RNC Stopped Paying Data Firm After Serious Breach. Then Paid A Mysterious LLC With Same Address.
Photo from the Republican National Convention, 2016, really.Credit: Benjamin Lowy/Getty Images
March 3, 2020

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

Last fall the Republican National Committee paid $900,000 for “data services” to a Delaware-registered limited liability corporation that had existed for only three weeks.

The company receiving the money has no online presence and has not been used by other campaigns or committees. But there is one clue about the company, Howler Insights LLC, in paperwork the RNC filed with the Federal Election Commission. Howler’s Arlington, Virginia, address and suite number are the same as a conservative data firm whose work for the RNC was placed on hold nearly three years ago after a massive data breach.

The incident left personal information such as voter registration details, names, addresses, phone numbers and potential ethnicities of about 200 million Americans accessible to anyone on the internet. At the time, the security consultant who identified the breach called it the “largest known data exposure of its kind.

The RNC said then that it would halt business with the company, Deep Root Analytics, because it “takes the security of voter information very seriously and we require vendors to do the same.” Although Deep Root does business with other campaigns and committees, the RNC has not directly paid the company since August 2017, shortly after the breach occurred, FEC filings show.

Sara Fagen, Deep Root’s chief executive, said in a brief email that Howler Insights is “related” to Deep Root, which uses data to help Republican political campaigns and organizations target their digital and television messaging. She offered few details about Howler’s work or its relationship with the RNC. “I formed it b/c it’s a new product offering that I plan to keep separate from our traditional TV analytics work,” she wrote.

The Howler transaction occurred under Richard Walters, the RNC’s chief of staff, whose many responsibilities include executing all of the organization’s vendor contracts. In 2019, the RNC raised and spent record-breaking sums, taking in $241 million and dolling out $192 million. Last week, ProPublica reported that the RNC paid Walters and a small group of party operatives, one of whom Walters previously worked for, through a number of opaque business entities.

In Walters’ case, he received $135,000 through a shell company, in addition to a salary that earned him more than $200,000. The arrangement obscured Walters’ total compensation last year, which allowed him to take in more cash than his boss, chairwoman Ronna McDaniel.

Larry Noble, a former FEC general counsel, told ProPublica that the payments to the shell company, Red Wave Strategies LLC, amounted to a “serious reporting violation.” The RNC disputed the allegation, but hasn’t addressed why it steered money through Red Wave from April to December of 2019. The most recently filed FEC reports show the RNC did not pay the company in January, the same month ProPublica first inquired about the arrangement.

The organization has defended Walters’ compensation and top officials commended his abilities and work as chief of staff. Glenn McCall, the RNC’s budget committee chair, said Walters is “probably underpaid for his position,” and McDaniel said Walters had overseen “massive new investments” in the RNC’s data, political and digital teams.

Chris Vickery, the researcher who first identified Deep Root’s data breach, told ProPublica that Deep Root’s failure to protect its data had huge implications.

“There’s no end to the amount of scams and fraud and harassment and stalking with that kind of concentrated collection of data — both publicly available and private, non-publicly available data,” he said.

In response to a Florida lawsuit brought against the company on behalf of voters whose data was exposed, lawyers for Deep Root said in court papers that since the breach Deep Root “has imposed additional security protocols and restrictions on its data.” The lawsuit was voluntarily withdrawn in 2017.

After ProPublica asked Mike Reed, an RNC spokesman, about Howler, Deep Root and the change in Walters’ compensation arrangement, he provided a statement.

“It is obvious that ProPublica has a severe bias against conservatives and President Trump and zero interest in reporting on this fairly,” he said. “So we aren’t going to waste any more breath explaining these innocuous issues to you.”

Reed told ProPublica last week that in addition to Walters, the organization’s budget is approved by two committees and voted on by its 168 members.

Filed under:

Can you help us out?

For nearly 20 years we have been exposing Washington lies and untangling media deceit, but now Facebook is drowning us in an ocean of right wing lies. Please give a one-time or recurring donation, or buy a year's subscription for an ad-free experience. Thank you.


We welcome relevant, respectful comments. Any comments that are sexist or in any other way deemed hateful by our staff will be deleted and constitute grounds for a ban from posting on the site. Please refer to our Terms of Service for information on our posting policy.