Data breach sets off charges of theft in '16 Democratic race
Data breach sets off charges of theft in '16 Democratic race
Dec. 19, 2015
WASHINGTON (AP) — The Democratic race for president unexpectedly exploded with rancor Friday as Hillary Clinton's campaign accused rival Bernie Sanders of stealing millions of dollars worth of information about potential voters.
Sanders' team, meanwhile, accused the Democratic Party of holding his White House bid hostage by temporarily barring it from accessing its own voter data. His campaign filed a lawsuit to get it back and aggressively tried to turn the allegations into a political advantage. The party and the Sanders campaign reached an agreement late Friday to restore the campaign's access to the database.
"This information is really key to our campaign and our strategy," said Clinton campaign manager Robby Mook. "We are particularly disturbed right now that they are using the fact that they stole data as a reason to raise money for their campaign."
The reaction to the data breach, the depth of which was debated by all involved, tore open an ugly fault line between two camps that had so far engaged in a relatively civil White House campaign.
On the eve of the party's next presidential debate, it also thrust into the open longstanding suspicions among Sanders and his supporters that the national party is unfairly working to support Clinton's candidacy.
"Clearly, in this case, they are trying to help the Clinton campaign," Sanders campaign manager Jeff Weaver said of the Democratic National Committee.
At issue is an extensive trove of voter information maintained by the DNC. The campaigns are able to add their own information to the database, information which they use to target voters and anticipate what issues might motivate them to cast ballots.
In Clinton's case, Mook said, the information stored in the database included "fundamental parts of our strategy."
DNC Chairwoman Debbie Wasserman Schultz said that on Wednesday the Sanders campaign "inappropriately and systematically" accessed Clinton's data. She rejected Weaver's effort to blame the breach on a software glitch and the actions of a small group of rogue staffers, one of whom was fired.
In response, the DNC temporarily turned off Sanders' access to the database and asked for an accounting of how the information was used and disposed of.
That decision infuriated Weaver, who said the party had cut Sanders' team off from the "lifeblood of any campaign." He added, "It is our information, not the DNC's."
Hours later, the Sanders camp filed a lawsuit in U.S. District Court in Washington seeking an immediate restoration of access to the database. Without it, the lawsuit said, the campaign would lose approximately $600,000 in donations a day.
"It's outrageous to suggest that our campaign 'stole' any data," said Sanders spokesman Michael Briggs. "What is true is the data we collected and need to run a winning campaign is now being stolen from us by a DNC dominated by Clinton people."
Early Saturday, the DNC said the Sanders campaign had complied with its information request. "Based on this information, we are restoring the Sanders campaign's access to the voter file, but will continue to investigate to ensure that the data that was inappropriately accessed has been deleted and is no longer in possession of the Sanders campaign," Wasserman Schultz said in a statement.
The back-and-forth underscored Sanders' attempt to cast himself as an anti-establishment upstart willing to take on Clinton, the unquestioned front-runner for her party's nomination.
Even before the lawsuit was filed, Sanders' campaign sent a fundraising email to supporters that said his "quick rise in the national polls (has) caused the Democratic National Committee to place its thumb on the scales in support of Hillary Clinton's campaign."
Notably, the email made no mention of the campaign's decision to fire a staffer involved in the breach and Weaver's admission that the staffer's actions were "unacceptable."
Mook responded, "It's not something to be fundraising off of."
Firewalls are put in place to prevent campaigns from looking at data maintained by their rivals. But the vendor that runs the system, NGP VAN, said it ran a software patch Wednesday that allowed all users to access data belonging to other campaigns.
Fallon said the Sanders campaign staff conducted 25 searches from four different accounts, saving the data into the Sanders campaign account.
NGP VAN said the Sanders staff involved were able to "search by and view (but not export or save or act on) some attributes that came from another campaign." The company said the Sanders campaign saved a "one page-style report containing summary data."
Weaver argued the firewall used by the vendor had previously failed, and he railed against the party for not taking the steps required to keep the information secure. He said in an interview with CNN late Friday that "we don't have any Clinton data."
Josh Uretsky, the data director fired by Sanders' campaign, said his team was merely investigating the security problem and trying to figure out how exposed the software patch left their own data.
"I believe that I took appropriate steps to audit and assess the security breach and that nothing I did was done in a way that it would give the Sanders campaign a competitive advantage," Uretsky said in an email to The Associated Press.
Summaries of data logs provided to the AP show the Sanders team spent nearly an hour in the database reviewing information on Clinton's high-priority voters and other data from nearly a dozen states, including first-to-vote Iowa, New Hampshire and South Carolina.
Some of these voter lists were saved into a folder named "Targets," according to the logs. Uretsky's deputy appeared to focus on pulling data on South Carolina and Iowa voters based on turnout and support — or lack of support — for Clinton.
The Sanders campaign employees who accessed the Clinton voter information without authorization appear to have run afoul of the federal Computer Fraud and Abuse Act, said Jason Weinstein, a former supervisor of the Justice Department's computer crimes section.
Those employees "have reason to be concerned about legal exposure," he said, for what appears to fit the definition of illegal hacking.
Associated Press writer Julie Bykowicz contributed to this report.
On Twitter follow Ken Thomas at http://twitter.com/kthomasDC and Lisa Lerer at http://twitter.com/llerer