Tuesday, March 22, 2005

Privacy, Schundler's Tax Calculator, and Politician Responsiveness

The Schundler campaign web site features a calculator that purports to tell you how much you would save in local property taxes through increased state aid to your local schools, municipal government, and county government.
As the user runs through the calculator, it first asks for your county, then your street number and zip code. From these inputs, a selection of possible matches is presented. In my case, the list contains my own name and address, Delanco township, a business in Delran, and one of my neighbors with the same house number on a different street.

Two things bother me about this process.

First, Schundler's site does not disclose the source of its data. I presume that it is going to a public database somewhere, or that the campaign has purchased a set of data. In either case, I'm curious what records about me this database contains, besides those returned by the query. Someone smarter than I could probably reverse engineer the scripts or sniff the packets and find out where the data reside. Is my personal information thus exposed for personal consumption and possible identity theft or credit fraud?
Second, it's entirely possible that Schundler's campaign is using the selections made on the calculator to build its own database of visitors to the site, by name, address, etc. The site does not have a privacy policy posted, so we don't know whether or not the campaign has any plans to collect or use that data.

I raised these concerns with a member of Schundler's staff, via email last Saturday. I got a response Sunday afternoon stating:

Thanks for the heads up. I will bring this up Monday morning with the other senior staff and see what we can come up with. All in all, its a very good point and worth looking into. I'll be in touch about it by midday Monday.
So far so good. Then, I received this Monday morning (around 10:30, probably right after the staff meeting):
Again, thanks for the tip. I’m working on getting a policy up on the site today.
So it looks like the Bret team is doing all the right things, except for one problem. I can't find the privacy policy anywhere on their site! I even did a Google search, and came up essentially empty. The one item returned, the Contribution Center, refers to a "Security & Privacy help page," but doesn't link to one.

The world is a good place to be when I ask someone for information or help and they get back to me right away (see this post's comments about Steve Lonegan for an example). When someone over-promises and under-delivers, it's not such a happy place. I hope that Schundler's people can make my world a happy one on this issue.

UPDATE: My concerns have been addressed - see this follow-up post for details.