Democrats’ Online Phone Bank System Compromises Americans’ Identity Security
Take a gander at this web site that the Democrats’ Organizing for America has put up. OfA is the political army that works for the Democratic National Committee but answers pretty directly to the White House itself. It doesn’t move without Obama’s input. And here’s their new phone banking web site.
Notice that you didn’t have to put in any of your information to get real information on voters that the Democrats want their phone bankers to call. You didn’t have to tell them who you are, where you are, or anything. You can use their info to call anyone on their list, and you don’t have to tell the DNC or OfA what transpired in the conversation. Or even if a conversation transpired at all.
Now, you can put location info in there, such as your zip code to find people near you to call. But you don’t have to, and you don’t have to log in to the system to get any of that information.
This is a massive security problem for anyone whose name is on that list, which appears to include identified Democrats and Independents. And it’s caused by the Democrats and Organizing for America. With full names and phone numbers easily available, there’s probably enough there for identity thieves to go to work.
This is NOT standard practice for political parties. When a party has a volunteer work their phone bank, they typically have the phone bank worker sign documentation (paper or digitally), usually stating that they won’t misuse the information to which they are being granted access. The phone bank typically controls access either with a password account if the system is online, or by physically limiting access to where they have the phone bank if it’s an office style set-up. You don’t just let any person wander in off the street, rifle through your voter files and make calls on your behalf.
But that’s just what the DNC and OfA are doing here. And these are people who want us to trust them with our health care?
Update: The Democrats took their phone bank system offline over night, but this morning it’s back up and open for business. And so is its complete lack of security. If you’re on that list, the DNC and OfA are giving your personal information out to anyone who wants it.
And…since you’re already at your computer, it’s really easy to just highlight the name and/or phone number and get a map to that person’s house. If you use Google for the map, you can even zoom in and get a picture of their house, to see if it’s in a nice neighborhood so they might have nice stuff to steal.
Easy peasy. Computers are great.
Hehe, I think I need to script something to mark everyone as “Supports GOP”
Or deceased. Voting Democrat is hazardous to your health (and to the country) I am sure.
Wouldn’t marking them as deceased make them more likely to be called? That’s one of the Democrats’ core constituencies.
They don’t call dead people; they cast a ballot for them.
….and send the stimulus cheques
Just used a reverse look-up site for a number given and got the street address and Linkdin link got me his employer and work address. Frightening. Can this be legal?
The web link has been disabled but is readily accessible via the Organizing for America website. Gives me addresses and phone numbers to contact. What a total invasion of personal privacy. I would say that Obama should be ashamed but I am getting used to the idea that he and Michelle are way beyond that petty emotion.
I think Pajamas Voters should call these people and explain how their names were made public and ask that they reconsider their support for the party that exposed them. Maybe adding that these are the same people who will have access to their health care data in a few short years.
You should check out how GOP.com does their online phone bank. They make the call for you, and hook up your phone to the call…. and caller ID will show the local GOP office! You will know the name of the person you’re calling, but you don’t know the actual number. And they don’t know yours.
I thought it was nicely done.
The page that comes up now says you have to log in using your account with Facebook or Barack Obama or sign up.
Gotta wonder about the person who designs these things. I guess they think the average person is too dumb to notice.
They haven’t caught on to the fact that We the People are watching Big Brother!!!!
For a second there I thought you were setting up a new acronym for this bunch — but instead you refer to them thereafter as OfA.
I suppose calling them DOA before the election might be jumping the gun, though. Pity.
Heh. DOA works for me, Kevin.
Too simple. I prefer “Democrat Organizers Organizing For the Unites States”, or DOOFUS.
Time to go Alinsky on the Alinskyites! Aside from the privacy issues, this is an invitation to “jam the system” that the Dems have set up. I’ve already entered a dozen phony calls, and you can too! I’m even tempted to start actually calling people then deliberately entering the wrong responses (and if they are GOP supporters also let them know exactly where I got their number and why I am calling) — if enough people do this, the Dems will concentrate their GOTV efforts on bugging REPUBLICANS to go to the polls, while ignoring actual wavering Dems because gee, someone called this person already and reported that they have moved and their phone was disconnected!! Anything false you can put into their database will monkey this thing up, the falser the better. There is certainly nothing illegal in doing this — you are under no legal or moral obligation to give OfA accurate information!! BTW, the site probably goes down at night because they don’t want people calling anyone at 2am (duh!)
TIPS FOR PRANKING THE OfA SITE:
You don’t actually need to call anyone, just make stuff up and enter it into the system. But follow these steps so it doesn’t appear obviously fake (if they have ANY sense at all they will be checking for these signs.)
1. Make sure AT LEAST half of the results you enter are “no contacts” — such as “did not answer phone” or “left message” or “disconnected”. Most people do not answer the phone (caller ID, not home), so if it looks like you reach 100% of the people you try, they will know it’s fake data.
2. Don’t just enter survey results as fast as you can, wait a minute or two to hit “enter” after you do a “contacted voter” survey. People don’t answer the phone on the first ring and it takes 2-3 minutes to do the questionnaire over the phone; if it looks like you complete 5 interviews every 60 seconds, again they will know it is fake.
3. My strategy has been to guess whether folks are probably Dems or Reps (based on the profile they give you), and then make it look like the Dems are big Rep fans, while making it look like the Reps are not available (so OfA keeps calling Reps and take Dems off their list — the least productive things they could be doing for their team.)
Bravo! What a killer idea. I’m glad you are on our side. Operation Chaos rides again.
Well, that is pretty creepy. I put my zip code in and five clicks later see a name I recognize in a town five miles away.
Reverse look-up of the phone number confirms the home phone of my wife’s doctor. Next thing you know I have the GPA and PSAT scores for one of their children.
That’s pretty creepy. My wife’s doctor’s a Democrat…
I love it! I just marked 100 people as “deceased”!
Don’t allow the site to run scripts, it kills your location readout.
location.href = ‘/error/form_error’;
Honestly they would be doing a favor by marking everyone as deceased or republican or even as refused to talk to me. Roughly speaking if they are under 30 skip or have them down as call back so more of their calls go to less then reliable young voters. Anyone 30-60 put as GOP, anyone 60+ deceased. Also target states like Washington or Nevada that are toss up. Mark down people from West Virginia and Kentucky as not speaking English and watch the hilarious hi-jinks as a caller in asks Democrats in West Virginia and Kentucky in Spanish to support Obama. I joke though, but I pity these people for having their name on that list.
As msjewel noted, the site asks for a facebook login. So is facebook participating in this effort, or are they mining email addresses?
That’s a good question, but actually you can just click on the X in that window to bypass the login altogether.
How about an alternative script:
My name is _____, and I got your number (and your age, by the way) off of the Internet from Organizing for America, the successor group to President Obama’s election campaign.
1. Are you aware that an organization affiliated with President Obama is making your personal information, including your full name, phone number and age, available to strangers over the Internet? How does this make you feel about our president and his party?
A) Great! I’m all for it!
B) Ughh, I wish they hadn’t done that but I’ll vote Democrat anyway.
C) WTF?
D) Do you know the name of any good attorneys? I’m going to sue their asses.
Regarding the update: it goes offline every night since it prohibits calls during evening hours of the recipient.
Republican candidates are doing this as well. On the GOP side, I believe Scott Brown, Meg Whitman, Marco Rubio, and Carly Fiorina all have/had Call at Home programs. It makes sense for any candidate that has some national recognition. I believe they each require(d) a simple registration of some sort, but as we all know, you don’t need to give any of your real information.
I’d hazard a guess that the DNC’s call-at-home is probably the slickest in terms of implementation. While prank calling people is probably a concern, if it happens, I think it speaks worse of the prank callers than of the DNC.
A more slick implementation that would safeguard privacy concerns would be to hide the phone number from the user by having a central system dial out to the caller and callee. This would clearly be much more expensive though.
Finally, I’m guessing there is some kind of anti-tamper mechanism built in to prevent garbage data or scraping of information. For example, you cannot go through more than 20 names in 3 minutes.
Here comes the moral equivalency argument! “But… but… but… the other guys were bad, too!” Of course, that hardly works after about the 3rd grade.
And, Chris, if you’d bothered to read the article, you’d know that your weak and desperate argument has already been dealt with:
Now, of course, if you have any examples of a GOP phone bank where one can get access as easily as you can to OfA’s, feel free to post a link. Otherwise, crawl on back to KOS.
FWIW – I am a lifelong conservative/GOP-er and have never posted to DailyKOS. I’m attempting to bring in more facts into this discussion.
Rubio: http://www.marcorubio.com/call-from-home/
Whitman: http://www.megwhitman.com/onlinephonebank
Fiorina: http://www.teamcarly.com
That GOP candidates have online phone banks, on its own, is clearly not a justification for DNC’s. However, it does bring to light that it is not just DNC doing it.
The information from these online phone banks is coming from voter registration forms.
Personally, I think online phone banks are no more of a security issue than regular phone banks or white pages.
My main points are 1) prank calling isn’t productive and 2) this is not an isolated occurrence.
This guy is either a troll or not good at reading.
The issue isn’t whether phone banks are good or bad, but
rather that posting people’s names, ages, cities, and phone numbers
on the internet is an invasion of privacy.
The three GOP phone banks that he links to do NOT do this.
Marco Rubio’s requires a full registration before you’re given any info. I didn’t bother to register so I dunno what info they give.
Meg Whitman’s also wants a full registration, although they do need more security on their existing accounts (now they don’t even require a password to use someone else’s account), but all I saw were phone numbers, not addresses. Given that, I give Meg a little more credit than OfA, but they still need to strengthen their security.
Carly requires at least a valid email address for you to sign up, because they send an activation email to the address you give. Once in, it’s pretty much like Meg’s, which means that Meg’s site could easily increase their security.
In short, out of your three examples, only one approaches the level of security issues that OfA has.
Time to get rid of the land line phone.
Sorry, no biggie – any phone book contains “full names and phone numbers”, plus addresses
Yes, but I can opt to not have my name and phone number printed in the phone book. When I register with a political party there is no expectation that they will make my full name, telephone number and age available to people across the country so that I can receive a phone call from a complete stranger. I register with a political party so that I can vote in primaries.
If you Google for “call obama” you can see listings for specific campaigns in the search results. They don’t even use a simple robots.txt file to block the Googlebots from indexing the personal info.
Obama’s personal political army posts information on thousands of American voters all over the country online, with no safeguards in place to protect them or their data.
For them, as long as they’ve got your vote, or can get it, then you’ve served your purpose.
I got the message that I had exceeded the number of calls and that I had to authenticate via Facebook. End of playtime.
Delete cookies, reset modem to change IP and if all else fails, get an off the shelf MAC spoofer.
I doubt you’ll need to do the third, the first two should be all you need.
Deleting cookies is easy. Just google the instructions on how to do so for your browser if you need help.
Reseting your modem is easier, just unplug it for about a minute then plug it back in.
Playtime is as long as you want it to be.
A more slick implementation that would safeguard privacy concerns would be to hide the phone number from the user by having a central system dial out to the caller and callee. This would clearly be much more expensive though…..
IIRC the Scott Brown campaign had something like that. Anyone know more?
Also, I saw the OFA set-up and noted how easy it would be to call these voters and give them a pitch for GOP candidates. But if it’s a list of registered Dems that’s probably a waste of time that could be better spent reaching out to GOPers and Independents.
Oh well, off to ring doorbells for Michael Grimm…..
Instead of a robot that answers “Support GOP”, make it answer “Support Dem”. Or, you could just do that yourself for a couple dozen records. I did.
It might reduce the chance of anyone else calling them, and give the organizers a false sense of security.
As for the security of list members, that has never mattered to hard core leftists. I work for a union in California (don’t ask why, it’s a long story) and their attitude on privacy concerns is obscene. “We own the list, we can do anything we want with it,” is their typical response. I know. I’ve asked.
Saturday 3:38 PM it is still up.
Do what I did. I called the number I got and asked for the person, she answered. I asked her is she was aware that the Democrat Party had listed her personal information on a website and that it was completely unprotected. I then told her her age, city and state to prove my point.
I informed her she should contact President Obama’s political organization, Organizing for America, to let them know what she thought about it.
She was 85, so I didn’t bother to give her their web address or I would have.
You know you can “register” with the Obo site and survey to one’s hearts content..
Not that you would use your actual email address…
Lots of dead people on my lists…
Or ones who refused to talk to a democrat polling person…
Not to mention people who no speekie da english…
And if they are under 30.. well they certainly don’t like Obama’s agenda nor his candidates…
Just saying…
It appears people’s ages have been removed. The site is still very creepy, from a security and privacy perspective.