Black Hat USA 2025 | Use and Abuse of Personal Information -- Politics Edition

The Black Hat USA 2025 presentation revealed a five‑year research project that generated 1,400 realistic fake voter identities to probe how political campaigns collect and use personal data during the 2024 election cycle. By automating sign‑ups for newsletters and phone lines, the team captured every email, voicemail and call sent to these synthetic constituents, exposing the scale and mechanics of political outreach. Key findings show a stark partisan imbalance: Democratic candidates sent nearly twice as many emails as Republicans, with the top sender, President Biden, averaging 10.2 messages per day. In contrast, the phone‑based experiment yielded 34,000 calls and 7,000 voicemails, yet only 203 were genuinely political; over half were unrelated scams exploiting the recycled numbers. The content analysis demonstrated that campaigns largely broadcast self‑referential messaging, with word clouds dominated by candidate names and generic terms like NATO, while policy‑specific or donor‑related language was scarce. Notable data points include the timing spikes aligned with primary results and debates, the labor‑intensive process of handling each fake identity in two to three minutes, and the discovery that reading all campaign emails would demand up to 100 hours for a single office. The researchers also highlighted the vulnerability of phone numbers to spam, urging simple validation mechanisms to eliminate 99 % of unwanted calls. The study underscores how political entities treat personal information as a low‑cost advertising asset, often without meaningful engagement from recipients. It raises urgent questions about data privacy, the ethical limits of automated outreach, and the need for stronger safeguards to prevent both political misuse and opportunistic scams.