Obama & Romney campaigns are leaking voters personal info.

The presidential campaign sites BarackObama.com and MittRomney.com have recently ratcheted up their use of third-party Web trackers. These are companies, like ad networks and data brokers working on behalf of the campaigns, that collect information about users’ online activities to show political ads to people tailored to their own interests and beliefs.

Spokesmen for each campaign have separately said that their own campaign had put safeguards in place to protect that user data, as Charles Duhigg and I reported in an article published in The New York Times on Oct. 28.

But now a new study by Jonathan Mayer, a graduate student in computer science and law at Stanford University, reports that both sites are leaking information about site visitors to a number of third-party trackers operating on their pages.

Several pages on the Obama site included a user’s personal information in the page title at the top of the page or in the URL address, Mr. Mayer said, thereby giving third parties operating on the site the opportunity to collect identifying data. The information flowing to third parties, he said, variously included the username; the proper name under which a person registered; and their street address and ZIP code.

On the Romney site, Mr. Mayer said, he found that a number of pages included the user’s name in the page title. Many pages also included a unique numerical ID number in the URL, which flowed to third parties, he said.

“Are the campaigns identifying their supporters to third-party trackers? Are they directly undermining the anonymity properties that they are so quick to invoke?” Mr. Mayer wrote in a blog post published on Thursday morning. “Yes, they are.”

Mr. Mayer tested the Obama and Romney sites by registering as a user and examining the page codes and layouts that resulted as he visited the sites.

In registering for the Obama site with his e-mail address, for example, Mr. Mayer found that the site by default assigned him a username that was the first part of his e-mail address. On certain pages on the site, he reported, that username appeared in the URL, thereby sharing part of his e-mail address with ten tracking companies operating on the page. Because many consumers tend to use the same e-mail address or username on many sites, leaking such data could allow third parties to link other public accounts on the Web to individual users, Mr. Mayer said.

Meanwhile, after Mr. Mayer found that the Romney site leaked his member ID number in the URL, he logged out and then immediately tried to access his own information on the site using that ID number — a tactic a third party who collected that data could hypothetically use. When he used that ID number on the site without being logged in, the site showed a message that said “Access Denied.” At the same time, he said, the very same “access denied” page leaked more information on that page: the name under which he had registered.

I registered on both campaign sites on Wednesday night and had a similar experience.

The Obama site automatically assigned me a user name —nsinger — taken from my e-mail address that was visible in the URL on various pages. Using a tracker identification program called Ghostery, I found four different trackers that could collect that information.

On the Romney site, certain pages leaked the ID number I had been assigned in the URL. Other pages, I noted, leaked my ZIP code or state in the URL.
http://bits.blogs.nytimes.com/2012/11/01/romney-and-obama-campaigns-leaking-web-site-visitor-data/?src=rechp

Political mailers which reveal voters identities seen as intimidating.

A let­ter re­ceived from a con­ser­va­tive or­ga­ni­za­tion by a Toledo woman is vaguely in­tim­i­dat­ing, but Da­nielle “Embyr” Lind­ner is not sure why.

"I’m not sure if they’re try­ing to en­cour­age me to vote, or not to vote, but I’m con­cerned that my neigh­bors are get­ting the same let­ters. I don’t want them to know I do vote. It’s re­ally no­body’s busi­ness,” said Ms. Lind­ner, 24, of Toledo, a med­i­cal bill­ing as­sis­tant.

The let­ter from Amer­i­cans for Lim­ited Govern­ment pur­ports to be a Vote His­tory Au­dit. It thanks her for vot­ing and shows her vot­ing his­tory, show­ing that she voted in 2004 and 2008. It even has a “Notice Num­ber”: 47494705, the mean­ing of which is not ex­plained.

It also shows the vot­ing his­tory of six oth­ers who live on her street, Ber­dan Avenue, in­clud­ing that of her grand­mother, Pa­tri­cia Lind­ner, who shares the same ad­dress.

And, as if Ms. Lind­ner had asked to be kept ap­prised of her vot­ing his­tory, it says, “As a fur­ther ser­vice, we will be up­dat­ing our records af­ter the ex­pected high turn­out for the Tues­day, No­vem­ber, 6, 2012 elec­tion. We will then send an up­dated vote his­tory au­dit to you and your neigh­bors with the re­sults.”

Its con­clu­sion in­forms Ms. Lind­ner: “Please be sure to con­tinue your par­tic­i­pa­tion and ex­er­cise your right and re­spon­si­bil­ity to vote.”

Univer­sity of Toledo po­lit­i­cal sci­ence pro­fes­sor David Wil­son, who heard about the let­ter through Ms. Lind­ner's grand­mother, said, “It seems to me to be a clear at­tempt at voter in­tim­i­da­tion, and thus vote sup­pres­sion.”

The vot­ing in­for­ma­tion is pub­licly avail­able through the Lu­cas County Board of Elec­tions, and is the type of in­for­ma­tion po­lit­i­cal cam­paigns rou­tinely ob­tain to make cam­paign de­ci­sions, such as whether a voter votes fre­quently or has pulled a Demo­cratic or Re­pub­li­can bal­lot in the past.
http://www.toledoblade.com/Politics/2012/11/01/Woman-is-told-group-has-audit-of-neighborhood-elections-activity.html
http://www.wlbz2.com/news/watercooler/article/220628/109/Political-mailers-anger-voters