Let's face it, even hardcore privacy mavens probably appreciate the Internet's magical ability to determine who should see that listing for used Smiths LPs and who would be more receptive to a subscription pitch for Cat Fancy. But a new report from the Electronic Privacy Information Center, released Monday at the group's Washington, DC, headquarters, warns that calculating how "people like you" are apt to vote is just one of the myriad ways network technology could prove a boon to online voter suppression campaigns.

If voting rights seem an odd cause for an organization dedicated to protecting privacy, consider that the art of political deception depends in large part in getting your lies to the right people: you need to make sure that only the other guy's voters receive false information about eligibility requirements or polling locations. Traditional dirty-tricks campaigns have used race and geography as a proxy for partisanship, blanketing (for instance) Dem-heavy African-American neighborhoods with flyers reminding everyone to bring two forms of ID when they turn out to the polls on Wednesday.

The first step in any online vote suppression effort, then, is to find a way to "microtarget" your message to the right set of voters. And while it may be, as The New Yorker famously claimed, that "on the Internet, nobody knows you're a dog," quite a lot of people may know you're a 27-year-old Latino who buys books by Greg Palast and gave $250 to Dean for America. Because such obvious target-rich-environments as the Daily Kos comment fora or the "One Million Strong for Obama" Facebook group are apt to be packed with folks ready and willing to correct misinformation, effective dirty-tricks campaigns will likely rely on the Internet's ability to surreptitiously gather information from and build behavioral profiles of users.

The report, produced by EPIC's Lillie Coney and a team of contributors that included security guru Bruce Schneier and Multics coder–turned–National Committee for Voting Integrity chair Peter G. Neumann, outlines how—as Neumann put it via teleconference at EPIC's offices Monday—"new technology opens up dramatically new avenues for disenfranchisement." First, information can be gathered by a variety of means, fair and foul. A group might collect information on users who click through either genuine or bogus partisan advertisements, or who visit ideologically tinged sites, either in order to directly target them or for the purpose of "whitelisting" sympathetic voters.

The most obvious next step might be a simple spoofed e-mail containing bogus information. Now, of course, these can exploit voter confusion about new electronic voting systems. One deceptive e-mail recently circulated in Texas, for instance, warned voters that if they selected the option to vote a Democratic "straight ticket" on a touchscreen machine, they would still need to independently cast a presidential vote for Barack Obama. On many systems, doing that would actually cancel out the "straight ticket" vote.

But a sophisticated vote suppression operation has many more options available. For example, a phony website purporting to be operated by a state or county board of elections could be set up containing misleading information about poll locations or voting requirements. The site URL could be directly e-mailed to targeted voters or, more sneakily, made to appear in search results for queries likely to be entered by those voters. Speaking at the report launch, Coney noted that, as AOL inadvertently proved in 2006, even "anonymized" search queries can be used to build a user profile specific enough to identify particular individuals.

Social networking sites obviously provide a wealth of information about likely political affiliations directly volunteered by users—often conveniently linked to e-mail addresses—but they also provide helpful social hints about the likely sympathies of the undeclared. The "social graph" may also prove useful in determining which highly-connected folks are most likely to pass on misinformation to large numbers of friends, as a forward from a trusted source is generally treated as more credible than a blind e-mail from a stranger. And as the report notes, that forwarding need not even be willing or witting: e-mail viruses could be used to blast a misleading message to a target's whole address book.

VoIP, too, opens up new possibilities. Deceptive robocalls are old hat, but the ability to cheaply phone target voters from overseas makes the tactic both more cost-effective and less traceable. Activist Jon Pincus, a contributor who spoke by teleconference at the report launch, even broached the possibility of using distributed VoIP botnets to flood local voter information hotlines in predictably partisan districts—a sort of telephonic denial of service attack.

Fortunately, Pincus noted new technology also provides folks like him with new means to fight back against suppression and disruption campaigns. The Twitter Vote Report Project hopes to allow for realtime reporting on such dirty tricks, facilitating rapid response by poll workers and activists. And the Voter Suppression Wiki collates reports in more permanent form, so voters can recognize the telltale signs of scams, and learn how to counteract them.

Just a second though—one reporter at EPIC HQ wondered—don't these efforts themselves present new targets for meta-disruption efforts? The query prompted a nervous chuckle from Tova Wang of the group Common Cause: "I hadn't thought about that... Are you going to write about that? "

But EPIC's Coney shook her head gravely. "Believe me," she said, "anybody who reads this report and gets a new idea doesn't have the capability to carry it out. The people with the capacity to carry it out? They've already thought of it all."