First question - why did the Bee have these records?
Second question - what is this spokesperson smoking?
"The spokesperson added: “We know that in databases apparently targeted, no personally identifiable information, as defined by the State of California, was involved.”"
According to California Civil Code4 §1798.80 81 "Personal information" means any information that identifies, relates to, describes or is capable of being associated with a particular individual, including, but not limited to:
● name
● telephone number
● address
● signature
● passport number
● medical information
● social security number
● insurance policy number
● bank account number
● physical characteristics or description
● driver's license or state identification card number
● credit card number, debit card number, or any other financial information
● employment or employment history
● education
● health insurance information
So exactly what information was leaked?
"It contains the voter’s name, phone number, address, gender, date of birth, political affiliation, among other election-related details."
The laws (and data) vary by state, but it’s worth noting that voter registration data has precedent as public record. There are some states in which all of the records can be downloaded as a zip file from the state gov website.
As to why it’s considered a public record — I imagine it’s a question about transparency. Hard for non-government entities to independently investigate election fraud if voter rolls are completely hidden.
> Under state law, access to voter data is restricted; however, journalists, political campaigns, and academic researchers can acquire the data for certain purposes.
I guess the question is, what are the "certain purposes"?
I used to work at the Bee but it was long enough ago that I don't recognize the person quoted as the Bee's president/publisher, and long ago enough that I don't remember specific experiences using it (that is, I can't remember if I ever used it), nor do I know how it's used in the present-day. But I'm guessing the purpose is similar to how I've seen it used at other news orgs: as a lookup tool for contact info (e.g. calling for an interview). This is what the Bee says:
> The Bee had obtained the voter registration database from the state for reporting purposes, and it’s not the first time this information has been exposed on the public internet. The state has provided the same database to other organizations, and some of them have also been subject to attack – including a 2017 incident in which a hacker made a similarly worded demand for a Bitcoin ransom.
Campaigns of course use it to know which people to call up during voter drives. In other states, the databases are downloadable from the Secretary of States' websites.
"Shall be provided with respect to any voter, subject to the provisions of Sections 2166, 2166.5, 2166.7, and 2188, to any candidate for federal, state, or local office, to any committee for or against any initiative or referendum measure for which legal publication is made, and to any person for election, scholarly, journalistic, or political purposes, or for governmental purposes, as determined by the Secretary of State."
Looks like ultimately it's whatever the Secretary of State allows.
The difference is that counties charge everybody but party central committees for voter data or extracts. (Or such was the case when I did voter data wrangling 15 years ago).
Agreed on both points. The fact that the Director of PR could just tell a bold faced lie about the PII shows how serious the Bee and the parent company take this.
Unless the Bee has a backline to a shady person at the Secretary of State's office, their dataset would not contain votes. I believe what they have is the voter registration database. It varies by state, but at most, this would have whether or not you voted for a given election/primary. This is how stories about various persons' electoral participation are researched:
Second question - what is this spokesperson smoking?
"The spokesperson added: “We know that in databases apparently targeted, no personally identifiable information, as defined by the State of California, was involved.”"
According to California Civil Code4 §1798.80 81 "Personal information" means any information that identifies, relates to, describes or is capable of being associated with a particular individual, including, but not limited to:
● name
● telephone number
● address
● signature
● passport number
● medical information
● social security number
● insurance policy number
● bank account number
● physical characteristics or description
● driver's license or state identification card number
● credit card number, debit card number, or any other financial information
● employment or employment history
● education
● health insurance information
So exactly what information was leaked?
"It contains the voter’s name, phone number, address, gender, date of birth, political affiliation, among other election-related details."
If that's not PII, I'm a butterfly.