Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Potential voter privacy issues in Biden campaign app

voting election
September 15, 2020

New findings by The App Analyst reveal a privacy bug in Democratic presidential candidate Joe Biden's official campaign app. 

According to The App Analyst, the bug allowed anyone to look up sensitive voter information on millions of Americans. The Vote Joe App is designed as an organization tool to help engage with voters. Users can sign up with an email and an address. Once the users complete this registration, they can use many of the app's features, including sending canned Joe Biden support texts and report information about their contacts - a practice called "relational organizing," where users sync their contacts or find a voter in the Vote Joe App voter database and report specific information about that contact or voter. 

The app uploads and matches the user's contacts with voter data from  Target Smart, a political marketing service that claims to have more than 191 million voter records. When a match is found, the app then display the voter's name, age and birthday, including which election they voted in.

"While the Vote Joe App claims they cannot know exactly who a user voted for as that's a secret, they did not clarify what these values represented, leaving the possibility the values could represent who they suspect the user voted for," notes the security researcher. 

The researcher found the contact data enriches the database entry and is stored to help solicit their vote in the future. "An issue occurs when the contact in the phone does not correspond with the voter but the data continue to enrich the voter database entry. By adding fake contacts to the device a user is able to sync these with real voters," he adds. 

The App Analyst alerted the Vote Joe team of the potential privacy concerns. As of September 11, developers addressed the issues. Matt Hill, a spokesperson for the Biden campaign, told TechCrunch: “We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed,” Matt Hill, a spokesperson for the Biden campaign, told TechCrunch. “We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so.” 

Leo Pate, Application Security Consultant at nVisium, a Falls Church, Virginia-based application security provider, says the privacy problem is twofold: 1) from a state data collection standpoint, and 2) from a technology perspective.

Pate explains, "From a state data collection perspective, the issue that most states face is "what data do we collect, who can access it, and what data do we not give out." State election administrators want to run fair and open elections; however, the rules regarding how they do so is largely dictated by the state government. The good news is that there has been a lot of activity regarding state voter information and election security since the 2016 Presidential election. For example, in the vast majority of states, there are stipulations that must be met before any person or organization can acquire voter data and what data will be provided. Just like with any data, voter data can also be fused with other data sources to "paint" a bigger picture about any individual voter. While you may not be able to receive a home address for a voter via a state's voter file, you can take that voter's name and do a lookup via the white pages to find an address. From there, you can determine their potential state and federal officials.

"From a technological perspective, if the "Vote Joe" (VJ) application can access a user's contact list on their device, how is VJ storing that data and what protections are in place to safeguard that data? There are numerous mobile application vulnerabilities that can be manipulated for exploits. The world we live is a mobile one, highly interconnected and a lot of telemetry on ourselves resides on our mobile devices. While voter data collection and the fusion of other data sources are definitely privacy concerns, the tools we chose to use in the election process should also be just as heavily scrutinized," Pate says. 

Brandon Hoffman, Chief Information Security Officer at Netenrich, a San Jose, Calif.-based provider of IT, cloud, and cybersecurity operations and services, says there are several issues to consider.

"Certainly privacy is a huge issue since voter databases and voter information should be secured and not shared. If voter information is that easily accessed and shared, then we are simply making it easier for influencers, internal to the US, or external, to harvest critical insight and targeting data," Hoffman notes. "The privacy around an individual’s voting record and information about the person themselves needs to be protected. It is hard to understand how this information is mandated protected across various industries, but when it comes to voting, this information is freely available.

"There is a clear mismatch or mishandling of citizen data across industry in the US. If the Vote Joe App is the gateway to the Target Smart data, then ultimately, the privacy violations fall on the Biden Campaign to resolve. Beyond the privacy issues, and potentially more concerning, is the ability to use the Vote Joe App to do relational organizing," Pate says. "This is exactly the grounds roots organizational capabilities needed by disinformation campaigns. An influencer could easily just sync their phone loaded with a list of pre-planted fake social media “contacts” and “profiles” what will be used to further their information campaign.” 

 

KEYWORDS: cyber security data security election security privacy concerns voting

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • election

    Biden campaign hires cybersecurity experts to defend against potential threats

    See More
  • ransomware cyber

    President Biden issues sanctions against Russia for cyberattacks, election interference

    See More
  • some working beside open window

    Biden Administration addresses potential commercial spyware risks

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing