By Ariana V. Strider, JD, MBA, CIPP/US 

1. Synthetic Media—AI-generated Deepfakes,  Cheapfakes, and other MDM 

 A harrowing report drafted by U.S. Intelligence agencies and private sector allies paints a dystopian vision of the future where you cannot necessarily believe everything you see. While organizations such as TrueMedia.org have released open-source (free) tools to accurately analyze photos, audio, and video for content authenticity, these tools are not widely used in the campaign sector and are extremely new. 

Moreover, the “ignore it and it will go away,” approach isn’t so effective when it comes to synthetic media because the proponents of the synthetic media often use highly sophisticated targeting techniques to ensure they get the viewers that would be most likely to believe them—and not the truth. Therefore, remaining silent instead of following CISA’s advice on strategizing and delivering a cohesive response may be the worst thing you can do in this situation due to the uniqueness of the tactics used in spreading MDM (Misinformation, Disinformation, and Malinformation). 

2. Lack of Oversight over Political Data Brokers 

Politicians and political groups have long been able to access public information such as voter registration, party registration, and addresses. However, online access has made it easier than ever for bad-actors to use this same information to threaten, intimidate, doxx, and/or share disinformation to targeted demographics to suppress the vote. It’s common practice for data shared with one campaign to be shared with others in the future, but what really happens to your data after a campaign ends, and how much information is ultimately availible to foreign bad-actors considering more data is often added to these files besides public information? 

The Answer: More than anyone would likely care to admit. 

In 2020, Open Secrets found political groups paid 37 different data brokers at least $23 million for access to services or data. These data brokers collect a ton of  information from browser cookies, web beacons, mobile phones, social media platforms, and other sources. found. While some companies specialize in more general data, others, like i360, TargetSmart, and Grassroots Analytics, focus on the data  useful for grassroots campaigns and advocacy efforts, going more in-depth. 

For example, TargetSmart claims to have 171 million highly accurate cell phone numbers, and i360 claims to have data on 220 million voters. L2’s “National Models & Predictive Analytics” page, which breaks down interests, demographics, and political ideology—including details like “Voter Fraud Belief,” and “Ukraine Continue.” L2’s data metrics are also predictive of support for QAnon conspiracy belief and support for right-wing militia movements such as the January 6th insurrectionists. The New York Times demonstrated their own  approach to these sorts of profiles where a voter analytics firm created a “Covid concern score” that  analyzed  cell phone location, then ranked people based on travel patterns during the pandemic. 

More use of location data can be found in offerings made by El Toro, who claims to have once“identified over 130,000 IP-matched voter homes that met the client’s targeting criteria. El Toro served banner and video advertisements up to 3 times per day, per voter household – across all devices within the home.” 

The operative phrase is clearly “all devices within the home,” which is just vague enough to leave this columnist scratching her head at the implications. 

Streaming device maker and streaming service provider Roku’s pitch to potential political advertisers is straightforward: “there’s an opportunity for campaigns to use their own data like never before, for instance to reach households in a particular district where they need to get out the vote.” The implications are massive for this, considering Roku claims to have at least 80 million users. 

The bottom line is that we need better data lifecycle management if we want to prevent malign foreign actors from obtaining such data and exploiting it. This can be as simple as maintaining better vendor agreements, declining to sell or share certain data after a campaign, and assessing the existential risk to democracy if the data fell into the wrong hands. 

3. Political Cybersecurity Breaches 

“You wouldn’t download a Russian Hacker—would you?” I’m willing to bet most left-wing political operatives would answer in the negative, so then why aren’t we more protective of our campaigns and political organizations when the risk is higher than ever, and the cost of an attack could be devastating. 

For example, the Chinese state-backed hacking collective, Salt Typhoon, penetrated the networks of AT&T, Verizon, Lumen and around 10 others, and for months were laying low inside systems that facilitate court-authorized wiretap request. According to the reports, hackers have attempted to access the phone communications of presidential campaign officials, including President-elect Donald Trump and his running mate Sen. JD Vance, R-Ohio. The Harris campaign was also hit by these targeted attacks, apparently motivated by an attempt to influence the U.S. Presidential Election. 

The hackers have also obtained audio communications from other U.S. political figures, including a Trump campaign advisor, the Washington Post reported. Salt Typhoon also had access to victims’ unencrypted messages, and at least one U.S. official was notified that hackers had accessed their personal phone.

4. Social Listening, Poll Bots, & Other Bot Interference

Poll Bots—what are they anyway? Poll Bots are bots who are programmed to vote in online political polls—and they are very good at it. They use tactics to bypass online poll security measures such as CAPTCHAs (known as proof-of-work tactics in bot mitigation) that are used to ensure poll participants “are not a robot.” Even more troubling, they even use proxy servers (servers that act as “middlemen” between users and webpages) and/or VPNs (virtual private networks) to appear as several different people in order to vote more than once. Thus, the poll data becomes completely compromised—potentially by the actions of a single bad actor barely lifting a finger. 

Many campaigns use a technique called social listening to get large amounts of information from what people post and talk about on social media. However, what happens when bots enter the chat? The answer is: a lot of bad data. 

In a year where you don’t even need to know how to code to program a bot to spam someone’s social media account using generative AI, the possibilities are endless—especially when social media platforms cannot or will not do anything to mitigate it. And so it goes, the trusted social listening and other OSINT techniques are left with a dataset not fully representative of the populations they seek data on. 

5. Participation & Response Biases

A University of Oxford study conducted by Vincente Valentim looked to a Spanish region to study the phenomenon of preference falsification, which explains how social norms can influence the reliability of certain polling methods in elections. Valentim’s qualitative evidence (that is, non-numerical evidence) suggested that voters felt their vote could be observed, which isn’t all that unsurprising given today’s level of casual surveillance that takes place in an ever-growing information marketplace. Valentim’s study used triple differences models, which showed that this observability decreased voting for Partido Popular (PP), a stigmatized  right-wing party in the country that is most closely analogous to the United States’ own Christian-nationalist movement with Trump at the forefront. At the individual level, Valentim found that PP supporters make more efforts to keep their vote choice secret, and among those supporters such efforts also show more discomfort answering political surveys.  Therefore, less PP supporters felt comfortable answering polls, leading to two different types of statistical bias called participation and response bias. 

Polls are only as good as their sample data, and even well-established polls that are known to collect “good data,” find themselves in a new era of biases influenced by the Third Industrial Revolution concerning Artificial Intelligence & rapidly advancing information technology. Participation bias explains why Spanish PP voters may decline to answer exit polls, making the polling sample more unlike its target demographic which is ideally meant to be a sample that resembles the demographics of the wider population. In the context of the United States 2024 Presidential election, if more Harris supporters felt comfortable answering polls than Trump supporters, then we would have an over-representative population of Harris supporters within the sample that would over-inflate Harris’s numbers to make it appear like she is more likely to win. That is the danger of Participation Bias—the data doesn’t actually represent the population the sample data should represent. 

Response bias is spurred by preference falsification, and it occurs when people say one thing and do another—often fearing the social repercussions if they answer truthfully. This means that a voter who truly did not want Harris to be president because she is a woman may be more likely to respond to a poll or a friend’s question by falsely stating that they would not be voting for Harris due to disagreements on economic issues—not due to the belief that a woman should not be President of the United States. In essence, this hypothetical voter isn’t willing to say “the quiet part out loud,” so they come up with a different excuse to avoid the social fallout. There again, this leads to yet more “bad data,” making it harder for candidates to truly pinpoint issues voters care about when they aren’t exactly truthful. Preference falsification would, therefore, be a confounding variable that negatively affects the integrity and accuracy of polls. 

The Takeaway 

So, what’s there to do about all of this? That’s for YOU to decide. This change will not come on its own, and these new technology skills will have to be learned by someone eventually or we will keep facing these same problems over and over again with worse results.