A Note About Data Security
Many of our campaigns are deeply invested in the security of their data, and for good reason. Data security is something that we take very seriously at Reach. Our approach includes a technical component and a product design component.
Technical Approach to Security
Reach is equipped with a number of rigid security safeguards which reduce a hacker’s potential plane of attack. The core backend service features: enforcement of Strict Transport Security (HSTS), SAMEORIGIN (preventing clickjacking), XSS prevention via strict content security policy setup (prevents cross-site scripting attacks), CSRF protection, and strict CSP (preventing JS injection) alongside a litany of other safeguards. Our primary datastore has zero direct or exposed points of entry & is backed up daily. Data is encrypted at-rest and in-transit, and every connection to the database, alongside every interaction with our frontend and backend services are logged centrally and backed up to our cloud storage.
Organizing and Product Design Approach to Security
What if your opponent find their way into your Reach campaign? What if a trouble-maker enters a bunch of junk data. What if your paid-canvassers are just looking to make a quick buck and make up data? These are human problems and when you’re running a grassroots campaign that is inclusive and tries to activate lots of volunteers, there is always some level of trust and faith you need to have in your volunteers. There’s no way around that with technology, but these are still things we keep at the core of our product design decisions.
Here are some ways we account for these questions:
- In order to be a part of your campaign in Reach, users do need to be added either directly by cell phone number, or by entering an invite code they were given. Invite codes have expiration dates and a limited number of slots so if one gets tweeted out on by some alt-right trouble-maker, it’s not like your campaign can be flooded with trolls. If someone wants to pull off an elaborate ruse, they could probably social-engineer their way into an invite from one of your volunteers, but it’s not like just anyone on the internet can sign up.
- As an admin, you have full control over your users at all times. You can see who all your users are, remove users, and upgrade or downgrade a user’s role whenever necessary.
- All survey responses gathered in Reach are tied to a specific Reach user and nothing is deleted or over-written – only superseded by newer data. So if you discover that a given user has entered some inaccurate data into Reach, just let us know and we can easily strip away that user’s responses, leaving you right back where you were before the user made a mess, with no data lost and no harm done.
- We do have a feature in Reach which allows you to limit the the visibility of responses based on user permission, so certain levels of users can only see responses that they themselves have gathered. This means that if they meet a voter who has already been canvassed by a different user, they won’t be able to tell or learn anything about your supporters. This setting is optional, as enabling it does defeat some of the advantages of letting all your users see the most up-to-date information at any time, but it is there for campaigns who want to take advantage of the added level of security.