Marcia Stepanek, writes in the October 26, 2000, edition of "BusinessWeek" about some of the software tools being deployed during this campaign season that are opening up the voting process -- not to increase voter turnout, but to find out more information about voters. Internet marketers and candidates, through the use of data-mining tools, are combining individual voter records and personal commercial data to target candidates, issues, and products to specific segments of the population, potentially crossing the boundaries of individual privacy in the process. "Data mining" refers to any set of software tools or automated processes that can access data from one or more databases, and present them in a way that highlights previously unknown relationships and patterns. It is not, however, about simply presenting existing data in new forms. Data mining itself is not new. It has been used for years in academic, government, and market research in areas such as customer service, risk management, and systems analysis. In the political sphere, data mining technologies are useful in helping to map out an efficient and effective mail, phone bank, and door-to-door canvassing strategy, and can also enable campaigns to customize and personalize messages down to specific households with great ease, as well as to offer better representation around issues based on market research. Stepanek argues, however, that the current level of activity and technological sophistication, in the absence of laws or regulation, only raises the potential for abuse in the electoral arena. Map Applications, a Republican-affiliated company, has deployed, for example, its GeoVoter tool to gather up to 5,000 categories of information (such as age, race, socioeconomic status, financial information, political attitudes, voting activity) available from public records and commercial marketing data on each of the 1.5 million registered voters in Iowa, in order to guess the issues that are most likely to affect a particular voter's behavior. Stepanek also mentions how GOP campaign workers can tie similar information to e-mail addresses collected and sold by private marketing companies and telephone solicitors, in order to raise specific issues of concern to individual voters. Another campaign technology firm, Aristotle International, boasts a significant amount of information on 150 million registered voters. The company compiles its lists from registered voter records, motor vehicle records, and Federal Election Commission contributor lists. These lists are enhanced with data from third-party companies that collect information from federal, state and local government agencies (including date of birth, address and political jurisdiction). The target audience for the enhanced data, according to the company, is generally government agencies, law firms, and insurance companies. Aristotle claims a client base that includes 90% of the current U.S. Senate, nearly 46% of the current U.S. House of Representatives, 46 Democratic and Republican state parties, 72% of Senate and 66% of House candidates in the 1999- 2000 campaign cycle, and a number of advocacy groups including the National Rifle Association. [BusinessWeek itself, according to Stepenak, has used products provided by Aristotle for its election coverage]. As outlined in its amended initial public offering prospectus from September 6, 2000, Aristotle stated that it has contracted with consumer data mining firm MatchLogic to buy a $3.5 million bundle of e-mail addresses and banner ad space, in exchange for revenue-sharing over sales of ads that target voters listed in Aristotle's database. This deal, adds Stepenak, includes some 50 million voter records containing motor vehicle data from across the United States. MatchLogic, writes Stepenak, collects information on individual online shopping habits -- without the consent of Internet users -- which is then expanded into individual profiles that are used and sold to other parties for marketing efforts. Richard Levey, writing in the May 2, 2000, edition of "MediaCentral Marketing," points out that political campaigns have had access to valuable voter lists for quite some time. These lists are valuable because of the demographic information provided, courtesy of voters themselves when they register in their states or localities, and when they actually show up to vote, or participate in a primary. When combined with other lists -- magazine subscriptions, grocery store "club cards," credit card data, university student data, the information from these lists can be cut with a wide range of analytical tools, to produce, for example, a roster of voters who are both more likely to vote, yet least supportive of a particular party, who may have a particular interest in a given set of issues. Because the information comes mostly from public records (such motor vehicle databases) and commercial data sources (such as bank and credit card transactions), it is often collected without user knowledge or permission. Currently, the main barriers to the collection and use of this information are not statutory or regulatory restrictions (as of this writing) but, rather, only a simple matter of paying for access to and storage of that data. Aside from security and privacy concerns about making data available to their clients on the Web, there are fundamental issues around the misuse of this information. While the company maintains that it believes its service is lawful, and that the information can only be released to authorized individuals, in its SEC filing, it raises the possibility that "[i]ndividuals may allege in the future, that collection of this information is illegal or infringes on their personal rights for example, their civil rights or their constitutional rights to privacy. There is also a substantial risk that public perception of the use of information acquired through the Internet to engage in targeted advertising and other commercial purposes may deteriorate. We may become subject to litigation over privacy concerns." The Federal Privacy Act protects the confidentiality of personally identifiable information collected by the federal government. Each state, however, has its own laws governing the use of, and access to, voter records and information. A number of states allow unlimited access to voter information, while others limit their use to only government or political entities, and some restrict access entirely. Users of voter information are not required to seek the consent of individuals as long as the particular state allows its use. Motor vehicle records are protected by the Drivers Privacy Protection Act of 1994, which was upheld in January of this year by the Supreme Court. The Court, ruling in Reno v. Condon, unanimously upheld the act, which restricts the public disclosure of personal information contained in state department of motor vehicles (DMV) records, and to prohibit DMV officials from intentionally disclosing personally identifiable information, except for use by government agencies or businesses engaged in information verification practices and fraud prevention. A majority of the Court, in December 1999, also upheld a California restriction limiting a private company's access to names in addresses contained in police arrest records for commercial purposes in Los Angeles Police Department v. United Reporting Publishing Corp. This ruling held that a state may place conditions on access to public information, depending upon how the information will be used. Earlier this year, there were a number of high profile lawsuits centered on unlawful acquisition and selling of personal information against DoubleClick and Yahoo! (specifically for using cookies, an alleged violation of federal privacy and stalking laws, respectively); RealNetworks (violation of anti-hacking protections to obtain information from music download subscribers), Toys 'R' Us (for outsourcing of data analysis to a third-party consumer data and marketing firm). A number of the third-party companies that compile the commercial data used in conjunction with voter lists reached an agreement with the Federal Trade Commission (FTC) this past July. The agreement called for a set of industry self-policing guidelines, enforceable under FTC authority, with respect to the collection and use of personal individual information. These guidelines prohibit the use of sensitive personal or financial information in targeted online advertising unless the practices fit within FTC guidelines, and provide customers with both notice of the use of information and the means to "opt out" of such activity. Other entities, such as the Juno Advocacy Network, the public interest and political advertising division of national Internet service provider Juno.com, collect demographic information from subscribers who choose to "opt in" by signing up for free e-mail accounts. Subscribers are made aware that in return for the free service, they will receive targeted online banner ads and direct mailing based on their information and preferences, including messages from advocacy groups and political campaigns. A number of companies point out that some jurisdictions place restrictions on the use of and access to voter data, and require their customers to comply with both federal and state laws and guarantee that they will not resell or abuse the confidential information they are provided. Some companies are starting to voluntarily open up databases for audit by state and local officials to ensure that abuses do not take place. For more information on your state's privacy guidelines, you can consult the following organizations: The League of Women Voters lists the phone number and website for each state's voter registration office. The Center for Democracy and Technology and the Electronic Privacy Information Center maintain extensive sets of guides to online privacy policies and protections and the FTC provides a listing of online privacy reference and resource materials. Resources Cited October 26, 2000, edition of "BusinessWeek" Map Applications, Aristotle International, Aristotle International 9/6/00 Initial Public Offering MatchLogic 5/2/00 edition MediaCentral Marketing Reno v. Condon Los Angeles Police Department v. United Reporting Publishing Corp DoubleClick Yahoo! RealNetworks Toys ‘R’ Us Network Advertising Initiative Juno.com The League of Women Voters The Center for Democracy and Technology Electronic Privacy Information Center FTC