RE: DNC Statement

From:MirandaL@dnc.org To: RBauer@perkinscoie.com CC: DaceyA@dnc.org, ReynoldsL@dnc.org Date: 2016-04-29 18:42 Subject: RE: DNC Statement

Sanders Statement: Independent Investigation Confirms Sanders Campaign Told the Truth April 29, 2016 Contact: Michael Briggs (802) 233-8653 BURLINGTON, Vt. - Four months ago, in an impulsive overreaction and at a critical point in the campaign just weeks before the closest Iowa caucus results in history, the DNC shut down the Sanders campaign's access to its own voter file data, only restoring access after the campaign filed a lawsuit in Federal court. Now, four months later, an independent investigation of the firewall failures in the DNC's shared voter file database has definitively confirmed that the original claims by the DNC and the Clinton campaign were wholly inaccurate - the Sanders campaign never "stole" any voter file data; the Sanders campaign never "exported" any unauthorized voter file data; and the Sanders campaign certainly never had access to the Clinton campaign's "strategic road map." In fact, the independent investigation has confirmed what the Sanders campaign said from the start: * The DNC's security failures allowed four Sanders campaign staffers - three junior-level staffers led by a manager who had been hired at the recommendation of the DNC and who was immediately terminated after the incident - to have extremely short-lived access for one hour to Hillary for America's scoring models, but not to any of Hillary for America's proprietary voter data. * No one else in the Sanders campaign, outside these four staffers, accessed the Hillary for America's scoring models or had knowledge that the activity was taking place until well after the incident was over. * With one exception, all unauthorized access took place within the DNC's own system. While there is evidence that the terminated staffer may have exported a summary data table, the independent investigation of Sanders campaign computers could not locate that file and no one in the Sanders campaign has ever seen that file. With the investigation behind us, the campaign has withdrawn its lawsuit against the DNC today but continues to implore the DNC to address the systemic instability that remains in its voter file system. It is imperative that the DNC make it a top priority to prevent future data security failures in the voter file system, failures that only serve as unnecessary distractions to the democratic process. Bernie Sanders' Campaign Manager Jeff Weaver said "We are gratified by the results of this independent investigation." ### Paid for by Bernie 2016 PO Box 905 - Burlington, Vermont 05402, United States Thanks! On Apr 29, 2016, at 3:14 PM, Miranda, Luis <MirandaL@dnc.org<mailto:MirandaL@dnc.org>> wrote: It's out: <image001.png><https://urldefense.proofpoint.com/v2/url?u=http-3A__www.democrats.org_&d=CwMFAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=Ut99gfJwVdJxiSTSug9WEDbMnGnMYpOw3O6kCDw94V8&m=EhbWtuzjQpU-L9UW5BJ2NlCnk3sopSDdbMTllNr3UiM&s=5rHKQ7rT0thUpftw73DMSWs0J8YdRtmhpmDXd37El00&e=>Luis Miranda, Communications Director Democratic National Committee 202-863-8148 - MirandaL@dnc.org<mailto:MirandaL@dnc.org> - @MiraLuisDC<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.twitter.com_MiraLuisDC&d=CwMFAg&c=XRWvQHnpdBDRh-yzrHjqLpXuHNC_9nanQc6pPG_SpT0&r=Ut99gfJwVdJxiSTSug9WEDbMnGnMYpOw3O6kCDw94V8&m=EhbWtuzjQpU-L9UW5BJ2NlCnk3sopSDdbMTllNr3UiM&s=dm1j5tJnYP39Ar2eUBtwJBGPnyxG-xRqVSg44g6aU90&e=> For Immediate Release April 29, 2016 Contact: DNC Press - 202-863-8148 DNC Statement On December 18, 2015, the Democratic National Committee and Bernie 2016 appeared in United States District Court on Bernie 2016's indication that it would be seeking an injunction in the breach of contract action it filed against the DNC earlier that day. The Sanders campaign alleged that the DNC wrongfully terminated its access to the party-administered voter file system, VoteBuilder, following DNC's discovery that Sanders campaign personnel had discovered a flaw in system security and had accessed Clinton campaign proprietary score data. The parties proceeded in the course of the hearing to settle the immediate issue before the Court. The DNC agreed to restore access to VoteBuilder by the next day, and the campaign agreed to cooperate in an independent investigation of the data breach. The Sanders campaign also agreed as part of this investigation to assume a share of the costs of the investigation. The DNC and the Sanders campaign agreed on the retention of CrowdStrike to conduct the investigation. Over a five-week period and the commitment to the work of 128 hours, CrowdStrike examined user activity within VoteBuilder by three Democratic Presidential campaigns: Hillary for America, Bernie 2016, and O'Malley for President. Additionally, CrowdStrike conducted a forensic examination of two systems belonging to the Bernie 2016 campaign. The investigation sought to first identify whether any campaigns' users accessed data via the VoteBuilder system in an unauthorized fashion and then determine the nature of any unauthorized access that did occur. The cybersecurity firm CrowdStrike has concluded the independent investigation agreed to by the DNC and Bernie 2016. It identified evidence of unauthorized access via four user accounts from the Bernie 2016 campaign. All unauthorized access occurred during a one-hour period from 10:41 to 11:42 EST on December 16, 2015. During that time, the four users conducted 25 searches using proprietary Hillary for America score data across 11 states. All of the results of these searches were saved within the VoteBuilder system, with the exception of one instance where a user exported a statistical summary of a search using HFA scoring in New Hampshire. CrowdStrike found no evidence of unauthorized access by the Hillary for America or O'Malley for President campaigns. Today, the Sanders campaign also voluntarily dismissed the breach of contract action pending against the DNC. ### ________________________________ NOTICE: This communication may contain privileged or other confidential information. If you have received it in error, please advise the sender by reply email and immediately delete the message and any attachments without copying or disclosing the contents. Thank you.