Isn't this considered public data anyways? Illinois (and I believe every other US state) requires that certain voter data be publicly accessible. To access it in bulk, you'll have to pay a small fee, but anyone can get this.
A misconfigured AWS instance is always an issue. I'm not trying to downplay that. Only that this data being released to the public isn't anything new - the public already had access to it.
https://www.elections.il.gov/votinginformation/computerizedv...
So, what, now somehow a group of people impacted by this potential identity theft vector will need to rally together under some keen prosecutor to personally sue? Why aren't the vendors auto-summoned to court by the government when these breaches occur?</rhetoricalQuestion>
Hooray for the free market .. ?
Recently, I got an email from AWS notifying my that one of my S3 buckets was publicly accessible (intentionally, for a static site). They really try to make sure that people can't screw this up.
As both a Chicagoan and (obviously) an Illinois resident, this means my voter info has been exposed twice this year alone.
Amazon sent out warning emails for owners of misconfigured boxes about 60 days ago. Why didn't the firm in question take action? I am an engineer and literally had to do that same task at work at that time. Easy as 2 clicks.
Slightly off-topic, but a great video on why Electronic Voting could be a bad idea: https://www.youtube.com/watch?v=w3_0x6oaDmI
I've wondered before why the UK doesn't have e-voting, and after watching it is sort of seems obvious. With traditional voting, it can easily be changed on a small scale, but is very hard to do in a meaningful way. Whilst with e-voting, its almost just as much effort to change on a small scale as a bigger scale, with much fewer people being involved.
I particularly like the idea that the reason we use pencils is as a protection against somebody replacing pens with ones with invisible ink. Not sure if this is true though.
T-Mobile uses the last4 of the account holder's SSN as a phone support authentication string.
This is a trove.
How far fetched would it be for this data to make it's way into Cambridge Analtyica-type targeting for future election advertising?
Putting on my tinfoil hat for a moment, I have this nagging feeling in my guy that these issues are a little too coincidental.
So how can we make sure all this data isn't used to tamper with voter rolls or uploaded to FB, etc. to create Custom Audiences based on voting history and district?
Cool, now let's match them up against death records and see how many of the dead really do vote in Chicago ;)
Is there any way for one to know if their info has been exposed? I had been registered to vote in Chicago ~6+ years ago but have since moved. Knowing Chicago, I'd bet I was still on the rolls (and probably having ballots cast for me ;)
Is there any way to find one's (personal) details were in the data that was exposed??
I wonder if Obama's info was leaked (mine almost certainly was was :( )
1.8M Voters. Somehow voted democrat 2.1M times....
This is EXACTLY the reason I don't vote
Source blog post (and free of CNN's obnoxious autoplay video): https://www.upguard.com/breaches/cloud-leak-chicago-voters
As soon as I read the headline, I immediately thought "AWS misconfiguration". A few recent massive government-data breaches (by contractors) have fallen into that category:
June 2017: http://gizmodo.com/gop-data-firm-accidentally-leaks-personal...
May 2017: http://gizmodo.com/top-defense-contractor-left-sensitive-pen...
Note that all of these breach reports (including this Chicago one) come from Upguard, which seems to have a method for scanning/crawling public S3 buckets.