OTTAWA – The quickly approaching federal election is going to be waged using a variety of new and more sophisticated online tools, including what is set to be an increased use of mass text message campaigns.

The Liberals, Conservatives, and New Democrats have all said that they plan on using text messages to reach voters during this election, and third-party political organizations have already deployed this tactic. It’s the latest evolution of the long-used political practice of robocalls; when pre-recorded messages are sent on mass using auto dialers.

Parties are promising to protect the private information they use and glean from voters, but given the past improper use of robocalls, experts are warning that mass text campaigns could similarly be misused, or co-opted with relative ease.

These concerns stem from the current lack of oversight for campaigns deploying this new outreach tactic, as well as the threat of cyber attacks and foreign interference looming large over the election, with political parties considered especially vulnerable.

These newly emerging mass text campaigns currently exist in a regulatory grey area, relatively free from oversight and perhaps more attractive to parties than robocalls for that reason. They can be done using either collected and consented-to databases of phone numbers, or through using random number generators. An evolution on what’s technologically possible with robocalls, mass texts immediately allow the sender to gather information about the recipient, depending on how you respond, or even if don’t reply at all. For example, by replying “no,” or “stop” the party knows you likely aren’t interested in what they have to say, and if you ignore it the party may try contacting you in a different way

“There are some new things that come with these text messaging campaigns that I think make them different and potentially more problematic from the citizen perspective,” said University of Ottawa assistant professor Elizabeth Dubois, who studies political uses of digital media. “You might not even realize that you are offering up new information that they are putting in their database that they use to keep track of your likelihood to vote, or who you're likely to vote for.”

Parties planning to text you

The use of mass text messages have already been deployed in provincial elections and federally by both political parties and third party groups in advance of the current pre-writ election period. Arguably the most recognizable messages being the texts from “Sue from Ontario Strong.”

Canada Strong and Proud, a coalition of third-party advertising groups group campaigning against Justin Trudeau, sent those messages in June. The automated and unsolicited texts asked Ontarians whether or not they supported scrapping the federal carbon tax. Similar messages were sent in Alberta and Quebec.

All three main political parties have indicated they will be using mass texts in this campaign, but have not offered up much detail about their methods, motives, or who will be allowed to send them.

In an email, Liberal Party spokesperson Braeden Caley said that the Liberals in the past have used “peer-to-peer” texts to mobilize supporters and volunteers, but these aren’t blanket blast-outs, instead they are used to tell people who have already indicated their support for the party about a coming campaign rally. These will continue in relation to campaign events, Caley said.

He would not comment on “the specifics of campaign strategy,” but said that the Liberal Party “works with a wide variety of volunteers, staff, and campaign partners to reach more Canadians and involve them in our movement,” and did not rule out the use of mass text campaigns to do so.

Asked about the levels of approval necessary for campaign staff or volunteers to send out mass texts or calls, Caley said that each candidate and electoral district association can make their own campaign decisions but that the party privacy policy has “clear expectations and standards for the use of all campaign tools.”

Meanwhile, the NDP will be texting voters and volunteers this campaign, “in an effort to reach out to people using a variety of tactics,” said NDP spokesperson Guillaume Francoeur in an email to CTVNews.ca, adding that any mass messages sent by the party will be in compliance with the rules and party privacy guidelines.

While Francoeur didn’t elaborate on the specific procedures in place for who can send these kinds of mass messages, the party’s privacy policy states that “all users of our systems must agree to terms of use that include language on protecting your privacy before being authorized to use our systems.”

The Conservative Party has already deployed a mass text campaign this spring, on the carbon tax, to people in provinces where the federal carbon tax was being implemented. The texts from party leader Andrew Scheer directed voters to a petition opposing the carbon tax. In that instance, people who may have never given their number to the party were contacted. That’s because the party used software that auto-generates numbers with specific area codes in order to blast out the text messages.

The Conservatives have said to expect similar text outreach to continue during the campaign, but did not respond to a request for more details by deadline.

“We use your personal information to communicate with you. As a political party, we believe it is important to communicate with Canadians on a regular basis,” reads the party’s privacy policy.

The policy also states that party employees are trained on the ways to properly use personal information, but it remains unclear what degree of training or access to personal information campaign volunteers receive. Last year, the party found itself in hot water after a campaign volunteer who was on the local riding association’s board, sent a misleading and un-approved robocall to voters in an Ontario riding. And in the 2011 election, more than 7,000 voters in Guelph, Ont., received automated calls directing them to the wrong polling station. A Conservative campaign worker was later jailed for his role in the scandal, which used phone numbers from the party’s centralized voter contact database to place the calls.

Privacy policies lagging behind

Compounding experts’ concerns is the lack of transparency about what parties do with the data they will be collecting through these mass message campaigns.

All parties— including the Greens and People’s Party—lay out how they handle people’s personal information in their privacy policies. The policies also reveal generally how they collect information such as names, addresses, and phone numbers. These methods include accessing “publicly available data sources,” door knocking, phone calls, and completing party forms or online petitions. None make explicit mention of mass text messages as a way they collect voters’ data.

OpenMedia— a civic engagement organization that focuses on internet policy and is advocating for political parties to be subject to federal privacy laws—released a report last week that found political parties are still lagging behind voters expectations when it comes to their privacy protections.

After evaluating each party’s publicly available privacy policy, the organization found that none come close to meeting peoples’ expectations, like being able to see what information a party has collected about them, and how that data is being used.

Under the latest round of election law changes, the Liberal government made it so political parties had to post their privacy policies online, but stopped short of subjecting parties to tougher privacy rules and oversight for the data they harvest from the electorate, despite calls to do so.

Dubois said that because cellphone numbers can now easily be used to access or paint a bigger picture about peoples’ online presence, it’s created “a new area of risk” for privacy threats. “We also are in a position where we just don't know necessarily what the potential most abusive uses of these tools are going to be. And so it's hard to know whether or not that's actually covered in the relatively vague statements that the parties have put forward.”

Threat of cyber interference

Compounding the concerns about how parties will use mass texts and protect the data they glean from them, are cybersecurity and election interference threats.

Political campaign staff, volunteers, and candidates are considered prime targets for attempted foreign interference and cyber attacks during this election, according to a first-of-its-kind cyber guide sent to all the parties from the Communications Security Establishment (CSE).

Campaigns are considered vulnerable because they hold considerable amounts of private information in their campaign databases. The parties have indicated they are taking these threats seriously and have made security enhancements as a result.

Though, as one expert put it, it doesn’t take much sophistication for mass texts or other campaign outreach tools to be co-opted.

“To me, the big concern is less about the overly sophisticated use of data, than simply the potential lack of proper data literacy, and data accountability in parties,” said Fenwick McKelvey, an associate professor at Concordia University, that focuses on AI, bots, and the internet.

“The fact that you might have the systems in place that don't have proper logs, or permissions, or very kind of rudimentary ways of saying who has access, who can export that data... This data might be very easily used by a rogue agent,” he said. McKelvey said that these texts can easily be gamed or manipulated to appear to be sent by a political party. Further, he said that asking voters to click a link in an unsolicited text is “terrible practice,” from a basic cybersecurity perspective.

It’s for this reason that both he and Dubois are encouraging transparency from the parties when they look to sending mass texts once the writ drops. Letting voters know in advance when, and why they will be sending mass texts not only helps protect against the pushback from people who are bothered by unsolicited political contact, but also will allow people to know that the message they are receiving is actually from a party, and not someone pretending to be.

“I think that it is very important that we are as transparent as possible here. I think that it is in the party's best interest,” Dubois said. “Not only in order to differentiate themselves from potential misuses of these technologies… But also politically, it's a smart move to make sure that voters understand what they are being targeted with, and understanding why it's happening.”