A screenshot of the suspicious text message began making the rounds on social media Wednesday.
"Hi, it's Patsy here w/Beto for Texas. Our records indicate that you're a supporter," the text message read, purportedly coming from a volunteer for Texas Senate hopeful Beto O'Rourke's campaign. "We are in search of volunteers to help transport undocumented immigrants to polling booths so that they will be able to vote. Would you be able to support this grassroots effort?"
The text did originate from a service called Relay, which O'Rourke's volunteers use to contact potential voters. But the message itself—promoting overt voter fraud—wasn't sanctioned by the campaign. "It was sent by an impostor," O'Rourke's communications director Chris Evans said in a statement. The opposing Ted Cruz campaign has said they had nothing to do with it either. Within a day, Relay shut down the account behind the phony solicitation.
The hoax was short-lived, and, Relay CEO Daniel Souweine assures WIRED, is "a total outlier," among the millions of texts that have been sent through the platform this cycle. And yet, the entire ordeal reveals a new and largely undiscussed battleground in the information war being fought on just about every digital front.
Ironically, the text began circulating online just as top executives from both Facebook and Twitter appeared before Congress, laying out their plans to prevent trolls and propagandists from using their platforms to spread disinformation. They spoke of using artificial intelligence and legions of human moderators to root out bad behavior, while lawmakers promised regulation to keep the companies accountable.
Meanwhile, a growing number of campaigns and political groups are relying on texting tools that have virtually no guardrails at all. They allow any campaign volunteer to access a list of phone numbers, and send whatever message they please. Because volunteers send each message individually, and have the freedom to edit what each one says, these so-called peer-to-peer texts circumvent the regulatory restrictions the Federal Communications Commission places on robotexts. During the 2016 election, both the Donald Trump and Bernie Sanders campaigns demonstrated the effectiveness of the approach, leading to a spike in activity in the run up to the midterm elections this fall.
Despite their sudden growth, these young companies have failed to prepare for the type of manipulation that has plagued other, larger tech platforms. Instead, they leave it to the campaigns to thoroughly vet their volunteers, just as they would a phone-banker or in-person canvasser.
"The more barriers to entry you have, the less likely trolls are to jump through them," says Souweine, who founded Relay after leading Sanders' national texting program in 2016.
He found out about the phony O'Rourke text the way most people did: On Twitter. Relay quickly shut down the account, but Souweine declined to share details about the perpetrator, saying it's up to the campaign to investigate who the person was and how much damage they did. According to Evans, "not a large amount of messages," were sent, but the communications director declined to provide a specific number, and didn't respond to repeated requests for comment about whether and how the campaign monitors volunteers' texts.
All it takes to sign up as a texter for O'Rourke is filling out a form on his webpage. You then receive an email with instructions for setting up a Slack and Relay account, and a link to a site where you can sign up for a shift. The email comes with instructional YouTube videos, which explain how it all works. Volunteers log into Relay, where the campaign issues them a preloaded script and list of people to contact. It takes about 30 minutes to click send on each individual text, and volunteers are free to edit the message as they see fit. About 10 to 15 percent of voters reply, according to the video, and when they do, the campaign offers up a list of scripted responses about, for example, where voters can secure a yard sign. After the texts are sent, campaigns can check what's gone out for any irregularities. But in the case of the O'Rourke text, the damage was already done.
Souweine emphasizes that what happened to O'Rourke's campaign is incredibly rare. "There’s a scant few times where this has ever become an issue. You don't build software for the edge cases," he says.
Practitioners in the field argue that what happened to O'Rourke is the risk you take when you enlist volunteers to spread your message, no matter the medium. "Anyone can pass a smell test, become a door-knocker for a campaign, and say something crazy," says Gerrit Lansing, former chief digital officer for the Republican National Committee who cofounded the peer-to-peer texting company Opn Sesame. At least texts leave a digital trail behind, he adds.
True enough, but texters also operate on a much larger scale than the average door-knocker. The O'Rourke campaign's training videos say texters typically contact 500 to 800 potential voters in a 30-minute period. In the time it takes to catch a problematic message, hundreds or thousands of people could have been misled. And in a tight race like O'Rourke's, that matters.
Some platforms have developed tools to alert their clients to anomalies after the fact. Left-leaning campaigns and organizations have used a tool called Hustle to send and receive 17.5 million political messages this year alone. Hustle uses automated triggers that let its staffers know if, for instance, a given message drives an unusually high number of people to opt-out of text messages altogether. "Our client success managers would investigate in real-time," says Roddy Lindsay, CEO of Hustle. Still, even that safeguard comes after the fact.
These risks have been top of mind lately for Sangeeth Peruri, CEO of another texting company called VoterCircle. Unlike Hustle, Relay, or Opn Sesame, VoterCircle is a friend-to-friend service, meaning that volunteers first upload their own contact lists to see which of their friends a given campaign might want to reach. Then, they're free to contact them by email or text. This tool has been used to send hundreds of thousands of messages during the Virginia gubernatorial elections and the special election in Alabama, among other key races.
During the Virginia race, Peruri says he was afraid that some of the neo-Nazis who rallied in Charlottesville just months before might try to co-opt the Democrats' message. So VoterCircle set up an approval system on its email service: Any time someone changed the given script, the campaign would have to give the OK before it went out. Though campaigns had the option to turn this off, VoterCircle made it the default setting, meaning most left it in place. "We never saw any nefarious activity, but we were protected," Peruri says. In a few cases, he says, it helped campaigns better understand the kind of message their volunteers thought would resonate most.
For now, peer-to-peer texting remains a regulatory gray area. While the FCC has strict rules around robocalls and texts, it hasn't tried to rein in this new class of companies. The industry is hoping to keep it that way. Earlier this year, a lobbying group called P2P Alliance, of which Opn Sesame is a member, issued a petition asking the FCC to clarify that peer-to-peer texting is exempt from regulations laid out in the Telephone Consumer Protection Act, which restricts automated dialing and texting.
In the absence of federal guidelines, it's up to the companies, and the campaigns themselves, to prevent misleading messages from being sent in their name. Lucky for O'Rourke, the message the rogue texter sent was outrageous enough to be easily dismissed as a troll. But what if a slightly savvier bad actor tweaked the message in a way the average voter could believe? And what if they weren't the only ones? Right now, it's not at all clear these platforms would be prepared to do much about it. Sure, this text may be an outlier today. But sometimes an outlier is really just a warning sign.