Search
Content type: Examples
Less than a week before the election, the Democratic Party reported that Facebook's social media advertising systems had prevented the campaign from running some ads, allegedly resulting in the loss of more than $500,000 in potential campaign donations.
According to Facebook, the flaws resulted from a change in its political ads policy for the final week of the campaign. The policy change was intended to prevent political advertisers from uploading new ads in the week…
Content type: Press release
Privacy International, Open Rights Group, the Institute for Strategic Dialogue, Fair Vote, Who Targets Me? and Demos have today written to all the main UK political parties, demanding that they are transparent with the public about how they are using voters’ personal data in their electioneering. Twitter's announcement yesterday of their ban on political advertising is just the latest wake up call to politicians about the risks to democracy of personal data driven microtargeting of political…
Content type: Long Read
The UK public, regulators, and parliamentarians have all expressed concern about the wide use of third-party data by all political parties in the UK and its impact on privacy and democracy. In the week the remaining six candidates to be the UK’s next Prime Minister are reduced to two, Privacy International takes a look at their privacy policies to illustrate how such policies can be used to identify the use of third-party data by political candidates from all political parties.
The…
Content type: Examples
The New York Times picked 16 categories (like registered Democrats or people trying to lose weight) and targeted ads at people in them. They used the ads to reveal the invisible information itself, noting that it is a "story of how our information is used not just to target us but to manipulate others for economic and political ends — invisibly, and in ways that are difficult to scrutinize or even question."
The article illustrates that even though data providers don’t…
Content type: News & Analysis
The first half of 2018 saw two major privacy moments: in March, the Facebook/ Cambridge Analytica scandal broke, followed in May by the EU General Data Protection Regulation ("GDPR") taking effect. The Cambridge Analytica scandal, as it has become known, grabbed the attention and outrage of the media, the public, parliamentarians and regulators around the world - demonstrating that yes, people do care about violations of their privacy and abuse of power. This scandal has been one of…
Content type: Advocacy
Consultation Submission
In March 2019, Privacy International submitted a response to a consultation on Disinformation in Electoral Contexts, led by the Office of the Special Rapporteur for Freedom of Expression of the Inter-American Commission on Human Rights together with the Department of Electoral Cooperation and Observation (DECO) and the Department of International Law (DIL) of the Organisation of American States (OAS).
In our submission we highlighted the importance of minmising data…
Content type: Advocacy
In December 2018, PI responded to the UK Information Commissioner's (ICO) Call for Views on a Code of Practice for the use of personal information in political campaigns.
The consultation followed on from the ICO's policy report Democracy Disrupted?, published in July 2018, which recommended that the Government should legislate at the earliest opportunity to introduce a statutory Code of Practice under the Data Protection Act 2018 for the use of personal information in campaigns.…
Content type: News & Analysis
This piece was first published in GDPR today in March 2019.
Elections, referendums and political campaigns around the world are becoming ever more sophisticated data operations. This raises questions about the political use and abuse of personal data. With the European Union elections fast approaching and numerous national and local elections taking place across EU Member States, it is essential that the legal frameworks intended to protect our personal data do just that.
Member State…
Content type: Examples
On January 9, 2019 the UK Information Commissioner's Office fined SCL Elections, also known as Cambridge Analytica, £15,000 for failure to comply with an enforcement notice the ICO issued in May 2018 ordering the company to respond in full to a subject access request submitted by US-based academic David Carroll. The company was also required to pay £6,000 in costs and a victim surcharge of £170. Information Commissioner Elizabeth Denham noted that UK data protection laws apply to all data…
Content type: Examples
The results of a year-long review issued by the UK Information Commissioner's Office in November 2018 uncovered a "disturbing disregard for voters' personal privacy" on the part of 30 organisations, including social media platforms, political parties, data brokers, and credit reference agencies. Based on information uncovered during the investigation, the ICO sent 11 warning letters requiring action by the main political parties, and announced its intention to conduct audits; issued an…
Content type: Examples
In 2019, a prominent page on the Facebook Business site cited the British Conservative Party as a "success story" at the 2015 general election, which put the party into power with a narrow majority. The site boasted that via Facebook the Conservatives had an 80.6% reach in key constituencies, 3.5 million video views, and a social context for 86.9% of all the ads served - and that as a result the party had defied the polls and achieved an outright majority.
https://en-gb.facebook.com/business/…
Content type: Examples
A December 2018 report prepared by the Oxford Internet Institute's Computational propaganda Research Project and the network analysis firm Graphika for the US Senate Intelligence Committee found that the campaign conducted by Russia's Internet Research Agency during the 2016 US presidential election used every major social media platform to deliver messages in words, images, and videos to help elect Donald Trump - and stepped up efforts to support him once he assumed office. The report relied…
Content type: Examples
Facebook's latest tool for inspecting political ads showed that in the run-up to the US mid-term elections in November 2018, many of the same politicians who had been questioning Facebook about privacy and leaked user data were spending campaign funds on advertisements on the service. Between 2014 and 2018, the digital percentage of political spending rose from 1% to 22% (or about $1.9 billion); between May and November 2018 political spending on Facebook and its subsidiaries came to nearly $…
Content type: Examples
A 2018 study found that Twitter bots played a disproportionate role in spreading the false claim, made by US President Donald Trump shortly after winning the election but losing the popular vote in November 2016, that 3 million illegal immigrants had voted for Democratic opponent Hillary Clinton. After examining 14 million messages shared on Twitter between May 2016 and May 2017, Indiana University researchers found that just 6% of Twitter accounts identified as bots spread 31% of "low-…
Content type: Examples
In November 2018, the UK government announced that 11 local authorities across England would participate in Voter ID pilots in the interest of gaining "further insight into how best to ensure the security of the voting process and reduce the risk of voter fraud". Five local authorities participated in pilots in the 2017 general election. The new pilots will test four models of identification checks: photo ID (Pendle, East Staffordshire, Woking), photo and non-photo ID (Ribble Valley, Broxtowe,…
Content type: News & Analysis
Privacy International welcomes the focus on data and privacy contained in the final report by the UK House of Commons Digital, Culture, Media and Sport Committee (DCMS) on Disinformation and ‘fake news’. Beyond our control, companies and political parties have banded together to exploit our data. This report establishes essential steps to remedying this downward spiral. An important part of the democratic process is freedom of expression and right to political participation, including the right…
Content type: Examples
A flaw in the official 2018 UK Conservative Party conference app granted both read and write access to the private data of senior party members, including cabinet ministers, to anyone who logged in by second-guessing the email address they used to sign into the app. Twitter users claimed that one leading politician, Boris Johnson, had his avatar briefly replaced by a pornographic image, while another, Michael Gove, had his replaced by that of media magnate Rupert Murdoch. The app was…
Content type: Examples
Facebook ads purchased in May 2016 by the Internet Research Agency, a notorious Russian troll farm, urged users to install the FaceMusic app. When installed, this Chrome extension gained wide access to the users' Facebook accounts and web browsing behaviour; in some cases it messaged all the user's Facebook Friends. The most successful of these ads specifically targeted American girls aged 14 to 17 and said the app would let them play their favourite music on Facebook for free and share it…
Content type: Examples
In November 2018, the UK government announced it would pilot voter ID for in 11 local authorities during thte 2019 local elections in order to gain insight into ensuring voting security and lowering the risk of voter fraud. The Cabinet Office deemed the pilots conducted in five local authorities during the 2018 local elections to be a success. Four models of checking are under consideration: photo ID (Pendle, East Staffordshire, Woking); one photo or up to two non-photo IDs (Ribble Valley,…
Content type: Examples
In August 2018, the US Democratic National Committee notified the FBI that the San Francisco-based security company Lookout and the cloud service provider DigitalOcean had detected an attempted hack targeted at the DNC voter database. The attack took the form of a fake DNC login page intended to trick people into disclosing their usernames and passwords thinking they were accessing the DNC's VoteBuilder platrform. Lookout believes it found the site within 30 minutes of its going up online, but…
Content type: Examples
Shortly before the 2018 US midterm elections, Georgia secretary of state and gubernatorial candidate Brian Kemp accused Georgia's Democratic Party of hacking into the state's voter registration database, though without providing any evidence to support the claim. The motives behind the claim were unclear, but a report published by WhoWhatWhy suggested that the claim may have referred to a cybersecurity investigation conducted by the Democrats that uncovered significant flaws in the state's…
Content type: Examples
In July 2018, Election Systems and Software (ES&S), long the top US manufacturer of voter machines, admitted in a letter to Senator Ron Wyden (D-OR) that it had installed pcAnywhere remote access software and modems on a number of the election management systems it had sold between 2000 and 2006. The admission was in direct contradiction to the company's response for a New York Times article earlier in the year on US voting machines' vulnerability to hacking. ES&S says it stopped…
Content type: Examples
In the run-up to the November 2018 US midterm elections, Vice tested Facebook's new system of mandatory "Paid for" disclosure intended to bring greater transparency to the sources of ads relating to "issues of national importance". Placing political ads requires a valid ID and proof of residence. Vice found that Facebook quickly approved ads the site attempted to place that named Islamic State, US vice president Mike Pence, and Democratic National Committee chair Tom Perez in the "Paid for"…
Content type: Examples
A combination of entrenched and litigious voting machine manufacturers with immense control over their proprietary software and a highly complex and fragmented voting infrastructure mean that even though concerns were raised as early as 2004 about the security of US voting machines, the 2018 midterm election saw little improvement. The machines in use in the more than 10,000 US election jurisdictions are all either optical-scan or direct-recording electronic (DRE). Optical-scan, which scans…
Content type: Examples
In September 2018, when Massachusetts state police tweeted a map of responses to fires and explosions during a gas emergency, they inadvertently revealed that they were closely monitoring several activist groups, including a Facebook group for Mass Action Against Police Brutality, the Coalition to Organize and Mobilize Boston Against Trump, Facebook 413, Facebook MA Activism, and Resistance Calendar. The image was taken down and cropped after half an hour, but it spurred journalists to ask…
Content type: Examples
In September 2018, Google warned a selection of US senators and their aides that their Gmail accounts were being targeted by foreign government hackers. Google has issued warnings of phishing attempts by state-sponsored actors since 2012, though getting a notice does not mean the account has been compromised.
https://www.cnet.com/news/google-warns-us-senators-of-foreign-hackers-targeting-their-gmail-accounts/
Writer: Richard Nieva
Publication: CNet
Content type: Examples
In the run-up to the 2018 US mid-term elections, researchers found that the dissemination of fake news on Facebook was increasingly a domestic American phenomenon rather than, as in the 2016 presidential election, an effort driven by state-backed Russian operatives. Removing such accounts (Twitter) and pages (Facebook) is tricky in the US, where the boundary between free speech and disinformation is particularly sensitive. In addition, domestic disinformation is harder to distinguish. One of…
Content type: Examples
In the months leading up to the US 2018 midterm elections, Republican officials in Georgia, Texas, and North Carolina made moves they described as ensuring voting integrity but which critics saw as blocking voter access. In Georgia, where Secretary of State Brian Kemp is charged with enforcing election law and was simultaneously running for governor, election officials blocked 53,000 applications to register, 70% of which are those of African-Americans, under a law requiring personal…
Content type: Examples
In 2018, after the UK Cabinet Office said a trial of compulsory voter ID was necessary because reports of voter fraud had more than doubled between the 2014 and 2016 elections - a claim immediately disputed by a voter and upheld by the UK Statistics Authority. While it was true that there were 21 reports in 2014 and 44 in 2016, the number fell to 28 in 2017, small numbers to begin with. Crucially, more than twice as many people voted in 2016, the year of the EU referendum. None of the five…
Content type: Examples
A few months before the US 2018 midterm elections, the Trump campaign team signed a contract with the newly-formed Virginia-based company Excelsior Strategies to exploit the first-party data the campaign had collected. The contract was set up by Trump's campaign manager, Brad Parscale, who built the list as the digital director of Trump's 2016 campaign and began renting it out soon after the November 2016 elections.
Subject to the Trump's campaign veto authority, Excelsior rents out this…