Campaign finance disclosures unnecessarily make political supporters vulnerable to physical and cyber attacks.
竞选资金的披露不必要地使政治支持者容易受到物理和网络攻击。
The US Federal Election Commission (FEC) has a data privacy problem. Though making political campaign financial records publicly accessible enables independent review to counter corruption and foreign influences, providing anonymous online access to every financial campaign transaction contradicts authoritative government guidance regarding the protection of sensitive personal information and exposes supporters to physical and cyber attacks.
美国联邦选举委员会(FEC)存在数据隐私问题。 尽管可以公开获取政治竞选活动的财务记录,从而能够进行独立审查以对抗腐败和外国影响,但匿名访问每个金融竞选活动的在线方式却与政府在保护敏感个人信息方面的权威性指导相抵触,并使支持者容易受到物理和网络攻击。
个人信息保护中的上下文问题 (Context Matters In Personal Information Protection)
Examining the FEC campaign finance database reveals that the government interprets financial transparency as a broad mandate to make detailed personal information about all campaign contributions and disbursements anonymously available. While many may perceive personal data disclosure as acceptable because an individual’s name and address are generally viewed as public information, the data value increases extraordinarily when considered in the political context and warrants stronger privacy protections.
检查FEC竞选财务数据库后发现,政府将财务透明度解释为一项广泛的任务,可以匿名匿名获得有关所有竞选捐款和支出的详细个人信息。 尽管由于个人的姓名和地址通常被视为公共信息,所以许多人可能认为个人数据公开是可以接受的,但从政治角度考虑,数据值会异常增加,并需要更强的隐私保护。
The government has established precedent to consider how data value changes when presented in different contexts. All federal agencies manage information flow using a labeling system that assigns standard classification levels to each piece of information. Much of the information that the government collects and maintains is considered Unclassified, meaning that disclosing the information will not damage national security. Though individual personal information generally falls into that category, the government recognized years ago that “personally identifiable information” (PII) warrants additional protections.
政府建立了先例,以考虑在不同情况下呈现数据时值如何变化。 所有联邦机构都使用标签系统管理信息流,该标签系统将标准分类级别分配给每条信息。 政府收集和维护的许多信息被认为是未分类的 ,这意味着披露信息不会损害国家安全。 尽管个人信息一般都属于此类,但政府几年前就认识到“ 个人身份信息 ”(PII)需要额外的保护。
Widely considered the primary authority for defining government cybersecurity and privacy guidelines, the National Institute of Standards and Technology (NIST) established this definition for PII in 2010:
美国国家标准技术研究院(NIST)被广泛认为是定义政府网络安全和隐私准则的主要机构,并于2010年为PII建立了以下定义:
PII is “any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. — NIST SP 800–122: Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
PII是“由代理机构维护的有关个人的任何信息,包括(1)任何可用于区分或追踪个人身份的信息,例如姓名,社会保险号,出生日期和地点,母亲的娘家姓或生物特征记录; (2)与个人链接或可链接的任何其他信息,例如医疗,教育,财务和就业信息。 — NIST SP 800–122:保护个人身份信息(PII)机密性指南
One example that NIST includes in that document addresses issues related to a fraud reporting application, a data context similar to that of the FEC database. The example argues that the disclosure of personal information in that context “would likely cause some of the individuals…to fear retribution,” leading to a “severe or catastrophic adverse effect” that warrants the highest levels of protection.
NIST在该文档中包括的一个示例解决了与欺诈报告应用程序相关的问题,该数据上下文类似于FEC数据库的数据上下文。 该示例认为,在这种情况下披露个人信息“ 可能会导致某些个人……害怕报应 ”,从而导致“ 严重或灾难性的不利影响 ”,因此需要最高程度的保护。
Internal guidance published by the Department of Homeland Security (DHS) follows the NIST guidance, noting:
国土安全部(DHS) 发布的内部指南遵循NIST指南,并指出:
“[Personal information] which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual…requires stricter handling guidelines because of the increased risk to an individual if the data are compromised.”
“ [个人信息]如果未经授权而丢失,泄露或泄露,可能会对个人造成重大伤害,尴尬,不便或不公平……需要更严格的处理准则,因为如果数据遭到泄露,对个人的风险就会增加。 ”
Furthermore, the government demonstrably understands that the value of information will increase as the reporting context changes. The US Office of the Director of National Intelligence (DNI) describes how the value of individual data items changes when new associations are made through compilation:
此外,政府显然了解到,随着报告环境的变化,信息的价值将增加。 美国国家情报局局长办公室(DNI) 描述了通过编译建立新关联时各个数据项的价值如何变化:
“Information that individually is unclassified or classified at a lower level, may become classified or classified at a higher level when aggregated or compiled in a single document, if the compiled information reveals an additional association or relationship that meets the standards for classification under the Order, and is not otherwise revealed in the individual data items.”
“如果单个信息未汇总或分类为较低级别的信息,则在汇总或汇总到单个文档中时,如果汇总的信息显示符合该命令下分类标准的其他关联或关系,则可能会在较高级别上进行分类或更高级别的分类,并且不会在其他数据项中显示。 ”
Those sources advance the premise that government agencies should determine the value of personal information it processes by assessing the potential harm to an individual against three criteria: 1) Linkage of identity to contextual information, 2) Potential for discovering new contextual information through compilation, and 3) Potential for individual harm from disclosure. Applied against the FEC campaign finance database:
这些资源提出了这样一个前提,即政府机构应通过根据三个标准评估对个人的潜在危害来确定其处理的个人信息的价值:1)身份与上下文信息的关联; 2)通过编译发现新上下文信息的潜力;以及3)披露可能造成的个人伤害。 适用于FEC竞选财务数据库:
Linkage Assessment — Yes: The database contains name, street address, and employer data for contributors and employees, in addition to the context of the direct supported candidate. Those linkages meet the NIST PII definition.
链接评估—是:除了直接支持的候选人的上下文之外,数据库还包含供款人和雇员的姓名,街道地址和雇主数据。 这些链接符合NIST PII定义。
Discovery through Compilation — Yes: The database contains a deep historical record of individual support that enables an anonymous user to conduct a trend analysis of a contributor’s actions over time and to determine the salary level and travel history of campaign employees. That potential for discovery meets the criteria for elevated data flow control.
通过编译发现–是:数据库包含个人支持的深厚历史记录,使匿名用户能够对贡献者随时间的行动进行趋势分析,并确定竞选员工的薪水水平和出差历史。 发现的潜力符合提高数据流控制的标准。
Potential for Harm — Yes: The FEC’s allowance for anonymous database access exposes individual supporters to potential embarrassment and retaliation within their personal and professional communities, especially when coupled with a hyper-partisan political landscape.
潜在的危害-是的: FEC允许匿名数据库访问使个人支持者容易遭受其个人和专业社区内部的尴尬和报复,尤其是在党派政治情绪高涨的情况下。
To illustrate the assessment and convey the personal harm that the database could elicit, I outlined simple procedures that anyone can follow in accompanying guides for mapping campaign contributors using Google Maps and processing disbursement data for initiating a phishing attack against campaign employees.
为了说明评估结果并传达数据库可能引起的人身伤害,我概述了简单的过程,任何人都可以在随附的指南中遵循,以使用Google Maps 映射活动参与者的地图并处理支出数据以发起针对活动雇员的网络钓鱼攻击 。
Enabling the independent review of campaign finance records is important, but the context in which the FEC provides personal data combined with how easily data flows on the Internet enhances how disclosure may harm political supporters.
启用对竞选财务记录的独立审核非常重要,但是FEC提供个人数据的背景以及互联网上数据流的轻松程度增强了披露可能损害政治支持者的能力。
FEC个人数据治理在短期内不太可能改变 (FEC personal data governance is unlikely to change in the near term)
Rather than make all of the data available to every anonymous source (including foreign actors intent on undermining our democracy using such data), the FEC should reassess how its data stewardship responsibilities align with legal requirements. The FEC’s compilation of campaign finance laws notes that it requires political campaigns to report the names and addresses of those people who contribute or receive more than $200 in aggregate during a single calendar year. The Internal Revenue Service (IRS) section 527 rule that governs the tax filing rules of political organizations then addresses disclosure, requiring that the reports be “made available to the public” and searchable by contributor or recipient (including employees).
FEC不应将所有数据提供给每个匿名来源(包括意图使用此类数据破坏我们民主的外国行为者),而应重新评估其数据管理职责如何与法律要求保持一致。 FEC的竞选财务法汇编指出,政治竞选活动必须报告在单个日历年内捐款总额或超过200美元的人员的姓名和地址。 国税局(IRS)第527条规定了政治组织的纳税申报规则,然后处理披露问题,要求将报告“ 提供给公众 ”,并由贡献者或接受者(包括雇员)进行搜索。
The legal definition seems sufficiently vague to allow greater data flow control and reduce the potential harm that the database can cause. Rather than make all of the data anonymously available in full, the FEC could constrain the searchable database to reduce contextual linkages and the ability to discover new data relationships through compilation. It could also restrict access to the raw records and an expanded searchable database to known and verifiable independent authorities. These changes in the governance process would add a bit of bureaucracy, but still enable the FEC to meet its legal requirement to allow public access to campaign finance records while preventing weaponization of its database.
法律定义似乎含糊不清,可以进行更好的数据流控制并减少数据库可能造成的潜在危害。 FEC可以限制可搜索数据库以减少上下文链接以及通过编译发现新数据关系的能力,而不是完全匿名提供所有数据。 它还可能将对原始记录和扩展的可搜索数据库的访问限制为已知和可验证的独立机构。 治理过程中的这些变化将增加一些官僚主义,但仍使FEC能够满足其法律要求,即允许公众访问竞选财务记录,同时防止其数据库武器化。
Although those actions would help the FEC defend political supporter privacy, the agency currently lacks sufficient leadership to advance data privacy controls. Since September 2019, the FEC has lacked the quorum of four commissioners it needs to investigate campaign finance violations, issue fines, and rule on alignment with election laws. While the agency continues to operate, its status quo condition likely eliminates any possibility of improving data governance processes. Until the FEC regains the leadership needed enact change, malicious actors will continue to have the access to weaponize campaign finance records and harm political supporters.
尽管这些行动将有助于FEC捍卫政治支持者的隐私,但该机构目前缺乏足够的领导力来推进数据隐私控制。 自2019年9月以来,FEC 缺少法定人数的四名委员,需要调查违反竞选财务,罚款和根据选举法制定规则的情况。 在该机构继续运营的同时,其现状可能消除了改善数据治理流程的任何可能性。 在FEC重新获得所需的领导权之前,恶意行为者将继续拥有武器化竞选财务记录并损害政治支持者的权限。
The FEC is a critical government agency for countering corruption and malicious foreign influencers threatening the US political landscape. Furthermore, its role in supporting independent review of campaign finance records is crucial for maintaining political integrity and encouraging the public engagement needed to promote anti-corruption efforts at the local, state, and national levels. Once the President and Congress reach agreement on new commissioners to overcome current leadership gaps, the FEC must reassess its role as a steward of extremely sensitive personal information and enact data flow controls consistent with those promoted by other agencies. Otherwise, advances in big data, microtargeting in social media, and other advanced technology trends will take increasing advantage of citizen participation at the expense of democratic process integrity.
FEC是打击腐败和威胁美国政治格局的恶意外国影响者的重要政府机构。 此外,其在支持对竞选财务记录进行独立审查方面的作用对于维护政治诚信和鼓励公众参与以促进地方,州和国家各级的反腐败工作至关重要。 一旦总统和国会就新委员达成协议以克服当前的领导差距,FEC必须重新评估其作为极为敏感的个人信息的管理者的作用,并制定与其他机构所倡导的数据流控制一致的控制措施。 否则,大数据的进步,社交媒体中的微目标化以及其他先进技术趋势将以牺牲民主程序完整性为代价,越来越多地利用公民参与的优势。
I define cyber defense strategies and architect solutions that make sense for protecting mission-driven organizations. If you are looking for a partner to help improve your organizations cybersecurity profile, contact me on LinkedIn or Twitter.
我定义了对于保护任务驱动型组织有意义的网络防御策略和架构师解决方案。 如果您正在寻找可以改善组织网络安全性的合作伙伴,请通过 LinkedIn 或 Twitter 与我联系 。
扫一扫
874
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
