now listening
shared items
...more shared items
archives

11/01/2003 - 12/01/2003

12/01/2003 - 01/01/2004

01/01/2004 - 02/01/2004

02/01/2004 - 03/01/2004

03/01/2004 - 04/01/2004

04/01/2004 - 05/01/2004

05/01/2004 - 06/01/2004

06/01/2004 - 07/01/2004

07/01/2004 - 08/01/2004

08/01/2004 - 09/01/2004

09/01/2004 - 10/01/2004

10/01/2004 - 11/01/2004

11/01/2004 - 12/01/2004

12/01/2004 - 01/01/2005

01/01/2005 - 02/01/2005

02/01/2005 - 03/01/2005

03/01/2005 - 04/01/2005

04/01/2005 - 05/01/2005

05/01/2005 - 06/01/2005

06/01/2005 - 07/01/2005

07/01/2005 - 08/01/2005

08/01/2005 - 09/01/2005

09/01/2005 - 10/01/2005

10/01/2005 - 11/01/2005

11/01/2005 - 12/01/2005

12/01/2005 - 01/01/2006

01/01/2006 - 02/01/2006

02/01/2006 - 03/01/2006

03/01/2006 - 04/01/2006

04/01/2006 - 05/01/2006

05/01/2006 - 06/01/2006

06/01/2006 - 07/01/2006

07/01/2006 - 08/01/2006

08/01/2006 - 09/01/2006

09/01/2006 - 10/01/2006

10/01/2006 - 11/01/2006

11/01/2006 - 12/01/2006

12/01/2006 - 01/01/2007

01/01/2007 - 02/01/2007

02/01/2007 - 03/01/2007

03/01/2007 - 04/01/2007

04/01/2007 - 05/01/2007

05/01/2007 - 06/01/2007

06/01/2007 - 07/01/2007

07/01/2007 - 08/01/2007

08/01/2007 - 09/01/2007

09/01/2007 - 10/01/2007

10/01/2007 - 11/01/2007

11/01/2007 - 12/01/2007

12/01/2007 - 01/01/2008

01/01/2008 - 02/01/2008

02/01/2008 - 03/01/2008

03/01/2008 - 04/01/2008

04/01/2008 - 05/01/2008

05/01/2008 - 06/01/2008

06/01/2008 - 07/01/2008

07/01/2008 - 08/01/2008

08/01/2008 - 09/01/2008

09/01/2008 - 10/01/2008

10/01/2008 - 11/01/2008

11/01/2008 - 12/01/2008

12/01/2008 - 01/01/2009

01/01/2009 - 02/01/2009

02/01/2009 - 03/01/2009

03/01/2009 - 04/01/2009

04/01/2009 - 05/01/2009

05/01/2009 - 06/01/2009

06/01/2009 - 07/01/2009

07/01/2009 - 08/01/2009

08/01/2009 - 09/01/2009

09/01/2009 - 10/01/2009

10/01/2009 - 11/01/2009

11/01/2009 - 12/01/2009

12/01/2009 - 01/01/2010

01/01/2010 - 02/01/2010

02/01/2010 - 03/01/2010

03/01/2010 - 04/01/2010


Wednesday, March 01, 2006 
republican spyware
courtesy atrios, who linked to thinkprogress, who linked to minnesota public radio (MPR), who broke the story.

the minnesota republican party sent out a fancy cd-rom to at least 25,000 voters. the cd-rom features video of MN republican officials speaking about same-sex marriage and a poll to guage the opinions of MN voters on various hot-button (wedge) issues.

MPR reporter bob collins got his hands on a copy of the disc and noticed something suspicious:

But here's the thing. The CD -- at least mine -- comes with an access code. And during the presentation, you're asked to "vote" on a couple of issues, including the 2nd Amendment.

OK, this is where I get suspicious. WHY is there a code. And where is that "vote" going? Is every voter being identified with a special code and therefore is input entered by the user during a presentation being sent back to the Republican Party of Minnesota?

I checked the "terms of use" and I could find nothing that gave me any indication. Nor is there a privacy statement anywhere that I could find.

bob got in touch with the spokesman for the MNGOP, who confirmed that the cd does gather information, which it reports back to the GOP. since there's no privacy policy on the cd, this arguably makes the cd illegal spyware.

ignoring the question of illegality, it makes sense that the GOP would want this info. this info gives them the political equivalent of a marketing profile and allows them to tailor their messaging to just those voters who are sympathetic to GOP politics. and conversely, it probably helps the GOP craft its message so that the wording etc appeals to the greatest possible number of voters. this is SOP and is not in itself illegal, though there are rules dictating how the data should be collected, disclosed, secured, and so on.

but bob collins kept digging, and discovered that the information collected from the cds was not secure:

people way smarter than me were able to figure out the destination for the data being accumulated, and then poked around and found the site. And the data was not secured at the site.

We could -- if we were malicious (and we're not ) -- change the questions that are "on the CD" because they're really not on the CD. The program connects to a database and provides the questions.

Imagine if thousands of CDs arrived in homes with the question "do you like Siegried and Roy?"

We could steal the data. In fact, the mailing list of more than 25,000 names is also on the site, and is easily downloaded into a spreadsheet. Cool. Twenty-five-thousand names and addresses. Free.

yes, the cd illegally collects user information without the knowledge or consent of the user, and the data was sent unencrypted over the net to an unsecure site, where knowledgable hackers could have stolen or changed the data. not bright at all.

bob pointed out this morning that "significant changes" have been made to the website in question—no doubt a consequence of bob's reporting the story in the first place. i would say the MNGOP is lucky that "the wrong people" didn't discover the vulnerability, but how do we know they didn't? any number of hackers could have stolen all that user data, and we'd never know.


1 comments:
True, but it would be Republicans who were victims of the scammers, which would be like a bit of Karma coming back on them. ¶


Powered by Blogger hosted by Sensory Research