Can the electoral processes be protected?
The past two years have seen electoral
contests taken place in several countries long regarded as key players on the
global stage. However, the elections raised a whole host of questions, among
which the most pressing was whether a cyberattack could influence an electoral
process to the extent of causing a shift in the political course of a nation?
To venture a definitive answer to such a
question would be a daunting task for anyone, regardless of whether they sat in
the chair of a political scientist or cybersecurity researcher. Nonetheless, it
has become apparent that the scenario in which we currently find ourselves,
poses a number of challenges. There is substantial evidence that the
implementation of electronic voting has yielded results that are far from
secure, as we will demonstrate here.
Moreover, there are two other crucial factors
to which we must draw attention. Firstly, the influence of social networks on
public opinion, especially in respect to pushing a political agenda,
particularly the way in which they support hacktivism; and lastly, the need to
include national cybersecurity issues as part of the political agenda.
Insecure electronic voting systems
It was only a matter of time before
information technology would be incorporated into the electoral process,
especially given the reasons why certain countries (such as Argentina, Brazil,
Germany and the United States) decided to introduce a limited implementation of
electronic voting, in some extent: to put an end to fraud, to standardize and
speed up the counting process, and to supplement rather than replace the paper
ballot system.
We can all agree that technology advances
inexorably, but perhaps efforts should be aimed toward implementing more control
mechanisms rather than favoring an approach that actually adds new
points of failure without removing any of the risks.
Just as unscrupulous campaign officials,
activists and other key players have found ways to commit fraud over the years
by exploiting the electoral system itself, soon cybercriminals will discover
ways to capitalize on the digital system, particularly if they are armed with
sponsorship of some kind.
Back in 2006, Finnish computer
programmer and co-founder of ROMmon, Harri Hursti had already
demonstrated in the well-known documentary Hacking Democracy, how
the Diebold voting system in Leon County, Florida, could be easily and
completely compromised just by using a memory card.
Just like that, he was able to change all of
the votes without being detected. Nonetheless, this same software – that with
just a few adjustments, a new name and a change of ownership – continues to be
used in the United States to record and count tally votes.
Fast forward 10 years and very little has
changed, other than the fact that additional evidence has been revealed. Brazil’s electronic ballot box has been mired in
controversy since 2012, when it was discovered that it was possible to crack
voting secrecy completely. After years of substantiated allegations of
vulnerabilities, the Superior Electoral Court will go back to implementing
paper ballots (in a hybrid format) for just 5% of ballot boxes to be used for
elections in 2018. Meanwhile, electronic ballot procedures in both Argentina and Germany have been shown to be flawed as well.
The preponderance of evidence to date,
strongly suggest that we cannot rely solely on technology for something as
significant to our lives as the electoral process; it must only be used as a complementary
tool. If the idea is to mitigate any and all forms of fraud, thus boosting
faith in both the results and our democracies, we must consider hybrid systems
with both paper and electronic ballot records.
Hacktivism that can change public opinion
Social media has become the new frontier of
the political stage and used by political campaigns to reach increasingly large
numbers of people. As we now know, these same networks have also been used to
undermine electoral campaigns by spewing falsehoods, and promoting fake news
reports, not to mention widespread attacks on reputation aimed at public
figures.
A number of these attacks use bots, computer
threats such as bots or other form of malware, which could be mitigated with
adequate security management protocols in place. Otherwise, what might appear
to be the indication of a trend may actually be the manifestation of a group of
attackers.
While such an attack might help to manipulate
or skew popular opinion, it does not signal doomsday for democracy. However,
but it does pose some critical cybersecurity challenges in order to ensure that
the voice of the populace is truly represented in the elections.
The “Defending Digital Democracy” program, announced earlier in
July, is backed and endorsed by companies like Facebook and Google, which
suggests how highly they rate the importance of securing these types of
mechanisms.
If the parties involved don’t take matters into
their own hands, these kinds of incidents will continue to happen well into the
future.
National cybersecurity
If technology is a major part of our lives,
then the governments must be tasked with the responsibility of ensuring that
users interact with technology as safely as possible, by implementing a
national cybersecurity programs engaging with key players, such as CISOs and
auditors.
And if public officers, such as court
authorities or voting commission officials, must make decisions regarding the
implementation of certain technologies, then they should undergo cybersecurity
training appropriate to the situation, to help them make the most suitable
choices.
There is no doubt that new risks come with
every new advancement, but if we want to use technology to improve our lives,
then we must prevent it from creating greater problems overall than benefits.
All aspects of an electoral system must be regarded as part of every country’s
critical infrastructure (and be safeguarded as such).
The challenges are laid out before us. Now is
the time to engage in preventive measures that focus on the digital security of
information, and all those involved must contribute to solutions that guarantee
the proper implementation of democratic processes.