When presidential candidates turn to data crunchers at Rocket Fuel in Silicon Valley for help finding voters who want tougher immigration enforcement, the firm comes up with a surprisingly specific answer: Chevy truck drivers who like Starbucks.
The data modeling from Rocket Fuel shows that this group leans against a path to citizenship for workers in the U.S. illegally. And these particular voters have become surprisingly easy – some argue creepily so – for campaigns to find and approach. So have consumers of frozen vegetables, who are more likely to oppose abortion. As have people curious about diabetes, a group that tends to settle on a candidate early in the race.
"Knowing the nuances of each voter beyond whether they lean right or left makes every difference," said JC Medici, the firm's national director of politics and advocacy. "We can identify what people are persuadable."
But as presidential campaigns push into a new frontier of voter targeting, scouring social media accounts, online browsing habits and retail purchasing records of millions of Americans, they have brought a privacy imposition unprecedented in politics. By some estimates, political candidates are collecting more personal information on Americans than even the most aggressive retailers. Questions are emerging about how much risk the new order of digital campaigning is creating for unwitting voters as the vast troves of data accumulated by political operations becomes increasingly attractive to hackers.
The security breach last month at the major voter database controlled by the Democratic National Committee, and another days later involving a large political data firm, have raised concerns about the fitness of candidates to safely manage their data. At the same time, the methods used by independent "data brokers" that acquire and disseminate private details for political campaigns and scores of other clients are at the center of a years-long regulatory battle, with the Federal Trade Commission warning Congress that consumers need more protections.
Yet the push for more accountability and transparency rules on the accumulation of private data is faltering in Congress, where lawmakers are reluctant to rein in the industry that they increasingly rely on to win elections.
"This is the Wild West," said Tim Sparapani, a data privacy consultant and former director of public policy for Facebook. "There is nothing that is off-limits to political data mining." The fleeting, impulsive nature of campaigns, he said, means they often have far less stringent security procedures than retailers and social media firms, which themselves often fail to adequately protect sensitive information.
The mining of such data for politics is not a new phenomenon. Presidential candidates began pioneering the approach more than a decade ago, and it was a key part of Barack Obama's winning strategy in 2008 and 2012. But technological advancements, plunging storage costs and a proliferation of data firms have substantially increased the ability of campaigns to inhale troves of strikingly personal information about voters, spit it into algorithms, and use the results to narrowly customize messaging and outreach to each individual household.
"There is a tremendous amount of data out there and the question is what types of controls are in place and how secure is it," said Craig Spiezle, executive director of the nonprofit Online Trust Alliance. The group's recent audit of campaign websites for privacy, security and consumer protection gave three-quarters of the candidates failing grades.
The campaigns and the data companies are cagey about what particular personal voter details they are trafficking in.
One firm, Aristotle, boasts how it helped a senior senator win reelection in 2014 using "over 500 demographic and consumer points, which created a unique voter profile of each constituent." Company officials declined an interview request.
When investigators in Congress and the FTC looked into the universe of what data brokers make available to their clients – be they political, corporate or nonprofit – some of the findings were unsettling. One company was selling lists of rape victims; another was offering up the home addresses of police officers.
The data companies are required by law to keep the names of individuals separate from the pile of data accumulated about them. Instead, each voter is assigned an online identification number, and when a campaign wants to target a particular group – say, drivers of hybrid vehicles or gun owners – the computers coordinate a robocall, or a volunteer's canvassing list, or a digital advertisement with relevant accounts.
Since campaigns are ultimately in the business of finding particular people and getting them to show up to vote, some scholars are dubious their digital targeting efforts offer the same level of anonymity as those of corporations.
"A retailer doesn't care what person is behind a particular online profile, just that they are buying new sneakers," said Ira Rubinstein, a research fellow at New York University School of Law who specializes in data privacy. "This is about targeting very specific people to go out and vote."
For the record
7:44 a.m.: An earlier version of this story misspelled the name of New York University research fellow Ira Rubinstein as Rubenstein.
An exhaustive paper Rubinstein recently published on voter privacy found that "political dossiers may be the largest unregulated assemblage of personal data in contemporary American life."
Basic privacy guidelines that apply to other industries don't appear to apply to candidates. Some do not even have clear privacy policies posted on their websites, which would be grounds for a private business to have their site shut down under both federal and California law, according to the Online Trust Alliance.
Rules that require companies to notify their customers if there has been a data breach also do not necessarily apply to campaigns, Rubinstein said.
"It's an unregulated entity whose only goal is to elect a candidate over a short term, then it goes away," he said. "They are not circumstances in which security is made a priority."
Campaign digital strategists take umbrage. They say their operations are constantly withstanding the attacks of hackers, and that candidates are in no position to be cavalier with all the sensitive information on their servers, as voters would punish them for it.
Yet it is also unclear whether many voters are aware how much could be on those servers. Among the regulations the Federal Trade Commission is urging Congress to implement is one that would allow consumers to find out what information the data brokers are selling to their many clients, political campaigns among them. Consumers could more easily adjust which data are being sold or could opt out of the monitoring altogether.
"The problem with the data broker industry is consumers have no idea this is going on," said FTC commissioner Julie Brill. "They are creating hundreds of millions of profiles of American consumers. … Some of this information can impact consumers in a negative way."
Back at Rocket Fuel, which specializes in placing potential voters into hundreds of different audiences, each targeted for a package of digital advertisements specifically catered to their interests, there are warnings that more regulation could have its own unintended consequences.
"We'd no longer be able to put the right message in front of the right people," Medici said. "If what we are putting in front of voters is relevant to them and of interest, it is a natural part of the process."