PogoWasRight.org is pleased to announce that as it did in the run-up to the 2008 election, this site will be discussing and looking at the candidates’ voting records as well as their statements about privacy and data security issues of interest to this site’s readers.
To kick off the coverage, we’re starting with the privacy policies of three announced candidates’ official campaign websites: RandPaul.com, HillaryClinton.com, and TedCruz.org. And we begin by observing that of the three sites, only Secretary Clinton’s site uses https by default. Senator Rand Paul’s and Senator Ted Cruz’s sites are over http.
What Information Do the Sites Collect?
In terms of the content of the privacy policies, Clinton’s and Rand’s are almost identical in their provisions. Both sites passively collect a lot of information on site visitors – and their mobile devices – from numerous sources.
I’ve stored copies of the two sites’ current privacy polices so that you can see how much information and what types of information each site collects and so that we can determine any changes over time. For Paul’s privacy policy as of April 7, 2015, click here. For Clinton’s privacy policy as of April 12, 2015, click here.
What Information Do the Sites Share With Third Parties?
Both sites also share your information widely with third parties. Rand’s campaign, for example, will share your information:
- with vendors, consultants, and other service providers or volunteers who are engaged by or working with us and who need access to such information to carry out their work for us;
- with organizations, groups, or causes that we believe have similar viewpoints, principles, or objectives;
- when you give us your consent to do so, including if we notify you on the Sites, that the information you provide will be shared in a particular manner and you provide such information;
Clinton’s campaign will also share your information:
- With vendors, consultants and other service providers or volunteers who need access to such information to carry out work on our behalf;
- With candidates, organizations, campaigns, groups or causes that we believe have similar political viewpoints, principles or objectives or share similar goals and with organizations that facilitate communications and information sharing among such groups;
- In connection with, or during negotiations of, any reorganization, formation of new committee or successor organization, asset sale or transfer, financing or lending transaction or in any other situation where personal information may be disclosed or transferred as one of the assets of HFA; and
- With your consent or at your direction, including if we notify you through our Sites that the information you provide will be shared in a particular manner and you provide such information.
And of course, that’s apart from the usual provisions about sharing for law enforcement purposes, etc.
Wait. What About Senator Cruz’s Site?
In contrast to these two candidates’ privacy policies, the privacy policy for Senator Ted Cruz’s campaign is relatively brief (I’ve uploaded the version current as of April 12, 2015 here). Other than mentioning the use of cookies, the privacy policy makes no mention of what information is passively collected from site visitors. PogoWasRight.org has submitted a media inquiry to the campaign to get more information as to what the site collects, and will report back if/when we receive a response.
Security of Your Information
All three campaign sites mention keeping your information secure. Senator Paul’s site has a specific subsection of the policy addressing this by saying they take
commercially reasonable technical, administrative, and physical measures to protect your personal information in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction. We use encryption to protect highly sensitive data, including credit card information. Please be aware, however, that despite our efforts, no security measures are impenetrable and no method of data transmission that can be guaranteed against any interception or other type of misuse. To protect the confidentiality of personal information, you must keep your password confidential and not disclose it to any other person. You are responsible for all uses of our Sites by any person using your password. Please advise us immediately if you believe your password has been misused.
Clinton’s site, Hillary for America (HFA), also has a section on security. It says:
HFA takes reasonable measures to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction.
And that’s all they wrote on that. Your guess is as good as ours as to what they consider “reasonable.”
Senator Cruz’s site’s only reference to data security says:
If you choose to donate through our online contribution form, rest assured we have taken every reasonable precaution to keep you and your billing information safe and secure.
Again, what do they consider “every reasonable precaution?”
Can You Opt Out?
All of the sites mention some degree of choice.
Senator Paul’s site has a section in the privacy policy:
What Choices Do You Have Regarding the Use of Your Information?
You may “opt out” of receiving text messages, email updates and newsletters by following the instructions in those text messages and emails.
Secretary Clinton’s site also has a section on choices:
Cookies
Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove or reject browser cookies. Removing or rejecting browser cookies does not necessarily affect third party flash cookies that may be used in connection with our Sites. To delete or disable flash cookies please visit www.adobe.com/products/flashplayer/security for more information. Please note that if you choose to remove or reject cookies, this could affect the availability and functionality of our Sites.
Promotional Communications
You may opt out of receiving text messages, updates and newsletters by following the instructions in those emails or text messages. If you opt out, we may still send you other types of emails, such as those about your use of the Sites or any donations or transactions.
Senator Cruz’s site informs visitors that “You can opt-out of our use of cookies by disabling cookies on your browser,” and that “you will always be able to unsubscribe from our email database quickly and easily through the link provided at the bottom of every email that we send.”
So none of the sites seem to give you the option of opting out of having your information shared with third parties even when such sharing is not required by law.
Other Provisions
Secretary Clinton’s site contains other provisions that privacy advocates may wish to read and consider, including statements such as:
HFA is based in the United States and the information we collect is governed by U.S. law. By accessing or using the Sites or otherwise providing information to us, you consent to the processing and transfer of information in and to the U.S. and other countries.
and:
If you sign an online petition, you understand that such petition is public information and that we may make the petition, and your name, city, state, and any comments provided in connection therewith publicly available. In addition, we may provide such petitions or compilations thereof, including your comments, name, city, and state to national, state or local leaders, or to the press.
Comments:
That’s it for this inaugural post. Other campaign sites will be added as to coverage as candidates announce.
If you’d like to volunteer to help out with this project, email me at [email protected]. Remember that we will be looking to build privacy record dossiers on each candidate, so even if you can’t donate your time but can send links to statement or voting records, that would be helpful.
Update, April 13: I discovered that Paul Schreiber has done his own analysis of the candidates’ web sites in terms of their tech security. You can see his chart here.