Where they get their data

Political spam texts are harvested from voter registration rolls as well as just about any participation in political activities. Apparently political spammers take efforts to identify likely supporters. The reason is that basically this is a numbers game - they don't want to encourage the opponents' supporters to vote.

Therefore, the spammers' data sources are linked to political identifiers. Examples are:

• Personal data from voter registration rolls
• Primary election voter lists (lists identifying political party)
• Contributions, including partisan support groups
• Direct harvesting of volunteers' personal data
• Communications with elected representatives
• Personal data provided by activist groups

These sources make political spam particularly pernicious. This also provides an opportunity to make the data less useful.

Quality of data

As with any data harvester, entities that sell personal data to political campaigns look to improve the quality of the data. While "low grade" data may be useful for a budget campaign, most are willing to seek better quality data for their most aggressive harassment campaigns. That means that the data is going to be matched to different databases to the extent practical.

It is at this point where it is sometimes possible to reduce the usefulness of the harvested personal data. The best place to do this is where the data is expected by the data harvesters to be stable, which is also where it is most accessible to the victim:

1. The voter registration rolls; or
2. The people harvesting the data.

Since data is typically combined, just as it is combined by commercial entities, it helps to identify both sources of data.

Schrödinger's cell phone

The idea is to provide a bad number, but a bad number that is still a valid number for receiving SMS texts.

In other words, bad data is better than no data.

---

Political campaign data harvesters are likely to be able to link voter registration data with political interests and harvested personal information. It is difficult to protect this data and nearly impossible to convince data harvesting businesses to expunge it...

Except it is in fact very easy to expunge the contact data. (Here's how):

The strategy is to feed bad data. This tactic is effective because automated data harvesting algorithms terminate a data search when arriving at a credible result. If an automated data harvesting algorithm were to continue beyond arriving at a credible result, that would likely diminish the quality of the harvested data.   So...

The idea is to provide bad data to the obvious data sources, which are:

1. Data harvesters you know you engaged with; e.g., on-line activist organisations.
2. Data harvesters that look familiar, and which you may have used. Examples are on-line activist organisations. You may not remember responding to their "Save the Single Puppies" campaign, but it is possible that at one time or another you trusted one of these organisations with your personal information. Remember, it is the aggregation of information from multiple sources that data aggregators use against their victims.
3. Entities that are likely to match your political views in their promotions.
4. Political parties.
5. Fundraising wings of political parties - ActBlue and WinRed come to mind (for US). If you donate a small amount (e.g., via paypal, which doesn't cost the political entity much, so even $1 is okay), the data you provide will be resident on their system. If you make a payment with an on-line service (e.g., PayPal), be sure to insert the desired contact data (especially "no-answer" phone number and bogus email address) on the payment entry. (e.g., PayPal provides the default address, but allows the sender to change that data for a donation.)
6. An entity associated with a segment of the political party, e.g., Club for Growth; various progressive groups.

In particular, that "bad data" you need to provide would be the telephone number and email address.

The email address is easy - any dedicated sender-identifying, throw-away or known spammer's email address will do. (Sender-identifying addresses are optimum because you can receive confirmations and turn off the email after receiving the confirmation. Examples are 33mail.com and Spamgourmet.)

For phone numbers, if a number is not SMS-capable, their phone spam software will search databases for a likely cell phone. Therefore, provide a bad-but-valid SMS-capable number. Options are:

1. On-line free SMS "drop box" phone numbers for receiving SMS messages.
2. Cell phone numbers of previous spammers - i.e., those people who think other people like getting spammed. (Note that some campaigns use "burner" phones, but others find volunteers who are willing to use their own phones to send the malicious texts.)
3. SMS text phone numbers of politicians who engage in this practice.

The Data Sources

1.   Voter registration rolls

In most states, voter registration data is readily available, at least to registered political parties or the like. They are likely to require that the data only be used for political campaigns, but that is typically without consent of the victim.

Voter registration data includes of course the voter's name and other salient data, but many states also collect other data such as telephone numbers and email addresses. So update your voter registration to insert "bad data" in those spurious data fields.

Voting rights are unlikely to depend on the quality of that additional data. In contrast, the obvious targets of data harvesters are phone numbers and email addresses. Select a "no-reply" phone number. It only needs to be a phone line that is basically not answered by a human, preferably an otherwise valid number.

As a "no-reply" phone number the numbers such as your work fax are inviting, but there is an advantage to selecting a number that is SMS-capable (actually capable of receiving SMS text messages). The reason is that if the listed number does not receive SMS text, automated equipment will sequence to supplemental data sources.

Good sources of SMS numbers are:

• On-line SMS "message drop" numbers. A few websites with these numbers are listed at:
  - textport.com
  - freephonenum.com/us (US numbers)
  - freephonenum.com/ca (Canadian numbers - may cause the spammer to incur international texting charges)
  - receivesms.org
  
  
• SMS boiler rooms that have previously sent SMS spam (using full 10--digit numbers) - they are SMS-capable for obvious reasons. In other words the people who attacked you. (Note, however, that many candidates use "throw-away" numbers for spam purposes.)

For email, there are multiple options. Generally it is possible to refuse providing email addresses, but a throw-away email address also works.

---

2.   The people harvesting the data

First, try to either give bogus numbers or no number to people collecting numbers. It is best to give bogus numbers, because you want to feed the data harvesters bad data. Let the person collecting the number (often for legitimate purposes) know that the number won't be answered or something of that sort. (i.e., "I may be hard to reach, but I will try to keep in touch with you.") That way the person will collect the bad data number and also know that the number may be worthless (for actual communication).

If you're volunteering, you will probably show up on your own or on the basis of a website, so the number is of marginal use. "It's unlisted" is generally a polite way to refuse a number to avoid harvesting.

Email is important here, and again, there are multiple options. Generally it is possible to refuse on the basis of not having a service to handle bulk email on your behalf, and the obvious problems with email security. Alternatively, a throw-away email address works. The ones I use are spamgourmet.com and 33mail.com, but the idea is to provide a throw-away email address of your choosing.^[1] 

If someone has a need for an email address or (more pointedly) objects to a disposable or sender-specific address, there is a reason, and it's probably not the person's romantic interests.

For on-line sites, it's easy - just update your information. Be sure you have at least one registration that matches^[2]  the way your name appears on the voter registration rolls. That way, the collected data will be matched by the data harvesters and go to whatever bogus or semi-bogus phone number and email address you provide. (The idea is to make it easy for the data harvesters to associate your voter registration with bad data, and therefore not sequence to good data.)

Typical on-line sites are change.org and moveon.org for progressives, and America First, Americans for Prosperity and Maggie's List for conservatives. These are listed in Wikipedia (List of PACs), and the cognizant ones should be easily recognisable. Look for any political issue-oriented group you may have interacted with.

It will take time.

... typically until the next election cycle, but providing bad data will stop at least some of the attacks even in the current election cycle. (A handful of campaigns use old lists, but will use current data.)

Handling text messages

There are multiple ways of doing this.

1. If you trust the entity, you can reply STOP . That presumes you trust the entity to comply and not confirm a valid number.
   
   
2. Use canned replies asking the person questions they will refuse to answer, such as the data source they used for your the personal information. Many of the more hostile spammers will address the victim by first name, presumably for intimidation purposes. (Don't let them intimidate you.) Reply by addressing the caller by the same first name with your question, but identifying yourself with a different name in reply. (i.e., the number being used does not even belong to "xxxx".)
   
   
3. "Wrong number" response - tell the caller you are someone else (e.g., because this is a new phone, so their data is apparently out-of-date).
   
   
4. If you have a voice-to-text app, ask very long questions and ramble on. (Those things can easily be made very annoying!)
   
   
5. Collect candidate names and let the spammers know that you are doing this because those are the real enemies that you want to vote against. And do it. (vote against them because they are the enemy.) Note that the most outrageous spams are sometimes "false flag" attacks, but those should be obvious.
   
   (Of course, save the names of the candidates that called you so you know who sent these attacks when voting, and share that list with local social media groups, etc.).
   
   
6. Post these names on local social media lists -- this can be very effective.

Robotext SMS Spam is illegal.

Autodialed texts without prior consent are prohibited under the Federal (US) Telephone Consumer Protection Act (TCPA):

"Political campaign-related autodialed or prerecorded voice calls, including autodialed live calls, autodialed texts, and prerecorded voice messages, are prohibited to cell phones, pagers, or other mobile devices without the called party's prior express consent. The same restrictions apply to protected phone lines such as emergency or toll-free lines, or lines serving hospitals or similar facilities."

Note: Some political spam operations are using multiple numbers to evade Telephone Consumer Protection Act (TCPA) requirements. If these are automated "Robotexts", this still is illegal unless the spamvictim has given prior consent. (That's why some automated messaging services routinely request prior consent.)

If you receive an (unsolicited) automated SMS spam attack from any number, these are illegal. File a complaint to the FCC. Links:

SMS text spam (automated political text) FCC On-Line Complaint

(general information from the FCC)

On the FCC form, if you encounter a menu selection which doesn't correspond to SMS text message spam, the appropriate selection may be accessed by scrolling down on the menu. (Examples include asking whether the call type is "wired" or "VOIP" - scroll-down will reveal the "wireless" selection. Another scroll-down menu displays "Type of Call or Message" as "Live Voice;" or "Prerecorded Voice;" - - scroll-down will reveal the "text" selection.) The form also requires specific formats (x:xx a.m., telephone numbers as xxx-xxx-xxxx), but the application will indicate the required changes.

In the subject line (and description), indicate the specific violations that apply:

• Automated Robotext attack - spamvictim never consented
• Automated Robotext - Spammer ignores "Stop" request to same number.
• Automated Robotext - Spammer (repeatedly) ignores "Stop" request to same number.

You may also wish to include a response such as:

In addition to the above multiple attacks, multiple other spam attacks, using what is obviously the *same list* attacking spamvictim sent from different numbers to evade blocking attempts. (Spamvictim never agreed to receive automated text messages from spammer.)

or

Never consented - Please enquire when "prior express consent was obtained as required in paragraph (a)(1), (2), or (3) of 47 CFR § 64.1200, and the date on which such prior express consent was obtained."

Note that the "Stop" (or "Stop already", etc.), response is not a requirement for robotext restrictions. "Stop" is only required under the TCPA if one had previously consented to receiving automated calls. Still, repeat robotext attacks after a "Stop" request can show malicious intent. If you receive an unsolicited automated SMS spam attack from any number after sending a "Stop" response (especially if different numbers are used), file the complaint.

If you have previously sent a "Stop" and get a repeat robotext attacks from the same number, state in the complaint that the "Stop" request was ignored (or the robotext spammer is repeat texting in retaliation to the "Stop" request)

---

Update

Since using the FCC form, and reporting

"Autodialed text spam attack - never consented" and (where appropriate) "Stop" request ignored."

I have noticed a significant reduction in political SMS and MMS spam attacks. This could be the result of the nuances of the strategies of these ***holes, but it's possible that I got my number blacklisted by those ***holes!!

Of note, I have:

- added words to my "Stop" requests, which would not affect manual texting but which would cause (illegal) automated equipment to ignore the "Stop" request.

- under "Additional Information (optional)", added comments where appropriate, such as:

Political text spam using obviously automated equipment (robotext spam attack). In addition to the above, multiple spam attacks using what is obviously the *same list* are attacking spamvictim using different numbers to evade blocking attempts. (Spamvictim never agreed to receive automated text messages from spammer.)

Never consented - Please enquire when "prior express consent was obtained as required in paragraph (a)(1), (2), or (3) of 47 CFR § 64.1200, and the date on which such prior express consent was obtained."

Evidence of Automated Robotext - automated ignoring of "Stop" requests

Retaliation for "Stop" requests - spammer ignores prior "Stop" request and retaliated by sending additional attack from the same number - this was not a "mistake". Spamvictim never consented to automated text messages.

In addition to the above multiple attacks, multiple other spam automated attacks using what is obviously the *same list* are attacking spamvictim using different numbers to evade blocking attempts. (Spamvictim never agreed to receive automated text messages from spammer.)

These are of course in a text file, so easy to insert into the FCC form when required.

Getting blacklisted

... a good thing

A boring story of getting blacklisted by an SMS calling service apparently involved in SMS text spam is on a page describing The Numbers (SMS calling tactics).

The usual precautions

• Use Caller ID block (*67) if you want to block your name. Only works for voice calls.
  
  
• Calls to toll-free (800 numbers and the like in the North American Numbering Plan (NAMP)) will always provide the recipient with the calling number because toll-free services provide "automatic number identification", which works independently of caller ID data even if the ID is blocked. (Therefore "*67" does not work. The called party may or may not have the caller name.^[3] )
  
  
• Replying to a call or text will confirm a valid number. (That may or may not be a problem, depending on whether you expect the campaign to re-sell your data based on your call.)
  
  
• When communicating with an elected politician, use disposable email addresses and either *67 (doesn't work with toll-free numbers) or use a "safe" phone number.

I have mentioned various US political advocacy groups here. I am not attempting to support one political point of view here other than data privacy. For partisan political viewpoints, please visit the entire rest of the internet.

[1]^     "Dedicated email addresses" have the advantage that they permit ongoing email communication with an entity, but if the data is abused, the "dedicated" address can be terminated. Such "dedicated email addresses" also let you know where a different entity obtained your personal data from.
I've found spamgourmet.com and 33mail.com to be convenient in this regard because they ".forward" to the user's regular email; however, there are several other providers of these "dedicated email addresses".

[2]^     If you usually go by "Kitty" but you've registered to vote as "Katherine", then change your listed name on a political site to match "Katherine", or just re-register (at the site) that way. The same of course applies to "deadname" voter registration -- add site registrations to organisations identifying that deadname if you are getting messages to that deadname. (A "deadname" is a name a person no longer uses, e.g., the birth name of a trans person; not a deceased voter!)

[3]^     Toll-free Automatic Number Identification does not provide subscriber names, but toll-free services can match an incoming caller number with an external database called a CNAM ("Calling NAMe"). CNAM is an outside service that phone companies use to pair incoming numbers with names. CNAMs are not centralized databases and can be ureliable. Each CNAM maintains its own private database on phone number/name pairs in the United States and abroad.

Hanging up does not work!

The Numbers (SMS calling tactics).

back to Counter-Telemarketing Tactics - (this site)

How to poison the data that Big Tech uses to surveil you - MIT Technology Review

Artificial Intelligence - Algorithms are meaningless without good data. The public can exploit that to demand change.

cexx.org - Multiple anti-data harvesting links and articles

originally posted 13-May-21   rev 27-Sep-24 Stan Protigal