WASHINGTON – Democrats are often praised for their cutting-edge data collection techniques but the massive databases they use also have created problems. The centralized collection leaves years of information vulnerable to misuse, analysts say. The exclusive use of the Voter Action Network/Votebuilder, came under fire in December when a glitch in the system allowed Sen. Bernie Sanders’ campaign to view certain voter notes collected by rival Hillary Clinton’s camp.

The Democratic National Committee requires its candidates and organization to use one voter database – the Voter Action Network/VoteBuilder, which is where voter data is entered to share with other Democrats.

John Phillips, chief executive officer of Aristotle, a non-partisan technology company for campaigns and organizations, said that the DNC’s Sanders incident is part of a larger tension between candidates who want to design their own campaign and the party headquarters wanting to control campaign messaging.

More than 75 percent of Democratic congressmen and senators, almost all Democratic state parties and more than 1,700 Democratic organizations use technology provider NGP VAN to run the technology side of their canpaign, according to the company.

“This model ensures that our lists are constantly being refined and that we have the most effective and up-to-date tool to win elections,” said Eric Walker, a regional press secretary for the DNC, in an email statement. “There’s nothing like it on the Republican side.”

This massive voter file includes personal information like addresses, phone numbers and the party affiliation of voters. During campaigns, candidates at any level update the files with new addresses or changes in party affiliation and return it to the party after the election.

“The technology by design is intended to suck up this personal information and provide it to the power brokers in Washington,” Phillips said. “The national party is under no restrictions in terms of what they’re doing with that information.”

Critics on the other side of the aisle say this centralized approach is causing Democrats to put their voters’ data at risk.

That’s why some Democrats are slowly moving toward supplementing VoteBuilder with other tools that take more security measures. Larger campaigns like Clinton’s have their own in-house data teams, while others are getting secondary help from tech companies to crunch numbers and avoid data breaches.

Some security analysts say the current Democratic VoteBuilder model is antiquated and outdated, and with that comes security concerns that more modern software is attempting to address.

“That is kind of symptomatic of the top-down monopoly,” Campbell said. “If you’re running as a Democrat, first off, if you’re challenging an incumbent and the incumbent is favored by the party, it’s very hard to get a leg up against the party.”

Republicans outsource data security and analytics

Meanwhile, Republicans have quietly used a different approach. With no such unified system, individual technology and security companies compete for the business of Republican candidates to collect and analyze voter data.

Without an RNC-coordinated voter data tool, companies are encouraging candidates to use their own data analytics. These companies say that they specialize in providing both security for voter data and analytical tools that help the campaign.

“They’re all competing and at the end of the day I think it makes for…a better product,” said Chase Campbell, the vice president of client strategy at Harris Media, the firm that ran digital strategy for Ted Cruz’s Senate run and Rand Paul’s presidential campaign.

NationBuilder is a popular software system that is used mostly by Republicans in more than 2,000 political campaigns. Republicans like 2016 presidential race front runner Donald Trump and former Governor of Florida Jeb Bush, have used the system, as have a few Democratic groups like the New Jersey Democratic Party and California Governor Jerry Brown’s campaign.

The December DNC data breach is only one example of how voters’ personal information is at risk without the proper security efforts. In December, a Texas researcher found that voter data for 191 million Americans was exposed online by a “misconfigured server.” The data included people from all 50 states and both parties.

Because of these types of security threats, Campbell said, companies like his have to go through extra hoops when trying to sign on a campaign, making significant investments in ensuring their systems have top cyber protection.

Data security measures “wild west” on campaign websites

The security of voter data online has become a priority for candidates and media outlets in the 2016 presidential campaigns.

“It was kind of interesting to see how much scrutiny and media attention was given to campaign websites, both in how they were coded and what (security) they were using on them,” Campbell said.

While the parties differ on collection and security of voter data, many campaign sites are not better. All campaign sites openly disclose that supporter information can be sold to third parties, without a way to easily opt out from the practice.

Former candidate Chris Christie’s site, for example, said in its privacy policy that supporters could opt-out from giving permission to share their information, but did not offer a visible opt-out option on sign-up pages, according to a study from the Online Trust Alliance, a nonprofit that aims to improve privacy and security on the web.

The group’s study, released in September, showed that a majority of campaign sites were failing in protecting the privacy of donors and site visitors. While nearly all of the campaign sites had adequate security and consumer protection, many had lacking privacy policies that allow campaigns to share or sell data with third parties.

No government agency regulates this information sharing. Campaign sites are not classified as companies so they do not fall into Federal Trade Commission regulations.
The Federal Election Commission doesn’t govern the process either. FEC officials, who are deadlocked with an equal number of Democratic and Republican members, have previously said they do not have jurisdiction over protecting voter records.

“It’s a Wild West,” said Craig Spiezle, executive director of the Online Trust Alliance. “There’s a lack of regulatory oversight to prevent or protect consumers from this.”
Spiezle said that motives for selling data can vary, but often it’s to help pay off campaign debt or help the candidate’s party go pitch to donors to support another nominee. But Phillips said that may not last.

“Most modern campaigns are building their own technology with their own database to be able to protect the security and the privacy of the data,” Phillips said. “They’re not going to be sharing this data much longer.”