DNC software breach gave Sanders campaign confidential Clinton Data

[Alcon]

Searching by data in VAN produces the results of that search -- in other words, it's viewing the data.

Those logs are completely consistent with intentionally accessing and saving the data.

[Alcon]

Searching by data in VAN produces the results of that search -- in other words, it's viewing the data.

Those logs are completely consistent with intentionally accessing and saving the data.

Nothing was downloaded nor exported.

http://www.snopes.com/bernie-sanders-campaign-data-breach-controversy/

All right, so we have NGP VAN's official statements, and these logs.  I'm not sure what the origin of the logs is (it seems to be a narrative adaptation of the raw logs), but do you not agree that they're inconsistent with the description NGP has given?  I imagine you've probably seen VAN?  Creating a folder, running a search, and then saving the results of that search into the folder does effectively save that data.  Even if that was not done successfully, what else could these logs possibly mean, besides an attempt to save that data?

If there's an answer to that, I'm open to it, but my experience with VAN doesn't suggest any other explanation.

[Alcon]

Searching by data in VAN produces the results of that search -- in other words, it's viewing the data.

Those logs are completely consistent with intentionally accessing and saving the data.

Nothing was downloaded nor exported.

http://www.snopes.com/bernie-sanders-campaign-data-breach-controversy/

All right, so we have NGP VAN's official statements, and these logs.  I'm not sure what the origin of the logs is (it seems to be a narrative adaptation of the raw logs), but do you not agree that they're inconsistent with the description NGP is given?  I imagine you've probably seen VAN?  Creating a folder, running a search, and then saving the results of that search into the folder does effectively save that data.  Even if that was not done successfully, what else could these logs possibly mean, besides an attempt to save that data?

If there's an answer to that, I'm open to it, but my experience with VAN doesn't suggest any other explanation.

Well, I don't know anything about the system, but it seemed like they were just collecting files in one folder so that they could say how serious the bug was. But who knows. Either way, the guy got fired.

That excuse makes very little sense to me.  If the data can't be exported, and demonstrating the bug would require accessing their account either way, why would they need to save the files separately?  It also wouldn't require spending two hours saving stuff.

I agree this doesn't reflect on Sanders at all -- this would be a hard temptation for zealous campaign workers to avoid, and obviously this has nothing to do with Sanders himself -- but these logs do paint a more damning picture of the staffers' choices than the Snopes summary.

[Alcon]

Well, I don't know anything about the system

Clearly.  And yet here we are, 15 pages in.

Because Hillary and the DNC made a bad political move and then caved in.

There are really two separate discussions here -- what transpired, and what a reasonable reaction to it is -- and while the latter question is possibly affected by the former question, the former question certainly isn't affected by the latter.  You don't think it's reasonable to discuss how the campaign staffers behaved, and whether it makes sense to punish campaigns for abuses of discretion by high-level staffers?

[Alcon]

Well, I don't know anything about the system

Clearly.  And yet here we are, 15 pages in.

Because Hillary and the DNC made a bad political move and then caved in.

There are really two separate discussions here -- what transpired, and what a reasonable reaction to it is -- and while the latter question is possibly affected by the former question, the former question certainly isn't affected by the latter.  You don't think it's reasonable to discuss how the campaign staffers behaved, and whether it makes sense to punish campaigns for abuses of discretion by high-level staffers?

This is no way to ban access to the politicians own data....the DNC has gone too far and knows it has.

What do you mean?  The VAN is a platform that provides publicly-accessible data and proprietary party data, allows you to add in your own proprietary data, and then lets you use all those data sets for analysis and voter mobilization.  Are you arguing that the VAN is obligated to allow the Sanders campaign access to the data it has stored on their platform, even if they have broken the terms of service for that platform?

If they stored it on the VAN, and didn't back it up, there certainly is a way to "ban" access to a politicians' own data.  That appears to be part of why the Sanders campaign is so upset (although the platform's ubiquity and features are obviously also important).

I agree that it's rather punitive to deny access to the platform because some staffers abused their discretion, but you have to enforce agreements somehow or they're meaningless and there's no disincentive to do stuff like this.  Also, again, even if the DNC's reaction was excessive, that doesn't mean that there wasn't a major abuse of discretion on the Sanders staffers' part.

[Alcon]

Well, I don't know anything about the system

Clearly.  And yet here we are, 15 pages in.

Because Hillary and the DNC made a bad political move and then caved in.

There are really two separate discussions here -- what transpired, and what a reasonable reaction to it is -- and while the latter question is possibly affected by the former question, the former question certainly isn't affected by the latter.  You don't think it's reasonable to discuss how the campaign staffers behaved, and whether it makes sense to punish campaigns for abuses of discretion by high-level staffers?

The problem with answering your question is that the Sanders folk have spent most of this thread claiming that the Sanders campaign has done absolutely nothing wrong.

One person did something wrong and was fired for that, no problem...it became an issue when DWS put out her outrageous comment towards the Sanders campaign and showed her true colors.

I've now heard claims that four usernames were involved, so why were we thinking it's only one guy?

Look, even if you think that the DNC is being punitive here (totally possible), I'll repeat my question: how else do you enforce terms of agreement for access to a data platform, besides revoking that access and/or publicly embarrassing those responsible?

Putting aside that the DNC may have have it out for Sanders (totally true), this isn't far from how you'd expect a bureaucracy to respond when: 1) someone has compromised the integrity of the most valuable asset they have as an organization; and, 2) they have no other leverage besides talking that asset away and calling out the person who compromised it.

What about that do you disagree with?

[Alcon]

The contract said it couldn't be ended without a 10 day notice, and it doesn't say anything about accessing other data anyways.

Can you link me to the full contract?  It's apparently different than the VAN contract I have, which doesn't contain this clause but definitely does contain a clause about access to third-party data.  The version of the Sanders complaint I've seen does not have the contract as an appendix.

And the Hillary campaign in 2008 had access to other campaign's data. This was about the DNC punishing Bernie for daring to run against the chosen one. They really overstepped until the very real threat of discovery from a federal lawsuit made them heel.

OK, that may be true.  The DNC may be hacks and terrible people.  That is a separate issue from the substantive claims about what happened here, and what the reasonable reaction to it is.  If you get arrested for shoplifting and get off because your daddy is the sheriff, my reaction isn't going to be, "well, for consistency, we should never arrest someone for shoplifting again."  It's going to be "well, letting him off was unethical and stupid -- let's make sure that never happens again."

Pointing out the hypocrisy here does not invalidate the questions I'm asking, which no one has bothered to answer so far.

There was one guy with 3 accounts. I'm guessing the other guy didn't really do anything. The contract said they can give a 10 day notice to terminate, and other other party is allowed to remedy the situation in those 10 days,  but that's not what the DNC did.

OK, that may be -- but based on your apparent unfamiliarity with what these logs mean, I'm not sure how you've concluded that.

Again, where are you seeing the contract, or are you relying on the quoted portions from the Sanders complaint?

Oh this is peanuts compared to Hillary's war vote, and that's what we really should be discussing. She'll bomb more countries than Bernie will ever bomb computers and databases.

Similarly, "the shopkeep once stabbed a guy" does not mean we can't and shouldn't prosecute someone for shoplifting at his store.  It's not like it's a zero-sum game between this Sanders story and Clinton's war vote.  If this story weren't a thing, the media wouldn't suddenly start bringing up a years-old vote as a news narrative.  Maybe it would be better if the media worked that way, but it doesn't, so that seems like an ineffectual complaint.  We all wish horserace coverage was less dumb -- but, until that ideal world conjures itself, we might as well be thoughtful about the dumb, episodic crap people prefer to focus on.

[Alcon]

The contract is in the lawsuit.

http://www.politico.com/f/?id=00000151-b72f-d1ae-add5-f76f14db0001

Thanks.  You appear to be completely right that there is no clause that addresses improper access or distribution of data, beyond that third-party vendors must contract with the DNC.  The ten-day requirement to resolve a breach also seems clear.  I don't know if there's any standard of law that allows for service terminations in the case of illegal activity, or whether downloading improperly insecure data counts as illegal.  However, it doesn't seem like anyone who reads this ToS would infer that what the staffer did would result in instant termination of the contract.

The staffer was immediately fired and they said his behavior was unacceptable.

Right, which all else being equal should mitigate any punitive action, but you haven't really directly tackled my question.  A high-level staffer knowingly accessed and attempted to retain third-party data that was accidentally left insecure because of vendor error.  The DNC's data is their most valuable asset, and their leverage is minimal (partially because that contract seems dumb to my layman's reading).  It may be that the staffer's swift firing should be sufficient -- I probably agree -- but it's not like a punitive response to a data breach like this is insane.

Also note discussion of a prior incident involving the Hillary campaign that had no discipline.

Again, worth discussing, but I don't think hypocrisy is an affirmative defense.

He got fired so what point are you even making?

To even take one campaigns own data away from them is insane.

I've responded to these points.  It's kind of weird to go "what point are you making considering x?!  It's clear that y!" while ignoring a post that considers x and disputes y.

LOL it was the own data bases fault for the firewall to go down. Also i was obviously pointing out the DNC's action in taking away bernies own data.

Wait, are you saying that the Sanders campaign holds no responsibility for improperly accessing Clinton campaign data stored on the DNC's vendor's platform, because it's Clinton's fault for signing up to use the DNC's vendor's platform when the DNC's vendor's turned out to be insecure?  That's a bizarre ethical argument, and it also ignores that the Clinton campaign clearly has a potential claim for damage from the DNC's vendor, since the contract states that the vendor will follow industry best-practice standards for data security...and also kind of silly, since the Sanders campaign readily agreed to use the same vendor platform.

Plus they now have given the access back so they know they are wrong.

oh come on, you know that's not how political decisionmaking works.  You were complaining earlier that it isn't how the DNC's decisionmaking works.  Why is it a sign of corrupting and folding to pressure when they do something you dislike, and a recognition of moral virtue when they do something you do like?

[Alcon]

The thing about this legal argument is that the contract was never terminated and neither the Sanders campaign nor NGP VAN has said that the contract was terminated. So I don't see how the 10 day notice applies.

I mean, the contract clearly lists the data services that were revoked as being provided under the terms of the contract (sections 1-4).  I'm no lawyer, but isn't knowingly terminating access to the services listed in the contract without terminating the contract a big ol' breach?

[Alcon]

The Sanders campaign was going through their own data when all of a sudden the firewall went down and got access to Clintons...but nope of course you are right only Sanders is to blame lol.

You neglected the whole part when the high-level campaign staffer accessed the data, apparently recognized what it was, and unless the access logs posted recently were misleading or fabricated, apparently began to save it to local folders, and at minimum continued to access additional data.  It's possible that NGP VAN's statement is more accurate than the logs (where are those from, anyway?).  But you haven't given a reason for why you believe that to be certainly true.

Obviously, Sanders personally isn't really to blame at all, and NGP VAN also deserves blame for leaving the door to their proverbial house wide open.  That doesn't mean that someone who walks in to that house and sees confidential documents strewn about is justified in looking through those documents and possibly photocopying them.

This is frustrating, because I understand how this software works, and I'm interested in talking about what a reasonable response from the DNC might be.  You seem entirely uninterested in talking about anything that might be unflattering to the campaign of the candidate of your choice, to the point where you seem to be avoiding discussion of totally intellectual valid questions.  Come on, dude.

[Alcon]

The thing about this legal argument is that the contract was never terminated and neither the Sanders campaign nor NGP VAN has said that the contract was terminated. So I don't see how the 10 day notice applies.

I mean, the contract clearly lists the data services that were revoked as being provided under the terms of the contract (sections 1-4).  I'm no lawyer, but isn't knowingly terminating access to the services listed in the contract without terminating the contract a big ol' breach?

Section 6a:

I would imagine the NGP VAN would have a pretty strong argument that temporarily suspending access to Votebuilder falls under "all measures necessary" to protect Clinton's proprietary data in the case of a confirmed breach of this magnitude.

That's possible, although I'm not sure whether maintaining the terms of Clinton's contract can be a defense for breaching Sanders' contract.  Maybe the law allows for this if Sanders engaged in some abusive behavior, although I'm not sure how that claim would go, considering the contract doesn't seem to indicate that accessing data that was unintentionally made public is abusive.  Maybe there's a legal standard for that.  I have no idea, and I also know that probably nobody here does either, which is why it's weird* to see people so damn convinced that they know the DNC is being reasonable/insane here.

* - and by "weird" I mean totally predictable.

[Alcon]

The Licensee, in this case the Sanders campaign, did not have permission to access third party (Clinton) data hosted by NGP VAN but knowingly did so. This seems like it might qualify as a breach of contract, but regardless, I'm sure the DNC has great lawyers and would have been able to hold this suit up in court for days had they wanted to. They obviously chose not to, but I don't think that particularly reflects on the merit of this petition.

Again, I'm no lawyer, but I read the agreement as a list of services the DNC promises to provide via VAN.  I don't see any reason to believe that access to items not included on that list constitute a breach of the agreement; none of the language indicates that the Sanders campaign is limited by the agreement.  That's not to say they aren't somehow -- I'm no lawyer® -- I just don't know how that would work with the way this agreement is written.

[Alcon]

Bringing things to an anticlimactic but reasonably satisfying ending is my specialty!

Just ask my ex-girlfriend.

[Alcon]

what, you think it's likely that the VAN people intentionally set Clinton's data set to be non-private to trick Sanders' staffers into accessing it and attempting to save the lists, in order to set him up for a negative media event?

god I hate the Atlas during presidential years sometimes.

[Alcon]

what, you think it's likely that the VAN people intentionally set Clinton's data set to be non-private to trick Sanders' staffers into accessing it and attempting to save the lists, in order to set him up for a negative media event?

god I hate the Atlas during presidential years sometimes.

It's really the DNC that is to blame, but it doesn't help that VAN is also Hillary hacks.

It doesn't help what?  What did your post possibly mean to imply, besides what I just summarized?