Over the past few years, we've experienced more ginormous data breaches than any of us can, or would even care to, remember. Against this backdrop, reflect upon the fact that political campaigns know as much, if not more, than advertisers about us -- what inspires us and what will move us to vote.
The Wild West
Consider the various kinds of information a campaign crunches to determine who might be persuaded into voting for their candidate and the parallel to advertising and marketing becomes instantly clear.
Many campaigns don't "only" (and I use the term advisedly) collect things like your name, email address, postal address, phone number, mobile number, credit card information, location, what you're called on social media sites (your handles) and other contact or identifying information you choose to provide when you go to make a donation or sign up for their emails. There's also often a cornucopia of data collected when you use a campaign's site -- cookies, your IP address and other digital no-see-ums. While that information would be horrible to leak, it's nothing compared to the granular details that campaigns purchase from data mining companies.
"This is the Wild West," Tim Sparapani, a data privacy consultant and former director of public policy for Facebook, recently told the Los Angeles Times, "There is nothing that is off-limits to political data mining."
They Have WHAT?
This is not just about social media, but it definitely starts there. Data mining companies have long scoured social media to glean information about potential customers, proponents, fans, outraged citizens and any other manifestation of subjective choice "out there."
There are too many instances to bring up here, but a report in Bloomberg late last year can serve as a general example. It was about a data mining firm that was working for former presidential candidate John Kasich's Super PAC to create "a 'social graph' of possible supporters by scanning high school yearbooks, small-town newspapers, and sports-team rosters."
If a yearbook is OK in the land of deep dives, what other records could be put to use? Like rose petals in the wind, data is scattered about everywhere, and there is no place too insignificant for a data mining company to potentially send employees to scour for useable bits.
What's the Big Deal?
What may not be as obvious is that the type of information they collect is often of significant value to hackers and their clientele. Hackers, advertising executives and political operatives constantly search for ways to move a person to take a particular action. With hackers, the action is to click a link that downloads account or sensitive personal information-grabbing malware or otherwise provides access to money or services using your information. Politicians simply want your vote.
Concern that hackers will compromise political campaign databases seems like a prudent response to the current information security landscape, yet disappointingly, at least for those of us in the data security community, the conversation between candidates about security has been largely focused on the "Great Wall of Mexico" and whether or not ISIS should be nuked.
Were a major campaign hack to go down, it would not only create a very unfortunate political situation, but also the information of millions of voters would be at risk for phishing attacks and identity theft. If one of these data-heavy campaign databases were to fall into the wrong hands, there is no end to the scams that creative, sophisticated and persistent fraudsters could pull off with it, or the havoc they might wreak.
The attacks could be based on a familiarity with the target and/or target group--phishing, spearphishing, picking purchases that go unnoticed, cooking up scams involving known networks of friends gleaned from voter data married to social networking accounts -- but I digress.
As things stand, there is no solution. Data breaches are the third certainty in life, right behind death and taxing presidential elections.
To be completely honest (isn't that a refreshing concept in a presidential election?) in order to be almost cyber bulletproof, you would have to live in a log cabin on Loon Lake and never associate with anyone or anything. That said, there is a point in the drive to be careful with your information where you have to also live life.
Bottom line: As I mention in my book "Swiped: How To Protect Yourself In a World Filled With Scammers, Phishers and Identity Thieves" - practice the 3Ms: Do everything you can to minimize your risk of exposure, monitor aggressively so that you know as quickly as possible if you have a problem and have a plan to manage the damage. (You can check for signs of identity theft by viewing your free credit report summary each month on Credit.com.)
Don't assume that your candidate of choice, no matter how much you think you can trust him or her, actually has your back. Frankly, in this decidedly insecure digital world, they don't even have their own.