Slate and the Industry Standard join forces to examine the effect of the Internet on Campaign 2000.
The Bush and Gore campaigns will absolutely, definitely protect your privacy when you visit their Web sites.
How do you know? Because they say so.
Still, there is enough information exchanged on these sites to raise doubts about whether “private” means private. The availability of data that, from a political transparency perspective, might seem like a virtue can also seem like an invasion of privacy. For example, if you make an online donation of $200 or more, the Gore campaign, by law, will transfer that data to the Federal Election Commission, where your donation becomes a matter of public record.
Because Bush does not abide by voluntary federal election limits and therefore isn’t required to reveal donations, his campaign says it bends over backward to disclose donations online. Hence, every contribution also is theoretically available on the Bush site. By searching through the database, you can find the names and home addresses of donors who have given Bush as little as a dollar. That is information that many donors might prefer to keep confidential.
Both Gore and Bush also collect information online about campaign volunteers (home address, phone number, etc.) and later allow those who sign up to remove their names from volunteer lists. Both sites say they don’t reveal such lists. (It’s impossible to verify those claims because neither side submits to a third-party audit.)
And what happens to information collected by defunct campaigns? “Any Web site that collects identifiable data from visitors does so voluntarily,” says Tim Kane of Enonymous.com, which rated candidate sites for privacy in March. “The key issue for us is if the data collected is then sold or shared outside the campaign.”
“The Internet has raised the privacy issue far beyond where it has ever been,” says Michael Cornfield, Democracy Online Project professor at George Washington University in Washington, D.C. “It’s one celebrity scandal away from making it to the top tier. … It has to happen to somebody everyone is familiar with so they can imagine it happening to them,” says Cornfield.
Even if the candidates’ sites have the best intentions, they are also theoretically susceptible to hackers. Marc Maiffret of eEye Digital Security, a division of eCompany, visited the Bush and Gore sites and noted that the credit-card information the candidates collect from donors could be vulnerable to theft.
“Both sites were broken into,” Maiffret says. “On Oct. 19, Bush’s was broken into and linked to the International Communist site. In April 1999, it happened to Gore—whoever broke into it replaced it with a joke page.”
Both those attacks were harmless pranks, but Maiffret warns, “A more malicious person could change the Web site without letting anyone know. They could have stolen information.”
Greg Sedberry, Bush’s e-campaign manager, downplays the Bush site’s vulnerability. “An FTP on one of the machines in our cluster was left open, which allowed something to be uploaded. In no way were the other machines vulnerable. Since then, we’ve employed a firewall and a 24/7 monitoring service.”
“SSL is a buzzword,” Maiffret scoffs. “That doesn’t mean the information is secure. It may be encrypted en route, but once it’s there, it sits there. Being in a locked room doesn’t make it any more secure at all.”
Tim Dick of Grassroots.com, a political-action Web site, says sites should be audited by third parties such as TRUSTe, an Internet oversight organization that uses its symbol as a kind of Good Housekeeping seal of approved privacy practices.
Dave Speer of TRUSTe adds, “In my experience, the No. 1 reason why some Web sites might say they don’t use third-party oversight, because they do it themselves, is that they made a business decision to avoid third-party oversight.”
Speer doesn’t expect this issue to die. “Privacy is going to be an issue in this campaign, and in four years, it’s going to be the No. 1 issue,” he says.