Proton
An illustration of political campaigns sharing voter data.

During this American presidential election campaign season, politicians have scored points calling out tech companies(new window) for abusing the personal data of their users. Yet many political campaigns are engaged in very similar practices. 

Political campaigns are now sophisticated data operations that collect mass amounts of personal information from their supporters and potential voters. Their methodology is similar to Google’s or Facebook’s. The main difference is Google uses its data to nudge you to buy something, while political campaigns use their data to nudge you to vote for their candidate.

This blog post will look at how political campaigns collect data on their supporters, what they do with that data, and how secure it is. We will also cover what you can do to keep your data private.

How election campaigns get your data

Almost every modern election campaign hires data brokers to collect data on potential voters. (This report from Tactical Tech(new window) lists case studies from the US, the UK, Chile, Kenya, the Philippines, India, Taiwan, Mexico, and the Dominican Republic.) Political campaigns now rely on data to inform everything they do, from where they campaign to whom they target, even down to the specific wording an ad will use. This thirst for data has not just infected American political parties, but practically every international democracy.

Political campaigns rely on both public and private data. An example of public data includes voter registration records or some types of polls. Campaigns also do large amounts of work to build up stores of private data. They run private polls and surveys and use the party’s proprietary and membership data. They collect this data directly from their supporters and donors with their consent, using sign-up sheets and mailing lists.

A data broker is an independent organization or company that collects, aggregates, and analyzes data from multiple sources. They use different strategies to compile data on potential voters, but they all aggregate both public and private data. Cambridge Analytica infamously collected data on millions of Facebook users. Other data brokers cull publicly available data, such as census records, driver records, and social media profiles, and mix it with consumer and user databases.

Consumer data is exploding thanks to the proliferation of surveillance capitalism. Examples of this type of data includes consumer purchase histories, credit card transaction records, and Internet service provider browsing histories. Data brokers collect much of this data without the voters’ knowledge and they combine it to make extremely comprehensive, and in some cases frighteningly predictive, voter profiles.

The result is that political campaigns have access to truly massive databases. Cambridge Analytica famously claimed(new window) in the 2016 US presidential election that it had 5,000 data points on 240 million Americans. Another data broker that is funded by the Koch family, i360, claims to have 1,800 data points(new window) on over 270 million Americans. 

Finding voters on social media

Political campaigns use this data to build models that predict what will motivate or discourage individual voters. They use this information to make highly specific social media ads that they deliver to targeted groups.

For example, one data broker, Dstillery, ran an independent survey during the 2016 Iowa caucus. They found there was a high correlation(new window) between Iowans who enjoyed grilling outside and Trump supporters. The Trump campaign could have used that information to deliver concentrated “get out the vote” messaging to anyone that had a picture of themselves at a backyard barbecue on Facebook. Similarly, the Clinton campaign could have used this data to send out targeted negative ads. 

What’s the problem?

That political campaigns use data is not new. Polling has been around about as long as professional campaigning, and Barack Obama’s 2008 campaign was praised for its masterful data operation(new window).

However, the amount of data political campaigns have access to, and that data’s sensitivity, has reached new heights. Fueled by the explosion of consumer data and the proliferation of data-collecting devices, the amount of data created worldwide is accelerating at an exponential rate. According to a 2018 Demos report(new window), IBM estimated that 90 percent of the data that exists today was created in the last two years.

Additionally, most people don’t know what information political campaigns have on them. It is one thing if you share information willingly with a political campaign you support. It is another thing if that campaign accesses your data without informing you that they have it or asking your permission. If a political campaign were to ask you for your credit score or your whereabouts for the past week(new window), you’d likely refuse to answer. However, a campaign, through its data broker, likely already has that data on you.

Furthermore, users have very little idea about what campaigns do with their data once it has been collected. It has become standard practice for political campaigns to “rent out” their database. Nearly every candidate that dropped out of the 2016 US presidential election sold, shared, or rented out the data of their supporters(new window) to third parties. These third parties can be other candidates, political action committees, the national political party, or private firms.

In the US, if you give data to a candidate by filling out a campaign survey or questionnaire, they can generally sell or share it without informing you or asking your permission.

Lack of security

The other problem of having these massive databases is that political organizations are not exactly known for their IT security. Everyone has heard of the phishing attack (new window)that compromised Hillary Clinton’s campaign manager(new window) during the 2016 presidential election. And one year later, in 2017, the Republican National Committee suffered a data breach(new window) that exposed the names, addresses, and phone numbers of nearly 200 million Americans.

What you can do

The best solution is to call for increased transparency into how political campaigns collect and use data. Just like the GDPR(new window) allows you to request what data a corporation has on you(new window), you should be able to ask what information a political campaign has on you and where it came from. This would require new regulations. Until that happens, there is little you can do other than attempt to minimize your data footprint(new window). You can take the following actions to limit what information political campaigns can access:

As we have seen through data breaches and hacks in the past, data is power. The electorate has a right to know how their data is being used and to expect data they share to be secured.

Best regards,
The Proton Mail team

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window) or donate(new window). Thank you for your support.

Related articles

The cover image for a Proton Pass blog about zero trust security showing a dial marked 'zero trust' turned all the way to the right
Cybersecurity for businesses is harder than ever: find out how zero trust security can prevent data breaches within your business.
How to protect your inbox from an email extractor
Learn how an email extractor works, why your email address is valuable, how to protect your inbox, and what to do if your email address is exposed.
How to whitelist an email address and keep important messages in your inbox
Find out what email whitelisting is, why it’s useful, how to whitelist email addresses on different platforms, and how Proton Mail can help.
The cover image for Proton blog about cyberthreats businesses will face in 2025, showing a webpage, a mask, and an error message hanging on a fishing hook
Thousands of businesses of all sizes were impacted by cybercrime in 2024. Here are the top cybersecurity threats we expect companies to face in 2025—and how Proton Pass can protect your business.
A graphic interpretation of a block of how many gigabytes in a terabyte
Learn how many GB are in a TB and discover the best way to securely store and share your files — no matter their size.
The cover image for a Proton blog, showing a phone screen with a lock logo and three password fields surrounding the phone
Here's what to look for when choosing an enterprise password manager to streamline collaboration and protect your organization's sensitive data.