happened; including useful background on NGPVAN's software and its use by the Democratic party.

Atkins' bottom line:

As it turns out the ethical breach by Sanders operatives was massive, but the actual data discovery was limited. So it made sense and was fairly obvious that the DNC would quickly end up giving the campaign back its NGPVAN access—particularly since failing to do so would be a death sentence for the campaign and a gigantic black eye to the party.

Atkins also had some choice words for DNC chair Debbie Wasserman-Schultz, agreeing with David Axelrod (Obama's former chief campaign strategist) that the DNC overreacted.

DNC CEO Amy Dacey blogged that the suspension of access to Sanders wasn't punitive:

This action was not taken to punish the Sanders campaign — it was necessary to ensure that the Sanders campaign took appropriate steps to resolve the issue and wasn't unfairly using another campaign's data.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Insightful) by Runaway1956 on Saturday December 26 2015, @10:45AM

    by Runaway1956 (2926) Subscriber Badge on Saturday December 26 2015, @10:45AM (#281153) Homepage Journal

    It's easy to suspect that Sanders was set up here.

    The DNC's clear favorite, is Clinton. The DNC and their contractor is responsible for security. A data breach is an indication that either A: they are incompetent, which would be no surprise. Or, B: the breach was engineered for the purpose of "catching" Sanders "hacking" the system. C: would be, Sanders' people actually did some hacking, which I kinda doubt.

    I strongly suspect that the data was exposed, either through incompetence, or via a conspiracy, and some of the staff were trying to figure out what they were looking at. I doubt that anyone had any real suspicion that they were in territory that was verboten, initially. At that point, it would have become something like, "Harry, you're not going to believe this shit!" "What is it?" "Well, just look - that's not our stuff!" "Well, WTF is it then?"

    Ensure the Sanders campaign took "appropriate steps"? Really? The people who maintain the database and the servers should have been held liable, and any "appropriate steps" should have been taken by them - not Sanders.

    How do you spell "corruption"?

    The whole damned thing is set up wrong, anyway. If Hillary and Sanders are both making use of data supplied by the DNC, then that data should be downloadable to each campaign's computers, where the campaign can integrate all that data into their own data. Of course, that runs contrary to the concept of "the cloud".

    I say, indict the correct people. Maybe a couple of Sanders' staffers were less than honest, maybe they were perfectly honest. It's obvious to me that the DNC and contractors are liable for exposing the data.

    --
    "no more than 8 bullets in a round" - Joe Biden
    • (Score: 0) by Anonymous Coward on Saturday December 26 2015, @11:42AM

      by Anonymous Coward on Saturday December 26 2015, @11:42AM (#281155)

      Then why would Sanders apologize instead of raise hellfire?
      What evidence do we have besides your speculation?

      • (Score: 5, Informative) by Anonymous Coward on Saturday December 26 2015, @11:56AM

        by Anonymous Coward on Saturday December 26 2015, @11:56AM (#281156)

        First off, the 'security contractor' was somebody who'd worked for Clinton in the past. Second the 'drops' in the firewall had been happening over the course of WEEKS. The Sanders guy who looked into it was following the assumption that anything on the clinton side they could see clinton's staff would have been able to see during the previous weeks and until the firewalling issue was resolved.

        Long story short, when the staff raised concerns when disclosing how major the breach was, the staff member got fired, Bernie's campaign got the penalty box, and nobody seems to inquire if any of Clintons staff had done 'similiar investigations' in the weeks prior, perhaps including copying Sanders campaign data into the clinton campaign to give them a unfair (but temporary) advantage.

        Somebody who was unrelated to the incident but on the Sanders tech staff commented further on it giving insight into what the system is actually like. Suffice it to say 'government contractor' quality of work.

        • (Score: 0, Redundant) by Anonymous Coward on Saturday December 26 2015, @07:19PM

          by Anonymous Coward on Saturday December 26 2015, @07:19PM (#281247)

          > Suffice it to say 'government contractor' quality of work.

          FYI the DNC is not a government organization, that would be unconstitutional.

      • (Score: 4, Interesting) by Runaway1956 on Saturday December 26 2015, @12:51PM

        by Runaway1956 (2926) Subscriber Badge on Saturday December 26 2015, @12:51PM (#281165) Homepage Journal

        AC already responded - and I'll add that if you read TFA, it is stipulated that the software is 1990's style and quality of software.

        "The first thing to understand is that NGPVAN is a creaky voter database system that looks, and feels like it was put together in the 1990s"

        So - shit software, administered by incompetent fools - they can do anything they want, no matter how damned stupid, and claim that it's the fault of the software. The programmers won't take responsibility, the DNC won't take responsibility, and administrators certainly won't take responsibility.

        It's like they neighborhood nymph undressing in front of her open windows, and claiming that anyone who sees her is a peeping Tom.

        --
        "no more than 8 bullets in a round" - Joe Biden
        • (Score: 2) by frojack on Saturday December 26 2015, @07:02PM

          by frojack (1554) Subscriber Badge on Saturday December 26 2015, @07:02PM (#281244) Journal

          In a winner take all world of party politics, allowing the party to manage your campaign contact list just seems sort of dumb.

          Trusting the other camp by hiring their ex-staffer seems even dumber.

          And that's about as specific as I can get before the _cough_ progressive troll army descends on me.

          --
          No, you are mistaken. I've always had this sig.
          • (Score: 2) by Runaway1956 on Saturday December 26 2015, @07:11PM

            by Runaway1956 (2926) Subscriber Badge on Saturday December 26 2015, @07:11PM (#281246) Homepage Journal

            Mob, Frojack. It's a mob, not an army.

            --
            "no more than 8 bullets in a round" - Joe Biden
            • (Score: 2) by frojack on Saturday December 26 2015, @07:25PM

              by frojack (1554) Subscriber Badge on Saturday December 26 2015, @07:25PM (#281252) Journal

              Still I'm likely to get "mobbed" to hell here on SN by laying any baskets with babies too close to certain doorsteps.

              --
              No, you are mistaken. I've always had this sig.
              • (Score: 0, Troll) by Ethanol-fueled on Saturday December 26 2015, @09:24PM

                by Ethanol-fueled (2792) on Saturday December 26 2015, @09:24PM (#281278) Homepage

                Let me tell you about mobbing.

                The Jews really, really want Clinton to win. The supreme ruler of the Democratic party and loyal Israeli Debbie Wasserman-schultz [squarespace.com] will stop at nothing to ensure that all candidates other than Clinton are disqualified or discredited from running.

                In short, there is no "democracy" in the Democratic party.

                • (Score: 2) by Magic Oddball on Sunday December 27 2015, @04:43AM

                  by Magic Oddball (3847) on Sunday December 27 2015, @04:43AM (#281373) Journal

                  I'm clearly missing something — given both Clinton & Sanders are steadfastly pro-Israel, why would Jewish or loyal Israeli people favor a candidate that's Methodist over one that's proudly Jewish?

                  • (Score: 1) by Ethanol-fueled on Sunday December 27 2015, @08:02AM

                    by Ethanol-fueled (2792) on Sunday December 27 2015, @08:02AM (#281399) Homepage

                    Good question. Maybe with the Jews, winning a Democrat candidate is a win-win situation. They control everything.

          • (Score: 2) by MostCynical on Saturday December 26 2015, @07:30PM

            by MostCynical (2589) on Saturday December 26 2015, @07:30PM (#281254) Journal

            Isn't this a result of "the party" doing the fund raising, and therefore havinf the money to collect the information?

            --
            "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
            • (Score: 2) by frojack on Saturday December 26 2015, @08:21PM

              by frojack (1554) Subscriber Badge on Saturday December 26 2015, @08:21PM (#281267) Journal

              Nope.

              --
              No, you are mistaken. I've always had this sig.
          • (Score: 2) by Whoever on Saturday December 26 2015, @07:42PM

            by Whoever (4524) on Saturday December 26 2015, @07:42PM (#281255) Journal

            In a winner take all world of party politics, allowing the party to manage your campaign contact list just seems sort of dumb.

            The campaign already needs to access the contact data because most of the data is owned by the DNC and available to both sides.

            Given the lack of tech-savvy people in politics and the need to spend money carefully, it might be a dumb move to spend money re-inventing the wheel.

            • (Score: 2) by frojack on Saturday December 26 2015, @08:24PM

              by frojack (1554) Subscriber Badge on Saturday December 26 2015, @08:24PM (#281268) Journal

              Lack of tech savvy people in politics? Seriously?

              We are talking about the DNC - Democratic National Committee here, not the DRC Democratic Republic of the Congo.

              --
              No, you are mistaken. I've always had this sig.
      • (Score: 5, Informative) by Anonymous Coward on Saturday December 26 2015, @01:01PM

        by Anonymous Coward on Saturday December 26 2015, @01:01PM (#281166)
        This is NGP VAN's CEO, [ngpvan.com] who has posted images on Facebook of himself in front of "Ready For Hillary" buses and talking about her campaign trail.

        Next, examine what Wasserman-Schultz was doing in 2008 before she became the DNC's chair. [wikipedia.org]

        And for good measure, NGP VAN's vice president is her brother. [ngpvan.com]

        Even if these are coincidences related to being in this field of work, Hillary's people are rooted in NGP VAN and the DNC pretty deep.
        • (Score: 0) by Anonymous Coward on Saturday December 26 2015, @01:27PM

          by Anonymous Coward on Saturday December 26 2015, @01:27PM (#281175)

          Who rooted Hillary? Inquiring minds want to know, who is Chelsea's daddy?

      • (Score: 3, Informative) by Thexalon on Saturday December 26 2015, @09:43PM

        by Thexalon (636) on Saturday December 26 2015, @09:43PM (#281282)

        The Sanders campaign did raise hellfire, in the form of public petitions and a lawsuit that is still pending. The DNC tried to stop the lawsuit by giving them their data back, but the Sander campaign continued with the suit looking for monetary damages over a breach of the contract between the DNC and the Sanders campaign by the DNC (Sanders was supposed to have 10 days to deal with the problem, was dealing with it by firing everybody involved and deleting the data, and was cut off anyways).

        --
        The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 4, Insightful) by Whoever on Saturday December 26 2015, @07:44PM

      by Whoever (4524) on Saturday December 26 2015, @07:44PM (#281256) Journal

      It's easy to suspect that Sanders was set up here.

      Of course this was a setup. Look at the way they undermined Larry Lessig: changing the rules on the fly to keep him out of the debates.

    • (Score: 3, Informative) by Thexalon on Saturday December 26 2015, @08:57PM

      by Thexalon (636) on Saturday December 26 2015, @08:57PM (#281273)

      Also worth mentioning:
      1. Debbie Wasserman-Schultz was Clinton's campaign manager in 2008. In totally unrelated news, the Clinton campaign in 2008 did the exact same thing to the Obama campaign that Sanders' campaign is accused of doing to the Clinton campaign.
      2. The owner of the contracting company just so happened to be a major Clinton campaign donor.

      So whether or not Sanders was actually set up, there is a strong reason to believe that neither the DNC chair nor the contracting company are neutral parties.

      --
      The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 2) by CirclesInSand on Sunday December 27 2015, @06:37AM

      by CirclesInSand (2899) on Sunday December 27 2015, @06:37AM (#281386)

      It's easy to suspect that Sanders was set up here.
      The DNC's clear favorite, is Clinton.

      The R/DNC is the most powerful and successful campaign selling corporation in the world. The are insanely good at vetting public opinion and putting up a public face.

      You don't know anything about them except what they want you to know about them.

      Ron Paul isn't running this term, and the incumbent is a democrat who isn't running again. That means that there is a huge void for the "we are different from the last guy" vote and no one to fill it, although Trump seems to be trying to pull as much of that as he can.

      So, it is far more likely that Sanders (and the DNC on his behalf) is trying to get the anti-incumbent vote, and setting up Clinton to be the establishment candidate (an easy sell) as a foil to promote Sanders. I strongly doubt the DNC campaign experts are deluded into thinking that Clinton would better promote their political power rather than Sanders; to call her a favorite is somewhat of an obvious storyline for them to craft.

      In the end, they only need 1 candidate to win.

      • (Score: 2) by Runaway1956 on Sunday December 27 2015, @07:01AM

        by Runaway1956 (2926) Subscriber Badge on Sunday December 27 2015, @07:01AM (#281391) Homepage Journal

        That does make a kind of sense, but I see two problems with that. 1. Hillary has access to hundreds of millions of dollars, and she is more able to pay off political favors than anyone in the field, except for Trump. 2. As had been repeatedly pointed out in this discussion, Wasserman-Schultz and her brother are both Clinton people. It is possible, but probably unlikely, that they are setting things up to betray Clinton. With Clinton in the White House, they both expect to be rewarded for their faithful service. With anyone else in the White House, they can expect to be exiled to the dog house. Sanders certainly couldn't be expected to trust them, after they betray Clinton, now could he?

        --
        "no more than 8 bullets in a round" - Joe Biden
    • (Score: 2) by captain normal on Sunday December 27 2015, @06:45AM

      by captain normal (2205) on Sunday December 27 2015, @06:45AM (#281387)

      This all so confusing to me. Just which actor is Don Pedro, which is Claudio, which is Hero, and who is Don John is this farce.
      Notice: this is a test. You will be graded appropriately.

      --
      “I have not failed. I’ve just found 10,000 ways that won’t work.” Thomas Edison
  • (Score: 2, Interesting) by quixote on Saturday December 26 2015, @02:25PM

    by quixote (4355) on Saturday December 26 2015, @02:25PM (#281191)

    However, the access logs do show that Sanders staff pulled not one but multiple lists—not searches, but lists—a fact that shows intent to export and use. And the lists were highly sensitive material. News reports have indicated that the data was “sent to personal folders” of the campaign staffers—but those refer to personal folders within NGPVAN, which are near useless without the ability to export the data locally.

    Even without being able to export, however, merely seeing the topline numbers of, say, how many voters the Clinton campaign had managed to bank as “strong yes” votes would be a valuable piece of oppo. While it’s not the dramatic problem that a data export would have been, it’s undeniable that the Sanders campaign gleaned valuable information from the toplines alone. It’s also quite clear that most of the statements the Sanders campaign made as the story progressed—from the claim that the staffers only did it to prove the security breach, or that only one staffer had access—were simply not true. It’s just not clear at this point whether the campaign’s comms people knew the truth and lied, or whether they were not being told the whole truth by the people on the data team who were still making up stories and excuses to cover their tracks. I suspect the latter. ...

    This doesn’t mean that Wasserman-Schultz hasn’t, in David Axelrod’s words, been putting her thumb on the scale on behalf of the Clinton campaign. She clearly has been, ...

    Still, the Sanders camp’s reactions have been laughable. It was their team that unethically breached Clinton’s data. It was their comms people who spoke falsely about what happened. The Sanders campaign wasn’t honeypotted into doing it—their people did it of their own accord. NGPVAN isn’t set up to benefit Clinton at Sanders’ expense—and if the violation by the campaigns had been reversed, Sanders supporters would have been claiming a conspiracy from sunrise to sundown.

    • (Score: 2) by urza9814 on Monday December 28 2015, @02:41PM

      by urza9814 (3954) on Monday December 28 2015, @02:41PM (#281690) Journal

      It was their team that unethically breached Clinton’s data.

      This is the biggest problem in all the articles covering this incident. How do you "breach" something which you have been given access to from the owner? If I hand you a key to my house, I can't really claim "breaking and entering" if you use that key to get in...

      Sanders didn't hack NGP VAN; NGP VAN hacked themselves. Unfortunately, much like patents, our society doesn't recognize negligence when you add the phrase "...with a computer"!

  • (Score: 5, Insightful) by Bill Dimm on Saturday December 26 2015, @04:36PM

    by Bill Dimm (940) on Saturday December 26 2015, @04:36PM (#281220)

    However, the access logs do show that Sanders staff pulled not one but multiple lists—not searches, but lists—a fact that shows intent to export and use.

    Why does the fact that they pulled lists rather than searches imply that they intended to export (even though the article seems to say they couldn't, and you would think they would know that) or use the data? If their goal was to gather evidence of an actual security lapse in order to lodge a complaint about the crappy software, wouldn't a list (static) rather than search (dynamic) be the appropriate thing to collect? If they saved searches (presumably just queries, not search output), couldn't the vendor fix the problem and then claim that there never was a real a problem (i.e., well, you saved some queries but if you execute them you'll find that you don't actually get anything)?

    • (Score: 4, Interesting) by frojack on Saturday December 26 2015, @07:23PM

      by frojack (1554) Subscriber Badge on Saturday December 26 2015, @07:23PM (#281249) Journal

      I suggest that pulling multiple lists was simply gathering evidence that could be compared to Sanders own lists to show that Clinton had been using this same security hole for months and months. Comparing when a name showed up on a Sanders lists to the time the same name appeared on Clinton's lists could have been damning evidence.

      And further, all indications are that others (Perhaps Wasserman-Schultz) knew Sanders was collecting evidence of Clinton's actions and made a desperate preemptive strike.

      Blaming the original bug on some unnamed contractor is also beyond belief. Its the oldest trick in the book to blame some contractor. The bug was probably inserted for the Clinton Campaign, but with an audit trail direct to Wasserman-Schultz, to assure her position in the party goes unchallenged.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 4, Interesting) by Thexalon on Saturday December 26 2015, @09:01PM

        by Thexalon (636) on Saturday December 26 2015, @09:01PM (#281275)

        The one key bit of evidence in the whole thing was how quickly the DNC backed down when Sanders' campaign filed suit. The one thing they definitely don't want is a discovery process where the Sander campaign can subpoena stuff from the DNC about their decision.

        Sanders, not being dumb, is continuing forward with his suit.

        --
        The only thing that stops a bad guy with a compiler is a good guy with a compiler.
      • (Score: 4, Informative) by Magic Oddball on Sunday December 27 2015, @06:52AM

        by Magic Oddball (3847) on Sunday December 27 2015, @06:52AM (#281390) Journal

        That matches what Sanders' staff has said in interviews like this one in a US Uncut article [usuncut.com] among many others:

        Josh Uretsky, Sanders’ national data director, viewed, searched, and even transferred some of the data on the server itself, but insists that he did not act inappropriately or export any data from the NGP VAN system. “The breach was in no way our fault. I saw it and attempted to investigate and attempted to do it in a transparent manner,” he said.

        “To my knowledge, we did not take anything out of the system it was in and did not gain anything out of it. We saw a security breach and we tried to assess it and understand it.”

        When asked about why he accessed Clinton’s files, he responded, “You see something, you investigate it first. … I knew full well that I was creating a record that the administrators could see.” He maintains that he was actively trying to create a record of the problem so that NGP VAN could effectively track and debug the problem, and that he made no attempt to conceal his actions.

        Michael Briggs, a communications aide for the Sanders campaign, said this isn’t the first time they’ve reported security bugs in the DNC’s voter file.

        “On more than one occasion, the vendor has dropped the firewall between the data of different Democratic campaigns. Our campaign months ago alerted the DNC to the fact that campaign data was being made available to other campaigns,” Briggs told Buzzfeed News. “At that time our campaign did not run to the media, relying instead on assurances from the vendor.”

    • (Score: 0) by Anonymous Coward on Saturday December 26 2015, @07:25PM

      by Anonymous Coward on Saturday December 26 2015, @07:25PM (#281251)

      That is one of those facts where the entire meaning is decided by who provides the context. That's the way people lie, even to themselves because when you aren't aware, or choose to ignore, the rest of the story it makes the narrative so black and white and simple minds love black and white explanations.