The Scandal of the DNC Data Breach

DNC, Clinton Ties With Company Managing DNC Data

The company housing DNC servers, NGP VAN, has deep ties to the Clinton family. It was founded, in part, by Nathaniel Pearlman, who was the chief technology officer for Hillary Clinton’s 2008 presidential campaign. The current CEO and president of NGP VAN, Stuart Trevelyan, served as a member of the White House Office of Legislative Affairs during the administration of President Bill Clinton.

NGP VPN enjoys a cozy relationship with Clinton’s 2016 presidential campaign, as does the DNC, which has hired NGP VPN to manage its servers. DNC chair Debbie Wasserman Schultz’s relationship with Clinton goes back to the 2008 presidential primaries when she managed her campaign against President Obama.

DNC Server Issues

The DNC servers housed by NGP VPN have been having issues, but the company seems to have done little to resolve them. In October 2015, for instance, the BernieSanders campaign noticed a data breach in the servers and informed NGP VPN. However, Schultz claimed that no proprietary data had been stolen and the Sanders campaign let the matter rest.

Another data breach occurred on December 16, 2015. This time, the national data director of the Sanders campaign, Josh Uretsky, viewed the data and directed three employees to do the same. Uretsky insists that he never accessed any Clinton campaign data, saying that he and his staff were trying to “understand how badly the Sanders campaign’s data was exposed.”

Reaction of Clinton, DNC Camps

The Sanders campaign nevertheless fired Uretsky, but the reaction from the DNC chair was swift and vicious. Without so much as asking for an explanation, Schultz blocked the Sanders campaign from accessing its own voter data. Besides hastily leaking the news of the so-called data breach, Schultz claimed that the Sanders campaign “inappropriately and systematically” accessed Clinton’s voter data, but she did not provide any evidence to substantiate the claim.

The Clinton campaign, on its part, raised the customary hullabaloo that has become its signature tactic. But not stopping at that, it accused the Sanders campaign of theft. As a Clinton campaign manager put it, “We are particularly disturbed right now that they are using the fact that they stole data as a reason to raise money for their campaign.”

Sanders Lawsuit

Schultz appeared to be in no hurry to give back the Sanders campaign access to its own data, and only relented after the campaign filed a lawsuit against the DNC. Filed on December 18, 2015, the lawsuit claimed that the DNC action was in contravention of its agreement with the Sanders campaign. In its lawsuit, the Sanders campaign contended that DNC’s “unwarranted, unilateral suspension” of its data access “directly impacts one of the nation’s most important electoral races and carries political implications on a national scale.”

Unanswered Questions

Now, there are several unanswered questions to this episode:

  • Since the voter data for all the campaigns was exposed during the data breach, did the Clinton campaign access data belonging to the Sanders campaign?

  • As there was another data breach earlier, did the Clinton campaign access the Sanders campaign data at that time?

  • Did the data breaches occur only two times, or were there other data breaches, unbeknown to the Sanders campaign?

  • Has the DNC taken any action against NGP VAN for its lapses in maintaining the security of the data?

Most of these questions will best be answered through an independent audit of the DNC’s centralized voter data system. Indeed, the Sanders campaign has demanded such an audit, and it has asked the Clinton campaign to join it “in calling for a thorough, independent investigation starting from Day One.” Surprisingly, the Clinton campaign, which was keen to have an investigation of DNC data access by Sanders staff, has not shown any eagerness for the more extensive audit demanded by the Sanders campaign.

On December 24, the DNC chose Manhattan-based private intelligence firm, Kroll, to investigate the breach of its database. While the Clinton campaign was “pleased” with the choice, the Sanders campaign has not given any public reaction. Kroll’s elite clientele is believed to include firms against whom Sanders has been stumping this primary season.

The Sanders campaign, on its part, has shown no inclination to drop its lawsuit until the DNC server issue is fully resolved, and it has accused DNC of “stonewalling.” Jeff Weaver, the Sanders campaign manager, said the lawsuit could lead to a discovery phase and possible depositions, unearthing problems with the voter system. The Sanders campaign is ostensibly using the lawsuit as a lever to force the DNC to come clean on its voter data system.

Conclusion

The DNC is a powerful political machine that plays an important role in the selection of a Democratic candidate for each presidential election. To perform this vital role, it needs to have the full trust of all campaigns. In particular, Schultz needs to restore the confidence of Sanders, who could be the Democratic nominee for president of the United States.

She could begin by expeditiously launching an independent audit of the DNC voter data system by selecting a firm that is acceptable to all the candidates. She also needs to ensure that rather than focusing on the latest data breach, the investigation encompasses a thorough examination of any data breaches that may have occurred ever since NGP VAN began managing the candidates’ data.