Targeted Democracy
Ad Tech and the Ballot Box
I spent five years at Yahoo! in the early-2000s, when ad technology was beginning its takeover of the internet. The advertising gold rush had produced two competing philosophies. Google bet on spray-and-pray, cheap, text-based search ads served at volume. Yahoo! bet on premium targeted display advertising across its media network. I was part of a team that designed and launched Smart Ads, a system for serving targeted advertising to specific users based on their behavior and profile data. My role was lead designer.
I did not see where any of it was going despite reading George Orwell’s 1984. Part of that was naivety. Part of it was the nature of the work itself; when you are embedded in a technical substrate with data scientists, building something that has never existed before, the view beyond your immediate problem narrows quickly. We were not thinking about consequences. There was a bounty, we were thinking about click-through rates.
Two decades later, my feeds are flooded: targeted content, election news, scandals, conspiracies, influencers, outrage, all of it delivered by systems that are direct descendants of what that team built. Every item in that feed is, in some form, an advertisement; something optimized to reach a specific person at a specific moment to produce a specific response.
What I did not expect was to recognize the same architecture in our voting infrastructure. The essay that follows draws that comparison.
I. The Architecture of Influence
Targeted advertising is built on a straightforward transaction: identify who someone is, model what they want, and deliver a message before they know they needed it. The infrastructure behind this; data brokers, psychographic profiling, real-time bidding, algorithmic delivery — has become so embedded in daily life that most people encounter dozens of personalized ads without registering them.
A modernized election system, as described in recent technical proposals, runs on a recognizably similar stack. Secure voter authentication terminals sit at remote polling sites. SpaceX Starlink LEO satellite terminals push encrypted data to central servers. Tripp Lite by Eaton UPS and PDU hardware keeps everything powered through outages. Biometric scanners verify identity against a centralized state voter database. Electronic poll books pull precinct boundaries and candidate races in real time based on where a voter lives.
The resemblance between these two architectures is uncanny. Both resolve the same engineering problem: how do you identify a specific individual within a large population, serve them a customized output, and record that transaction accurately across a distributed network?
II. The Targeting Stack, Compared
The identity layer in advertising is the cookie, the device fingerprint, the hashed email, whatever converts an anonymous browser session into a known profile. In the election system described, biometric scanners and electronic poll books perform the same function. A voter arrives as an unknown person and leaves the authentication terminal as a verified data point with attributes attached: address, precinct, eligible races, registration status.
The connectivity layer in programmatic advertising is a global network executing billions of ad auctions per day with millisecond latency. The election equivalent is Starlink’s flat-panel terminal, a compact satellite dish that gives a rural or mobile polling site broadband without terrestrial cable. The engineering problem is identical real-time data synchronization across geographically dispersed endpoints and Starlink solves it using the same LEO constellation that has become critical communications infrastructure in active conflict zones. That dual-use history is worth noting. Any centralized satellite network serving as connectivity infrastructure for polling stations is, by definition, a single point of potential leverage.
The data layer in advertising combines first-party behavioral data with third-party demographic enrichment to build audience segments. The election equivalent is the real-time cross-reference of voter registration files, pulling precinct boundaries, local measures, and specific candidate races based on a verified residential address. Functionally this is audience segmentation. The voter is receiving a customized ballot based on their data profile, which is a legitimate and necessary feature of a complex federal democracy but one whose customization logic could, under the wrong conditions, be tampered with.
The delivery layer in advertising determines which ad reaches which user at which moment. In elections, the equivalent is the tabulation and reporting system where individual choices become aggregate outcomes. The architecture described includes air-gapped core tabulation (isolated from any network) and Voter-Verified Paper Audit Trails that print a physical record of each selection. Both exist because the delivery layer is historically where manipulation has been most consequential and most attempted.
III. The Oversight Gap
The comparison moves from theoretical to urgent when set against what has happened to federal election security infrastructure since early 2025.
CISA, which became the primary federal resource for election security after 2018, has shed roughly a thousand employees through DOGE-directed terminations, deferred resignation programs, and mass layoffs. Its red teams, the units that conducted offensive security testing to find vulnerabilities before adversaries did no longer exist. Election security advisory staff were placed on administrative leave, partially reinstated by court order, and then returned to paid leave, leaving their status unresolved.
CISA also terminated a ten-million-dollar cooperative agreement with the Center for Internet Security, which ran the Election Infrastructure Information Sharing and Analysis Center. EI-ISAC was the main channel through which federal threat intelligence reached the roughly ten thousand local election officials who actually run American elections. The Center for Internet Security announced it “no longer supports the EI-ISAC.” Arizona Secretary of State Adrian Fontes put it plainly: “Right now, we are effectively flying blind.”
The proposed FY2027 budget goes further, cutting $707 million from CISA and eliminating its election security program as a line item.
The ad tech analogy is removing brand safety tools, traffic auditing, and fraud detection from an entire ad network at once and then proposing to defund the team responsible for rebuilding them.
IV. Capability and Attack Surface
A pattern familiar from the advertising industry applies directly here; the same features that make a system more capable also make it more attackable.
The infrastructure enabling a legitimate election; Starlink connectivity, biometric authentication, real-time voter file access, centralized database integration, expands the number of places where something can go wrong or be made to go wrong. This is not an argument against modernization. It is an argument for commensurate investment in detection and response capacity.
Ad tech learned this the hard way. For years the industry ran largely on self-reported data. Advertisers assumed their ads were reaching real people in legitimate environments. When researchers began measuring ad fraud systematically, the numbers were difficult to dismiss. The Association of National Advertisers estimated $7.2 billion lost to bot fraud in a single year. Bots generating fake impressions, domain spoofing misrepresenting where ads appeared, click farms manufacturing false engagement. The technology was not broken. The audit layer had not kept pace with the system’s complexity.
Elections have analogous safeguards: air-gapped tabulators, VVPAT paper trails, post-election risk-limiting audits, and administrative decentralization across thousands of jurisdictions. These are meaningful protections. A wholesale manipulation of American election results would require compromising a large number of independent local systems, most of them backed by paper. The more realistic threat is not a single dramatic hack but the quieter erosion of the monitoring capacity needed to detect smaller-scale anomalies, attribute them correctly, and respond before certification.
Starlink terminals, Tripp Lite power infrastructure, and biometric scanners are not inherently compromised. The concern is that removing the federal layer that watches these systems; the threat intelligence sharing, the red team testing, the coordinated incident response, creates conditions where problems become harder to catch and slower to act on.
V. What Gets Lost Without the Audit Layer
Advertising works, to the extent it works, because there is at least an attempt at measurable accountability. Impressions are counted by third parties. Conversion data is cross-referenced. Fraud is identified, if imperfectly, by tools specifically designed to look for it. When that accountability layer degrades, advertisers lose money and eventually lose confidence in the medium.
The stakes in elections are different. The currency is not money but the credibility of the outcome. Widespread belief that results are accurate does not require a perfectly secure system — no such thing exists. It requires visible, independent verification that the outcome reflects genuine votes.
The technologies now proposed for election infrastructure are the same technologies that enable precise targeting at scale. Whether that precision serves voters or subverts them depends almost entirely on what is watching. Right now, much of what was watching has been removed. The machinery continues to run. But who is reading the logs?
VI. How to Audit the System — A Framework for Evidence
Before deploying any part of any system, there is generally a test plan. For readers who want to move beyond concern toward documented evidence, each layer of this infrastructure is auditable through existing legal mechanisms. The following framework tracks what to look for, how to obtain it, and what it could establish in a legal proceeding.
The Power Layer (Tripp Lite UPS/PDU)
UPS event logs record every power interruption, brownout, and battery switchover with timestamps. PDU logs record load fluctuations on individual circuits. Together they create a timeline of when systems were powered, reset, or experienced anomalies during tabulation windows. These are obtainable through public records requests to county election boards and through chain-of-custody documentation required by most state election codes. Unexplained resets coinciding with tabulation periods are worth correlating against result anomalies in the same precinct.
The Connectivity Layer (Starlink/VPN)
Starlink terminal connection logs; timestamps, data volumes, IP routing and VPN authentication logs showing who connected to central tabulation servers and when are the key records here. Any connectivity during periods when air-gap rules prohibit network access would be significant. Starlink logs require a subpoena or federal court order, since SpaceX is a private company. State election offices may retain VPN logs depending on data retention policies. FOIA requests to any federal agency that contracted Starlink for election infrastructure are a parallel avenue. This layer is the most direct analogue to ad fraud detection. Question whether traffic exists that should not.
The Identity and Voter Authentication Layer
E-poll book logs record every voter check-in with a timestamp, verification method, and poll worker ID. Biometric scan records include match confidence scores and rejection rates by precinct. Discrepancies between e-poll book check-ins and physical ballot counts are a primary indicator of manipulation. Most states treat poll books as public records after certification. Voter registration data is generally public and can be cross-referenced against check-in logs. Civil rights organizations including the ACLU and Democracy Docket have established discovery pipelines for this data.
The Tabulation Layer
Cast Vote Records (CVRs) are machine-level records of every ballot scanned and are now public in many states following litigation. Memory card chain-of-custody logs and tabulator audit logs; recording every function, error, and override are the core documentary record. VVPAT paper rolls are the physical ground truth against which everything else is checked. CVRs are obtainable through public records requests or litigation; paper ballot inspection can be compelled through election contest proceedings. Statistical anomalies between CVR data and VVPAT records, or between unofficial and certified results, are the primary evidentiary foundation for any election contest.
Statistical Methods
Before going to court, statistical analysis establishes the threshold case. Precinct-level result distribution analysis, differential comparisons between precincts using identical versus different equipment, turnout modeling against historical baselines, and ballot rejection rate disparities across demographic or geographic lines all produce the kind of quantified anomalies that support a legal filing. Courts have been skeptical of statistical evidence alone, particularly Benford’s Law analysis, but statistical findings corroborated by documentary records from the layers above have been accepted. MIT Election Lab, Stanford Internet Observatory, and the University of Pennsylvania’s election law clinic have established methodologies with track records in litigation.
Who Can Sue and Where
Candidates have the broadest standing, with direct injury from a fraudulent result. Political parties have standing in most circuits for systemic challenges. Individual voters face strict standing requirements and must show particularized harm beyond a generalized grievance. State attorneys general have broad standing and have become primary litigants in election disputes.
State courts handle election contests under state election codes and are the fastest and most direct venue. Federal district courts handle constitutional claims, equal protection, due process, Voting Rights Act violations with broader remedial power but slower timelines. The primary legal theories in current use are Equal Protection under Bush v. Gore (though courts have limited its precedential scope), Due Process for arbitrary or inconsistent application of election rules, Voting Rights Act Section 2 for discriminatory impact, and state election contest statutes, which vary significantly and are the most direct path available.
Administrative challenges before certification are critical. Courts are substantially more reluctant to overturn certified results than to intervene before certification. The evidentiary record needs to begin building on election night.
Organizations Doing This Work
Democracy Docket (Marc Elias) maintains an active litigation docket and accepts tip submissions on election anomalies. The Brennan Center for Justice provides policy documentation and amicus support. Election Law Blog (Rick Hasen, UC Irvine) tracks litigation and publishes analysis that courts cite. MIT Election Lab provides statistical expert witnesses. State-level election protection coalitions coordinate poll watchers and evidence collection in real time on election day.
Sources
On CISA staffing reductions and DOGE cuts:
Pearson, J. “DOGE Has Deleted a Huge Chunk of the Federal Government’s Election Security Work.” WIRED, 2025.
Corasaniti, N. & Savage, C. “Trump Administration Cuts Rattle Election Security Officials.” The New York Times, 2025.
Volz, D. “CISA Election Security Staff Placed on Leave.” The Wall Street Journal, 2025.
On EI-ISAC termination:
Center for Internet Security public statement on cooperative agreement termination, 2025.
Mazzetti, M. et al. “U.S. Pulls Back From Global Election Security Efforts.” The New York Times, 2025.
On Arizona response:
Statement of Arizona Secretary of State Adrian Fontes, reported across AP, Reuters, and regional outlets, 2025.
On FY2027 CISA budget proposal:
Office of Management and Budget, Budget of the U.S. Government, Fiscal Year 2027, Department of Homeland Security section.
On ad fraud benchmarks:
Association of National Advertisers. Bot Fraud Report, 2014–2023 series.
Peretti, J. “The Fraud Plaguing Digital Advertising.” BuzzFeed News / subsequent industry coverage.
On election audit methodology:
Stark, P.B. & Wagner, D. “Evidence-Based Elections.” IEEE Security & Privacy, 2012.
MIT Election Data and Science Lab. election-lab.mit.edu
Verified Voting Foundation. verifiedvoting.org
On election law and standing:
Hasen, R. Election Law Blog. electionlawblog.org
Democracy Docket. democracydocket.com
Brennan Center for Justice. brennancenter.org
On Starlink election infrastructure:
Federal Election Assistance Commission guidance on satellite connectivity for remote polling locations.
SpaceX Starlink government services documentation.
On Tripp Lite/Eaton election infrastructure:
Tripp Lite by Eaton. Power Protection for Government and Election Infrastructure. tripplite.eaton.com
This essay is speculative and analytical. It draws on documented changes to federal cybersecurity infrastructure and publicly described election technology architectures to examine systemic vulnerabilities. It does not allege that any specific election has been or will be manipulated, however we should be aware that it is highly likely according to statements made by both the President and Elon Musk. When they say the elections are rigged, believe them, they’ve consistently delivered.
My great-grandfathers were in business together for a time. They co-owned a mercantile beginning in 1890. The town had a population of 836 in that year, the county 17,236. To their clientele, according to family legend, the one man was too ready to extend credit and keep delaying collection, while the other didn't know how not to make money. In any case, I can't imagine that either of them would have known where to begin making sense of an ethos in keeping with which they were not merely free to prey on their neighbors' credulousness, lack of experience, precarity, or desperation, but were even admired for their sharp dealing and predatory instincts.
Is there a name for the following? The proposition that it's impossible to design a system that a determined antagonist cannot outwit and turn to his or her own advantage. Put differently, the integrity and sustainability of every system created by humans depend on our choosing again and again and again *not* to exploit every weakness in it that we can identify. Instead, we behave honorably, i.e., consistent with noble values that may permeate the system without necessarily being explicitly or overtly spelled out.
In high school, my sons played ultimate frisbee. In ultimate, players police themselves. There are no referees. Matches are player-officiated. “Highly competitive play is encouraged, but never at the expense of mutual respect among competitors, adherence to the agreed upon rules, or the basic joy of play.” They call it the Spirit of the Game.
Imagine a corporation announcing that its purpose is not to maximize shareholder value but to be a good citizen. Imagine a political system in which everyone accepts that it'd be shameful to win at the cost of weakening democracy itself. No matter how technically complex our systems become, in the end, don't they rely upon the virtue of the actors within them?
Donald Trump has the appearance of somebody that's one fat man's malady from from corpse; Vladimir Putin is alleged to be avoiding appearances and under the duress that comes from oligarchs' 'disillusionment' with their ability to get more; and yet:
I'm left with the sense that responsible, democratic self-governance is showing signs of decay in critical organs. I think we're still losing in the cause and hopes of our Founders.
I very much appreciate the very, very granular analysis you're providing. Of the dozen or so intellectually curious folks around me, there's maybe two or three who have the stomach to even absorb this as peril.
Tim Long, Just Up the Hill from Lock 15