Sen. Ted Cruz speaks in Nashua, New Hampshire, on April 18. His campaign has been especially aggressive in collecting data about potential supporters. Shutterstock.com

This article is from the archive of our partner National Journal

If Internet companies like Google or Facebook mislead users and violate their privacy, they can find themselves in trouble with federal regulators. If government agencies spy on people without the proper authorization, they can get slapped down by a judge.

Political campaigns, however, face no such hurdles when it comes to scraping information from private citizens.

Instead, they operate in a legal dead zone outside the reach of federal regulators. The Federal Trade Commission regulates commercial privacy issues, but has no jurisdiction over political campaigns. The Federal Election Commission regulates campaigns, but has essentially no privacy regulations.

In recent years, campaigns have become increasingly aggressive in their efforts to build psychological profiles on millions of potential voters. “There are no limits, and there should be,” said Jeff Chester, the executive director of the Center for Digital Democracy, a privacy advocacy group. “Do you really want the Left or the Right to have a dossier about you to figure out how to manipulate you?”

Barack Obama’s 2008 campaign pioneered methods for collecting information about voters and targeting them with tailored messages. With the help of Silicon Valley tech gurus, his 2012 reelection campaign took that initiative to new heights with its “Project Narwhal,” which fused various databases into a massive pool of information on potential voters.

In the 2016 campaign, it appears that Sen. Ted Cruz is leading the way on sophisticated voter targeting. According to The Guardian, the Texas Republican's campaign has hired a firm called Cambridge Analytica to harvest information on tens of millions of Facebook users without their permission and then combine it with public records. The campaign’s smartphone app scrapes the phone for additional contacts, The Washington Post reported this week.

The goal of the information collection is to allow the Cruz campaign to build psychological profiles of potential supporters and then deliver the best message to try to get them involved in the campaign. So a person who received high scores on “neuroticism” might receive a pro-gun pitch with a picture of a burglar breaking into a home, The Post explained. Or a person who scored high on “openness” might get a message about family values. In particular, Cruz is using his data-crunching machine to try to lock down support from Christian conservatives.

David Vladeck, a professor at Georgetown University Law Center and a former top FTC official, said that Cruz’s tactics might be particularly sophisticated but there’s nothing truly groundbreaking about them. “There have been tremendous efforts by both sides to acquire as much as information as possible and to mine the hell out of it,” Vladeck said. “I’m sure each party has thousands of data points on each of us.”

One of the reasons that campaigns are able to collect data so easily is that much of the information they’re after is already public. Campaign finance and election laws are focused on promoting transparency, not protecting privacy. So a person’s name, gender, date of birth, address, party affiliation, donation history, and voting history (when they voted but not for whom they voted) is often available in public records.

“Voter data may be the largest concentration of unregulated personal information in the U.S. today,” Ira Rubinstein, a professor at New York University School of Law, wrote in a 2014 law review article titled “Voter Privacy in the Age of Big Data.”

In recent years, campaigns have also been using their websites to quietly collect data about potential supporters. Every petition a user signs, survey she completes, newsletter she opens, or video she watches can provide more insight into who she is. The privacy policy of Obama’s 2012 site even acknowledged that the campaign could use third-party ad networks to install cookies (small tracking files) on computers to record the other websites users visited in order to “deliver advertising … targeted to your interests.”

Information that campaigns can’t collect from public records or through their own websites, they can buy from “data brokers,” firms that compile massive databases of personal information. That information can come from a wide range of sources, including social-media sites, Web browsing, surveys, magazine subscriptions, or purchasing histories. Many data brokers sell their databases for marketing or fraud detection. But there are a new breed of data brokers focusing exclusively on political campaigns.

“A whole industry has arisen around this,” Vladeck said. “A lot of people get paid a lot of money to do this work for political campaigns.”

While lawmakers on both sides of the aisle have expressed alarm about government surveillance and corporate data mining, it seems unlikely that Congress will crack down on political campaigns anytime soon. “There’s a huge conflict of interest because members of Congress and political groups are all using these tactics,” Chester said.

There are some state laws prohibiting deceptive campaign practices, but they’re rarely enforced. It seems especially unlikely that a state would try to use one of those laws to curb political data collection.

Vladeck argued that campaigns should be more transparent about how they’re collecting and using personal data, but he also warned that tough laws could violate the free speech rights of candidates. “I think there are serious First Amendment problems with the government regulating how campaigns use big data,” he said. “Political speech is at the core of the First Amendment.”

This article is from the archive of our partner National Journal.

We want to hear what you think about this article. Submit a letter to the editor or write to letters@theatlantic.com.