Protecting elections from hacking

Nina Hyvärinen,
Head of Corporate Relations,
F-Secure
Finland

Meddling with the elections. Why is someone doing that?

The aim may be to try to get a certain end-result and influence the future policy choices. Perhaps the aim is to predict the winner, and influence them early on. Sometimes it is to undermine the legitimacy of the whole process and disincentivize people to participate.  Even if just one part gets hacked, the integrity of whole process can be questioned.

Influencing voters is not necessarily about getting them to change their opinion. It can be about reinforcing the way they are already thinking. Making people more extreme. Widen the cracks between different groups. Make already existing bubbles stronger and more isolated.

Meddling with elections and voters destabilizes society and weakens our confidence in democratic processes.

Fake news and social engineering

Social media has made us easy targets for tailor-made campaigns. We reveal in the internet basically everything. Technology companies have vast amounts of data about us. They know more about us than our family and friends. We ask Google questions we would never ask our family. All this data is extremely valuable and can, and has been capitalized.

Social engineering and fake news have become part of democratic processes and elections. Complexity of our social networks and social media channels have made it possible to misuse them.

Playing with algorithms makes it difficult for us to see what is going on. More we learn about how people make decisions, easier it is to develop effective algorithms and influence our decision-making.

There is a market for meddling with social media. You can buy followers, likes, recommendations, re-tweets, you name it. Anything is on sale. We simply cannot trust the authenticity of communication.

Cambridge Analytica is a case in point. It opened people’s eyes to understand how our personal data can be misused for political purposes without our consent.

As citizens and voters, we need to get much more savvy on validating information and checking facts. How do we behave when we know that we are under influenced by algorithms?

How can we know if we can trust the news article we see in our feed? It looks serious and professional, but is it real.

It is difficult to tell when looking at some of the faked news sites whether they are legitimate or not. Engineered twitter and other accounts share links to these serious looking sites. We need to learn to become more critical about the news sources and check facts.

Brexit tweets is a good example. There have been a number of active players with fabricated news sites tweeting and getting retweeted. A lot of these Brexit-related tweets did not come from the UK or Europe. At the French elections we saw a number of tweets which were not in French and tweeted at a time when French were asleep. Makes you suspicious, and rightly so.

Voting electronically, or rather not

Our societies are becoming more and more digital. I am all for it. But as we run our errands and do our banking online, should we also vote electronically? Sounds appealing.

In the election process there are many parts where it makes perfect sense to rely on technology, like in counting votes.

Casting your vote is the tricky part. As  a voter you need to be registered and identified to vote. But when you cast your vote, you need to become anonymous again. In safeguarding secrecy, pen and paper is actually a great way to organize a ballot.

What if you have a complicated ballot which makes digitalization necessary, like in cases where you vote on a number of things? Even then you should still be able to go back and have a voter-verifiable paper trail.

The key is to safeguard the integrity of voting as a process. How can we make sure that if votes are cast electronically, they cannot be tracked back to an individual or that a vote is not cast more than once? With today’s data breaches we know how difficult it is to build a safe system. If someone wants to get into your system, they will eventually get in.

Anything smart is vulnerable. Be it a smart voting system or smart fridge. It would take strong cyber security capabilities to secure a system. Systems can be hacked and elections are a likely target. But would the hacker be a young hacktivist frustrated with politicians or a nation state pushing for a certain outcome?

In organizing voting the key has always been to build in necessary checks and balances. Elections need to be designed so that they give us security and privacy. Security experts could be used to look at the legal code the way they look at a computer code. We should run security audits and apply hacker mindset to look at the overall election process. This would help us to identify vulnerabilities, and tackle them.

However, election systems and technology are harder to hack than people. In the run-up to various elections, let’s be aware of fake news, social engineering and power of algorithms.

Expert article 2485

> Back to Baltic Rim Economies 1/2019