2016 Postmortem
Related: About this forumIn the IT world, in regards to vendors and data security...
...when a vendor FAILS to properly secure their data and it is subsequently accessed by the wrong/nefarious party(ies), then it is the VENDOR'S fault this happened.
Blaming the Sanders campaign for the vendor's incompetence is just a bit too goddamned convenient for the DNC and DWS.
It just is.
EDIT to add a tweet I made a few minutes ago: There can be no clearer example of @DWStweets rigging the Dem race for Hillary than this: http://www.theguardian.com/us-news/2015/dec/18/democrats-punish-bernie-sanders-campaign-following-clinton-data-breach
https://twitter.com/sevenbowie/status/677847734901211136
DNC suspended Sanders campaign from the partys voter file-a move intended to cripple the senator just weeks before the start of the primary. The vendor's failure (intentional or otherwise) to properly secure the data gave the DNC a great excuse to do it.
mhatrw
(10,786 posts)data honeypot
VanillaRhapsody
(21,115 posts)Hortensis
(58,785 posts)carry insurance against the possibility that I might someday be accused of that, and I'm only a user accessing private records, not an IT manager.
I don't know the licensing requirements for IT professionals, but firing is only the first of the consequences for ol' Josh.
VanillaRhapsody
(21,115 posts)You have NO idea what the business rules are in that organization...they vary.
But what you said is patently false...
Hortensis
(58,785 posts)situation, only that there are many that govern the behavior of political campaigns. Given the quickness of Bernie's campaign to fix this situation, I wouldn't expect federal action; after all, it's pretty common for lower-level staffers and volunteers to run afoul of the law.
But that doesn't mean this is okay. You can bet it's a violation, not just of DNC rules, but of FEC regulations. Take a tip from Bernie's response to this problem -- like firemen evacuating a classroom on fire.
Proserpina
(2,352 posts)Once is a mistake, twice is an embarrassment, any more is intentional.
Renew Deal
(81,871 posts)No one is blaming the Sanders campaign. The incident happened. It's not the end of the world.
Triana
(22,666 posts)the Sanders campaign is now being denied access to vital data because the vendor failed to properly secure it.
It's patently unfair.
Renew Deal
(81,871 posts)They'll fix the problem and get them back in. And there is no primary in 2 weeks.
TDale313
(7,820 posts)If the DNC had taken similar actions against her campaign based on their mistake. Of course, the very idea that they ever would is just laughable. The blatant rigging of the "game" is what pisses me, as a Bernie supporter, off. But all's fair, right?
JTFrog
(14,274 posts)implicated in something like this. It wouldn't be enough to deny her access to data. There would be screams for her to withdraw, stand trial and serve the rest of her life in jail.
Personally I hope they give him access back.
MoonchildCA
(1,301 posts)And then it was reported to the DNC, I think the majority would not.
JTFrog
(14,274 posts)In fact, that's more than laughable. You certainly give more credit than I can.
There are people here who have already jumped that shark.
Proserpina
(2,352 posts)In fact, as I think it over, I like it more and more....there's been sufficient unsavoriness to make it a distinct possibility in the near future.
they were punished because they accessed data they weren't supposed to.
boston bean
(36,223 posts)compromised..
screwy....
VanillaRhapsody
(21,115 posts)and a criminal makes off with your TV...who goes to jail....you or the thief?
SmittynMo
(3,544 posts)Imagine this.
1 big building(database), divided into 3 sections. Typically there are 2 doors dividing the three areas. They are meant to be closed at all times.
Now imagine this.
All doors have been removed by a contractor(IT), for whatever reason. People are totally free to move between the rooms. In one room, some idiot leaves a pile of papers on a table with confidential information on it. You(BS employee) walk into the room, and because you are a friend, you pick it up, and read the first page. No copies are made. You put the page back down. No information is really compromised, except to memory.
Hours later, the contractor realizes the importance of the fact that the doors must remain closed at all times, except in case of emergency. He immediately replaces the doors. Oooops!!!
The fact that this situation occurred and someone traveled between rooms, gathered some confidential information, is reported(IT) to the building manager(DWS), who knows damn well that the doors should remain closed.
So who gets the blame? Who should be punished?
The database? The contractor(IT)? The building manager(DWS)? Or You(BS employee)
Get the picture now?
VanillaRhapsody
(21,115 posts)If you leave you home unlocked...and someone comes in and rifles through your underwear drawer.....are they still guilty of "breaking and entering" when there wasn't even a "break" involved?
SmittynMo
(3,544 posts)and unrelated as to how this situation actually occurred.
There is NO comparison.
trof
(54,256 posts)You see that your opponent to your right is holding her cards so that you can see their faces.
Maybe you're the really ethical type and tell her that you can see her hand.
But you've seen it.
It was entirely her fault, you did nothing wrong, but you can't unsee it.
That's how this data breach sounds to me.
SmittynMo
(3,544 posts)employee was terminated. Let's see if anyone gets nailed for the firewall issue. I'm saying no. We'll see.
Hiraeth
(4,805 posts)George II
(67,782 posts)....the Sanders campaign tells the DNC just what they accessed and how they did it.
The could be reinstated this afternoon. It's up to them.
RoccoR5955
(12,471 posts)when I got suspended in school!
Just sayin'
kenfrequed
(7,865 posts)Actually the DNC is cutting off his campaigns access. So yeah, Sanders entire campaign is being blamed.
Renew Deal
(81,871 posts)kenfrequed
(7,865 posts)If the offending party was already fired then what is the point of blocking it?
Moreover why hasn't the software firewall glitch been dealt with? It was reported numerous times according to the Sanders campaign.
Renew Deal
(81,871 posts)So you remove all access and then give it back correctly. It's fairly standard.
kenfrequed
(7,865 posts)They suspended the Sanders campaign accounts and administered it like a punishment in a public fashion in the media a day before the next debates and a day after two huge Sanders endorsements.
That doesn't sound like IT work to me.
Renew Deal
(81,871 posts)That's unavoidable. It really isn't a big deal. No one cares about Hillarys email and no one cares about DNC databases. The "suspension" is no different than what I was talking about.
jeff47
(26,549 posts)While it's not explicitly a permanent ban yet, it is far beyond the time required to fix it.
Ed Suspicious
(8,879 posts)punish, thereby helping their preferred candidate. These people who are claiming "what's the big deal?" are full of shit.
cannabis_flower
(3,765 posts)to prove they've destroyed all data, that is really impossible.
treestar
(82,383 posts)look at post 1 - so out of proportion.
hootinholler
(26,449 posts)Have you looked at GD: P this morning?
Camp Weathervane is trying to make hay out of this.
VanillaRhapsody
(21,115 posts)on this very thread....trying to blame HRC for it...
hootinholler
(26,449 posts)I have no clue whom that nonsequitor refers to.
At this point, blame is any direction is premature, and conjecture will be ruling the day.
VanillaRhapsody
(21,115 posts)so he pulled a Weathervane and BECAME a Democrat...(just as I said he would have to...before he could get on the ticket in New Hampshire)
http://blogs.wsj.com/washwire/2015/11/08/bernie-sanders-i-am-a-democrat-now/
hootinholler
(26,449 posts)Gotta go wash up and change now.
VanillaRhapsody
(21,115 posts)all that slobber everywhere...
SmittynMo
(3,544 posts)find out who has the contractor in their back pocket first.
VanillaRhapsody
(21,115 posts)that crazy ass Conspiracy Theory.....
Hillary taunted him with her data!!!! How dare she!!!
SmittynMo
(3,544 posts)We needs to wait for the facts.
Damn, chill out.
I'm sure this will all come out soon. Otherwise, the DNC will look even worse than it already does.
rogerashton
(3,920 posts)there is any real difference between the DNC and the Hillary campaign.
VanillaRhapsody
(21,115 posts)do you have ANY crumb of evidence supporting this conspiracy theory?
hill2016
(1,772 posts)prohibits them looking at data they were not supposed to even if accidentally given permission
Triana
(22,666 posts)It's typically up to the vendor to properly secure data so that this is not possible without extensive intentional hacking. The guy who accessed it was fired. That's fair. But totally denying the campaign access "indefinitely" is not.
MohRokTah
(15,429 posts)Triana
(22,666 posts)MohRokTah
(15,429 posts)I guarantee you that the contractual agreement required them to not access data they are not supposed to even if accidental access is granted.
That puts the onus on the Sanders campaign. Had they simply reported it, it would be a non issue.
Instead, they stole the data.
Then, when caught, a staffer got blamed and fired.
concreteblue
(626 posts)Nowhere in any article I have seen is ANYBODY saying data was "stolen". You, and other Shrillaries on this and other boards, are the only ones making that slanderous accusation.
Again, your shrieking reeks of desperation.
MohRokTah
(15,429 posts)Can't have it both ways.
concreteblue
(626 posts)I can argue in circles with the best of them. Ask my wife!
The firing is/was politics at the very least. Whether it is anything else we will have to wait and see. Anyone making false accusations on EITHER side, is not interested in the truth, IMHO.
Have a nice day.
moobu2
(4,822 posts)enters my house and steals my valuables...it isn't their fault? Oh, I always thought it was.
Triana
(22,666 posts)to ensure the doors are locked at all times. A key factor is that when you're dealing with YOUR property, that's one thing. But data vendors deal with OTHER PEOPLE'S data. And because they're not just protecting their own data but also the data of other people/organizations, they are held to a higher standard than you are personally.
MohRokTah
(15,429 posts)You obviously have never read a contract from a third party vendor that warehouses data.
Triana
(22,666 posts)MohRokTah
(15,429 posts)I have never once read one, regardless of the service provided, that did not have a data access clause prohibiting you from accessing data that you have been accidentally granted privilege to.
I even see this same clause in agreements that provide nothing more that help desk support!
The onus was on the Sanders campaign and they still stole the data.
moobu2
(4,822 posts)Qutzupalotl
(14,327 posts)So naturally, Debbie punishes the alerter.
moobu2
(4,822 posts)and took valuables. Now they at least need to hand the valuables back over to the owner.
Bluenorthwest
(45,319 posts)in fact not the same as forgetting to lock the door.
PowerToThePeople
(9,610 posts)I am in my own house and a new door appears. I go to check it out and am teleported into your house.
moobu2
(4,822 posts)that you could exploit later part.
PowerToThePeople
(9,610 posts)No articles I have seen have said anything was recorded.
moobu2
(4,822 posts)"Uretsky says he got into the system to create a record to make it clear to anyone with NBG-VAN knowledge that he was "going through stuff that I wasn't supposed to have access to."
Straight from the horses mouth.
PowerToThePeople
(9,610 posts)So he providing them proof of their incompetency that had been reported and ignored multiple times.
No data was taken per your quoted cnn blurb.
LiberalArkie
(15,728 posts)and O'Malley's data. It does seem that Sanders group notified the software company months before this event about the problem.
If the voter data that Bernie has been gathering has been inputted into the software, I think he may been the one being snooped on.
Triana
(22,666 posts)Of course the DNC is all about demonizing Sanders camp for this so that won't be discussed.
AzDar
(14,023 posts)treestar
(82,383 posts)and that's why he got fired.
It is Bernie who fired him, not the DNC, etc.
WillyT
(72,631 posts)Betty Karlson
(7,231 posts)aspirant
(3,533 posts)when does entrapment occur?
mythology
(9,527 posts)That said I think this is much ado about very little.
aspirant
(3,533 posts)JTFrog
(14,274 posts)This place is hilarious today.
aspirant
(3,533 posts)JTFrog
(14,274 posts)I couldn't see a lawyer arguing that his client was entrapped after stealing money from a register that was left open because it had been reported that the cashier had left it open several times in the past.
I can't latch onto that logic, sorry.
But again, I hope they give him access back.
aspirant
(3,533 posts)JTFrog
(14,274 posts)I'd think a director would have better sense.
aspirant
(3,533 posts)RandySF
(59,205 posts)If I accidentally leave my door unlocked and someone trespasses, that person is free of guilt?
jeff47
(26,549 posts)Especially after you complained months ago that new doors keep appearing in your house.
zalinda
(5,621 posts)that 3 Hillary supporters said almost the exact same phrase about the security breach? 'Leaving the door open and someone steals something.....thief.....blame' was said in about 45 min time, in this short thread. Does any one else see a 'trend'?
Z
jwirr
(39,215 posts)Maedhros
(10,007 posts)jwirr
(39,215 posts)winter is coming
(11,785 posts)jalan48
(13,883 posts)AzDar
(14,023 posts)Sivart
(325 posts)Last edited Fri Dec 18, 2015, 01:16 PM - Edit history (1)
There is not just the wording in the vendor contract regarding agreeing to not access others' data regardless of system permissions. There are also usually requirements of notices to be posted in various point of the application presenting the data. A notice stating that you are authorized to see what you are about to see, etc. Standard stuff, really.
There is also likely more than one contract or relationship to this. One contract with the DNC and the IT vendor...contracts between the various campaigns and the DNC. Who knows how it works. Is it the DNS who actually owns the data? Are we sure about that?
I dont think we have enough information to know exactly what happened.
The stories indicated a misconfigured firewall was the problem.....which could suggest that each campaign has their own database which are all firewalled off from each other. But it is hard to believe that this would be the only layer of security. Normally you would expect to also see at least one more layer of security when accessing the database.
The firewall is used to prevent your computer from seeing anything behind it. You dont know its there.
The database security would be where you can designate among those who are allowed past the firewall, which users have read only access, which have read / write access, etc.
This database layer of security is normally based on a specific login of the end user.
Thus, its hard to imagine that the clinton data was behind a firewall, and that an accidental opening in that firewall allowed sanders users to get to the clinton data, and that user IDs from the sanders staff would have had access at the database level to see anything other than maybe the names of the databases. Because you would assume that the Sanders' staff IDs do not have access to the Clinton data, and vice versa.
But who knows how well this system was designed, or how old it is, etc. Does each campaign use the same application front end, and then they get the data for the specific campaign based on who is logged into the application?
All of that aside, I would say that the reaction by the DNC seems off base. There should be no issue determining what was accessed assuming they have the logs that record security events configured correctly. This is also a common way to see who accessed the data in question. If you take that information and compare it with the statements of the fired sanders staffer, you should be able to see if his statements match the events that were logged in the system. He appears on the surface to be willing to explain what he did in detail.
Anyway, this IT security stuff is always messy, and more so when you have outside vendors involved. In my experience, you first correct the problem and ensure the data is safe, then you take your time gathering logs (which are facts) and piecing together exactly what took place. Its practically never an entire organization that is knowingly working in concert to acquire unauthorized information, so it seems off base to react against the entire sanders campaign, unless the DNC would have walked thru the logged events that indicate the entire campaign is responsible, and maliciously so.
Editing to add that i have no idea how the system in question works, and no idea what actually happened. I just wanted to point out what a few possibilities could be, and point out that there are normally multiple points of security and not just one. There are also multiple divisions of responsibility relative to the security of the system and its data. The comparisons to leaving the door to your house open just don't work at all due to the complexities - both technical and legal - that are involved with IT security.
mrdmk
(2,943 posts)May date myself here with RSTS (Digital Equipment Corporation), PRIMOS (Prime Computer, Incorporated), and CP/M (Control Program for Microcomputers) all operating systems had effective password level security for user access and control since the 1970's.
Now NGP VAN as far as I can tell is using a form of Linux on their servers, and to say the least, the operating system is a modern and maintained. As far as updating a computer system would allow users to see/get unauthorized data is at best, a bad joke.
Some links of interest:
http://webiva-downton.s3.amazonaws.com/477/5f/b/1867/VAN_Basics.pdf
http://developers.everyaction.com/van-api#codes
http://arstechnica.com/information-technology/2012/11/how-team-obamas-tech-efficiency-left-romney-it-in-dust/
/
jwirr
(39,215 posts)campaign for the party's voter file? How does this hurt Bernie and what can we do?
One thing I have done is I did a donation to his campaign like we all did when her PAC let loose on him.
Triana
(22,666 posts)Ichingcarpenter
(36,988 posts)and her private servers
Private servers............ think about that.