The campaign messages are coming fast and furious now.
“Hi Geoffrey, I’m Jess w/ People’s Action,” reads one. “Voter Alert for Geoffrey Fowler!” says another.
And the weirdest: “It’s Jonathan Del Arco, Hugh the Borg on Star Trek … Join a grass roots fundraiser with 19 cast members!”
Perhaps your text messages, Facebook feed or mailbox have also exploded with eerily personal political ads. Ever wonder: How’d they find me? I, for one, didn’t pass my digits to a campaign — much less tell them (or Hugh the Borg) I’m a Trekkie.
Blame the assault on the voter data economy, in which candidates, parties and nonprofits quietly collect, buy and exploit a ton of information about you.
Their files treat your contact details like a matter of public record and can be more intimate than credit applications, including your income, debt, family, ethnicity, religion, gym habits, whether you own a gun and what kind of car you drive. In 2020, campaigns use this data to microtarget us with record numbers of online ads, mailers, knocks on the door and text messages.
I’ve been on a crusade to find out what politicians know about me. So over the last few months, I’ve used California’s new data privacy law to force companies that specialize in collecting my personal information for campaigns to show me the data.
What I learned: Privacy may be a cornerstone of American liberty, but politicians on both sides of the aisle have zero problem invading it.
In fiercely competitive races, campaigns see our data as their edge. The Republican National Committee proudly told me it now has more than 3,000 data points on every voter. The Democratic National Committee said it acquires enough to understand you as a person, including unique identifiers from your phone that can be used to target ads across different apps.
Politicians have long had special access to voter registration and participation data, which they use to plot strategy, run polls and coordinate volunteers. But in recent years, they’ve also begun tapping into commercial data brokers and murkier social media and smartphone tracking techniques. The scandal that erupted around Cambridge Analytica, which scraped data from Facebook while working for Donald Trump’s 2016 campaign, was just the tip of the iceberg.
Many Americans, like me, find targeted ads creepy when they come from businesses, especially when they use personal data we didn’t really consent to have tracked. But I found it downright unsettling to learn that my credit score – and so much else – was going to politicians who could use it to try to manipulate me. Online political ads are so potentially dangerous for democracy that Twitter banned them entirely and Google limited how campaigns can target them. (In September, Britain’s Channel 4 documented how Cambridge Analytica used voter data to specifically disenfranchise African American voters in 2016.)
I’m not saying politicians are breaking any laws; I’m saying there just aren’t many laws designed to protect our data from politicians. As an institution, Congress has shown little interest in regulating the digital tools its members use to get into office. (Even the California Consumer Privacy Act I used in my quest only applies to the for-profit part of this economy.) Citizens with a lot of free time can try to opt out of some political databases and communications, but for the most part we have little control.
In my data crusade, I should have been an enigma for the politicians. As a journalist, I don’t donate, sign petitions or participate in surveys. I also avoid campaign communications, though I recently signed up for text messages from both the Trump and Biden campaigns as part of this reporting.
It turns out campaigns didn’t need me to volunteer information to build detailed profiles about me. I found five major sources of personal data that fuel the political machine.
1. State voter files. Voter registration details and voting history are a matter of semipublic record in most places. I say semipublic because states generally restrict access to campaigns, parties, academics and journalists (and the companies that help them).
When I acquired my California voter data as a journalist, I discovered the state was sending campaigns my email address and phone number, along with my address and party affiliation. If I wanted to remove the email and phone number – technically voluntary information – I could re-register to vote. But, as I learned, campaigns have plenty of other sources for that data.
2. Commercial voter files. An industry of political data brokers collects the state voter files and enhances them. They sell these files to campaigns, political parties and academics. (The Washington Post also uses these kinds of files to help run its polls.)
Where do their “enhancements” come from? Largely from data brokers that also sell it to commercial marketers. Firms such as Experian and Acxiom gobble up records and buy personal data sold by banks, subscriptions, TV companies, apps, and more. Then the voter file firms use their own algorithms to make inferences about you, including how likely you are to vote and how much you’re likely to donate.
L2, one of the largest political data firms, sent me two files with more than 700 data points, including my phone number, estimated income and credit rating, and inferences about my politics and hobbies. A few categories were real head-scratchers, such as “home decor enthusiast.”
Another firm, Aristotle, had more than 150 data points on me, including the amount of my mortgage, whether I had insurance from my employer and its guess for my interest in immigration reform. A third, called Data Trust, had over 1,500 data points, including – I kid you not – scores for how much I care about privacy and how much I trust tech companies.
After the shock of finding so much personal data subsided, what struck me was how some of it was inaccurate. Several of the voter files had wrong information about my religious background, whether I’m married and whether I have children.
This isn’t the same as when companies put you in the wrong marketing segments, such as calling you a Prius driver instead of F-150 truck lover. This information is being used by politicians to judge how you might act, donate or vote – before you’ve even made up your mind.
California residents can, like me, use the CCPA law to force voter file companies and data brokers to disclose what they know and even stop selling it. But you have to make the requests one by one.
3. What we tell them (even unintentionally). When you engage with a politician – signing up for news updates or donating – you’re adding to his or her data trove. You might not mind, if they’re a candidate you believe in.
Every move gets registered. When I signed up, as an experiment, to stream one of President Trump’s recent rallies, it kicked off a deluge of campaign text messages begging for money, with messages appearing three, four or five times per day. (At least replying STOP cuts off the messages. That works for Biden, too, though not for all campaigns.)
Even when you’re just poking around a campaign website for information, you’re passing along data. Campaign websites, including for both Trump and Biden, often contain hidden trackers that, for example, tell Facebook you were there and then allow campaigns to target ads to you in the future.
Smartphones also now allow campaigns to know where we go in the physical world. The Wall Street Journal reported that campaigns for both parties have used location-data brokers to target people who attend in-person rallies. It’s now even possible for campaigns to identify people who set foot in churches, and – based on the frequency of their visits – target them with specific ads.
Sometimes, your politically active friends can be a source. Campaign apps and volunteer texting campaigns often ask people to upload their contacts list.
Political parties themselves have also become among the largest sources of data to campaigns, doling out access to campaigns they want to support – and starving the ones they don’t. (Campaign finance laws prohibit candidates and national parties from coordinating their data with outside groups that raise money from unlimited sources.)
RNC press secretary Mandi Merritt told me the committee’s data is taken from voter registration files, information collected by volunteers, and consumer data such as magazine subscriptions, what kind of car a voter drives and if a voter has a gym subscription. (Voters who have gym memberships are more reliable voters, she said.)
“Our historic investment in building a robust data infrastructure has given us an unprecedented ability to target and engage with voters on the issues they care about,” Merritt said.
Nellwyn Thomas, the chief technology officer of the DNC, said her party acquires data from firms that use “ethical data practices,” though she declined to name them other than Experian. “There are absolutely times we have turned down data sets where we believe the collection methods do not live up to our standards,” she said.
Thomas also said combining data resources inside DNC systems, where it’s accessed by some 9,000 campaigns, helps to ensure our privacy by keeping it secure.
But once your data is in the hands of a political party or campaign, there’s little transparency about what happens to it, or what ethical rules apply to using it. For example, do campaigns need your consent to send you texts? My phone is chock-full of evidence some think they do not.
And unfortunately, California’s don’t-sell-my-data privacy law doesn’t apply to campaigns or parties. When I sent them data requests, they either ignored me or told me go stuff it. Neither the RNC or DNC would share my data with me when I asked as a journalist, either.
If you want some of the targeted ads to go away, the DNC’s Thomas suggests voting early – that will update party databases, and campaigns won’t want to waste money on you.
5. Facebook. Even 3,000 data points on a voter pales in comparison to the gobs that Facebook collects about what its members share and do on and off the social network. Facebook is quick to say it doesn’t sell our data to anyone, but its ad-targeting abilities are extraordinarily valuable. That’s one reason the Trump and Biden campaigns have spent more than $210 million on the social network in 2020, according to OpenSecrets, far more than the $81 million Facebook says the Trump and Hillary Clinton campaigns spent in the 2016 race.
Facebook allows, for example, a campaign to upload a list of people it knows are responsive to a particular message and then use the social network’s algorithms find a “look-alike audience” of new people to target. Facebook has acknowledged the power and peril of its microtargeting capabilities: For the week before Election Day, Facebook has paused allowing new political ads to be created (though existing ads will still be around).
In the name of transparency, Facebook now offers a button you can click labeled “Why You’re Seeing This Ad.” But I haven’t found it very useful, in part because it doesn’t explain how my experience – the ads I see – might be different from yours.
Remember my Hugh the Borg ad? Facebook’s disclosure said only that the Biden campaign wanted to reach people in the United States who were 18 or older. I wasn’t convinced that was the only reason. Sure enough, digging through my Facebook advertising settings, I discovered from years of tracking my life Facebook on its own had decided that Star Trek was one of my advertising “interests.”
I guess Hugh the Borg was right: Resistance is futile.