Beleagured Governor leaks donor data

It hasn’t been a fun two months for Massachusetts’ new Governor, Deval Patrick. After running a stellar, grass roots campaign to defeat Republican Lt. Governor Kerry Healy and become the first African American governor of Massachusetts, Patrick — a former Clinton Administration official and Coca Cola executive — has stumbled out of the gates BIG time with serial scandals over his decision to lease a pricey Cadillac as his official transportation as opposed to the standard Chrysler, redecorate his office to the tune of more than $27,000 in taxpayer money (including $12,000 drapes), and hire a $70,000 a year personal secretary for the state’s first lady — itself a “first” in state history. So high were the hopes for Patrick and so ham fisted have been his moves since taking office that he’s become the subject of out of town coverage in the Washington Post and elsewhere. The controversy has even spawned a dedicated conservative blog: devalpatrickwatch.com, which provides blow by blow coverage of the new Governor’s rude awakening to the realities of public life.

Sadly, Patrick is continuing to provide fodder for attacks. His latest bumble involves the release of personally identifiable information, including home addresses of supporters on a Web site, Devalpatrick.com, that he launched to try to “get his message out.” But, in a classic case of the message biting the messenger, Patrick had no sooner posted the new site than he was hearing it from Secretary of State William Galvin over the publishing of donor data.

According to the Boston Globe, visitors to the site who entered another person’s last name or phone number could see the home address of anyone with that name, including unlisted phone numbers.

“We go to great lengths to protect the confidentiality of voting lists from vendors and sales people, and we’re concerned there is information out there that shouldn’t be, for instance, police officers’ residential addresses, deceased voters, apartment numbers of elderly voters,” Galvin said in a Boston Globe article. Some of the names listed are individuals with restraining orders, Galvin noted.

As he was forced to do with the drapes, car and secretary, Patrick found himself on the defensive and had his campaign remove most address information from the site and explain his actions.

The Web site, which was created to rally supporters and prompt civic engagement, was another example of how loosely secured Web sites. Security experts at Symantec said, in their most recent Threat Report, that 66 percent of new security holes target Web applications.