DNC software breach gave Sanders campaign confidential Clinton Data

[Craigo]

I'm mostly in the "who cares?" camp on this, based on what's printed.  I also except this will be a flash-in-the-pan story.

I use VAN for work, and I know exactly how this sort of thing can happen.  I think some of you are being unrealistic about blaming a campaign for "accessing data."  Democrats use a common interface.  In this case, what probably happened was that Clinton's voter IDs were accidentally shared as public data, instead of Clinton-private data.  Someone at the Sanders campaign probably noticed this data, accessed it out of "wtf is this?" curiosity or whatever and, once accessing it, realized that the data was way too extensive to be anything but the Clinton database.  If they then went on to report it,  Why are you all being so adamant that "accessing the information" was nefarious or "cheating" here?  If he downloaded and stored the data that's one thing.  If he merely opened the file to check what it was, and got fired for that, he got thrown under the bus.

Does anyone here disagree, understanding how VAN works?

Yes, I disagree. (I've used VAN and other databases for past political work, though before it merged with NGP, and I now manage legal databses.) They didn't self-report, they got caught. And the Sanders campaign agrees with me, because they just fired Uretsky.

[Craigo]

I'm mostly in the "who cares?" camp on this, based on what's printed.  I also except this will be a flash-in-the-pan story.

I use VAN for work, and I know exactly how this sort of thing can happen.  I think some of you are being unrealistic about blaming a campaign for "accessing data."  Democrats use a common interface.  In this case, what probably happened was that Clinton's voter IDs were accidentally shared as public data, instead of Clinton-private data.  Someone at the Sanders campaign probably noticed this data, accessed it out of "wtf is this?" curiosity or whatever and, once accessing it, realized that the data was way too extensive to be anything but the Clinton database.  If they then went on to report it,  Why are you all being so adamant that "accessing the information" was nefarious or "cheating" here?  If he downloaded and stored the data that's one thing.  If he merely opened the file to check what it was, and got fired for that, he got thrown under the bus.

Does anyone here disagree, understanding how VAN works?

Yes, I disagree. (I've used VAN and other databases for past political work, though before it merged with NGP, and I now manage legal databses.) They didn't self-report, they got caught. And the Sanders campaign agrees with me, because they just fired Uretsky.

True, I doubt the people knew what they were accessing until they accessed it. And the Bernie campaign reported that this was a problem months ago.

No, bullsh**t. You have to deliberately choose what list to view in VAN. If you access someone else's list, it's because you wanted to access it. This is incredibly scumbaggy.

[Craigo]

I'm mostly in the "who cares?" camp on this, based on what's printed.  I also except this will be a flash-in-the-pan story.

I use VAN for work, and I know exactly how this sort of thing can happen.  I think some of you are being unrealistic about blaming a campaign for "accessing data."  Democrats use a common interface.  In this case, what probably happened was that Clinton's voter IDs were accidentally shared as public data, instead of Clinton-private data.  Someone at the Sanders campaign probably noticed this data, accessed it out of "wtf is this?" curiosity or whatever and, once accessing it, realized that the data was way too extensive to be anything but the Clinton database.  If they then went on to report it,  Why are you all being so adamant that "accessing the information" was nefarious or "cheating" here?  If he downloaded and stored the data that's one thing.  If he merely opened the file to check what it was, and got fired for that, he got thrown under the bus.

Does anyone here disagree, understanding how VAN works?

Yes, I disagree. (I've used VAN and other databases for past political work, though before it merged with NGP, and I now manage legal databses.) They didn't self-report, they got caught. And the Sanders campaign agrees with me, because they just fired Uretsky.

True, I doubt the people knew what they were accessing until they accessed it. And the Bernie campaign reported that this was a problem months ago.

No, bullsh**t. You have to deliberately choose what list to view in VAN. If you access someone else's list, it's because you wanted to access it. This is incredibly scumbaggy.

The vendor says the access was inadvertent.

You must be logged in to read this quote.

http://www.nytimes.com/politics/first-draft/2015/12/18/sanders-campaign-disciplined-for-breaching-clinton-data/?smid=nytpolitics&smtyp=cur&_r=0

Of course they should probably get a better vendor, since the Bernie campaign reported this bug months ago. Maybe a firm whose CEO wasn't Hillary's CTO?

No, the vendor is saying that dropping the safeguards was inadvertent, i.e., they didn't deliberately give access to the Sanders campaign. If you believe that the Sanders staffer 1) Knew of a security vulnerability in VAN and 2) Just happened to exploit it "inadvertently" during the tiny window of opportunity...

And again - the Sanders campaign does not agree with you, at all. "Inappropriate" =/= "inadvertent".

But about NPG VAN - yeah, you're right. The platforms I use now have so many layers of security that it's almost literally impossible for us to allow a user into someone else's data. VAN is very bare-bones.

[Craigo]

Yes, obviously, the DNC, in the hope of projecting fairness, will cut off the Clinton campaign from Votebuilder for the duration of the investigation into a Sanders' campaign staffer improperly accessing her campaign data through no fault of her campaign. Yes, that will definitely go over well.

The bug was reported months ago, and there's no evidence that Hillary's campaign didn't access Bernie's files.

There's no evidence that they did, but don't let reality stop you.

[Craigo]

https://twitter.com/mmurraypolitics/status/677893182907138048

People who are trying to spin this as no big deal have their heads in the sand. This is a huge scandal and a betrayal of the party's trust.

Again, one staffer was involved, no one else. I fail to see why this effects the entire campaign, or why it's okay for Hillary to stay in with emailgate but this is supposed to end Sanders' campaign.

And the fact that it was downloaded rejects the notion I've read elsewhere that it is "impossible" to prove it has been deleted.

If DWS doesn't regrant access soon, Sanders needs to make a serious threat to mount a third party run.

There were four staffers stealing data. The Sanders campaign lied.

My favorite tidbit - one of them tried to hide his personal folder after they found out they'd been caught. Audit logs, wad. You can't hide.

"Another person familiar with the investigation also told NBC News that a total of four individuals affiliated with the Sanders campaign appear to have accessed the data, including national data Director Josh Uretsky, who has since been dismissed by the Sanders campaign, and Deputy National Data Director Russell Drapkin.

A series of documents outlining an audit trail maintained by the database company, obtained and reviewed by NBC News, shows that the four individuals spent a total of about 40 minutes conducting searches of the Clinton data. Those searches included terms that point to Sanders' team gaining access to proprietary lists from more than 10 early voting states of Clinton's likely supporters as well as lists for Sanders backers. That data was saved to personal folders.

It also appears that Drapkin "suppressed" two folders after the database company became aware of the breach."

Sanders hired a crew of dumb ing crooks.

[Craigo]

The DNC is just blatantly supporting the Clinton campaign at this point, it's not even subliminal anymore. I highly advise everyone to read past just the headlines, and specifically read Griffin's posts on NGP VAN (as another user of the system).

I've used VAN. I manage databases for a living. It's all bullsh**t spin.

If he thinks lists are so unimportant and this is no big deal, why was the Sanders campaign keeping theirs under lock and key, and why do they want theirs back so badly now? IOKIFABS, I guess.

Four staffers, including the data director, deliberately exploited a known vulnerability to export their opponent's data. That's inexcusable. I've fired people for ethical violations less severe, and if I did it in my job i'd lose it in short order, along with law license.  

[Craigo]

Just in case anybody wants to see what I mean by "scoring model", I'm sharing my voter file from VAN. It won't mean much in terms of common sense to a lot of you guys (even I fail to understand like 1/2 of the scores, because VAN doesn't proactively publish explanations for each), but it'll show you just how silly this really is overall.

Additionally and below that, I'm sharing a "counts and crosstabs" example for one scoring model (the percentage chance of a voter supporting Obama in 2012) for my county.

It's worth noting that scoring models at the individual level are pretty fycking useless. They're best used when sampling larger groups of voters - they're actually very accurate when dealing with groups of thousands or more, but again, that's not of much use unless you have access to the data for a sustained period of time and are working with it consistently.

The Sanders team gained nothing of inherent value from this. It's even less meaningful than I thought when this began, now that I know what specifically constituted the data breach.

Why doesn't the Sanders campaign put all their models online then? You know, if there's no inherent value?

You're aware that they saved the lists also, right? It wasn't just counts and crosstabs.

[Craigo]

The DNC is just blatantly supporting the Clinton campaign at this point, it's not even subliminal anymore. I highly advise everyone to read past just the headlines, and specifically read Griffin's posts on NGP VAN (as another user of the system).

I've used VAN. I manage databases for a living. It's all bullsh**t spin.

If he thinks lists are so unimportant and this is no big deal, why was the Sanders campaign keeping theirs under lock and key, and why do they want theirs back so badly now? IOKIFABS, I guess.

Four staffers, including the data director, deliberately exploited a known vulnerability to export their opponent's data. That's inexcusable. I've fired people for ethical violations less severe, and if I did it in my job i'd lose it in short order, along with law license.   

The data breach is no big deal, especially now that I know it was just scoring models (and not actual specific voter file notes made by the campaign, and so forth).

Not having access to VAN as part of your primary campaign is a very big fycking deal.

If you've used it, then you should know the difference.

They stole the lists as well. This has been reported everywhere at this point.