ProtonBlog(new window)
An illustration of political campaigns sharing voter data.

Political campaigns and your personal data

Share this page

During this American presidential election campaign season, politicians have scored points calling out tech companies(new window) for abusing the personal data of their users. Yet many political campaigns are engaged in very similar practices. 

Political campaigns are now sophisticated data operations that collect mass amounts of personal information from their supporters and potential voters. Their methodology is similar to Google’s or Facebook’s. The main difference is Google uses its data to nudge you to buy something, while political campaigns use their data to nudge you to vote for their candidate.

This blog post will look at how political campaigns collect data on their supporters, what they do with that data, and how secure it is. We will also cover what you can do to keep your data private.

How election campaigns get your data

Almost every modern election campaign hires data brokers to collect data on potential voters. (This report from Tactical Tech(new window) lists case studies from the US, the UK, Chile, Kenya, the Philippines, India, Taiwan, Mexico, and the Dominican Republic.) Political campaigns now rely on data to inform everything they do, from where they campaign to whom they target, even down to the specific wording an ad will use. This thirst for data has not just infected American political parties, but practically every international democracy.

Political campaigns rely on both public and private data. An example of public data includes voter registration records or some types of polls. Campaigns also do large amounts of work to build up stores of private data. They run private polls and surveys and use the party’s proprietary and membership data. They collect this data directly from their supporters and donors with their consent, using sign-up sheets and mailing lists.

A data broker is an independent organization or company that collects, aggregates, and analyzes data from multiple sources. They use different strategies to compile data on potential voters, but they all aggregate both public and private data. Cambridge Analytica infamously collected data on millions of Facebook users. Other data brokers cull publicly available data, such as census records, driver records, and social media profiles, and mix it with consumer and user databases.

Consumer data is exploding thanks to the proliferation of surveillance capitalism. Examples of this type of data includes consumer purchase histories, credit card transaction records, and Internet service provider browsing histories. Data brokers collect much of this data without the voters’ knowledge and they combine it to make extremely comprehensive, and in some cases frighteningly predictive, voter profiles.

The result is that political campaigns have access to truly massive databases. Cambridge Analytica famously claimed(new window) in the 2016 US presidential election that it had 5,000 data points on 240 million Americans. Another data broker that is funded by the Koch family, i360, claims to have 1,800 data points(new window) on over 270 million Americans. 

Finding voters on social media

Political campaigns use this data to build models that predict what will motivate or discourage individual voters. They use this information to make highly specific social media ads that they deliver to targeted groups.

For example, one data broker, Dstillery, ran an independent survey during the 2016 Iowa caucus. They found there was a high correlation(new window) between Iowans who enjoyed grilling outside and Trump supporters. The Trump campaign could have used that information to deliver concentrated “get out the vote” messaging to anyone that had a picture of themselves at a backyard barbecue on Facebook. Similarly, the Clinton campaign could have used this data to send out targeted negative ads. 

What’s the problem?

That political campaigns use data is not new. Polling has been around about as long as professional campaigning, and Barack Obama’s 2008 campaign was praised for its masterful data operation(new window).

However, the amount of data political campaigns have access to, and that data’s sensitivity, has reached new heights. Fueled by the explosion of consumer data and the proliferation of data-collecting devices, the amount of data created worldwide is accelerating at an exponential rate. According to a 2018 Demos report(new window), IBM estimated that 90 percent of the data that exists today was created in the last two years.

Additionally, most people don’t know what information political campaigns have on them. It is one thing if you share information willingly with a political campaign you support. It is another thing if that campaign accesses your data without informing you that they have it or asking your permission. If a political campaign were to ask you for your credit score or your whereabouts for the past week(new window), you’d likely refuse to answer. However, a campaign, through its data broker, likely already has that data on you.

Furthermore, users have very little idea about what campaigns do with their data once it has been collected. It has become standard practice for political campaigns to “rent out” their database. Nearly every candidate that dropped out of the 2016 US presidential election sold, shared, or rented out the data of their supporters(new window) to third parties. These third parties can be other candidates, political action committees, the national political party, or private firms.

In the US, if you give data to a candidate by filling out a campaign survey or questionnaire, they can generally sell or share it without informing you or asking your permission.

Lack of security

The other problem of having these massive databases is that political organizations are not exactly known for their IT security. Everyone has heard of the phishing attack (new window)that compromised Hillary Clinton’s campaign manager(new window) during the 2016 presidential election. And one year later, in 2017, the Republican National Committee suffered a data breach(new window) that exposed the names, addresses, and phone numbers of nearly 200 million Americans.

What you can do

The best solution is to call for increased transparency into how political campaigns collect and use data. Just like the GDPR(new window) allows you to request what data a corporation has on you(new window), you should be able to ask what information a political campaign has on you and where it came from. This would require new regulations. Until that happens, there is little you can do other than attempt to minimize your data footprint(new window). You can take the following actions to limit what information political campaigns can access:

As we have seen through data breaches and hacks in the past, data is power. The electorate has a right to know how their data is being used and to expect data they share to be secured.

Best regards,
The Proton Mail team

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window) or donate(new window). Thank you for your support.

Protect your privacy with Proton
Create a free account

Share this page

Richie Koch(new window)

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

Related articles

How to share a PDF
Sharing a PDF with coworkers, friends, or family members can sometimes be trickier than it seems if you’re trying to share a large file or if you want to use secure encryption. In this article, we show you how to share any PDF quickly, easily, and se
Proton Pass for Windows
Proton Pass is launching its new app for Windows, allowing you to access our password manager from your desktop. As one of our community’s most requested features, it’s available to everyone starting today. Proton Pass is the centerpiece of our effo
password policy
Businesses are increasingly dealing with the fallout from cybercrime: The number of attacks is on the rise and the damage done is growing exponentially. One of the most common vulnerabilities for organizations are their passwords. Since they are your
How to free up disk space
If you’ve ever owned an electronic device of any kind, you know the struggle of running out of space. No matter if it’s a smartphone, laptop, or desktop computer, there never seems to be enough room for all your files. Let’s show you some simple ways
What is 3-2-1 backup
Data backup is vital for businesses and individuals alike: In case something happens to your primary computer, you always have a copy of your data to fall back on.  How should you approach backup, though? The 3-2-1 rule can act as a guide when decid
What was your first pet’s name? In what city were you born?  We’ve all had to answer these questions to reset a long-forgotten password, but consider how that works. Much of this information is easy to find for others (or easily forgotten by you), m