Remember that Franken-Coleman thing? It still hasn’t ended


We once thought we could have a resolution to the Al Franken-Norm Coleman case by Chanukah. Now we’re just a few weeks before Pesach and they’re still in court — with Franken expected to rest his defense case today. According to the Minneapolis Star-Tribune, it doesn’t look good for Coleman:

Republican Norm Coleman’s case in the U.S. Senate trial, once built on the prospects of counting thousands of rejected absentee ballots, is now down to 1,360 ballots or fewer.

That’s the number his lawyers gave to a three-judge panel Wednesday in hopes that the ballots will yield enough votes for Coleman to surmount a 225-vote lead held by Democrat Al Franken.

About 60 percent of those ballots come from counties that Coleman carried in the November election. One-third of the total were from counties that went for him by 10 percentage points or more.

In Hennepin County, which Franken carried, Coleman has reason to hope he will mine votes. Only one of the 297 ballots he identified there comes from heavily Democratic Minneapolis. The remainder are from suburbs where Republicans fare better.

But the number of new ballots counted might be substantially lower than those Coleman identified.

"Their spreadsheet tells the full story as to what they have proved in their case and … it’s not much," said Franken lead lawyer Marc Elias.

He cited printouts to argue that Coleman’s ballots lacked the documents needed to prove that they were wrongly rejected under rules established by the trial court.

Coleman legal spokesman Ben Ginsberg called Elias’ view of the spreadsheet "balderdash." Coleman has maintained that the ballots deserve to be counted under Election Day standards that were more lenient than those laid out in orders by the panel at trial.

Even if all those ballots are counted, though, it still seems mathematically unlikely that the Republican could make up his 225-vote deficit:

Dean Barkley and other candidates won 17 percent of the vote in the counties Coleman’s ballots came from. If those ballots go for Barkley in the same way, it would further reduce the pool that Coleman can tap.

If the ballots identified by Coleman were allocated to the candidates based on the percentage of the vote each got in the counties the ballots came from, Coleman would pick up 596 votes, Franken would pick up 539 and other candidates would get 225.

Meanwhile, Coleman has another problem. The St. Paul Pioneer Press says that the credit card information of donors to Coleman was publicly available on the Internet:

Former Sen. Norm Coleman’s campaign didn’t do enough to protect donors’ confidential information, and Wednesday that lapse came home to roost as more than 4,700 partial credit card numbers were posted on the Internet.

As data-privacy and security experts criticized the campaign’s handling of a confidential donor database, the Republican and his aides suggested partisan motives — and told donors they should cancel their credit cards.

The U.S. Secret Service was investigating, and Coleman’s attorney Fritz Knaak said the state Bureau of Criminal Apprehension was aware of the situation. He and Coleman described the situation as theft.

It was unclear whether the campaign violated a state law by not disclosing until Wednesday — after the data surfaced on a self-described whistleblower Web site, posted anonymously — that the information, including entire credit card numbers, was vulnerable. A spokesman for Minnesota Attorney General Lori Swanson declined to comment.

No evidence could be found Wednesday that anyone had made unauthorized purchases or stolen anyone’s identity, said Knaak and several donors interviewed by the Pioneer Press.

The paper suggests that whoever the Coleman campaign was administering its Web site seemed to have no idea what they were doing:

As recently as late January, databases of thousands of Coleman’s donors and assorted contacts sat on a public portion of the campaign’s Web site. They were not password-protected, so a Minneapolis consultant was able to find them by essentially surfing the Web. And the credit card numbers weren’t encrypted — a violation of credit card industry standards, according to several experts.

Kelly McShane, whose job is to secure information in the banking industry, said he learned that the last four digits of his American Express card — and the four-digit security code used to verify the card — were posted online when a reporter e-mailed him.

"I’m in IT security for a bank, and I can tell you that this is so … irresponsible that I can’t believe it," said McShane, who had donated $100 to the campaign online.

Credit card industry standards — via the Payment Card Industry Council, which includes representatives of major credit cards — dictate that credit card information should never be on the same server as a Web site, said Eric Schultze, chief technology officer for Shavlik Technologies, a Roseville-based computer-security company.

Moreover, he said, credit card numbers should be encrypted, or coded, so if a hacker were to gain access to the separate server, he or she would need to crack the code.

"Otherwise, you’d just see gobbledygook," Schultze said. "It’s a big oops on the part of the Web site administrator, and I’d be surprised if that person still had a job. … It’s a rookie mistake. Anybody worth their salt would not set up a Web site that way."

Knaak would not say who set up the Web site as it was, but he said it was not a campaign staffer.

"It was a third-party provider, and right now I don’t believe they are providing us service anymore," he said.

Recommended from JTA