Spyware Confidential

Larry Dignan, Jason Perlow, Tom Steinert-Threlkeld
Home / News & Blogs / Spyware Confidential

GOP does rootkit? No, but...

By | March 1, 2006, 6:12pm PST

Summary: This came in my Google news alerts today. Media Girl blogged that the Minnesota Republican Party is distributing CDs asking voters about their views on gay marriage but that CD is collecting data from members and transmitting it back to the Minnesota GOP. I don’t know where Media Girl is getting rootkit on this, but [...]

This came in my Google news alerts today. Media Girl blogged that the Minnesota Republican Party is distributing CDs asking voters about their views on gay marriage but that CD is collecting data from members and transmitting it back to the Minnesota GOP. I don’t know where Media Girl is getting rootkit on this, but Minnesota Public Radio has more details.

On Monday, the Minnesota Republican Party announced that it will send out CD videos on Friday to inform voters about the importance of a constitutional amendment to ban gay marriage. It turns out the CD is also being used to add to the GOP voter database. Officials with the Republican Party say certain voter data is being collected by the party. Internet privacy experts say they’re concerned that the party isn’t telling the viewer that it’s collecting the data and worry where the information will end up.

Mark Drake, with the Minnesota Republican Party, says information provided through the CD will be sent to a server and will be used by the parties.

Initially Drake said people who were going to receive the CD should assume the data is being collected because the video is sent by the GOP, is interactive and that the viewer has to provide their personal information. He says the CD packets will now specify that the Republican Party is collecting certain information.

Drake thinks it’s no different than the old method of filling out a survey on paper and mailing it back. Privacy advocates take issue with his view and Lillie Coney of EPIC says the GOP should clearly disclose the collection of voter data. Coney also voiced concerns about the data being accessible to third parties.

Christa Heibel, the CEO International Falls based CH Consulting, the company that produced the video, says specific firewalls have been added to ensure that the voter information is protected. That was only after Minnesota Public Radio was able to access some of the data that was collected during testing. Heibel also says "the public should know through the CD’s packaging and by other means that voters will be sharing information with the Republican Party."

I think Media Girl was off base using the word rootkit here, but the collection of data via the video sounds very dicey to me. Saying "the public should know" does not cut it.  There should be very clear disclosure of the data collection - exactly what is being collected, how the data will be used, if it will be share with 3rd parties, and if so, with what entities and how.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Spyware Confidential”

Topics

Biography

Suzi Turner is webmaster and owner of SpywareWarrior.com, a comprehensive site that includes a spyware help forum, spyware blog and reviews of anti-spyware software by noted spyware expert Eric L. Howes. Suzi became angry about spyware in 2002 after being infected by a drive-by-download of a browser hijacker and unwanted adware/spyware and decided to help others in the same predicament. In April 2005, Microsoft awarded Suzi its MVP (Most Valued Professional) Award in recognition of her work to help internet users protect their privacy by removing and preventing spyware. Suzi is also a nurse for a national disability management company.

Talkback Most Recent of 8 Talkback(s)

  • Rootkit? Definitely malware.
    By the sounds of it, this gop-warez is sending personal info back to the mothership. A definite case of spyware, especialy since no warnnings of its intentions was given with the package.

    This smacks of Duh'bya's "domestic spying" crap. Don't be supprised to hear of people who dissagree with the gops finding their personal information in the NSA databanks.
    ZDNet Gravatar
    Mr. Roboto
    2nd Mar 2006
  • Roboto why are you against friendly rootkits
    Me, I like the idea that the Repuboican party can sell the country and give my rootkit while listening in on my phone conversations. Violationg constitutional rights is the duty of the Commander and Chief. DIdn't you know that?

    The server collecting the data is located in China; it was a low-cost outsource job. And, there is no SAS70 nor SOX 404 in China.

    Remember Roboto: "It's good to be King."
    ZDNet Gravatar
    BXLE
    8th Mar 2006
  • It all boils down to disclosure
    As far as I'm concerned, you can distribute anything you want so long as you fully disclose what you're going to do. If someone wanted to send me a CD and it asks if it can delete the "My Documents" folder permanently and default to "no" but gives me the option to say "yes", that's perfectly fine by me.

    If the Republicans distributed this CD and it secretly gathered information, I would have a huge problem with that. So long as they fully and truthfully warn the user what they're doing, it's all legitimate.
    ZDNet Gravatar
    george_ou
    2nd Mar 2006
  • that's the problem
    According to the articles, there was not sufficient disclosure. "Initially Drake said people who were going to receive the CD should assume the data is being collected"

    Users shouldn't have to assume -- they should be told and given a choice.
    ZDNet Gravatar
    Suzi_z
    3rd Mar 2006
  • Not if it's obvious
    If a CD launches a form and asks the user to fill it out, it's rather clear and transparent where the data goes? It would be like a party worker that went door to door and asked you questions and you voluntarily answered. You can't complain if that volunteer delivered your answers to their party HQ even if they didn't tell you where the data is going. You have the option of not answering the questions.

    Now if the CD silently installed a backdoor and collected the information on its own, of course that would be a problem. In this case, it would be like the campaign worker sneaking in through the window and secretly collected information.

    We want to be very careful when we start using words like backdoor or rootkit. That in itself makes the source very suspect.
    ZDNet Gravatar
    george_ou
    4th Mar 2006
  • Re: Not if it's obvious
    If a CD launches a form and asks the user to fill it out, it's rather clear and transparent where the data goes?

    It's not obvious at all where the data go unless you are specifically told where they're going. Perhaps you can safely assume that if the disk comes from the Minnesota Republican Party, then they are at least going there. But it's certainly not obvious with whom the MRP may be shareing or selling the data.

    As someone in the public radio article said about the CD-ROM, "in order to make sure that their privacy is protected, the best solution is to throw it in the trash can."


    It would be like a party worker that went door to door and asked you questions and you voluntarily answered. You can't complain if that volunteer delivered your answers to their party HQ even if they didn't tell you where the data is going.

    Actually, absent full disclosure, you can't complain if the volunteer delivered your answers to your bank, Arian Nation, your insurance company, JDL, your homeowners association, the KKK , your employer, your church or anywhere else.


    We want to be very careful when we start using words like backdoor or rootkit.

    I agree, but we also want to be very careful to protect those of us, myself included, who don't know that when a disk is labeled "interactive," or contains a form, that means are feeding personal data to a server somewhere when we interact with it.


    happy
    ZDNet Gravatar
    none none
    4th Mar 2006
  • Re: It all boils down to disclosure
    So long as they fully and truthfully warn the user what they're doing, it's all legitimate.


    According to the CEO of the consulting company that produced the CD-ROM:

    "The packaging specifically uses the word 'interactive', the presentation after each of the questions that we are asking uses the words 'submit' and 'continue' and I think the party has been very upfront about the fact that they are obviously asking for this information to receive that data back and they care about what the voter has to say."

    That's not full disclosure in my book. Any gaming CD is "interactive" and uses words like "submit" and "continue." Being "upfront" (sic) doesn't cut it, either, unless being up front means disclosing exactly what data are collected and exhaustively describing who will be receiving the data, and whether they will be aggregate data or personally identifiable. If they are serious about informing the recipients then this information would be displayed on a screen and require user acknowledgement and acceptance before the CD is allowed to run any other code.

    But that's my book. Yours may vary.


    happy
    ZDNet Gravatar
    none none
    4th Mar 2006
  • Spyware quake
    spyware quake
    I had this one on my computer it is a strong little bugger ... but i found that emco mailware destroyer had a definition for the Trojan but it would come back ... so i ran spybot search and destroy and it found 2 things not sure don't remember not sure what they where called? but they where the same name except that one could be removed and the other spybot had to restart computer to remove it... i wish i could remember what it was called that it removed? but after it did i then ran emco mailware once agen right after restart ... and it found a Trojan agen and removed it agen... this time it's gone ... not coming back and scans coming back - for it two days now ... and it's not sounding the alert in avast every time i go on line and let the NT loader file through ... what ever it was that spybot removed is the key to this hole thing? now i remember what it was now it was called codec ... and there where two off them ... one on drive and one in mem... but the tool bar that's flashing warnings i can't seem to get that off here ... anyone have any ideals on where to look for it? oh and another thing they use NT loader on win 2000 pro to go to a porn page if you have a fire wall and don't let that through it can't take you there also if you get the Trojan off but not codec in mem off and you restart it reboots the Trojan and vice VESA ... get the codec off and not the Trojan codec comes back
    ZDNet Gravatar
    smokie420oh
    28th Mar 2006

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources