An Anonymous Coward writes:
As you probably already know, Bernie Sanders' presidential campaign was involved in some recent hijinks involving improper access to campaign data from the Hillary Clinton campaign, after a buggy software patch applied by the contractor maintaining the Democratic Party's voter database, NGPVAN, inadvertently opened a data firewall. The Democratic National Committee (DNC) suspended the Sanders' campaign access to Democratic voter lists (a subscription that the campaign had paid for); Sanders responded by suing the DNC; after a brief negotiation, the DNC restored the Sanders campaign access; and Sanders apologized to Clinton for the hack in Saturday night's debate. Clinton accepted the apology, and noted that most Americans don't care anyway.
Present company (possibly) excepted. Veteran Democratic campaign consultant David Atkins, who evidently has hands on experience using the software in question, pieced together what he thinks happened; including useful background on NGPVAN's software and its use by the Democratic party.
Atkins' bottom line:
As it turns out the ethical breach by Sanders operatives was massive, but the actual data discovery was limited. So it made sense and was fairly obvious that the DNC would quickly end up giving the campaign back its NGPVAN access—particularly since failing to do so would be a death sentence for the campaign and a gigantic black eye to the party.
Atkins also had some choice words for DNC chair Debbie Wasserman-Schultz, agreeing with David Axelrod (Obama's former chief campaign strategist) that the DNC overreacted.
DNC CEO Amy Dacey blogged that the suspension of access to Sanders wasn't punitive:
This action was not taken to punish the Sanders campaign — it was necessary to ensure that the Sanders campaign took appropriate steps to resolve the issue and wasn't unfairly using another campaign's data.
However, the access logs do show that Sanders staff pulled not one but multiple lists—not searches, but lists—a fact that shows intent to export and use.
Why does the fact that they pulled lists rather than searches imply that they intended to export (even though the article seems to say they couldn't, and you would think they would know that) or use the data? If their goal was to gather evidence of an actual security lapse in order to lodge a complaint about the crappy software, wouldn't a list (static) rather than search (dynamic) be the appropriate thing to collect? If they saved searches (presumably just queries, not search output), couldn't the vendor fix the problem and then claim that there never was a real a problem (i.e., well, you saved some queries but if you execute them you'll find that you don't actually get anything)?
I suggest that pulling multiple lists was simply gathering evidence that could be compared to Sanders own lists to show that Clinton had been using this same security hole for months and months. Comparing when a name showed up on a Sanders lists to the time the same name appeared on Clinton's lists could have been damning evidence.
And further, all indications are that others (Perhaps Wasserman-Schultz) knew Sanders was collecting evidence of Clinton's actions and made a desperate preemptive strike.
Blaming the original bug on some unnamed contractor is also beyond belief. Its the oldest trick in the book to blame some contractor. The bug was probably inserted for the Clinton Campaign, but with an audit trail direct to Wasserman-Schultz, to assure her position in the party goes unchallenged.
The one key bit of evidence in the whole thing was how quickly the DNC backed down when Sanders' campaign filed suit. The one thing they definitely don't want is a discovery process where the Sander campaign can subpoena stuff from the DNC about their decision.
Sanders, not being dumb, is continuing forward with his suit.
That matches what Sanders' staff has said in interviews like this one in a US Uncut article [usuncut.com] among many others:
Josh Uretsky, Sanders’ national data director, viewed, searched, and even transferred some of the data on the server itself, but insists that he did not act inappropriately or export any data from the NGP VAN system. “The breach was in no way our fault. I saw it and attempted to investigate and attempted to do it in a transparent manner,” he said.
“To my knowledge, we did not take anything out of the system it was in and did not gain anything out of it. We saw a security breach and we tried to assess it and understand it.”
When asked about why he accessed Clinton’s files, he responded, “You see something, you investigate it first. … I knew full well that I was creating a record that the administrators could see.” He maintains that he was actively trying to create a record of the problem so that NGP VAN could effectively track and debug the problem, and that he made no attempt to conceal his actions.
Michael Briggs, a communications aide for the Sanders campaign, said this isn’t the first time they’ve reported security bugs in the DNC’s voter file.
“On more than one occasion, the vendor has dropped the firewall between the data of different Democratic campaigns. Our campaign months ago alerted the DNC to the fact that campaign data was being made available to other campaigns,” Briggs told Buzzfeed News. “At that time our campaign did not run to the media, relying instead on assurances from the vendor.”
That is one of those facts where the entire meaning is decided by who provides the context. That's the way people lie, even to themselves because when you aren't aware, or choose to ignore, the rest of the story it makes the narrative so black and white and simple minds love black and white explanations.