Michele Bachmann Announces She's Done

U.S. Representative Michele Bachmann (R-Minnesota) announced today that she’s not going to seek re-election in 2014.
Last time around, the race between her and Minnesota businessman Jim Graves was very close. Mr. Graves lost by a very narrow margin. Graves had already announced his intention to take on Ms. Bachmann again next year. As the news came out on Bachmann’s decision, both camps made it clear that they think their person would have won the rematch. Just yesterday, Minnesota Public Radio explained that Graves seemed to be facing “an uphill battle vs. Bachmann.” At the same time, recent polling by the Graves campaign showed him slightly ahead of Bachmann. The race certainly would have been very close, but it was looking to be a scenario much like last time around, which, at the end of the day, Ms. Bachmann did end up winning.
So if she’s got at least a fair shake at winning, why wouldn’t she take it all the way? Well, that’s what brings us to why I’m writing about this here. It seems that Bachmann’s failed 2012 presidential campaign was accused of stealing the email list of Network of Iowa Christian Home Educators (NICHE) back in 2011. In a bit of an attempt to re-write history, they later came to an after-the-fact settlement to label the action a “rental” and NICHE received a $2,000 payment from the Bachmann campaign.
And that’s just one of multiple ethics issues Minnesota’s face of the Tea Party is facing. In March, her attorney confirmed that Bachmann is under investigation by the Office of Congressional Ethics for alleged misuse of campaign funds. One of her own 2012 presidential campaign staffers, Peter Waldron, filed a complaint that Ms. Bachmann’s campaign improperly used leadership PAC funds to pay campaign staff. There were further allegations regarding payment of staffers and attempting to require exiting staffers to sign non-disclosure agreements prohibiting them from talking to police or attorneys. And the FBI is now said to be involved.
I’ve consulted for multiple email service providers who have told me how challenging it can be to work with political senders. At least one ESP prohibits this kind of mail outright, out of frustration with candidates regularly playing fast and loose with permission. PACs, parties, candidates and other groups seem to buy, sell or trade lists constantly, and as a result, spam complaints and blocking would often follow. Thus, it doesn’t surprise me to see Ms. Bachmann’s campaign engaging in something email list-related that they probably thought was just common usage, when the rest of us in the email community would find that use unwelcome and unethical. (And it’s not just her party guilty of this kind of thing.)

Related Posts

The perils of politics

I’ve talked a little bit about political and activist mail in the past. In general, I believe political mailers tend to be aggressive in their address collection techniques and sloppy in acquiring permission.
For the most part, politicians can get away with aggressive email marketing in a way that commercial emailers can’t always. The laws for commercial email don’t really apply to political emails. Politicians and activists don’t have to comply with CAN SPAM. They don’t even have to stop mailing if you opt-out. They don’t have to identify themselves the way commercial emailers do. They trade, sell, barter and borrow voter data, including email addresses.
This doesn’t mean the politicians don’t get blocked. They most certainly do suffer delivery consequences to their behaviour.
Well, today I saw another article talking about the pitfalls of political mailings. According to US News, a number of people who are unlikely to be Republican supporters were reporting that they were spammed by the Romney campaign.
The Romney campaign says it wasn’t them, and that they are only sending mail to people who signed up to receive it. This is possible, the article at US News says that the signups came from an IP address that is part of the Tor network. What is Tor? Tor is a way to hide your location on the internet. Ever watch a crime show and see the master geek track a bad guy all over the world by IP address? That’s basically what Tor does.
It’s very possible someone did find a list of email addresses of people guaranteed to be angry about getting mail from the Romney campaign. It’s very possible they used Tor nodes to submit those addresses the campaign lists. It’s been known to happen, and it’s not like this election is getting any less contentious as we get closer to November.
Forged subscriptions are a problem for every activist and political mailing list. But most of them don’t take any steps to protect themselves from maliciousness. Welcome emails, confirmation emails, audit trails, monitoring can help minimize the chance of subscribing a lot of people who don’t want that mail. Most political and activist groups won’t take that step, though. They’d rather increase lists by any means necessary without adding any controls on making sure those addresses are valid.
The irony is that the first thing activists blame when they do have email delivery problems is their political opponents forging addresses into their list. But they still push back against actually implementing controls and protections against the practice.
As with many things, politicians want to have their cake and eat it too. They want the extra volume that comes from indiscriminate signups, but don’t think that should cause them any problems. It doesn’t work that way in the real world, though.

Read More

Get a helmet

There’s been a lot of interesting reaction to Steve’s security post yesterday. A lot of people seem upset that we have pointed out one of the ways that ESPs may be getting compromised. Complaints range from the message being overly simplistic, through to complaints that we just don’t understand how much of an issue security is, through to complaints that we’re not pointing out that some ESPs actually are secure. Some people have even provided counter examples of how simple it is to compromise any company, so why are we picking on ESPs.
Security is a problem any company faces. Some industries are bigger targets than others, and ESPs have really jumped up the target list. ESPs are getting lists stolen. ESPs are getting reputations stolen.
There’s one ESP I know for a fact that has lost multiple customer lists 3 times. Three companies I get email from are hosted there. When all three of those tagged addresses started getting spam, the only logical assumption was that the ESP was compromised. Again. Those are companies I want to hear from, though, and I changed addresses on their sites after every breach. What’s distressing, though, is the total lack of response from either the customer or the ESP to my notices about the breaches.  To be fair, the problem seems to have stopped more recently.
Silence and refusal to address an issue is a big problem. An address I gave a company on the Only Influencers list was stolen (I’m not going to say leaked because I actually trust them to not have violated their privacy policy) sometime back in early 2011. I didn’t notice right away because my spam filters were catching the mail, but eventually the spammers managed to get one into my inbox. When I saw it, I started checking and realized that address had been compromised a long time ago. I notified the company, with as much history of the address as I could. I ended my message with:

Read More

Browsers, security and paranoia

MAAWG is coming up and lots of us are working on documents, and presentations. One of the recent discussions is what kind of security recommendations, if any, should we be making. I posted a list of things including “Don’t browse the web with a machine running Windows.”
Another participant told me he thought my recommendation to not use a windows machine to browse the web was over the top and paranoid. It may be, but drive by malware attacks are increasing. Visiting big sites may not be enough to protect you, as hackers are compromising sites and installing malware to infect visitors to those sites. Some ad networks have also been used to spread malware.
Criminals have even figured out how to install malware on a machine from email, without the recipient having to click or open attachments.
Avoiding the internet from a machine running Windows is a security recommendation I don’t expect many people to follow, but I do not think security and anti-virus software is enough to protect people from all of the exploits out there.
Of course, there are a lot of reasons that one might be forced to use a particular browser or operating system. For instance, I was on the phone with my bank just today to ask if they supported Safari. They say they do, but there are some things that just don’t work. The customer service rep said that they recommend Internet Explorer to all their users. She then suggested I switch browsers. No thanks, I’ll deal with the broken website.
Compromises are a major threat, and criminals are spending a lot of time and money on creating ways to get past current security. No longer is “not clicking on malware” enough to protect users. When a security clearinghouse is compromised and used as a vector for a targeted attack against Google, none of us are safe. When a security company is compromised, none of us are safe.
I realize my recommendation to avoid browsing the web on a Windows based machine is more wishful thinking than practical. I also know that other browsers and operating systems will be targeted if enough people move away from currently vulnerable operating systems. And I know that a simple, offhand suggestion won’t fix the problem.
As someone who’s been online long enough to see the original Green Card spam I know that online dangers evolve. But I can’t help thinking that most of us aren’t taking the current threats seriously enough.

Read More