Democracy in Danger: What Happened to our Data after the EU Referendum?
In the light of multiple investigations into Brexit online campaigns, Byline Times asks whether our election data is secure or could be misused in future votes.
“Everyone tries to walk away with the data at the end of a campaign.”
That was the stunning admission by a senior Vote Leave data specialist following the shock victory of the Brexit campaigns in the 2016 EU Referendum.
According to Vote Leave’s campaign director, Dominic Cummings, it was big data, machine learning and highly personalised targeted ads which swung the campaign towards Brexit.
“The future of political communication is data scientists, not bullshitting charlatans,” he told a festival of behavioural science the year after the referendum.
Vote Leave spent at least 40 per cent of its budget on the controversial Canadian electioneering and data company AIQ, and more than £2.7 million on automated targeting – including 1,433 ads aimed at specific groups of people on Facebook, viewed more than 169 million times.
A myriad of rules governing the use of campaign data are supposed to be enforced. But, there are growing concerns about how well these laws and systems are policed.
So what’s to stop people just walking off with our sensitive personal data after major campaigns? And where has all that Brexit referendum data gone?
Chaos inside the Data Team
Insiders who experienced the highly-charged atmosphere inside the Vote Leave HQ at Westminster Tower told Byline Times about the “colourful” discussions that were necessary to try to protect data as the simmering battle for votes boiled over in 2016.
One senior insider alleged an external consultant repeatedly tried to download records from the NationBuilder database. Such an act could be controversial, depending on where any downloaded data ended up – and whether the consultant had authorisation to access the material. Byline Times has spoken to the external consultant at the centre of the allegations, who firmly asserted that he had not downloaded any data without authorisation.
It struck us as interesting that two people inside the same room could hold such diverging views of whether people involved in key election or vote campaigns were able to freely access and copy sensitive details such as our names, addresses, voting preferences and more.
When asked, senior Vote Leave officers refused to explain how their data authorisation system worked. Neither could they provide an internal audit trail documenting who accessed their sensitive databases and when.
But the warning from those employed to stop misusing data did not just apply to the divisive Brexit campaign. The specialists we spoke to were adamant that individuals involved in most high-profile elections, referendums, votes or campaigns often try to wander off with valuable USBs and hard drives crammed with sensitive information on voters once the polls have closed.
Like many in politics, the Vote Leave campaign used the now breached Nation Builder system – a dedicated campaign-building software which takes names, addresses, email addresses, mobile phone numbers and matches them to social media accounts. When combined with other databases such as survey questions and personal interests, for example, it provides the basis by which voters can be micro-targeted with discrete and highly focused ads.
Vote Leave also developed a specialised system canvassing platform. This was known as VICS (Voter Intention Collection System), and a tribute to Victoria Woodcock, Vote Leave’s head of operations. Invoices reveal the software was coded and maintained by the Canadian company AIQ. At first blush the much vaunted software was just a website for volunteers to canvas voters and record their responses. But according to Chris Vickery, a data security expert who gave testimony to parliamentary inquiries in Canada and the UK, the VIC system looks like a “cover story” for AIQ “shenanigans”.
AIQ was at the centre of parliamentary inquiries both in Canada and the UK. Parliament’s Digital, Culture Media and Sport (DCMS) committee noted in its final report that the company’s close working relationship with the now-defunct Cambridge Analytica – the controversial firm founded by Steve Bannon, Robert Mercer and Alexander Nix, which came to prominence during the Trump presidential campaign and relied on a hack of up 75 million Facebook users and claimed to have 7,000 data points on each of America’s 240 million voters. Its parent company, SCL, recently pleaded guilty to breaking Britain’s data laws.
Back in 2017, however, after the referendum result, AIQ was invited to pitch for business with Number 10 while Cambridge Analytica won a $500,000 no-bid contract with the US State Department for its ‘target audience research’ – a military grade propaganda tool developed for the British Ministry of Defence.
Malicious Intent: Foreign Interference
As the recent NationBuilder breach has shown, none of this data is secure. If there is a snap general election because of the crisis in the UK Government over Britain’s exit from the EU, the ‘Brexit’ data could be crucial to creating ‘lookalike’ audiences to target voters. The same is true if a second confirmatory referendum is held over the terms of Britain’s exit.
Last year, Conservative MPs who opposed the current Brexit deal were targeted by Facebook ads calling them “anti-democratic” by former Vote Leave digital campaigners. The unofficial Leave.EU campaign, headed by Nigel Farage, has spent the last year targeting the parliamentary seats of Tory ‘Remainers’ urging locals to sign up to the Conservative Party and deselect sitting MPs such as the chair of the DCMS committee Damian Collins. Earlier this month, Facebook information revealed that Britain’s Future, a campaign set up by former comedy writer Tim Dawson, spent over £350,000 in a few weeks on targeted ads pushing for a hard Brexit. Dawson refuses to explain the source of his funds.
But it’s not just dark ads funded by dark money from domestic campaigns that threaten the integrity of future elections. As Chris Vickery told the Canadian Parliament, all this data is easy to obtain by foreign hostile powers intent on disrupting the UK democratic process.
“It would be extremely surprising if adversarial nations were not devoting large sums of resources to do the same,” he said last year, “for malicious intent.”
Read our Argument on what this means for the future of British democracy in our accompanying piece The Next Election: Democracy in Danger