During this American presidential election campaign season, politicians have scored points calling out tech companies for abusing the personal data of their users. Yet many political campaigns are engaged in very similar practices.

Political campaigns are now sophisticated data operations that collect mass amounts of personal information from their supporters and potential voters. Their methodology is similar to Google’s or Facebook’s. The main difference is Google uses its data to nudge you to buy something, while political campaigns use their data to nudge you to vote for their candidate.

This blog post will look at how political campaigns collect data on their supporters, what they do with that data, and how secure it is. We will also cover what you can do to keep your data private.

How election campaigns get your data

Almost every modern election campaign hires data brokers to collect data on potential voters. (This report from Tactical Tech lists case studies from the US, the UK, Chile, Kenya, the Philippines, India, Taiwan, Mexico, and the Dominican Republic.) Political campaigns now rely on data to inform everything they do, from where they campaign to whom they target, even down to the specific wording an ad will use. This thirst for data has not just infected American political parties, but practically every international democracy.

Political campaigns rely on both public and private data. An example of public data includes voter registration records or some types of polls. Campaigns also do large amounts of work to build up stores of private data. They run private polls and surveys and use the party’s proprietary and membership data. They collect this data directly from their supporters and donors with their consent, using sign-up sheets and mailing lists.

A data broker is an independent organization or company that collects, aggregates, and analyzes data from multiple sources. They use different strategies to compile data on potential voters, but they all aggregate both public and private data. Cambridge Analytica infamously collected data on millions of Facebook users. Other data brokers cull publicly available data, such as census records, driver records, and social media profiles, and mix it with consumer and user databases.

Consumer data is exploding thanks to the proliferation of surveillance capitalism. Examples of this type of data includes consumer purchase histories, credit card transaction records, and Internet service provider browsing histories. Data brokers collect much of this data without the voters’ knowledge and they combine it to make extremely comprehensive, and in some cases frighteningly predictive, voter profiles.

The result is that political campaigns have access to truly massive databases. Cambridge Analytica famously claimed in the 2016 US presidential election that it had 5,000 data points on 240 million Americans. Another data broker that is funded by the Koch family, i360, claims to have 1,800 data points on over 270 million Americans.

Finding voters on social media

Political campaigns use this data to build models that predict what will motivate or discourage individual voters. They use this information to make highly specific social media ads that they deliver to targeted groups.

For example, one data broker, Dstillery, ran an independent survey during the 2016 Iowa caucus. They found there was a high correlation between Iowans who enjoyed grilling outside and Trump supporters. The Trump campaign could have used that information to deliver concentrated “get out the vote” messaging to anyone that had a picture of themselves at a backyard barbecue on Facebook. Similarly, the Clinton campaign could have used this data to send out targeted negative ads.

What’s the problem?

That political campaigns use data is not new. Polling has been around about as long as professional campaigning, and Barack Obama’s 2008 campaign was praised for its masterful data operation.

However, the amount of data political campaigns have access to, and that data’s sensitivity, has reached new heights. Fueled by the explosion of consumer data and the proliferation of data-collecting devices, the amount of data created worldwide is accelerating at an exponential rate. According to a 2018 Demos report, IBM estimated that 90 percent of the data that exists today was created in the last two years.

Additionally, most people don’t know what information political campaigns have on them. It is one thing if you share information willingly with a political campaign you support. It is another thing if that campaign accesses your data without informing you that they have it or asking your permission. If a political campaign were to ask you for your credit score or your whereabouts for the past week, you’d likely refuse to answer. However, a campaign, through its data broker, likely already has that data on you.

Furthermore, users have very little idea about what campaigns do with their data once it has been collected. It has become standard practice for political campaigns to “rent out” their database. Nearly every candidate that dropped out of the 2016 US presidential election sold, shared, or rented out the data of their supporters to third parties. These third parties can be other candidates, political action committees, the national political party, or private firms.

In the US, if you give data to a candidate by filling out a campaign survey or questionnaire, they can generally sell or share it without informing you or asking your permission.

Lack of security

The other problem of having these massive databases is that political organizations are not exactly known for their IT security. Everyone has heard of the phishing attack that compromised Hillary Clinton’s campaign manager during the 2016 presidential election. And one year later, in 2017, the Republican National Committee suffered a data breach that exposed the names, addresses, and phone numbers of nearly 200 million Americans.

What you can do

The best solution is to call for increased transparency into how political campaigns collect and use data. Just like the GDPR allows you to request what data a corporation has on you, you should be able to ask what information a political campaign has on you and where it came from. This would require new regulations. Until that happens, there is little you can do other than attempt to minimize your data footprint. You can take the following actions to limit what information political campaigns can access:

Do not share your personal information with a political campaign and ask your friends not to as well.

Reconsider what information you share over social media.

Configure your privacy settings on Google and your Android mobile device to protect your personal data.

Beware of what apps you download onto your mobile device.

Use an end-to-end encrypted email or messenger to keep your communications private. ProtonMail for email and Signal for chat are both strong options.

As we have seen through data breaches and hacks in the past, data is power. The electorate has a right to know how their data is being used and to expect data they share to be secured.

Best regards,

The ProtonMail team

You can get a free secure email account from ProtonMail here.



We also provide a free VPN service to protect your privacy.



ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.