Facebook and Google aren’t the only companies hoovering up every kilobyte of our digital lives—our late-night shopping habits, social-media posts, travel plans, and celebrity obsessions—and turning that personal data into dollar signs. As the recent leak of nearly 200 million voter profiles shows, political analytics companies are major players in the Big Data space, too—and their methods, if not their security protocols, are getting ever more sophisticated. The terabyte of data that Gizmodo reports Deep Root Analytics left on a cloud server, without password protection, included “home addresses, birth dates, and phone numbers,” along with “advanced-sentiment analyses used by political groups to predict where individual voters fall on hot-button issues such as gun ownership, stem-cell research, and the right to abortion, as well as suspected religious affiliation and ethnicity.” Even more worrying, some of the firm’s voter-registration data was cross-referenced against Reddit users’ profiles, suggesting a wide-ranging, multi-platform effort to build psychological profiles of American citizens. None of this is illegal, nor is it clear whether such information is particularly useful. Gizmodo reports show that the Republican National Committee paid Deep Root $983,000 last year, and that other conservative groups paid millions more. But as The New York Times revealed last year, preference-prediction software peddled by companies like Cambridge Analytica is still an imperfect science.
Still, Deep Root Analytics and Cambridge Analytica aren’t the only entities racing to mine the treasure trove of online data for political insights. As Bloomberg recently reported, Russian hackers infiltrated voter databases and software systems in 39 U.S. states as part of a wide-ranging effort to disrupt and influence the 2016 presidential election. A U.S. government probe has since concluded that four out of every five state-voting systems was hacked, though it’s not clear whether this had any effect on the outcome of the election. More recently, G.O.P. operative Aaron Nevins acknowledged that he’d asked for and received 2.5 gigabytes of Democratic Congressional Campaign Committee documents and voter data from the hacker known as Guccifer 2.0, which U.S. intelligence agencies believe is a front for Russian military intelligence. Nevins told the hacker, in a series of exchanges reviewed by The Wall Street Journal, that Democrats had probably “spent millions probably to figure out who these people are that are conducive to their message and now it’s exposed for the other side.” He later posted the analysis to his blog, allowing anyone to review voter-analysis data for a number of critical battleground states, including Pennsylvania, which Donald Trump won by fewer than 70,000 votes.
In the case of Deep Root, there could be enough data to flip an election. “If the Russians have this data, then they have targeted information that could allow them to try to swing the vote,” Archie Agarwal, the founder of the cybersecurity firm ThreatModeler, told Business Insider. “There is nothing more valuable to some people out there than this kind of information,” Chris Vickery, the cyber-risk analyst who first discovered the Deep Root leak, added. “This is what you can use to steal an election at the state and local level. It tells you who you need to advertise to to swing votes.”