I just finished reading WineRev's excellent diary today:
MN-Sen Events v. 99.0 Franken Rests Again
and realized that most people here probably have no clue what the geeks are talking about. When I got to where WineRev said this:
Well now I speak English, Estonian and Southern, some Spanish, a bit of Greek and Hebrew, and a touch of German and Latin. But have not the FAINTEST idea what "Palpitations" means by this. It sounds awful (you know, like having to be Ben Ginsberg's dentist without a mask) so I'll take his/her word for it. Anyone who can translate at least from Geek to Greek I would appreciate (just get it into aorist subjunctive in optative mood (Koine if you can) and I can dope it out from there.)
I realized that someone needs to try to explain what happened in English, so I will try.
Bottom line is that a BROWSER (FireFox, Safari, Internet Explorer) is designed to do just that - BROWSE the public areas of a website.
UPDATE I (12:07 CDT) Thanks to all of you who thought this should be on the Rec List.
Details below the fold.
==========================
UPDATE II (2:20 pm CDT) OK, this just totally cracks me up. From the Minnesota Independent.
Media begins countering claim that Coleman site was hacked
MPR’s Mark Zdechlik interviewed Adria Richards, an IT professional who weighed in at MnIndy on the security flaws she found back in January, who said she didn’t hack into the site. She echoed Schultze’s sentiments about the error of storing sensitive data on the web server: "It’s like putting your filing cabinet outside of your house."
==========================
UPDATE III (2:52 pm CDT) The professional media is reporting the true story all over the place:
Beyond the Norm: Coleman's data leak disaster
Cringely unravels the ugly mess around ex-Minnesota Senator Norm Coleman's data spill and asks, Should this man be handling sharp implements?
The key culprits? Why, the Coleman campaign itself. And therein lies a tale.
===========================
UPDATE IV (3:20 pm CDT) Well, the rest of the media is still asleep but at least the Twin Cities Daily Planet has the correct story for Minnesota residents:
Coleman cyber-follies
While Norm Coleman is calling it "chilling" and "scary," a closer look shows that the disclosure of names and credit card information of Coleman campaign donors on the internet is the fault of no one but ... the Coleman campaign, which violated basic on-line security procedures...
The Coleman campaign was told in January that its database was publicly accessible and not even password protected. A Minnesota law requires that any person or business in the state that discovers a breach of security must notify people whose personal information has been made vulnerable "in the most expedient time possible and without unreasonable delay.
===========================
UPDATE V (5:32 pm CDT) TPM also has a great short story:
Pioneer Press: Donors, Data-Security Experts Blast Coleman Campaign
The St. Paul Pioneer Press has a news article this morning that is a blistering attack on the Coleman camp's latest foul-up: "As recently as late January, databases of thousands of Coleman's donors and assorted contacts sat on a public portion of the campaign's Web site. They were not password-protected, so a Minneapolis consultant was able to find them by essentially surfing the Web."
And The Minnesota Independent has this:
Coleman Web site dropped promise not to store donors’ credit card data
As recently as last year, Norm Coleman promised campaign donors his Web site would not store their credit card numbers. That was then. The Coleman Web site’s "Privacy Policy" now promises only to encrypt contributors’ data "during the transfer process." The old policy — or even a sensible system of encrypting data and storing it away from Internet-accessible areas — would have prevented the breach of private data for thousands of his donors.
This is what the Coleman privacy policy used to say: "We do not retain records of contributors’ credit card numbers." But, as the current policy states: "We reserve the right to change this privacy policy at any time ..."
===========================
UPDATE VI (6:39 pm CDT) RiderOnTheStorm just posted a comment here reminding me of his/her excellent diary analysis of the Coleman non-crash posted on January 29th titled Brief technical analysis: the Coleman web site debacle. It clearly explains the fraud perpetrated by Norm and his gang back then, and fills-in many of the blanks I left out below. It is a bit "techie" for the non-geek reader, but a great summary.
===========================
So, this is my attempt at explaining in English how a website is designed, and why donor data should NEVER be stored on a campaign site.
First of all, the Coleman campaign site was evidently running on a UNIX server, which has PUBLIC directories (public_html or www) and private directories (public_ftp, mail, cgi, etc.).
Think of a website as your home and yard. Your front yard is public and can be used by anyone. That is the PUBLIC directory (public_html or www). Anyone who drives by can see what is there (your homepage).
If it is monthly trash weekend in my town, you are allowed to pile any amount of trash for pickup. You can even put signs on various piles (good bed sheets, old books, etc). Think of these as the main menu items on your website homepage. The street in front of your house is the internet.
Beginning on Thursday night the metal scavengers begin driving around and browse the piles for salvageble metal. People looking for a guest bed, old couch for a rec room, or other "treasures" also drive around and "browse."
In simple English, back in January, Norm's staff put his donor data in one of those front-yard piles. Several professional internet geeks (liken these to the professional metal scavengers) noticed these donors in a front-yard pile, knocked on Norm's door (posted warnings), and said, "Norm, did you really mean to put these in the front yard?"
Norm could have immediately taken the donors off that pile, put them in the house, and locked the door. Norm was required by law to call the police and report that he had dumped hazardous material (like paint cans with paint still in them) in his front yard.
Evidently he did not do that. Instead, he allegedly notified the FBI, who rightfully said, "Norm, no one has broken down your front door!"
Now a month has gone by. Another one of the professional scavengers sees Norm's pile of donors sitting in someone else's front yard.
This scavenger, knowing that Norm has been warned before and done nothing, publishes an ad in the local paper warning the donors. Again, Norm doesn't listen, so this professional notifies everyone in the donor pile saying, "Hey, folks. Norm threw out your name, address, phone number, AND THE CVS TO YOUR CREDIT CARD!!! You NEED to do something. NOW!"
Norm screams, "Theft! Hackers! It's Franken's fault! Do something!"
But let's look more closely at Norm's house and yard...
I happen to have a swimming pool in my back yard. By law, it is classified as an attractive nuisance. In simple English, while the parents are browsing my piles in the front yard, it is my fault if their kids wander off, see the pool, and fall in.
So I have a 6 foot privacy fence around my back yard with child-proof gates. My friends and family can swim anytime, but they need to enter the digital password at the gate. They get three tries to unlock the gate before the alarm sounds. This is a "password protected public directory." The kind you see in a browser when the little window pops up and asks for your username and password.
If you don't know the right combination on a UNIX website, after three tries your browser displays "Authorization Required" and literally pushes you back to the street (the internet).
Now let's look at Norm's house (public_ftp directory). It comes pre-installed with one of the new digital front door locks. NO ONE even gets to open the door unless they have the magic code. UNLESS the webmaster turns the lever on the inside of the lock to manually turn off the automatic lock (a tag called "allow anonymous logins").
Once you are in the house (the private part of Norm's website) you have many rooms, each of which can have a locked door.
In my house, if you make it to the master bedroom, open the linen closet, push on the back wall of the closet, you get to the safe. Then you need both a key and a combination to open the safe. That is where backup file of the donors should have been!
But should Norm have been collecting donor data AT ALL?
I've been managing campaign sites since 1996. I gave up manual collection of credit card information in 1998. Why? Far, far too risky. The liability to the campaign (like Norm probably breaking MN law by not notifying the state immediately) is far too great.
How do we Democrats (especially smaller races) handle credit card contributions? We DON'T. If we are small, we do it ALL through ActBlue.
Back to Norm's yard... ActBLUE is like my local bank. They have the "big bank" downtown, but they have drive-in "banks" all over town. We all know the kind. You drive to a TV screen, put your money, deposit ticket, or check to cash in a pneumatic tube and it is wooshed away into the room with the bullet-proof glass. The clerk types your info into a computer, and bingo, your blackberry tells you that your money is in the bank system.
An ActBLUE link on your homepage is like the bank building a drive-in pneumatic tube in your front yard. You never touch the money, the credit card information, nothing. It goes through the tube to ActBlue, they handle all the legal requirements (like NOT storing your CVS number), deposit the money to your bank account automatically, and then send you a report of the information you are legally allowed to retain. Simple, swift, and no campaign liability.
Think of a "secure webpage" as the pneumatic tube. Sealed and safe from your website to ActBlue. Just like that remote tube to the room with the bullet proof glass.
Larger campaigns use internal credit card collections, but again they are fools if they try to write those themselves. Most Democratic campaigns use NGP, a program much like ActBlue, but which is more transparent to people who browse a site. Again it is a secure pneumatic tube. The advantage to NGP contributions is that they instantly and automatically go into the client's donor and GOTV databases (but NOT the CVS numbers).
Many large Democratic campaigns use both NGP and ActBlue, allowing contributions from sites like Kos to receive credit for tracking the contributions we generate. The one manual step required is to upload the ActBLUE donors into the NGP database. FEC compliance is now all in one place, and the liability for honest reporting is left to the professionals.
Plain and simple, Norm never should have had that data on his website in the first place, and it was total incompetence to have it in a public directory.
----------
This is way too much information for most people, but I realized there are folks who won't understand the geek terms but still want to know.
Please add other analogies in the comments to help explain these concepts to the average contributor.