Norm Coleman just delivered a statement outside the Minnesota courtroom, addressing the breach of security on his online donors’ data — and putting the blame squarely on political opponents, who are allegedly attempting to scare Coleman’s supporters out of donating.
“It is obviously an attack on this campaign,” said Coleman. “But beyond that, just in terms of the campaign we’re involved in a very expensive legal proceeding. Online fundraising is a very critical element of that, and clearly the theft of this information, the publication of this information undermines that. But this is more about my campaign or the ability to fund a legal effort or campaign. We do so much online. Politics today relies on online fundraising, and unfortunately we find ourselves in a situation where the level of trust and confidentially in that information is severely undermined.”
Coleman attorney Fritz Knaak took questions from reporters, and claimed that the campaign became aware of a possible data breach in late January, which was investigated by the Secret Service and the state Bureau of Criminal Apprehension, whose analysis found that no downloads had taken place — which leads him to believe that further hacking has taken place over time.
“We thought that we had fended off an effort at that point,” said Knaak. “Clearly more efforts have occurred. Still we have every reason to believe that what was attempted in January was not successful.”
The accusation made by Wikileaks.org is that the data wasn’t actually hacked, but that the campaign for a few hours in January stored the entire unencrypted database of their site in a publicly-accessible location. Noah Kunin, a reporter at The Uptake, also just announced that he personally knows people who had downloaded it and told him about it at that time, and who posted the news online.
A reporter asked Knaak if he thought this was a hack performed by partisan opponents. “Who else?” he asked rhetorically. “I honestly think that if this were the so-called Russian Mafia or someone else, you wouldn’t be seeing it on a Web site.”
One other thing that has to be noted, as well: Vendors are not supposed to store the three-digit security code of a credit card on their servers — it’s meant to be used solely for a vendor to clear a card with the credit company, and then deleted. But in fact, the downloaders were able to get those, too.
Professor David Schultz, who teaches election law at Hamline University, tells TPM via e-mail that the Coleman campaign could be in serious legal trouble, assuming this was the product of their own negligence:
His campaign potentially violated state law by not promptly notifying card holders of the disclosure of their card info. Assume the campaign did suffer a breach in security, his campaign faces fines under state law and it is possible a card holder could sue the campaign for any damages. It would be hard for the donors to sue Coleman personally and prevail.
Coleman’s spokesman has not responded to an e-mailed request for comment on Schultz’s analysis.
(Coleman presser c/o The Uptake.)
