GOP does rootkit? No, but...
This came in my Google news alerts today. Media Girl blogged that the Minnesota Republican Party is distributing CDs asking voters about their views on gay marriage but that CD is collecting data from members and transmitting it back to the Minnesota GOP. I don't know where Media Girl is getting rootkit on this, but Minnesota Public Radio has more details.
On Monday, the Minnesota Republican Party announced that it will send out CD videos on Friday to inform voters about the importance of a constitutional amendment to ban gay marriage. It turns out the CD is also being used to add to the GOP voter database. Officials with the Republican Party say certain voter data is being collected by the party. Internet privacy experts say they're concerned that the party isn't telling the viewer that it's collecting the data and worry where the information will end up.
Mark Drake, with the Minnesota Republican Party, says information provided through the CD will be sent to a server and will be used by the parties.
Initially Drake said people who were going to receive the CD should assume the data is being collected because the video is sent by the GOP, is interactive and that the viewer has to provide their personal information. He says the CD packets will now specify that the Republican Party is collecting certain information.
Drake thinks it's no different than the old method of filling out a survey on paper and mailing it back. Privacy advocates take issue with his view and Lillie Coney of EPIC says the GOP should clearly disclose the collection of voter data. Coney also voiced concerns about the data being accessible to third parties.
Christa Heibel, the CEO International Falls based CH Consulting, the company that produced the video, says specific firewalls have been added to ensure that the voter information is protected. That was only after Minnesota Public Radio was able to access some of the data that was collected during testing. Heibel also says "the public should know through the CD's packaging and by other means that voters will be sharing information with the Republican Party."
I think Media Girl was off base using the word rootkit here, but the collection of data via the video sounds very dicey to me. Saying "the public should know" does not cut it. There should be very clear disclosure of the data collection - exactly what is being collected, how the data will be used, if it will be share with 3rd parties, and if so, with what entities and how.