Records Of 198 Million US Voters "Accidentally" Exposed By RNC Contractor

While the Republican National Committee was allegedly busy evading Russian hacking attempts during the campaign, one of the contractors tasked with running its big-data operation apparently stored some of its most-sensitive files on an unsecured Amazon server that could be accessed by anyone who stumbled across the URL. As the Hill reports, Deep Root Analytics left a database containing 24 terabytes of data, including information about 198 million potential voters, or virtually the entire eligible population. The data included sensitive, but publicly available, information like voters’ addresses and phone numbers.

But more interesting than any personal information involved in the leak was the insight into Deep Root’s "big data" modeling tactics. The data included probabilities for individual voters’ positions on dozens of political issues, as well as estimates of how they voted in past elections. It also provided some insight into how big-data firms collaborate, as identifiers in the data suggest some of it was provided to Deep Root from TargetPoint and the Data Trust, two other big-data firms used by the Republicans.

Here’s the Hill:

For example, a 50-gigabyte file of "Post Elect 2016" information, last updated in mid-January, contained modeled data about a voter's likely positions on 46 different issues ranging from "how likely it is the individual voted for Obama in 2012, whether they agree with the Trump foreign policy of 'America First' and how likely they are to be concerned with auto manufacturing as an issue, among others."

That file appears in a folder titled "targetpoint," an apparent reference to another firm contracted by the RNC to crunch data. UpGuard speculates that the folder may imply that the firm TargetPoint compiled and shared the data with Deep Root. Another folder appears to reference Data Trust, another contracted firm.”

One UpGuard analyst who spoke with the Hill said he looked himself up in the data and that the estimated preferences were right on the money.

Gizmodo went into more detail about the exact nature of some of Deep Root’s models, including one that was used to predict voters’ opinions about the oil and gas industry in the US.

“One exposed folder is labeled “Exxon-Mobile” [sic] and contains spreadsheets apparently used to predict which voters support the oil and gas industry. Divided by state, the files include the voters’ names and addresses, along with a unique RNC identification number assigned to every US citizen registered to vote. Each row indicates where voters likely fall on issues of interest to ExxonMobil, the country’s biggest natural gas producer.”

The data evaluates, for example, whether or not a specific voter believes drilling for fossil fuels is vital to US security. It also predicts if the voter thinks the US should be moving away from fossil-fuel use. The ExxonMobil ‘national score’ document alone contains data on 182,746,897 Americans spread across 19 fields.”

Some of the data were apparently scraped from various subreddits, including, bizarrely, the banned subreddit “r/fatpeoplehate.” As Gizmodo noted, this is likely an attempt by Republicans to match social-media profiles with individual voters, a technique at Obama’s 2012 reelection campaign pioneered.

Some of the data included in Deep Root’s dataset veers into downright bizarre territory. A folder titled simply ‘reddit’ houses 170 GBs of data apparently scraped from several subreddits, including the controversial r/fatpeoplehate that was home to a community of people who posted pictures of people and mocked them for their weight before it was banned from Reddit’s platform in 2015. Other subreddits that appear to have been scraped by Deep Root or a partner organization focused on more benign topics, like mountain biking and the Spanish language.”

The Reddit data could’ve been used as training data for an artificial intelligence algorithm focused on natural language processing, or it might have been harvested as part of an effort to match up Reddit users with their voter registration records. During the 2012 election cycle, Barack Obama’s campaign data team relied on information gleaned from Facebook profiles and matched profiles to voter records.”

Reddit was an important locus of activity for Trump supporters during the campaign: it was the medium where they would create memes and share news stories that countered the mainstream media narrative. The subreddit currently boasts more than 440,000 members. Deep Root was paid handsomely for its efforts. The Hill, citing FEC data, said the firm collected $983,000 from the RNC between January 2015 and November 2016, according to Ad Age.

Though Deep Root has characterized the leak as an oversight, it still amounts to the largest leak of voter information ever.

“It dwarfs the second-largest exposure of voter information — 93.4 million records of Mexican citizens — by more than 100 million voters and tops the largest data breach of voter information — 55 million records of Philippine voters — by more than 140 million."

For its part, Deep Root said it was merely using the data to help target TV ad-buys. “Deep Root Analytics builds voter models to help enhance advertiser understanding of TV viewership. The data accessed was not built for or used by any specific client. It is our proprietary analysis to help inform local television ad buying."


Everyman Cordeezy (not verified) Mon, 06/19/2017 - 13:17 Permalink

How the hell is there "198,000,000" voters????  Last two or three elections we have had a close 50/50 spread of 120-140 million voters TOTAL, democrats AND republicans.Quie a slip, from the cyber security POV and also the issue of "voter fraud" from the GOP. There is only 330,000,000 population in the USA, including kids that can't vote and those that do not have the mental capacity to vote and felons.  There is NO WAY this is a true number.

In reply to by Cordeezy (not verified)

ASimpleTrader Cordeezy (not verified) Mon, 06/19/2017 - 17:06 Permalink

AWS services have to bve secured by the user of those services. All AWS does is rent out computing infrastructure, servers, storage, network, whatever. Its up to the USER of those services to make sure their crap is secure.The RNC dolt,probably uplaoded their crap to an S3 Bucket for stoarage and thought "Since only I know the URL, thats secure enough. The only people that know the URL of the S3 bucket can access it." NEvermind that the said dolt, didn't think any farther than what happens when the said URL is passed by someone else to someone else to someone else that eventually it reaches soeon that SHOULDN'T have it??RNC is still behind on the IT skills. SEcurein your stuff in AWS isn't super easy but easy enough for most system admins to grasp, just not the average office worker type. 

In reply to by Cordeezy (not verified)

meditate_vigorously (not verified) Mon, 06/19/2017 - 13:00 Permalink

And nobody goes to jail. It is almost like this sort of thing has the endorsement of the government, when no one is ever held accountable to the criminal justice system.

ASimpleTrader MrBoompi Mon, 06/19/2017 - 17:13 Permalink

Has nothing to do with it.The CIA stuff they paid Amazon for in in GovCloud datacenter. The RNC would be using the same AWS resources that anyone can rent by the hour.The users, using the AWS resoruces are responsable to secure their own stuff. Amazon will make sure the underlying computer sysytems are secure, but if you have a Windows server you are renting  by the hour, you need to make sure you've make it secure by whatever best practices you follow. 

In reply to by MrBoompi

hutnela Mon, 06/19/2017 - 13:17 Permalink

Here are some highlights from the future investigation... "I don't know" "I don't remember" and "what difference does any of it make now???" 

decentraliseds… (not verified) Mon, 06/19/2017 - 13:18 Permalink

 Why waste time on this alligator when the swamp’s most critical economic and political problems revolve around the hegemony of a global corporate cartel, which is headquartered in the US because this is where their dominant military force resides. The US Constitution is therefore the “kingpin” of an all-inclusive global financial empire. These fictitious entities now own the USA and command its military infrastructure by virtue of the Federal Reserve Corporation, regulatory capture, MSM propaganda, and congressional lobbying. The Founders had to fight a bloody Revolutionary War to win our right to incorporate as a nation – the USA. But then, for whatever reason, our Founders granted the greediest businessmen among them unrestricted corporate charters with enough potential capital & power to compete with the individual states, smaller sovereign nations, and eventually to buy out the USA itself. The only way The People can regain our sovereignty as a constitutional republic now is to severely curtail the privileges of any corporation doing business here. To remain sovereign we have to stop granting corporate charters to just any “suit” that comes along without fulfilling a defined social value in return. The "Divine Right Of Kings” should not apply to fictitious entities just because they are “Too Big To Fail”. We can't afford to privatize our Treasury to transnational banks anymore. Government must be held responsible only to the electorate, not fictitious entities; and banks must be held responsible to the government if we are ever to restore sanity, much less prosperity, to the world. It was a loophole in our Constitution that allowed corporate charters to be so easily obtained that a swamp of corruption inevitably flooded our entire economic system. It is a swamp that can't be drained at this point because the Constitution doesn’t provide a drain. This 28th amendment is intended to install that drain so Congress can pull the plug ASAP. As a matter of political practicality we must rely on the Article 5 option to do this, for which the electorate will need overwhelming consensus beforehand. Seriously; an Article 5 Constitutional Convention is rapidly becoming our only sensible option. This is what I think it will take to save the world; and nobody gets hurt: 28th Amendment: Corporations are not persons in any sense of the word and shall be granted only those rights and privileges that Congress deems necessary for the well-being of the People. Congress shall provide legislation defining the terms and conditions of corporate charters according to their purpose; which shall include, but are not limited to: 1, prohibitions against any corporation; a, owning another corporation; b, becoming economically indispensable or monopolistic; or c, otherwise distorting the general economy; 2, prohibitions against any form of interference in the affairs of; a, government, b, education, c, news media; or d, healthcare, and 3, provisions for; a, the auditing of standardized, current, and transparent account books; b, the establishment of state and municipal banking; and c, civil and criminal penalties to be suffered by corporate executives for violation of the terms of a corporate charter.    

Chupacabra-322 Mon, 06/19/2017 - 13:21 Permalink

The only "List" needed is the one with the Global Elite Pure Evil War Criminal Treasonous Seditious Psychopaths located in Israel, The City of London, The Vatican & DC.

montresor (not verified) Mon, 06/19/2017 - 13:47 Permalink

I guess if they're going to dox everyone like that, it's probably time to set up some old viet cong style booby traps around the property..

Just Another V… Mon, 06/19/2017 - 13:54 Permalink

 WHEN does the GOP stop playing Kumbaya nice and fair and up front...........and fight fire with fire against the corrupted DIMS ??????? No Consequence for the criminal DIM leakers, liers that desire, incite, and promote hate, violence. WaPo, NYT, CNN  run over the GOP with lies and leaks at will and without consequence. O Mamma admin continues to have leakers and spys in place to intentionally damage the elected PresidentDIMS plead the fifth on any questions or consequence.    GOP in power in the executive, House, Senate, and with Governors and allows the DIMS to conduct anunlimited red herring fiction investigation of the PRES over nothing, nada, zip, no evidence.    No consequence for numerous past known and documented criminal behaviors of past administration officials in high places, for instance, like tens of thousands of missing emails and unsecure data on known pedo pc.A massive large foundation that has nver been held to account for criminal pay to play.