
What Really Happened With the DNC’s “Datagate”? - idiotclock
https://www.jacobinmag.com/2015/12/bernie-sanders-hillary-clinton-data-breach-president-debate/
======
RockyMcNuts
There's extremely bad blood between the Hillary and Sanders campaigns, and the
Sanders guys think the DNC fabricated a scandal by immediately going public,
and possibly set them up.

[https://www.yahoo.com/politics/the-sanders-campaign-is-
takin...](https://www.yahoo.com/politics/the-sanders-campaign-is-taking-their-
fight-with-200738611.html)

There's a big difference between Obama and Hillary, where he's pretty
saturnine about attacks on him even when they get pretty crazy, and she takes
things more personally and circles the wagons and counterattacks.

~~~
tarr11
Sanders personally took a jab at Clinton during his apology, saying he wasn't
sure that her campaign didn't do the same thing, but providing no evidence of
that.

~~~
SolarNet
How can he when the company in question and the DNC are both for Hillary. How
can they know if there is evidence with out the cooperation of those entities.
Hence why they are suing to gain access to those records.

~~~
tarr11
The characterization was that Sanders is "Saturnine" while Clinton is circling
the wagons and counterattacking.

Clinton said that she was ready to move on from this, while Sanders is looking
for an investigation.

Since there's nothing else to discover about the Sanders campaign, the public
and repeated calls for investigation is presumably to find a smoking gun to
prosecute the Clinton campaign, the DNC and the data company for collusion and
worse.

Seems like a counter-attack to me.

~~~
wernercd
As if the public needs a smoking gun when the Clinton is surrounded by
scandals from A to Z.

It amazes me that Sanders isn't going guns-a-blazing with all the Scandals and
Corruption that emanates from the Clinton name brand.

Why look for the needle in a haystack when you have a stack of needles sitting
next to the haystack?

~~~
MaysonL
All the _accusations_ of Scandals and Corruption that emanate from the
Republican echo chamber.

There, ftfy.

------
ChrisAntaki
Interesting article, though it left out some context.

The Sanders campaign tried to report this issue months ago [1]. Nathaniel
Pearlman, the founder of NGP, now NGP VAN, was CTO of Hillary's 2008 run for
president [2]. Debbie Wasserman Schultz, the Chair of the DNC, was campaign
co-chair of Hillary's 2008 run for president [3]. Robert Reich, former
Secretary of Labor under Clinton, has criticized the DNC for being biased
against the Sanders campaign several times [4] [5].

[1] [http://thehill.com/blogs/ballot-box/presidential-
races/26373...](http://thehill.com/blogs/ballot-box/presidential-
races/263730-report-sanders-campaign-told-dnc-of-data-issue-months-ago)

[2]
[https://en.wikipedia.org/wiki/Nathaniel_Pearlman](https://en.wikipedia.org/wiki/Nathaniel_Pearlman)

[3]
[https://en.wikipedia.org/wiki/Debbie_Wasserman_Schultz](https://en.wikipedia.org/wiki/Debbie_Wasserman_Schultz)

[4]
[https://www.facebook.com/RBReich/posts/1119794974699764](https://www.facebook.com/RBReich/posts/1119794974699764)

[5]
[https://www.facebook.com/RBReich/posts/1120402367972358](https://www.facebook.com/RBReich/posts/1120402367972358)

~~~
idbehold
It wasn't the same issue and it wasn't even an issue with the same vendor (NGP
VAN).

~~~
mfisher87
I'm pretty sure that's wrong. I'm looking for a hard source, but haven't yet
found it.

[http://www.snopes.com/bernie-sanders-campaign-data-breach-
co...](http://www.snopes.com/bernie-sanders-campaign-data-breach-controversy/)

"On Reddit, an r/technology thread about the controversy included comment from
a self-identified 2008 Obama campaign staffer who claimed such breaches were
both common but of limited strategic value:

"As an '08 Obama staffer who used the VAN extensively, it went down like this,
"Oh, that's weird. It looks like we can pull lists from Hillary again. Hey
Erin, do a quick search..." Then everyone in the office room (there were 4
total accounts who did a search) tried the search too.

Any data they pulled would not have been that useful, especially considering
both campaigns use the VAN. They couldn't just turn around and re-enter the
Clinton supporters as 5's, etc. That's not how it works ... The breach is a
non-issue, however how it is being handled by the DNC (in addition to the way
the debates, etc) is the telling issue about how undemocratic the Democratic
National Party has become.""

Partway through my search I found one source, not primary, claiming that NGP
VAN was not at fault, but that's it. Can anyone find anything else?

[http://www.usatoday.com/story/news/politics/elections/2016/2...](http://www.usatoday.com/story/news/politics/elections/2016/2015/12/18/bernie-
sanders-campaign-disciplined-accessing-clinton-data/77539432/)

"Weaver blamed the DNC and its vendor for failing to protect the data. He said
the Sanders campaign contacted the DNC about an earlier firewall failure in
October, and he feels “very confident” that some of the Sanders’ campaign data
was lost to another campaign then. That system was not controlled by NGP VAN,
the company notes."

It's interesting that essentially the same issue has happened with two
different systems. Assuming the phrase "firewall failure" is meant the same
way... The technical doublespeak is really starting to get on my nerves. The
use of the term "firewall," it seems, is explicitly to make people think a
"hacking" was done.

~~~
Bluestrike2
The entire story seems kind of ridiculous. Given the descriptions, we're
talking about an access control bug. Calling it a "firewall failure" makes it
sound ridiculous, and I agree that it shades everything under a nefarious
tone. But since campaigns are chock full of lawyers, they might be using it in
a legal sense, referring to a "Chinese wall" [1] that prevents certain
communications to avoid conflict of interests. Unless access logs show that
the Sanders campaign decided to suck up everything, it's hard to argue that
the DNC didn't massively overreact here.

Whatever the case, what confuses me are the suggestions that these sorts of
breaches are common and that they have been for some time. What the hell are
these software vendors doing? Access control is nothing new. And while getting
it right isn't always easy, there's no reason for you to continuously get it
wrong, either. It's also really easy to test, comparatively speaking, because
potential issues here are predictable.

[1]
[https://en.wikipedia.org/wiki/Chinese_wall](https://en.wikipedia.org/wiki/Chinese_wall)

------
coldcode
Interesting read, especially for those of us who have no idea what technology
is available for candidates these days. Clearly every one of us exists in
these databases (I assume the GOP has such a thing too) and are connected to
other data like what we buy or what we belong to. Seeing this data is shared
between candidates I wonder how easy it would be for people to manipulate the
data for the benefit of one candidate or another. All it takes is poisoning
the entries and you could mislead a candidate's plans.

~~~
msellout
Amusingly, there's a similar database sold by the Georgia Secretary of State.
Recently they accidentally included the social security number of every
registered voter in the database they distributed. If I recall the news
article correctly, they mailed it out on CD to 6 different customers before
noticing the mistake.

~~~
tegansnyder
Voter registration databases are available from the Secretary of States office
in each state. Anyone can request a file dump; however, some states often
charge a small fee for the file. GOP and NDP use different tech stacks, but
both are tied to companies (like NGP) that have built processes around
obtaining and updating voter registration data yearly from each state. They
then tie in historic data they have from door to door canvassing, voter turn
out, and any other touch points to build a profile about the voter. Typical
data points include voting history, gender, various voter level flags
indicating if the voter supports causes/activism, and any other notes or voter
related data.

~~~
phire
Do they have per-voter voting history, or is it a probability based on more
coarse-grained voter turnout metrics?

~~~
Jgrubb
Unless I'm mistaken, it's impossible have a per user history.

~~~
ghaff
Individual voting records aren't public in the US (secret ballot). However,
whether or not an individual voted in a specific election is often public. (It
may vary by state or other jurisdiction.)

------
dccoolgai
Relevant, from a former DNC Tech Director
[https://medium.com/@joshhendler/why-the-bernie-breach-
isn-t-...](https://medium.com/@joshhendler/why-the-bernie-breach-isn-t-about-
technology-and-what-s-at-stake-c383ee7b840a#.rj1vnicbq)

------
skwirl
A much different take from another person with extensive experience with the
system in question:

[http://iowastartingline.com/2015/12/19/sanders-campaigns-
rec...](http://iowastartingline.com/2015/12/19/sanders-campaigns-reckless-
reaction-to-data-breach-is-a-danger-to-all-democrats/)

The person who wrote the submitted article is a self described socialist. The
person who wrote the article I linked to volunteered for the Clinton campaign
in 2008.

It doesn't matter how much expertise you have in a system when politics is
involved. Politics is going to taint your view. There needs to be an
independent outside investigation.

Personally, I thought the author of the submitted article painted a picture of
a serious breach and then tried to downplay it by pointing out that it was not
an even more serious.

------
Amorymeltzer
I suppose "filtered" makes a less exciting headline than "hacked voter
database" but wow is there ever a gulf between how this has been covered and
what happened. Thanks for this.

------
blfr
This is OT but I wanted to ask before: what does the "Jacobin" in Jacobin Mag
refer to? Presumably not the more genocidal fraction of the French Revolution
which was my first guess?

~~~
dcre
For more info, here is a great writeup by Alex Payne on why he made a large
donation to Jacobin and joined their board:
[https://al3x.net/2015/03/03/jacobin.html](https://al3x.net/2015/03/03/jacobin.html)

> Democratic socialist politics are my politics. I’m a socialist because I
> want to live in a just society. More than that, I want to live in a
> survivable society. The form of capitalism we live under does not present a
> viable future ecologically, economically, or socially. It is a system
> designed for the creation and preservation of capital, not human life. I’m a
> socialist because I believe that the wealth of society can best be harnessed
> through cooperation, not competition.

~~~
eli_gottlieb
And moreover, people who support capitalism don't get an automatic right to
label socialists as "murderous" or "genocidal" simply because _our_
revolutions kill people _up front_. Sure, blame us for the Holodomor and the
"Great Leap Forward" (and other similar artificial famines, disease outbreaks,
etc caused by bad state-socialist policy), but don't act like _your_ hands are
clean when you support a system that kills, last I remember, 49,000 people
_each year_ simply by artificially refusing to treat their diseases, and kills
further millions in its endless-yet-pointless foreign wars.

I fully support having a genuine contest of ideologies to see who can kill
fewer people and save more lives, with greater health and happiness! But that
means we have to admit, in the first place, that _capitalism kills_ , which is
more honesty than we get out of most people in Western societies today.

~~~
lliamander
> And moreover, people who support capitalism don't get an automatic right to
> label socialists as "murderous" or "genocidal" simply because our
> revolutions kill people up front.

Um... that is exactly why we call them murderous. Because they killed people.
A lot of them. In cold blood.

~~~
eli_gottlieb
As many as capitalism does?

~~~
jeffbax
You mean, when capitalism isn't bringing unprecedented amounts of people out
of abject poverty? (eg, cutting world poverty in half in the past 20 years)

Socialism is great, until you read a history book or look at its actual
implementation. And no, don't bring up northern EU states that actually depend
on quite free market capitalism to finance it (as well as unrealistic
monocultures that are unrealistic for the USA, and lead to morally
reprehensible immigration restrictions to keep the systems from being
overwhelmed)

------
tdaltonc
The frien-nemy relationship that this database represents is super
interesting. So each candidate has their own columns in the database. Does
that me that, for example, if the governor of California (Dem) endorses a
candidate for president, they will share their columns with that candidate?
I'm imagining a crypto-key getting plugged into a Mandrill scrips at campaign
HQ, and suddenly the emails get 5% more effective.

~~~
e40
Yes, once an endorsement takes place they will share data. It goes further
than that, though. Once someone drops out of a race and shares data, donations
to the endorsed candidate require a kickback to the original candidate. I
don't know the magnitude of the kickback, but the thing I wonder is this: is
that money tainted and under the rules of the FEC? Or, can it be spent on
anything the once-candidate desires?

This just shows how dirty money makes politics.

------
Lambent_Cactus
Really disappointed they went with the bloodless "Datagate" when "VANghazi"
was available.

~~~
sandworm101
Watergate involved wrongdoing by republican staffers. Bengazi (allegedly)
involved wrongdoing by democrats. So there is little debate as to which
descriptor a democrat would adopt to attack a fellow democrat.

But the use of "gate" does show the age of the candidates. I'd bet most under
30s in the US do not link 'gate' with watergate.

~~~
wetmore
> I'd bet most under 30s in the US do not link 'gate' with watergate

Doubt it. I'm 24. First of all, we obviously learned about Watergate in high
school history. Moreover, ever since Watergate happened, people have been
overusing the "gate" suffix. Just look at
[https://en.wikipedia.org/wiki/List_of_scandals_with_%22-gate...](https://en.wikipedia.org/wiki/List_of_scandals_with_%22-gate%22_suffix)

------
randomflavor
This should be used as an example of why the NSA's capturing of 'metadata' is
really a problem. It's basically the same thing and is a big deal.

Sucks that Uretsky couldn't help himself to get a sense of what the Clinton
camp was thinking tho

~~~
CamperBob2
Another point worth making: this is the same type of (meta) data that we use
to target drone strikes.

Anyone who says metadata is harmless hasn't been paying attention for quite
some time.

------
mschuster91
How on earth is stuff like that legal? Being interrupted in my life by
robocalls, cold calls, calls from "statistic polls", people arriving unnoticed
at my door to waffle about politicians, mail ads... that's intrusive-as-hell
advertising. If I were a US voter, I'd do everything but not vote for anyone
intruding in my life!

And why is it legal for ANYONE to (ab)use the public voter register for ANY
kind of gain, be it personal, commercial or political?

(note: I'm from Germany, where politicians aren't totally crazy)

~~~
thomasfoster96
Crazy is relative.

But I do find it incredibly worrying how much data campaigns can get their
hands on in the USA - I'm pretty sure Australia's rules regarding access to
the electoral roll pretty much prohibit it ever being used to target voters in
a campaign.

------
sandworm101
Lol, one of fields in the VAN database is "Zodiac Sign".

Americans are weird.

~~~
wmil
They're probably trying to track teens who are involved politically. They want
to know when they turn 18. Asking for a Zodiac Sign is less creepy than asking
for a birthday.

~~~
sandworm101
From looking at the image in the OP, they aren't asking 'what's your sign'. It
seems a sorting feature. They have the birthdates (not hard to get really) but
the software thinks someone might want to sort that list by sign.

------
yaur
The thing I don't understand here... How you can you write a multitenant app
where protecting an EAV store is a critical feature and not have tests that
validate that your security still works that run before every deploy.

~~~
olefoo
If you live and breathe good software engineering practices; it's sometimes
hard to realize that the actual practice in industry varies wildly. From shops
where everything flows through the CI server to shops where whoever last
pushed to production is the source of all user visible bugs...

I have; within the last 6 months, dealt with a team that was reluctant to
adopt version control and for whom 'push to production' meant firing up
filezilla. They are doing better now but they authored and support several
ecommerce apps that handle millions in orders every year.

So, yeah; I believe it.

~~~
MaysonL
A few decades ago I worked at a place where the master source code lived in a
tape filing cabinet, accessible to nearly anyone.

------
kevando
The DNC is like a company that Sanders doesn't work for.

------
platz
> The two essential scores are those for support — how likely the voter is to
> be supportive of the candidate — and “turnout” — how likely the person is to
> vote (the product of these terms being the likelihood that they turn out and
> vote for the campaign’s candidate).

Is there an assumption then that Support and Turnout are statistically
Independent?

------
revelation
Accessing data that was made available to you through the reckless
indifference of others, but is still meta-theoretically-philosophically
forbidden, is a violation of the CFAA. When will the grand jury indict?

------
betolink
Although a little long this video compilation helps to understand key
differences between Hillary and Sanders. These differences can be extrapolated
to how both campaigns handled the "datagate".
[https://www.youtube.com/watch?v=Rpm4rjejFgQ](https://www.youtube.com/watch?v=Rpm4rjejFgQ)

------
anonbanker
all of this smells suspiciously of what the RNC did with Ron Paul. What'll
really clinch it is if BS gets all the votes, but due to vote tampering (and
refusing people at the primaries) Clinton wins.

------
lvspiff
A great writeup but reading things over the only thing this shows me is
Bernie's people are a lot more dedicated. if Clinton's staffers had the same
level/type of access as Bernie's staffers to VAN why wouldn't they be doing
the same thing? I find it hard to believe that her staffers wouldn't have
noticed the data coming up as well, ran a few queries to realize what was
going on, and suddenly realized what was going on and possibly make another
couple queries to see what the other was doing. But that would be only if they
were actually up and active at the hour the upgrade went into place which from
reports sounds like they were not.

On a side note - wonder what happened to the VAN QA guy?

~~~
eli_gottlieb
>if Clinton's staffers had the same level/type of access as Bernie's staffers
to VAN why wouldn't they be doing the same thing?

Because they firmly believe that she is _inevitable_ , or perhaps even
_entitled_ to the nomination. Hell, Hillary talks like that herself:

>"I would just ask that when this nomination is wrapped up that they come and
join with us to make sure that we don't turn the White House back over to the
Republicans," she added.[1]

Her donors talk the same way:

>“Let Bernie outraise her — he’s not going to be the nominee,” a top donor
said. “The idea that Donald Trump or Ted Cruz could actually be the president
is going to be the greatest fundraising mechanism in the history of the world,
and it’s just too early for that.”[2]

They don't think this is an election. They think it's a coronation.

[1] -- [https://www.washingtonpost.com/news/post-
politics/wp/2015/12...](https://www.washingtonpost.com/news/post-
politics/wp/2015/12/22/hillary-clinton-tells-bernie-sanders-backers-when-this-
nomination-is-wrapped-up-join-me/)

[2] -- [http://www.politico.com/story/2015/12/bernie-sanders-
fundrai...](http://www.politico.com/story/2015/12/bernie-sanders-fundraising-
hillary-clinton-217063)

~~~
venomsnake
I think that Hilary may be known in the future as the one that lost presidency
twice.

Pundits are greatly underestimating the anti establishment sentiments in the
populace. And the Hilary supporters I know right now are smugger than
crosfitting vegans. Hubris is the easiest path to a politician downfall and
there is quite a lot of it in Hilary's warehouse.

Edit: I also don't think that Bill really wants her to be president. His
legacy turns from - ruled during the best years of Pax Americana to the
husband of the first woman president. I would not be surprised if he pulls his
punches.

~~~
skwirl
>I think that Hilary may be known in the future as the one that lost
presidency twice.

What about Romney and McCain?

~~~
mfisher87
They were never seen as "having" the presidency. Hillary was seen as
"inevitable" in two elections now, and lost the first.

