We Must Ensure Democratic Integrity In The Digital Age

In the past several years, liberal democracies have been subjected to a variety of distinct “attack vectors.” They have been used in Germany, France, the U.K. and the U.S. since 2015. Some are linked to Russia. These new vectors include a range of disparate approaches that are sometimes used together, all under the misleading general rubric “election hacking.”

Here’s how they work:

 

1. Hacking into the servers of political parties, parliaments and political figures

Best known, of course, is the 2015-2016 hack of the U.S. Democratic National Committee by the Russian hacking group APT 28, also known as Fancy Bear. The same group also has hacked into the German Bundestag and German political parties’ think tanks and into the campaign of Emmanuel Macron, then a French presidential candidate. Just this past week, the U.K. Parliament was hacked.

It is tempting to dismiss this as simple espionage that is simply on a higher and more sophisticated level than before. After all, countries have always been interested in what other countries’ politicians think; the tools these days are simply more sophisticated. Today, spy agencies know more about the internal workings of parties in democracies than in decades past. The problem comes when this information is published or when parliaments, think tanks and politicians are unsure of their privacy and restrict their communication. It is hard to work with the nagging doubt that perhaps some foreign intelligence agency is reading all your correspondence, especially when you know they have done so in the past.

 

2. Publishing hacked emails

Often nowadays, the “doxing” ― publishing hacked information ― is selective, targeted to embarrass only one candidate for another’s benefit. Russian hackers breached both Republican and Democratic servers but only released information on the Democrats. No emails from the Front National, the far-right French party, were doxed. As a new twist, some of the doxed emails from Macron’s servers were clearly fakes, planted there to cause even more damage.

 

3. Spreading fake news on social media

Social media has become a primary factor in political campaigns. A Pew study from May 2016 found that 62 percent of Americans get their news from social media. Studying the spread of fake or unsubstantiated news, BuzzFeed reported last year that in the three months leading up to the U.S. presidential election, Facebook users shared some 8.7 million “fake” stories. In contrast, users shared 1.3 million fewer true and verifiable stories. This is the human side of enabling the dissemination of false political news and causing electoral disruption. Abetted by non-digital mass media, false stories such as “Pizzagate,” a conspiracy theory about Hillary Clinton, reach even wider audiences. More generally, fake and sensationalist news often goes viral. Real stories often don’t. Fake news is cheap to produce. Genuine journalism is expensive.

4. Social media robots or “bots” spreading misinformation 

Bots on Twitter repeat false news automatically at a rate no human can possibly hope to achieve, and thus false stories start trending. Trending stories, in turn, are spread further by human users.

 

5. Algorithms processing big data to target voters with highly individualized political advertisements

Benignly, such practices can be viewed as simply a new marketing tool. However, Facebook’s announcement this weekthat it will not release data on who paid what for ads contrasts sharply with requirements in the U.S., for example, that mass media make their expenditures public. Even more disturbing is Facebook’s refusal to make public so-called “dark ads,” paid for by political campaigns and viewed only by the targeted user. Just as disturbing: we also remain in the dark about what personal data has been used to target individuals. 

 

6. Hacking voter rolls

The recently arrested U.S. National Security Agency employee Reality Winner allegedly leaked an NSA report that Russia had hacked into voter rolls from 39 U.S. states. The Department of Homeland Security’s acting deputy undersecretary of cyber security, in Congressional testimony, stated later that servers with voter rolls were breached in 21 states. The question is: To what end? To provide more granular data for big data analytics for Facebook ads? To engage in “voter suppression” by eliminating from the rolls voters whose profile indicates they would vote a different way? We simply don’t know.

None of these new “methodologies” or attack vectors were, to our knowledge, used to actually manipulate voting lists. At least not yet. They do, however, represent a dramatic change in the political process from the way elections were run in the past. Clearly, if we want to maintain the integrity of the electoral process, democracies need to enact changes. Some are technological; others are legal and regulatory.

Parties, candidates and legislatures must use far more secure communication technologies. Two-factor authentication is a sine qua non. In the DNC hack, 126 of the 128 people with access to the server used two-factor authentication. Two did not. When hackers have access to powerful computers that use brute force hacking, they can crack almost any password; even one user with insecure access being successfully hacked can result in a major breach.

No comments: