Donate to NRO Today


NRO BLOG ROW | THE CORNER |  ARCHIVES    SEARCH    E-MAIL    PRINT    RSS




Tuesday, September 26, 2006


THE DNC, HERE TO HELP   [Byron York]

The Democratic National Committee says it has uncovered a flaw in the Republican National Committee's activist database.  The DNC says it has helpfully informed the RNC of the problem, and, in an effort to be even more helpful, it has just sent out a press release announcing how interested parties might access the millions of names in the GOP system.  This is the press release, in full:

DNC Informs RNC Of Major Security Flaws On GOP.com

PERSONAL INFORMATION OF MILLIONS OF USERS AT RISK WITH GOP.COM ONLINE ORGANIZING AND FUNDRAISING TOOLS

Washington, DC – The Republican National Committee's web-based "Precinct Organizer" tools are supposedly designed to allow gop.com users to identify, connect and communicate with one another as part of their pre-election organizing activities. In order to access the tools, the RNC asks registered GOP supporters to "start [their] own personal e-mail list of Republican friends," and provides maps and email addresses of registered gop.com users to anyone with a gop.com account.

But a major security flaw jeopardizes the personal information of gop.com users. By simply changing an ID number in the URL, anyone using the tool has access to the full names and email addresses of an estimated 4.9 million gop.com users in the RNC'S system. Such poor protection for millions of gop.com users and RNC activists raises questions about the overall security and safety of the gop.com system, including the protection of contribution data such as credit card information or other personal information on activists, supporters and voters.

By contrast, the Democratic National Committee’s PartyBuilder tools are a safe avenue for Democratic activist to work for a new direction for America. We have taken every step to protect the privacy and security of PartyBuilder users. Individuals are provided a wide range of customizable privacy options based on their relationships with other users, and their email addresses are only visible in PartyBuilder when they chose to make them so.

Democratic National Committee Executive Director Tom McMahon sent a letter to Republican National Committee Chief of Staff Kelley McCullough on the security flaws on the RNC’s website:
Fax Transmission

September 25, 2006

Kelley McCullough
Chief of Staff
Republican National Committee
310 First Street, SE
Washington, DC 20003

Re: Security Flaws On GOP.com

Dear Kelley,

Because the Democratic National Committee is committed to ensuring that every American can participate in the political process without fear that their personal information will be stolen or otherwise compromised, I am writing this letter to inform you of a very serious security flaw on your website. It has been brought to my attention that, simply by using your organizing tools, millions of users may be placing their personal information, including names and e-mail addresses, at serious risk. Given the recent problems the Bush Administration has had securing the personal information of America’s veterans, their loss of hundreds of Census Bureau laptops with Americans’ personal data, and their failure to protect our nation’s cyber-security, we thought that this matter deserved immediate attention. We hope for the sake of your users that credit card information and all other personal data is secure.

In this time of heightened concern over the security of critical personal and financial information, participants in our political process should have every confidence that our political organizations and parties are taking every possible precaution to protect them from fraud and identity theft. No one should be placed at risk for seeking to participate in our political process. If Republicans can’t even secure their own website, how can the American people trust them to offer a new direction that keeps our own country secure?

The Democratic National Committee places the utmost importance on data security. While your tools allow anyone to view any other user's name and email address very easily, our PartyBuilder tools, for instance, give users a wide range of privacy options that are customizable based on their relationship with other users. Only in a few cases are users’ email addresses even visible in PartyBuilder, and only then when they make them so. We also assured that PartyBuilder’s personal messaging system and listserv functions respect the privacy of Democrats using our tools.

Given the importance of data privacy in this day and age, I'm happy to reach across party lines and offer our assistance to you so that you can secure your users' data properly before Election Day. I also want you to assure you that in no way have we stored any of your user data outside of your own system and have not encouraged anyone else to do so, nor were you "hacked" - this flaw was found through normal usage of your website and any GOP.com user could do the same.

We hope that you will take the steps necessary to secure your online organizing and fundraising tools so that Americans can be sure that their personal data is protected.

Best regards,


Tom McMahon
Executive Director
Democratic National Committee

09/26 10:28 AMShare




 





 

© National Review Online 2009. All Rights Reserved.

Home | Search | NR / Digital | Donate | Media Kit | Contact Us