On NationBuilder, voter files, and data security

An explainer from a former NationBuilder employee who uses voter data every day

In the wake of yesterday’s report that 191 million voter records have been published online in a publicly searchable way, a number of people have implied or directly accused that NationBuilder — a nonpartisan software company that maintains a national voter file—is responsible. This is untrue, and I’d like to explain why.

1. No one leases data from NationBuilder. Because access to clean, usable , and accurate voter data is a vital part of running for office, NationBuilder provides a standardized voter file — free of charge — to campaigns or organizations who legally qualify to have access to it (based on each state’s individual laws). The data is all public data available from each state’s Secretary of State’s office, and is provided only to organizations that legally qualify for it. The only change is that it has been put in a standardized format for ease of use. See here: http://nationbuilder.com/voter_file
2. All records obtained from NationBuilder’s Election Center database include a “NationBuilder Election Center ID” (NBEC_GUID). This is a unique ID—distinct from each state’s voter file IDs—that allows the database to distinguish each individual voter in the United States. But just because a data file includes an NBEC_GUID doesn’t mean that the person in possession of that file got it from NationBuilder directly. The records could’ve been merged with another file (as is common practice) or given to them by a third party.
3. Based on all reports I’ve read, the exposed data wasn’t hosted on NationBuilder’s platform — meaning NationBuilder didn’t leak or expose anything. They may have provided voter data to an organization in a legally compliant way, however, and that organization failed to safeguard it. This would have been no different than that organization going to each Secretary of State, securing the data directly, and then exposing it.

Is it possible that the publicly visible data was initially obtained from NationBuilder’s Election Center? Yes. Does that mean NationBuilder is at fault? Absolutely not.

If anything, this incident underscores how important it is to use a platform like NationBuilder to host your data, rather than attempt to home-roll your own server and take on the data security task yourself. NationBuilder’s hosted platform is maintained by a team of expert engineers, is securely encrypted, and accessible only with a secure login or via the API with a secure token.

Put another way: if the organization whose data was exposed publicly yesterday had stored their data on NationBuilder it would have been private and secure.

These are complex issues and beyond the normal conversational comfort zone of most Americans, so the spread of mis-information is understandable. What isn’t understandable, though, is an intentional spread of dis-information by knowledgeable people in an effort to disparage a company or product that they dislike. NationBuilder’s product has allowed thousands of campaigns and organizations around the world organize their communities and make an impact, and their work to clean, maintain, and distribute voter data to permitted organizations is central to that mission. I thought someone should say so.

Note: From November 2012–November 2013, I worked at NationBuilder’s headquarters in Los Angeles. In the time since I’ve left the company, I’ve helped more than 120 organizations leverage NationBuilder’s community organizing platform in their communities. I’ve worked first-hand with its Election Center data, and I own a small amount of common stock in the company.