As featured on p. 218 of "Bloggers on the Bus," under the name "a MyDD blogger."

Wednesday, March 11, 2009

Beware Politicians Who Know Nothing About Technology

So Norm Coleman's campaign somehow put their entire donor list on an unsecured database, including "names, email and home addresses, credit card numbers and the three-digit security codes." Basically everyone who gave money to the Coleman campaign through the Internet had their credit card exposed. Norm Coleman just made a statement blaming this leak on "political enemies."

Norm Coleman just delivered a statement outside the Minnesota courtroom, addressing the breach of security on his online donors' data -- and putting the blame squarely on political opponents, who are allegedly attempting to scare Coleman's supporters out of donating.

"It is obviously an attack on this campaign," said Coleman. "But beyond that, just in terms of the campaign we're involved in a very expensive legal proceeding. Online fundraising is a very critical element of that, and clearly the theft of this information, the publication of this information undermines that. But this is more about my campaign or the ability to fund a legal effort or campaign. We do so much online. Politics today relies on online fundraising, and unfortunately we find ourselves in a situation where the level of trust and confidentially in that information is severely undermined."

This reminds me of the time Joe Lieberman said that his site was "hacked" on Election Day by Ned Lamont supporters, when two seconds of scrutiny revealed that Lieberman was paying some dude five bucks to serve his site and it couldn't handle the traffic. In this case, nobody "hacked" Coleman's site, as Wikileaks explains.

Although politically interesting in their own right, the lists, which are part of an enormous 4.3Gb database leak from the Coleman campaign, provide proof to the rumors that sensitive information--including thousands of supporter's credit card numbers--were put onto the Internet on January 28 as a result of sloppy handling.

Senator Coleman collected detailed information on every supporter and website visitor and retained unencrypted credit card information from donors, including their security codes. Although made aware of the leak in January, Senator Coleman kept the breach secret, failing to inform contributors, in violation of Minnesota Statute 325E.61.

The statute states that organizations that become aware of such a disclosure of sensitive unencrypted personal information must notify the individuals concerned "in the most expedient time possible and without unreasonable delay" and "immediately following discovery."

The information circulated on the Internet for six weeks before a warning was sent by Wikileaks to those affected, pending its analysis of the material.

Yesterday Wikileaks sent two notifications to Coleman's supporters as a courtesy prior to releasing a subset of the data.

Idiots. Anyone dumb enough to let a list full of your donor's credit card numbers find its way onto a publicly accessible database is practically an accessory to the crime. Coleman's people clearly don't know what they are talking about and don't understand that they are criminally liable.

This is another reason why I don't donate to Republicans.

...Coleman's donors are pissed. I wonder how he thinks he'd win a revote after alienating his entire donor base...

Labels: , , , , ,