A Web of political temptation
09/26/2006
Campaigns tread ethical, legal minefields in emerging online world
BY JULIO OJEDA-ZAPATA and RACHEL E. STASSEN-BERGER
Pioneer Press
Ah, temptation: You’re a political campaign worker who is offered juicy inside info on your boss’s archrival. Do you take it?
In the past, the goods might have come in a dog-eared envelope courtesy of a shifty-eyed gent in a trench coat. But in the Internet age, you’d be just as likely to get an e-mail: “Hey, I found something secret on your rival’s Web site! Here’s how to get at it. Go look.”
Something like this happened this week in the U.S. Senate race between Democrat Amy Klobuchar, Hennepin County’s chief prosecutor, and Republican U.S. Rep. Mark Kennedy.
Over the weekend, a blogger offered a Klobuchar campaign operative a link to unreleased Kennedy campaign ads. The blogger got access to the material through a Kennedy consultant’s password-protected Web site — and the Klobuchar staffer lost her job.
The incident raises legal, ethical and political questions in the still-new online world, where security isn’t always what it should be. For Klobuchar, the questions will be, how far did the information get, and how big will the political impact be?
WEB SECURITY
On Monday, Tara McGuinness, Klobuchar’s communications director, resigned after admitting she watched the Kennedy spot on the Internet after DFL blogger Noah Kunin sent her a link to it.
Kunin claims to have gained access to the file by guessing the password needed for access, which could mean he committed a crime.
The Klobuchar campaign turned the matter over to the FBI on Wednesday. The FBI is reviewing it to see if any federal laws were violated.
While it’s unclear how much legal trouble McGuinness is in, experts tend to agree she made a big boo-boo.
“Don’t touch the stuff,” said Twin Cities Internet security expert Bruce Schneier. “It’s radioactive.”
In an era when information is readily accessible via a vast global network of servers — which get their name because they “serve up” data on demand — shielding private data on them becomes a paramount concern.
Political campaigns, which handle sensitive information on voters along with details on their own super-secret activities and strategies, have a particular need for such security. Yet, how well campaigns pull off this key chore is a matter of debate.
Jason Baker of Minneapolis-based Vector Internet Services lumps political operations with small to medium-sized businesses, which often are less conscientious than bigger companies about shielding electronic information.
Political campaigns often are “outsourcing the work,” said Baker, the Internet service provider’s chief technical officer. “They don’t have in-house technology staffers or just consultants. They are generally a grass-roots effort trying to pull together a lot of information quickly. They don’t have the same controls and methods as a Fortune 500 health provider.”
Minnesota-based political consultant Christa Heibel, though, said, “I give campaigns a good grade on that.”
But outsiders sometimes get unauthorized access to political-campaign information — much as hackers have routinely gained access to corporate and personal information.
This was the case in California, when Democratic foes of Gov. Arnold Schwarzenegger recently gained access to a digital-audio file containing controversial comments the politician made. Whether they nabbed that file on a private or publicly available site was a matter of debate at the time.
This was also the case in the local Senate race, when McGuinness looked at something she clearly wasn’t supposed to look at, experts agree.
But the severity of such transgressions depends on how political operatives come by such information. If they’re directed to publicly available Web sites, Heibel said, their sin is relatively minor.
If they’re pointed to clearly private sites and supplied with usernames and passwords to log in, they’re committing graver political offenses. This is reportedly what happened in McGuinness’ case.
Directly attempting to circumvent a site’s security for access to its contents is, obviously, the biggest no-no of all, said Schneier, of Counterpane Internet Security.
“That’s illegal, just as if you went to a front door, tried a bunch of keys and got in,” he said.
Klobuchar’s political opponents Thursday suggested the whole matter was radioactive.
Republican Chairman Ron Carey displayed outrage over the incident and said it showed Klobuchar flunking a statewide leadership test.
It is not yet clear who else in the Klobuchar campaign or other Democratic circles viewed the ad — something Carey and Kennedy campaign officials very much want to know.
It is even less clear who, besides McGuinness and Kunin, viewed it knowing it was password-protected.
Using passwords is one of a number of security measures — and among the weakest — site managers can implement to protect private data, according to security experts.
It was McGuinness who had the poor judgment to accept the information from the blogger, asked others to look at it and had complete knowledge about the password protection, said Ben Goldfarb, Klobuchar’s campaign manager.
“She was the person whose job it was to exercise better judgment,” said Goldfarb, who didn’t want to say too much because of the pending investigation.
FBI’S INVOLVED
But Kennedy campaign manager Pat Shortridge, who talked to an FBI agent Thursday, suggested Goldfarb could talk more about the issue.
“Following my conversation with the FBI agent, it was made clear to us that Amy Klobuchar’s campaign could, without interfering with the investigation, answer many of the serious questions we asked yesterday, such as why did they wait five days to notify us,” Shortridge said in a statement.
An FBI agent Thursday visited Kennedy’s campaign headquarters in St. Paul and contacted the office of Kennedy’s media consultant. Calls to the consultant’s office were not returned.
Kennedy’s campaign changed the front page of its Web site since learning of the ad’s release.
On Thursday, it led with a mostly blank front page, except for a message that says the campaign is “taking precautionary measures to protect our campaign information … The full features of our Web site will be restored once this matter has been resolved.”
None of the links on the site seemed to be working, but browsers were able to make secure financial contributions to his Senate campaign.
Jennifer Duffy, editor at the nonpartisan Cook Political Report, said chatter about the blogger’s and Klobuchar staffer’s misdeeds might not be around very long.
“I think everybody did the right thing, so I don’t really expect it to go on long. The Kennedy people would like some answers that they are probably owed,” Duffy said.
Kennedy’s campaign staffers were right to be upset, she said: “It’s a serious breach of privacy — his and the media consultant’s.”
She said many campaign consultants would likely recheck their sites’ security because of what happened in Minnesota.