Tactical Tech’s Data and Politics research teams set out to investigate how personal and individual data was being utilized in modern digitized political campaigns. By working with various stakeholders in the industry, they used Kenya as one of their case studies and the findings of this research were, for lack of a better word, shocking. This report tried to demystify the lengths at which players in the political scene went to convince voters that they were the better evil.

In their findings, they discovered that personal data played a pivotal role in campaigns during the August 2017 general elections, but the main mystery was how this data was acquired. According to the State of the Internet Report in 2017, 25.6 million Kenyans had access to the internet daily, be it through smartphones, tablets or computers. With Kenya being a highly digitized country, they realized that the private sector digital service providers like mobile network operators and digital startups accelerated the collection and analysis of personal information through systems such as mobile financial transactions, loyalty cards and purchasing histories linked to debit cards and, digital marketing and advertising.

It was also discovered that after the 2007 post-election violence, the government invested in digital surveillance systems as digital platforms were blamed for inciting violence.

The report also noted that personal data had been used in the past for identification and political gain even before independence in Kenya. During the colonial era, poll tax (1901) and the Native Registration Ordinance (1915) were used to mark tribes to geographical locations. Today, the Registration of Persons Act requires an ID and biometrics data, whose information, has been politicized in campaigns. ID registration drives have been used to enlist new voters from select areas, while others have been tactfully blocked from registering.

In the 2017 election season, voter data was sourced in several ways for different purposes. While the Jubilee Party used membership smart cards, The Orange Democratic Movement opted for a member’s recruitment app. Political parties are required to present their membership list prior to the elections but there were significant cases where citizens found themselves in political parties’ member lists without their consent. As a result, they received a range of unsolicited messages urging them to vote for a candidate or thanking them for participating in campaigns.

The report also noted that more personal approaches were used. Target advertising on social media was used by firms such as Cambridge Analytica. These firms provided services ranging from negative campaigning to creating and spreading fake news content, hashtags and memes for a select group of voters and supports.

Social media platforms such as WhatsApp and Telegram were used as tools for supporter co-ordination and spreading of propaganda. In the final league of the campaign, the National Cohesion and Integration Commission had identified 21 political groups in WhatsApp for spreading hate speech. The question, however, was how these groups were identified among millions in a closed encrypted group.

But with this comes reprieve. The data protection Bill 2018, if it becomes law, will change how these organizations collect, process, store and use the data they acquire. The Bill has provisions that will protect the citizens right to privacy.

Please find the full report here.