Stop the Use by All Parties of Election-Management Software
The Israel Democracy Institute has submitted a professional opinion to the chair of the Central Elections Committee, Justice Neal Hendel, asking the Committee to prohibit the use of election-management software until appropriate regulations for its use are in place.
The authors of the opinion, Dr. Tehilla Shwartz Altshuler and Adv. Rachel Aridor-Hershkovitz, researchers at the Israel Democracy Institute, note that “the digital-age use of personal data which did not exist in the past, in order to create sophisticated and effective invasive means to sway voters, threatens our capacity to conduct a free democratic process. In the digital world, where it is possible to collect multiple levels of data about voters—from their ID number, address, and phone number, and on to the language they speak, whether they support a particular party, their family relationships, and even--whether they have a sick relative—the right to privacy has become a precondition for our capacity to hold free elections.”
Shwartz Altshuler and Aridor-Hershkovitz note that “the chair of the Central Elections Committee has the authority to make decisions on these matters, in view of the regulatory vacuum regarding digital platforms and the potential for their abuse, as well as the interpretation of §17b of the Election Propaganda Law and §118 of the Elections Law.”
The collection of information about voters includes sensitive personal data, ranging from the voters’ registry, to individual voters’ support for the party using the software. But the parties use such software without adhering to the limits set by the Privacy Protection Law and the Data Protection Regulations issued pursuant to it, including: the requirement of informed consent for the collection of data and additional uses of it; the responsibility of those who hold the data for its transmission to others; and data security.
Moreover, the most important item of information for effective use of the software—an individual’s political views and his or her support for a party—is part of the database managed by the software, and is used to prioritize pressure and persuasion efforts on Election Day.
The use of such software by members of polling-station committees and poll-watchers, in or near the polling place, should be banned. The members of polling-station committees (chairs, deputy chairs, and others) are paid directly by the state for running the polling station, ensuring its proper operation, and monitoring the proceedings in order to prevent fraud. But instead of restricting their activities to these duties, they are liable to make use of the election software for partisan purposes. It is important to note that they are paid with public funds, designated for a completely different purpose than collecting data for their parties. So too, poll-watchers, who are paid by the parties, are present in polling stations to monitor the fairness of the process, and not for any other purpose.
Given the fact that governmental privacy-protection agencies throughout the world have begun to closely monitor the use of such software and are working to formulate rules for its use, there is a need to freeze the data-collection tools such software offers until adequate principles have been set by legislation, by the Elections Committee, or by the Privacy Protection Authority.
What is the practice throughout the world?
| Country | Use of the Application | Response by the Authorities |
| European Parliament | Use of NationBuilder software as part of a campaign to increase citizens’ involvement and encourage voting in the 2019 election: a website that provided registered users with information about the elections was used to collect data for the application and send messages targeted to individual voters. | The EU Privacy Commission ruled that the use of the application by the European Parliament violated the GDPR (General Data Protection Regulation). The Commission expressed its concern that NationBuilder’s processing of data about voters could have a negative impact on the fairness of the elections and enable data-based manipulations of voters. |
| The ruling allowed EU citizens to demand that parties discontinue use of the application. | ||
| United Kingdom | More than 200 candidates or campaign groups used NationBuilder in the general elections in 2017, as well as in the Brexit campaign. | The UK Information Commissioner Office (ICO) stated its concern about the use parties make of software to manage voter information, without notifying the owners of the data that they are doing so. Accordingly, it ruled that parties must notify all data owners that data about them is being collected and crosschecked. |
| In addition, the Privacy Commission called for an ethical ban on the analysis of personal data aimed at creating personality profiles of voters, until clear rules on the matter have been formulated. | ||
| France | President Emmanuel Macron’s party used the NationBuilder application in the presidential and parliamentary elections. | The French Privacy Commission (CNIL) decided that it would continue to study micro-targeting for elections. |
| In the guideline issued by CNIL in 2016, it stipulated that data-mining and crosschecking without the knowledge of the data subjects violate the country’s privacy protection laws. In response, NationBuilder blocked use of the function which crosschecks personal data from French social networks. | ||
| United States | President Trump’s campaign used NationBuilder software in the 2016 presidential race. | As early as 2014, the FTC recommended that Congress require increased transparency from the data-broker industry. This recommendation is included in several bills before Congress. |
| Scotland | NationBuilder | In 2017, the Scottish National Party (SNP) used the software to mine the internet for personal data about eligible voters in Scotland. All internet users who expressed admiration of or support for the Scottish National Party on a social network (Facebook or Twitter), were tracked by the application; their personal information was collected and saved in a database maintained by the party. The purpose of this activity, which swept up photographs, biographical information, and interests, was to profile potential voters by personality traits and political opinions, in order to send them individually targeted messages. |
| In response to the revelations on the use of the software in Scotland, civil society organizations such as the OpenRights Group claimed that the data included sensitive information that cannot be saved without the data subjects’ informed consent, and that its storage without informed consent is in violation of the privacy law. More than anything else, the use parties make of public information from social networks in order to create databases of sensitive information on voters’ political views is an indication of politicians’ lack of respect for the right to privacy. We may assume that the authorities’ response will be issued soon. |