James Grimmelmann, Total Information Awareness, The New Republic (online ed.), Dec 10, 2008:
You don’t need to be paranoid to come up with privacy threats involving the profiles the Obama campaign has assembled on its supporters. What if they gave your call records to the NSA? There are marketers out there who’d pay good money to know that you’re a 38-year-old suburbanite who’s concerned about the environment. And if Bill Ayers was at one of those Obama house parties you went to, your own run for President in 2024 is so toast. All of which raises an important question: Just what can they do with all that information?
It turns out that the Obama campaign’s use of the data is almost completely unregulated. The U.S. has no comprehensive privacy law, meaning that once your name is in a database somewhere, there’s basically nothing you can do about it. Indeed, many of the special-purpose privacy laws we do have—e.g., the do-not-call list, the CAN-SPAM Act, and California’s Online Privacy Protection Act—only apply to businesses, not political groups. The Obama campaign can share the contents of its databases with the DNC, or with Wal-Mart, or Hugo Chavez: anyone it chooses. …
Given the anything-goes legal landscape, should we be afraid of the ObamaBase? Actually, no. The Obama campaign has the means and the opportunity to violate your privacy—but it doesn’t have much of a motive. From a partisan political perspective, most of the things the Obama campaign could do to its supporters would be unmitigated disasters for the Obama 2012 effort.