New findings by The App Analyst reveal a privacy bug in Democratic presidential candidate Joe Biden's official campaign app.
According to The App Analyst, the bug allowed anyone to look up sensitive voter information on millions of Americans. The Vote Joe App is designed as an organization tool to help engage with voters. Users can sign up with an email and an address. Once the users complete this registration, they can use many of the app's features, including sending canned Joe Biden support texts and report information about their contacts - a practice called "relational organizing," where users sync their contacts or find a voter in the Vote Joe App voter database and report specific information about that contact or voter.
The app uploads and matches the user's contacts with voter data from Target Smart, a political marketing service that claims to have more than 191 million voter records. When a match is found, the app then display the voter's name, age and birthday, including which election they voted in.
"While the Vote Joe App claims they cannot know exactly who a user voted for as that's a secret, they did not clarify what these values represented, leaving the possibility the values could represent who they suspect the user voted for," notes the security researcher.
The researcher found the contact data enriches the database entry and is stored to help solicit their vote in the future. "An issue occurs when the contact in the phone does not correspond with the voter but the data continue to enrich the voter database entry. By adding fake contacts to the device a user is able to sync these with real voters," he adds.
The App Analyst alerted the Vote Joe team of the potential privacy concerns. As of September 11, developers addressed the issues. Matt Hill, a spokesperson for the Biden campaign, told TechCrunch: “We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed,” Matt Hill, a spokesperson for the Biden campaign, told TechCrunch. “We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so.”
Leo Pate, Application Security Consultant at nVisium, a Falls Church, Virginia-based application security provider, says the privacy problem is twofold: 1) from a state data collection standpoint, and 2) from a technology perspective.
Pate explains, "From a state data collection perspective, the issue that most states face is "what data do we collect, who can access it, and what data do we not give out." State election administrators want to run fair and open elections; however, the rules regarding how they do so is largely dictated by the state government. The good news is that there has been a lot of activity regarding state voter information and election security since the 2016 Presidential election. For example, in the vast majority of states, there are stipulations that must be met before any person or organization can acquire voter data and what data will be provided. Just like with any data, voter data can also be fused with other data sources to "paint" a bigger picture about any individual voter. While you may not be able to receive a home address for a voter via a state's voter file, you can take that voter's name and do a lookup via the white pages to find an address. From there, you can determine their potential state and federal officials.
"From a technological perspective, if the "Vote Joe" (VJ) application can access a user's contact list on their device, how is VJ storing that data and what protections are in place to safeguard that data? There are numerous mobile application vulnerabilities that can be manipulated for exploits. The world we live is a mobile one, highly interconnected and a lot of telemetry on ourselves resides on our mobile devices. While voter data collection and the fusion of other data sources are definitely privacy concerns, the tools we chose to use in the election process should also be just as heavily scrutinized," Pate says.
Brandon Hoffman, Chief Information Security Officer at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, says there are several issues to consider.
"Certainly privacy is a huge issue since voter databases and voter information should be secured and not shared. If voter information is that easily accessed and shared, then we are simply making it easier for influencers, internal to the US, or external, to harvest critical insight and targeting data," Hoffman notes. "The privacy around an individual’s voting record and information about the person themselves needs to be protected. It is hard to understand how this information is mandated protected across various industries, but when it comes to voting, this information is freely available.
"There is a clear mismatch or mishandling of citizen data across industry in the US. If the Vote Joe App is the gateway to the Target Smart data, then ultimately, the privacy violations fall on the Biden Campaign to resolve. Beyond the privacy issues, and potentially more concerning, is the ability to use the Vote Joe App to do relational organizing," Pate says. "This is exactly the grounds roots organizational capabilities needed by disinformation campaigns. An influencer could easily just sync their phone loaded with a list of pre-planted fake social media “contacts” and “profiles” what will be used to further their information campaign.”