GOP Firm Exposed U.S. Voters' Personal Data

A conservative data firm is responsible for revealing sensitive information pertaining to nearly 200 million registered voters.

A mobile phone shows a Facebook page promoting Hillary Clinton for president in 2016.
A mobile phone shows a Facebook page promoting Hillary Clinton for president in 2016. (Mike Segar / Reuters)

For two weeks in June, the personal information of nearly every U.S. voter was available on a publicly accessible Amazon cloud server after a marketing firm hired by the Republican National Committee (RNC) failed to password protect its data.

The BBC reports that the leak represents the largest breach of electoral data in the U.S. to date, leaving the information of nearly 200 million registered voters exposed. While the leaked files did not include voters’ Social Security or credit card information, they did include personal details, such as their birthdates, home addresses, and telephone numbers. In some cases, voters’ ethnicities, religions, and political views were also made available.

As a political data firm that worked with more than a dozen GOP committees during the 2016 election, Deep Roots likely intended to use the information to identify audiences for conservative advertisements. While this kind of data collection is common, the fact that it was so easily made public is cause for serious concern. According to Chris Vickery, the cybersecurity researcher who first discovered the unprotected files on June 12, the data included voter histories, as well as information about where voters stood on sensitive issues like abortion, gun ownership, and stem-cell research. Some of the information also detailed how voters felt about Wall Street, pharmaceutical firms, and the Affordable Care Act. All together, the information could leave voters open to identity theft, or even harassment.

On Monday, Deep Root’s founder Alex Lundry told Gizmodo his company accepted “full responsibility” for the situation, claiming that it was an internal error rather than a third-party hack. Lundry further stressed that the data “was not built for or used by any specific client,” adding: “It is our proprietary analysis to help inform local television ad buying.” Interestingly enough, the data seems to have been gathered from sources with a distinct political bent, including committees that raised funds for the Republican Party. Some of the data even came from a now-banned subreddit called r/fatpeoplehate that frequently attracted Trump supporters.

“Perhaps the biggest privacy problem here is the fact that the Republicans have all this information about voters in the first place,” Peter Eckersley, the chief computer scientist for a San Francisco-based digital rights group, told the Washington Post. “With these databases, political operations can promise very different and increasingly contradictory things to different people, and that may be turning into a serious problem for democracy.”

While the RNC has suspended its work with Deep Roots “pending the conclusion of their investigation into security procedures,” the larger practice of data collection continues. According to Vickery, June 12 marked the third time he had uncovered an online leak of national voter registration data. “This [is] the DNA of voter analysis,” he told CNN. “This is exactly what they use to determine how someone is likely to vote on a specific issue.”