I don't typically don hats with this much tin foil, and I don't think this is likely, but...
The real danger of data like this, in my opinion, illegal usage for voter fraud.
Find people who are likely to vote against you and likely to have poor voter registration documents, and remove them from the polls so they can't vote.
Find people who aren't likely to vote at all and vote on their behalf. In-person, the only verification required is name & address. By mail, the only requirement is a signature, which can be obtained from receipts (I assume this is available on black hat markets).
Leaving this S3 bucket as public-read allows for deniable coordination with illegal actors. I can't imagine they did this on purpose but that could be an explanation.
I don't know if it's possible, but I hope the FBI / Mueller team is able to get access logs.
No. The data that would be useful for wide-scale voter fraud is already widely available from public/free sources, including state Secretaries of State or Departments of Elections.
The loss here is all the very expensive extra modeling and demographic work that isn't included on those files. But having that doesn't massively alter the mechanics of the voter fraud effort you're describing.
Every county is different so some of my statements may not apply everywhere (I live in San Francisco).
I've yet to work a poll (next election) but have gotten to know the system here pretty well through the SF elections commission.
Our system is very far from perfect. Many counties do not even audit ballots after every election (let alone use only paper ballots). Epollbook software can be all over the place. Voter verification at polling places is often quite minimal. The penalty for forging a signature on a mail in ballot in CA is only $1000 (I was in the room when the state assembly committee voted not to raise the fine to keep up with inflation).
I don't mean to be alarmist - like I said, I don't think these things took place, at least en masse - but it'd be quite naive to suggest there aren't vulnerabilities.
I still encourage you to work or observe poll sites on election day. Soup to nuts. If you work it, you'll get training, see how the Australian Ballot is supposed to work. It requires many hands, eye balls, proper accounting.
I'm not so worried about identity theft for in person voting. Just doesn't (didn't) seen to happen much on the west coast.
I vigorously opposed closing our poll sites in favor of all mail postal balloting (WA state). With ballot scanners and electronic adjudication of ballots (changing records in the database per "voter intent"), it's roughly equivalent electronic voting machines, with some new vulnerabilities added (eg tabulating ballots as they arrive, effectively a pre-count).
As various members of the election verification network (EVN) determined, auditing elections is infeasible, impractical, and does little or nothing to increase confidence or certainty.
The gold standard for our form of elections, which I continue to advocate, is the Australian Ballot. In place of auditing, use physical chain of custody. (As you likely know, election administration is not banking, where they have double entry bookkeeping.)
---
To truly fix our election integrity woes, we need to do two things.
First, replace our first past the post (FPTP) with a more robust voting system. Like approval voting (for executive races) and proportional representation.
Second, adopt universal voter registration, with automatic updates. Were our government to use any one of the number of existing demographic databases (facebook, seisent, choicepoint, NSA, etc) then we'd know in near real-time who was eligible to vote. And save huge money doing it.
My impression is that SF actually uses a ballot designed for chain of custody accounting, but doesn't use it whatsoever in practice because of the effort involved. I may be wrong on this. But "many hands, eyeballs, proper accounting" is unfortunately not available for our elections in most areas.
Happy to chat more about this - email is in my profile!
The real danger of data like this is concentration camps and death squads. I don't like stating things so dramatically but that's the sort of thing that actually happens, not just in WW2 but also under the USSR, in many dictatorships in the developing world, when countries like the former Yugoslavia experience political collapse, and so on. Just a couple of months ago there was a systematic effort in the Russian federation of Chechnya to round up and incarcerate homosexuals.
Don't make the mistake of thinking that atrocities couldn't possibly happen here just because you're used to thinking of them as something that only happens in other places.
The real danger of data like this, in my opinion, illegal usage for voter fraud.
Find people who are likely to vote against you and likely to have poor voter registration documents, and remove them from the polls so they can't vote.
Find people who aren't likely to vote at all and vote on their behalf. In-person, the only verification required is name & address. By mail, the only requirement is a signature, which can be obtained from receipts (I assume this is available on black hat markets).
Leaving this S3 bucket as public-read allows for deniable coordination with illegal actors. I can't imagine they did this on purpose but that could be an explanation.
I don't know if it's possible, but I hope the FBI / Mueller team is able to get access logs.