Welcome

Dear Reader,

Politics is everywhere this year. It is hard to get away from the news – and it seems that most of the talking is done by people who aren't too interested in finding any kind of common ground with other viewpoints, which makes it all the more excruciating for the ears. I'm well aware that people read Linux magazines to get away from politics.

Sometimes, however, politics really is a high-tech topic. A recent news story reports that 198 million Americans were affected by the "largest ever" voting records "leak." The analytics data was stored on an unsecured Amazon server. According to reports, the server was apparently owned by Deep Root Analytics, a consulting firm specializing in targeted, analytics-based outreach on behalf of pro-trade Republican candidates, although the Republicans were apparently following the lead of previous efforts by Democrats to bring Big Data techniques to voter data analysis.

The insecure server was discovered by cyber-security expert Chris Vickery, who reported the problem to the owner and allowed Deep Root to fix the issue before making the information public. As far as anyone knows, the data was not discovered by foreign powers or nefarious actors before it was locked back down again. The story is getting a lot of traction in the security news, and many are talking about it as a "wake up call" for better security, which it certainly is. I'm not questioning the need for better security on cloud-based servers, but I'm wondering if security is truly the best category for this report.

My colleagues in the press use the term "voter records" to describe this information on the Deep Root server, but what is it really? Who owns it? And who are the rightful parties who are supposed to be able to access it? It appears the information consists of easily accessible voter data available through state, county, and local government offices, mapped to proprietary information compiled through market research firms. The government voter data could be a list of who is registered or who voted in the last election. The proprietary part of the data might be a set of attributes associated with each voter predicting how the voter will behave. For instance, if you shop at a certain store or read a particular blog that might be useful in predicting how likely you are to change your vote, the goal of this kind of database is to capture that information and use it to direct very granular, personalized advertising at you to sway your opinions. This data is compiled very much like consumer data is compiled throughout the Internet, and as we all know by now, the whole Internet is powered by consumer data acquisition.

So before you say, "Whoa, I'm sure glad no foreign hackers got hold of those 'unsecured voter records'," take a moment to consider that a foreign hacker who wanted all this data could get it any time just by hiring a market research company to go out and get it for them. If you are scared about this kind of information "falling into the wrong hands," it would probably be a good idea to ask what would be the right hands for this kind of information, and, once it exists, how you could reasonably hope to control who will get to see it.

So no matter what they say on the forums and social media, this story isn't really about security. It is about the very structure of the Internet.