
DNC Voter Database Breach – NGP VAN? - treerunner
I&#x27;m curious as to what reality is vs. mainstream media &#x2F; DNC interpretation of how a &quot;firewall&quot; was dropped to expose Clinton voter records to the Sanders campaign. Anyone here have any knowledge of the software in question and NGP Van&#x27;s stack? Or their workflow?? Was the data exposed in an API, or codebase, or user interface? Thanks in advance.
======
gkop
I was a field organizer for Obama in 2008. Back then VAN was a run of the mill
LAMP CRUD app. It felt pretty hacky and old-school, I'd be surprised if it had
a thoughtful multi-tenant data model / architecture to isolate campaigns. So
my interpretation of the "dropped firewall" is just a flaw in the permissions
system that opened up cross campaign data through the web interface (which
might include access to CSV dumps, etc).

VAN stands for Voter Activation Network. Indeed the data in VAN is the "meat
and potatoes" of the campaign's field operations. Access to local data is
available to low-level campaign volunteers through role-based permissions. So
campaigns could easily spy on this local per-voter and operations data with
double agent volunteers. If this story is really significant, it would have to
mean that the flaw in the permissions leaked aggregate data, data across large
regions, and other data that would only be available to trusted campaign staff
(IE regional, state, and national field directors in increasing order of
access; I suspect there is a facility in VAN for authorization of data scope
functioning in a "need to know" / "up the chain" manner a la the military).

The workflow at my level was the field organizer (FO) gets instructions from
the regional field director which geographies and demographics to focus on.
The FO goes into VAN and "cuts turf" which means carves up the geography and
extracts voters matching the desired characteristics, and delivers these lists
to subordinate canvassers (mostly volunteers, some paid). The lists contain
info on historical voting record and campaign contact events (contact
attempts, dated answers to "who are you planning to vote for?" and "how much
have you made up your mind?", etc) with the voters so that canvassers can
craft their pitch accordingly. Then if they're making phone calls the
canvasser sits in front of a computer and checks off their list voter-by-voter
right in VAN and entering data with the result of the phone call. If they're
going door to door, the canvassers carry clipboards with the list printed out,
take notes on the list with the result of the canvass, and enters the data
into VAN later. The campaign emphasizes careful and timely VAN data entry
because the higher ups in the campaign depend on the up-to-date aggregate VAN
data to coordinate field operations from the top down. An FO has access to
some aggregate data for the region so they can better perform activities like
yard sign distribution, planning events, identifying partner organizations,
and much more. The canvassers have the abilities to search (somewhat
powerfully) for voters statewide (and also get back campaign contact data) so
they can respond to circumstances like one local voter mentioning that their
cousin across the state is undecided, and the canvasser can just call the
cousin up and try and persuade them.

I'm curious to hear the workflow for higher-level campaign staff.

