How are Campus Election Candidates Getting our Contact Details?
For political aspirants, putting yourself and your message out there is a key factor to determine whether you win or lose on voting day. A majority of aspirants employ various means and mediums to apprise the general public of their plans to make their lives relatively better.
Traditionally, aspirants for the Student Representative Council (SRC) and other leadership positions in university campuses employed a hands-on approach, coupled with fliers and/or banners pasted around, to winning students' interest and votes. This involved taking trips to the halls and hostels of students to solicit votes and present themselves as relatable individuals who hold students’ interests at heart. Aspirants would typically appeal to the emotions of students by either engaging them in thought-provoking conversation or giving/promising incentives if they assured them of a vote.
Members from the various halls of residence would show their support for candidates from their halls, so it is always exciting to see some healthy rivalry amongst the halls on campus as everyone echoes why their candidate is the better choice.
Now I am not saying the traditional methods of campaigning have been cast aside, but they have been supplemented by technology. Aspirants and their campaign teams find their way into social media groups, mostly class WhatsApp groups, and propagate their message of ‘love’, ‘service’, and ‘solidarity ’ with the occasional flier or two. For most of these social media platforms, it can be argued that group admins are fans of the aspirants and thus added them and/or members of their campaign to the groups. That is justifiable, and it makes sense but what about our SMS inboxes?
The most recent method aspirants are using to get their message to the masses, is Bulk SMS. This enables users to send out large quantities of SMSs’ to a list of contacts across all networks. So for this to work effectively, they need to have a list of contacts. Now the question here is, ‘How do they have access to student contact details?’, as I do not remember filling out a form or ticking a box that said I agree to receive SMSs from campus election candidates.
Our phone numbers are on every official document we have filled and some people even like to have it front and center on their social media pages. Regardless this does not give anyone the right to contact you without your consent, except for emergencies. Institutions like schools, banks, and hospitals need to provide some kind of guarantee to their members that their data is being protected or at least is being used in one way or another.
Some public offices and banks use phone numbers and email addresses as a means of sending transaction notifications and alerting customers of problems in service delivery. These reasons are clearly stated and for some of them, you would have to opt-in.
Somewhere in 2018, I received my first campaign messages via SMS from a couple of aspirants. Turns out I wasn’t the only one who received messages like this, and it is becoming a growing concern because there seems to be no way to opt-out of such messages as most people are not even sure of where these aspirants are getting the data(phone numbers) from or who is providing these services. Receiving messages from random numbers without consent raises enough suspicion and for messages you didn’t even ask for, you start getting annoyed. They could intrude in your life at any time they wanted or disrupt your activities with the touch of a button.
There are those who argue that it is just once a year so it really isn’t anything to worry about but who knows what other data points they have on people and what else the numbers could be used for. Candidates rarely explain how they get this data and the messages they send don’t come with any details of the bulk SMS service provider.
How many of these organizations have a Data Use Policy, that outlines the ways in which user data is stored, and used? The lack of a policy leaves user data vulnerable to unethical employees who could probably get away with selling the data for substantial amounts.
In the end, we might probably never know how they have access to this data, and until it is addressed properly, this practice will stick around for who knows how long. Until then, I pray our data is safe and being handled well by whoever allows them to use it like this but then again, prayers might not be enough to save you from the consequences of poor information security practices.
