Das tut mir leid! Germany's ruling party sorry for calling cops on researcher after she outed canvassing app flaws

Thursday 5th August 2021 11:17 GMT b0llchit

Classical attack

This is the classical go after the messenger, not the message attack. It sends a very strong signal to show who is "in charge" and what "may happen" when you try to challenge the status quo.

It does not matter that they now apologize or backpedal. They have already sent the signal and it is ear deafening. The political affiliation or wing or side does not matter. This type of behavior is found on all sides and is typical of a bully wanting (to stay in) power. The way to fight a bully is to expose the bully with unified front.

48 0 Reply
1. Thursday 5th August 2021 12:56 GMT JohnG
  
  Re: Classical attack
  
  Also, those responsible for the app have almost certainly breached German data protection laws. Ms Wittmann had also informed the relevant data protection office of the issue, prior to her publication. The police should have gone after those who released and operated an app which failed to protect people's information (despite claiming the opposite) - but they went after the person who reported the actual crime instead.
  
  Ms Wittmann put her own report here (in German) AFTER the app was shut down: https://lilithwittmann.medium.com/wenn-die-csu-und-die-volkspartei-digitalen-wahlkampf-machen-6d9e245efefc
  
  21 0 Reply
  1. Thursday 5th August 2021 14:42 GMT Charlie Clark
    
    Re: Classical attack
    
    Yep, almost certainly a breach of GDPR and so a fine will be in the post to Konrad Adenauer Haus.
    
    What the fuckwits probably don't realise is that this whistle has probably saved them from a much bigger one, when some of that data is either leaked or purloined.
    
    13 0 Reply
2. Thursday 5th August 2021 15:18 GMT Irongut
  
  Re: Classical attack
  
  > They have already sent the signal and it is ear deafening.
  
  Well you would be surprised if it was eye deafening, nose deafening or perhaps finger deafening.
  
  5 3 Reply
  1. Friday 6th August 2021 09:09 GMT Clunking Fist
    
    Re: Classical attack
    
    Well, my legs are grey, my ears are gnarled, my eyes are old and bent.
    
    2 0 Reply
  2. Friday 6th August 2021 10:01 GMT Anonymous Coward
    
    Re: Classical attack
    
    @irongut: "Well you would be surprised if it was eye deafening, nose deafening or perhaps finger deafening."
    
    I suspect that the post you are referring to was written by someone whose first language is not English, probably a German person, given the context of the article, and who may have translated a perfectly normal idiomatic phrase from their own language into English, and was simply unaware that it doesn't quite "fit right" in English.
    
    It's always better just to be thankful for someone's efforts to speak or write another language, rather than draw attention to minor errors (unless they have actually asked for constructive criticism, to help them improve their fluency).
    
    8 1 Reply
3. Thursday 5th August 2021 17:49 GMT DS999
  
  Re: Classical attack
  
  Classic authoritarian attack. Demonstrates power, with the goal of making people afraid to call out abuses of that power.
  
  Unfortunately it looks like authoritarianism is infecting politics all over the west, mostly the (but certainly not limited to) more conservative parties (yeah I know what Germany considers "center right" is Bernie territory in the US)
  
  5 0 Reply
  1. Saturday 7th August 2021 14:16 GMT Geez Money
    
    Re: Classical attack
    
    The "sorry for the thing we didn't do" follow up is also an authoritarian classic.
    
    2 0 Reply
Thursday 5th August 2021 11:20 GMT Anonymous Coward

Ah yes the old: You've pointed out someone's mistake, and that someone responses with anger/finger pointing/lawsuits in your direction, rather than checking if they made a mistake and correcting it.

The engineers mindset: When someone tells you you've got it wrong, initially believe them, go and check, have another someone verify it, fix if necessary (optionally) demonstrate to the initial someone you were right with the evidence to back up your claims (with politeness).

25 0 Reply
1. Thursday 5th August 2021 11:56 GMT Blofeld's Cat
  
  "... engineers mindset ..."
  
  Very similar to the scientific method.
  
  In the early days of exoplanet research there was a press conference at which a research team announced that they had calculated the "year" of an exoplanet at 365.25 days.
  
  There was a pause, after which the team leader said something along the lines of:
  
  This is either a staggering coincidence, or we have got something wrong. We have checked our data many times and cannot find an error. Our research is all published on line and we would be most grateful if somebody could please point out where we messed up.
  
  27 0 Reply
  1. Thursday 5th August 2021 14:04 GMT A Nother Handle
    
    coincidence or cock-up
    
    So which was it? Or are they waiting for the JWST to give a second opinion?
    
    1 0 Reply
    1. Thursday 5th August 2021 14:25 GMT Yet Another Anonymous coward
      
      Re: coincidence or cock-up
      
      IIRC routine that calibrated out the Earth's motion didn't use enough significant figures.
      
      Telescope was on Earth and was measuring very small shift in the position of another star, so had to take out the measurement point moving much more than the shift you are looking for.
      
      4 0 Reply
  2. Thursday 5th August 2021 14:42 GMT Richard Boyce
    
    The mice have commissioned a reserve planet, just in case the Vogons get a bit careless.
    
    12 0 Reply
  3. Friday 6th August 2021 01:13 GMT eldakka
    
    Poor science
    
    ... there was a press conference at which a research team announced that they had calculated the "year" of an exoplanet at 365.25 days.
    
    ... Our research is all published on line and we would be most grateful if somebody could please point out where we messed up.
    
    This science by press-release, it is piss-poor research process, it is not how science is done. They've done a BICEP2, made a press release before having a peer-reviewed paper prepared.
    
    For reference, BICEP2 announced to the world in a press-release (not via publishing a peer-reviewed paper) they had discovered gravitational waves in 2014, a few months later they had to retract that statement as it was shown to be more likely to be caused by space dust.
    
    3 0 Reply
Thursday 5th August 2021 11:25 GMT Santa from Exeter

Not exactly a standard vuln report then

She used it as a means to get a political dig in, not the actions of an ehtical hacker. IMHO she got confused and let the 'political activist' take over.

Political Leanings have bugger all to do with Infosec and should be kept separate.

6 29 Reply
1. Friday 6th August 2021 11:12 GMT Cederic
  
  Re: Not exactly a standard vuln report then
  
  You've been heavily voted down so I thought I'd post agreement with you.
  
  By all means provide the party with feedback on their political stance and why you feel it's wrong. Feel free to offer suggestions on policies that you think they should adopt, particularly if you think it's aligned to the political views of their supporters.
  
  But do that separately to providing a security vulnerability report. It's a different audience, for a different purpose.
  
  1 1 Reply
Thursday 5th August 2021 11:33 GMT elsergiovolador

How did this happen?

After so much evil, it seems like majority of population got amnesia and think Germany is the most virtuous country in Europe now.

Do you think Stasi and their methods disappeared overnight?

Do you think they are no longer plotting with Russia?

They are only half asleep, because in the end they got what they wanted - they rule the Europe, and Slavic people work for their factories on near poverty wages.

Make no mistake, as soon as the crisis crosses the tipping point, all bets are off with them.

5 39 Reply
1. Thursday 5th August 2021 12:20 GMT GrumpenKraut
  
  Re: How did this happen?
  
  Yeah. Right.
  
  14 2 Reply
2. Thursday 5th August 2021 13:17 GMT Dan 55
  
  Re: How did this happen?
  
  In your head, in your head, they're still fighting...
  
  21 2 Reply
3. Thursday 5th August 2021 14:29 GMT Yet Another Anonymous coward
  
  Re: How did this happen?
  
  Obviously what they should do is quit Europe so that they can then make up their own data protection laws and the ruling party can simply declare this legal because sovereignty.
  
  As a side effect they would then automatically rule the world.
  
  9 0 Reply
  1. Friday 6th August 2021 10:08 GMT Anonymous Coward
    
    Re: How did this happen?
    
    @Yet Another Anonymous coward "quit Europe so that…"
    
    Johnson, I think you've blown your cover! :-P
    
    2 0 Reply
4. Thursday 5th August 2021 15:20 GMT Irongut
  
  Re: How did this happen?
  
  Take your 1940s attitudes back to the last millenium where they should have stayed.
  
  5 2 Reply
5. Saturday 7th August 2021 16:10 GMT cosmodrome
  
  Re: How did this happen?
  
  Ach goddamit! Ze schöne plan has leaked.
  
  2 0 Reply
Thursday 5th August 2021 11:59 GMT Anonymous Coward

Of course the data collected by Connect isn't anonymous - it would be pointless if it was. The entire point of collecting canvass data is to find out who will or is likely to vote for you - as in the individual people. It's pointless having data that says "156 people in Division 22 say they will vote for you" without knowing *who* those 156 people are. You need to know who your pledges are so you can remind them that they are your pledges, and follow them up to confirm they have acted on their pledges. And, importantly, who supports other candidates so you can do everything to avoid reminding them there's an election. This is basic "elementary school" level election campagning, see Bob Heinlein's account of the 1934 election.

Anon, I use the UK version of Connect and have worked with people who have used the US and the Canadian version of Connect.

14 3 Reply
1. Thursday 5th August 2021 12:19 GMT lglethal
  
  And that would be fine if they had openly declared that was what they were doing, rather than claiming that they didnt collect any personally identifiable data.
  
  Although even if they had declared that it would have been behove of them to actually secure said data so that a man-in-the-middle attack couldnt actually sniff out the data so easily.
  
  So first they lied about what the app did, and what data they collected. Then they failed to secure said data. Then they went after the person who pointed out those things. All round fails...
  
  31 0 Reply
  1. Thursday 5th August 2021 14:42 GMT Charlie Clark
    
    No, it still wouldn't be legal without informed consent: including a signature in this case.
    
    5 0 Reply
  2. Thursday 5th August 2021 17:55 GMT Anonymous Coward
    
    re. All round fails...
    
    but not surprising, is it?
    
    2 0 Reply
2. Thursday 5th August 2021 12:47 GMT Version 1.0
  
  Maybe the next move would be to create fake accounts and feed the app fakes. These days we're stealing peoples data, selling the data, and faking the data to make money from whoever wants to think that they are in control - politics is simply a financial world.
  
  2 1 Reply
  1. Thursday 5th August 2021 16:04 GMT Yet Another Anonymous coward
    
    That could be fun.
    
    Tory candidate: According to our app all the residents of this council block in Skelmersdale would welcome visits from our people.
    
    6 0 Reply
Thursday 5th August 2021 12:56 GMT Doctor Syntax

"Some things never change in infosec."

And not just in infosec. Paging Ms Streisand.

11 0 Reply
Thursday 5th August 2021 15:57 GMT Lil Endian

Merkel is Petruchio?!

I say it is the moon that shines so bright.

Claiming to apologise without admitting fault is a logical fallacy.

Cambridge: apology (noun) - an act of saying that you are sorry for something wrong you have done

By definition an apology can only be proffered with an admission of culpability. Claiming otherwise is patronising and narcissistic: we're bigger than you, what we say is right and you don't have a leg to stand on.

Yes, in the States there's the "I'm Sorry" law, but that proves nothing as a law is its own definition and laws are, well, a law unto themselves. And laws can be "wrong".

Apologising for something you've not done is akin to attempting to take out insurance for something in which you have no vested interest, you just can't.

0 1 Reply
Thursday 5th August 2021 16:50 GMT Mike 137

Tactics?

"... announced it would stop reporting any weaknesses in the centre-right wing Christian Democratic Union's (CDU) web-facing infrastructure to the party after it procured a criminal prosecution ..."

A more effective tractic would be to step up investigation and reporting to a maximum to force them to back down in princuple.

1 0 Reply
1. Saturday 7th August 2021 19:01 GMT A.P. Veening
  
  Re: Tactics?
  
  A more effective tractic would be to step up investigation and reporting to a maximum to force them to back down in princuple.
  
  Partly correct, but the reporting should be done to the GDPR authority, making this kind of idiocy extremely costly to the CDU.
  
  1 0 Reply