Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 28th, 2012 in Data Privacy by Simply Security | Be the first to comment | Tags: Data Privacy

Politicians may be violating voters data privacy expectations.

With less than three months to go before voters cast their ballots for the next President of the United States, the candidates are looking for any angle that can help distinguish themselves from their opponent and win over crucial swing states. But as the Obama and Romney campaigns try to attract digital native voters by venturing into mobile application development, it seems that both camps are showing their naivete when it comes to data protection and privacy issues.

Mobilizing supporters

Both Obama and Romney have selected iOS and Android as their platforms of choice, but their applications are designed for distinctly different purposes.

The Obama for America app is a fully functional political organizing tool, according to Mashable, that delivers a continuous stream of campaign news to users and helps them locate and interact with like-minded supporters nearby. For example, a curious citizen could use the app to read up on state registration policies, sign up for a local voter registration drive and locate voting centers from his or her mobile device.

There are also some more advanced features that process campaign donations, integrate social media and even leverage geolocation to help political organizers review the affiliations and demographics of voters in the surrounding area. That means campaign volunteers can get any idea of who might be answering the door – and even how they may feel about certain issues – before ringing the doorbell.

"As we push through the last 100 days of this election, our focus remains on helping make grassroots organizing as easy and accessible as possible for the volunteers and supporters that are the heart and soul of this campaign," Obama for American deputy campaign manager Stephanie Cutter told Mashable. "That's why we designed our new app to help break down the distinction between online and offline organizing, giving every supporter the same opportunities to get involved that they would find in a field office."

Across the aisle, Mitt's VP app designed by the Romney camp initially had just one function in mind. When the Republican Vice Presidential nominee was still in question, voters could download the app to make sure they received confirmation of Romney's running mate as soon as the selection was announced. However, much like the Obama app, social media plug-ins and a donation button were included in the complementary features.

Information overload

Obama for America and Mitt's VP app users may have decidedly different experiences, but the developers of each share a common motive. As the software pushes a variety of information out to voters, it pulls in a wealth of valuable data as well.

Both apps require the standard set of contact information during registration and even let users log in through their Facebook accounts. Geolocation features also give developers some spatial information to add to user profiles, a potentially significant way of identifying voters in key districts and swing states.

While there may always be some level of risk associated with supplying personally identifiable information via mobile and online channels, the data is at least supplied of the user's own volition. What's more worrying to data protection experts, according to ITworld, is some of the information gathered and distributed without citizen consent.

The Obama for America app's canvassing feature stands at the center of this controversy, as it pulls records from state election boards and interfaces it with geolocation data to provide users with a detailed perspective of the political allegiances of citizens in a given neighborhood. For example, users can locate registered Democrats within walking distance of their current location, along with the exact address, gender, age and even first name and last initial of the voter.

"There is no reason why the app needs to show this information to the public for canvassing purposes," National Political Do Not Contact Registry CEO Shaun Dakin explained in a statement emailed to ITworld. "Now I know the age of my neighbors, I know if they are likely Dems and there is no way to opt out of being part of the system (as far as I can tell). This is a total privacy fail."

Electronic Privacy Information Center executive director Marc Rotenberg was more measured in his reaction, noting in an interview with the Washington Post that all of the voter demographic information is publicly available – and oftentimes easily searchable in online databases.

Nevertheless, citizens must become their own privacy advocates and be aware of the risks they could exacerbate or personally incur as a result of using these apps. Referencing a recent investigation launched by data security experts at GFI Software, Network World contributor John Dunn noted that the two apps could be flooding phones with a variety of overly broad permission requests. The Romney app sought access to camera and audio recordings, though it is unclear if or how such data is used, while the Obama app requested access to address books and even call logs.

Data Security News from SimplySecurity.com by Trend Micro