back to article Canvassing apps used by UK political parties riddled with privacy, security issues

The Open Rights Group (ORG) has raised concerns about a number of security issues it found in all three of the canvassing apps developed on behalf of the UK's three major political parties. Labour, the Conservatives, and the Liberal Democrats all offer different digital tools that aim to ease the burden of data entry for door- …

  1. Mentat74
    Big Brother

    The headline does not need that many words...

    "apps riddled with privacy, security issues" is more than enough...

    1. This post has been deleted by its author

  2. J.G.Harston Silver badge

    I don't like MiniVan, as you're juggling messing about with a tablet or phone while you're supposed to be actually talking to people and collecting data. Much prefer a proper clipboard with proper sheets of paper that I can then take home and properly enter on a proper computer.

  3. Lazlo Woodbine Silver badge

    I resigned from Momentum after they emailed all constituency data managers, reminding them of the importance of data security.

    The email had all our personal email addresses in the CC field.

    Despite repeated requests for them to remove me from their mailing lists, I was still getting emails with other members details for over a year afterwards.

    I reported them to the ICO twice, I'm not sure if anything happened, as I eventually blocked their emails

  4. Anonymous Coward
    Anonymous Coward

    Is your Electoral roll data safe?

    After receiving a letter helping me decide on my postal vote, I complained to the Lib Dems and was informed they can do what they want with electoral roll data.

    I asked if I could post his reply on the local community page, and was informed I could not.

    I also asked to be forgotten under GDPR rules, still waiting for this reply.

    Another rules for you on GDPR, but they can roll U over. What a Twit (misspelt)

    1. heyrick Silver badge

      Re: Is your Electoral roll data safe?

      "and was informed I could not"

      Why not? If you were given a response to a legitimate non-personal question, they shouldn't mind if you publicise it as it'll be what they say to everybody who asks that.

      This reaction suggests to me that you were given a brush off, the person is well aware of this, and doesn't want the hassle of being caught out.

      The thing is, unless there is an aforementioned (and agreed by you) accord [*], there isn't any expectation of confidentiality, especially given as they are public servants and the question was in context of their public function.

      If I was in your position, I would start by publishing it, because they're probably saying the same shit to everybody else and ignoring the law.

      IANAL, etc.

      * - Some crap at the bottom of an email doesn't count, it was never "agreed" to by you.

    2. Scotech

      Re: Is your Electoral roll data safe?

      No idea about the rest of the exchange, but regarding the use of voter contact details from the unedited register, they are permitted to access this and use it for the purposes of official party-political campaign messaging, yes. It's either that, or we have an unequal system where whichever party is in government today effectively has all those details available by proxy, and all other parties are left to throw around as much money as they can gather, hoovering up whatever data they can from data-brokers, shady or otherwise. Personally, I'd rather our political parties were competing on as level a playing field as possible, and were given as few incentives as possible to cosy up with people who profit from selling my data. Getting the odd bit of junk mail that goes straight into the shredder on arrival is a small price to pay in my opinion, though I do make the effort to reach out whenever possible and advise them that it'd be better for their campaign budget and for the planet if they crossed me off their mailing list. Funnily enough, most parties have been fairly amenable to that - with the noticeable exception of the Scottish Greens...

      1. Doctor Syntax Silver badge

        Re: Is your Electoral roll data safe?

        A few elections ago our local Greens produced a big wodge of newsprint, unlike the other parties who simply printed small fliers. Their delivery of this wodge fell somewhat short. Instead of finding its way into my letter box it was dropped on the path as a piece of litter. But then the Greens have been wilfully ignorant of real green matters for uears.

        1. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Re: Is your Electoral roll data safe?

      Just publish the request and the reply on Social Media and then a link to it here.

    4. Doctor Syntax Silver badge

      Re: Is your Electoral roll data safe?

      "I asked if I could post his reply on the local community page, and was informed I could not."

      You post his refusal to allow you to publish the original. That then has your readers wondering what it is that he's hiding.

    5. ReggieRegReg

      Re: Is your Electoral roll data safe?

      It was Liberal Democrat policy to overturn Brexit (whatever you may feel about it) proving once again any party with “Democrat” or “Democratic” in their title are neither. During their horse-trading with the Conservatives in 2010 they got a referendum on AV in exchange for boundary realignments to rebalance the voting-power of a single vote (based on actual population data – ie democracy) – the Limps went on to break their deal and vote against the boundary changes. The Liberal Democrats are neither liberal (wanted v.mandates and harsher lockdowns) nor democratic (wanted to reverse the will of the people).

      1. J.G.Harston Silver badge

        Re: Is your Electoral roll data safe?

        It is mindlessly stupid to agree anything "in return for a boundary review", as boundary reviews happen *ANYWAY* as the population changes and moves around. And, the 2010 general election was on brand-new boundaries from just such a regular review.

      2. heyrick Silver badge
        Megaphone

        Re: Is your Electoral roll data safe?

        "wanted to reverse the will of the people"

        Keep on repeating that if it makes you feel better, but do remember that quite a number of people who were directly affected (ie live and work in the EU) were unable to vote and effectively told "shut up, this doesn't concern you", and remember also that parts of the United Kingdom actually voted in favour of the EU but larger numbers of people in other parts carried the vote. I do recall the English using the threat that if Scotland separated from the UK, they would lose their EU place and really "better together". Fast forward a few years and those same English tore away Scotland's EU place regardless of the democratic will of the Scottish people.

        As for the Lib Dems opposing Brexit, maybe some day in the long distant future they'll eventually be exonerated, but for the time being far too many people are still behind the cult of Brexit, flag shagging nationalism (ie Farage), and in denial of the damage that it is causing for anybody to talk about any practical solutions that may try to undo some of that damage (such as a customs union).

        Practically, the UK cannot rejoin the EU primarily because this hubristic concept presupposes that the EU would even want the UK back - sorry, but the last government did damn near everything in their power to ensure that there would be no red carpet welcome. The UK can, however, stop repeatedly shooting itself in the feet while triumphing minor trade deals as massive Brexit benefits, because a little blip doesn't make up for a huge loss. Your trade is down, your opportunities are down, and pretty soon you may find yourself floundering in a tug of war between the US and everybody else, and if you're really stupid enough to believe that the "special relationship" would benefit the UK in any way then that right there is reckless levels of delusion.

  5. Scotech

    So basically, it sounds like only Share2Win had any actual security issues found. The fact that Firebase is often misconfigured doesn't automatically mean that the MiniVan app is insecure. As for the Labour apps, it's been pretty well publicised that they use Experian Mosaic to map postcodes to socioeconomic groupings as a means to target their campaign messaging, so it's no surprise their apps make calls to Experian URLs. So long as no personal information is changing hands, it's not even subject to GDPR.

    Static analysis... Sounds to me like someone went on a fishing expedition, hoping to make a big headline here, and instead found basically nothing beyond the one app that was already known to be problematic. There's definitely a debate to be had around how these databases are built, managed and regulated in order to keep them secure and compliant, but I don't think this study added anything of value to it beyond pointing out that only expert regulatory scrutiny of the whole end-to-end ecosystem these apps operate in will be sufficient to assess their performance in those areas. It's worth remembering that these party databases are already subject to additional oversight when compared to business and public-sector, as parties must comply with the conditions laid out by the Electoral Commission in order to work with data from the Unedited Register. If they screw up, they risk not only some very embarrassing headlines, but stiff financial penalties too, and in the worst cases, they could put election results in jeopardy or even end up being barred from standing candidates, so they're even more incentivised to handle things responsibly than most other orgs out there.

  6. Tron Silver badge

    Quote: This will further undermine public trust.

    I'm not sure that's possible. I think it has already hit rock bottom

    1. Spamfast

      Re: Quote: This will further undermine public trust.

      I upvoted you because I agreed.

      I think it has already hit rock bottom.

      But the events of the past few years have shown me that the current geological formation has an infinite depth.

  7. Emir Al Weeq

    Flogging a dead horse

    I hate it, but if the article said: all parties' apps had slurped and spaffed constituents' data then left it on an unlocked laptop on a bus, your average Joe would say, "So what? I've got nothing to hide", etc, etc.

    It didn't sound like thorough research to me; however, well done for trying, but don't expect the great unwashed to care.

    1. Spamfast
      Coat

      Re: Flogging a dead horse

      Dear Marjorie Proops, I can only achieve gratification via sadomasochistic, necrophiliac zoophillia. Is this okay or am I just flogging a dead horse?

      (see the icon)

  8. ReggieRegReg

    **STOPPRESS**

    Who knew it? It turns out career Politicians and the talent-less hangeroners who surround them know xxxx-all about real world stuff! I mean, next you'll be telling me we made a helpdesk complaints wallah Chancellor of the Exchequer! - No, I retract that - excuse my shock-jock excess, nobody would be THAT stupid! Would they?...

  9. Wang Cores

    "...the common and continual mischiefs of the spirit of party are sufficient to make it the interest and duty of a wise people to discourage and restrain it.

    It serves always to distract the public councils and enfeeble the public administration. It agitates the community with ill-founded jealousies and false alarms, kindles the animosity of one part against another, foments occasionally riot and insurrection. It opens the door to foreign influence and corruption, which finds a facilitated access to the government itself through the channels of party passions. Thus the policy and the will of one country are subjected to the policy and will of another."

    - Anonymous colonial administrator's farewell address.

    1. Deiwos

      This would, if the link is correct, appear to be “Washington's Farewell Address - 1796”

      https://avalon.law.yale.edu/18th_century/washing.asp

      Yet, we learn nothing from history.

  10. teebie

    "they claimed the versions examined by the researchers were old and no longer available. Therefore, any negative findings were moot."

    It's fine, we were leaking data in the past. There is no way that could possibly affect the present.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like