This study examines the threats posed by intervention in (or influence on) Israel’s Knesset elections—in broadest sense—by means of cyber-attacks conducted by foreign entities, whether at the state or sub-state level. These threats are very real, as recent years have seen multiple cases of states intervening in elections in other countries using internet-based technology. The study does not look at attempts to influence the electoral process by non-internet means; nor does it cover attempts to influence the elections by Israeli political actors, unless they are acting via a foreign entity, or are being knowingly used by a foreign entity in order to influence the elections by internet-based means.
The goals of the study are to map and identify the main threats to the electoral process and to public trust in the election results, as the public’s confidence that the winners and losers are determined by a process that was not falsified or interfered with in any other way is essential for our most basic social foundations. These threats are assessed based on the technological, legal, and institutional environment in which the defense of Israel’s elections takes place, and policy recommendations are then offered based on this assessment.
Of the countries that over the last decade have been identified as engaging in operations to exert influence via cyber tools, Russia has been the most prominent—albeit not the sole—example, having attempted to intervene in elections in Ukraine (2014), the United States (2016), France (2017), Germany (2017), and the Netherlands (2017), as well as in referenda in the United Kingdom, the Netherlands, Italy, and Spain (2017). These actions were generally intended to support a particular candidate or weaken others, while at least some had other goals as well: to create social rifts in those countries over substantial issues and thus weaken social unity; to advance strategic goals, such as weakening the NATO pact; to undermine the principle of abiding by international norms; and to damage public trust in the democratic process.
Cyberspace offers a range of means and methods for influencing elections, such as: theft of information from political figures and disseminating it in a way and at a time that will hurt opponents; corrupting information within the election system—ranging from altering the electoral register to altering results—in order to undermine public trust in the results; preventing use of systems by inflicting DDOS (distributed denial of service) attacks at a pre-determined time, and in places that use electronic voting systems, attacking the computerized voting machines; creating and spreading fake news over social networks; hoaxing third parties, such as journalists, by using false identities on the web; and more.
Experience shows that attempts to intervene in elections involve three main types of attack: (a) attacking the execution of the electoral process at any of its stages, whether via forgery or by interference with or denial of service; (b) attacks on political parties and figures using various means, including stealing personal and political information and publicizing it at an advantageous time, interfering with party preparations for the elections, and more; and (c) attacking social networks and news sites as sources of major influence over voters’ political positions, using cyber tools.
Cyber-attacks on the electoral process may include the use of technological tools such as bots and big data technology; use of advanced tools for hacking into computer systems; and the use of paid trolls, infiltration of innocent web forums, and more. These tools have been used, for example, in operations aiming to disseminate misleading information to a very large audience; to steal information and selectively publicize it at a time that will have most impact on the elections; in personalized micro-targeting operations; in operations to exert influence by damaging infrastructure; and more. What all these efforts tend to have in common is that the source of the attacks is masked, making it very difficult to determine which state or organization is behind them, and to clearly identify the attacker.
The outcomes of the cyber-attacks on elections in the United States and other Western countries in recent years have shown that no country can remain indifferent to the very real threat of cyber-attacks against its electoral process and against public trust in the election results. Thus, a series of actions are required, in terms of both defense and deterrence, in order to significantly bolster the resilience of democracies and to effectively protect them against such attacks. However, when liberal democracies seek to defend themselves against attacks of this kind, many questions arise regarding democratic principles and concepts, chief among them being how to ensure that activities designed to prevent attacks on the electoral process will not themselves be used to harm such liberal democratic principles as freedom of expression, privacy, and equality.
Cyber-attacks intended to harm Israel’s electoral process could be carried out in all the ways in which electoral systems have been attacked in other countries. In addition, Israel is a riven and polarized society with strong internal tensions over many questions: Jewish-Arab relations, religion and society, the future of the occupied territories, and more. Thus, striking at social consensus over the electoral mechanism as the main national expression of democracy and as the source of the government’s legitimacy—and as a way of undermining public trust in the election results—could be particularly deleterious to the social bindings that allow Israel’s social disagreements to play out within a functioning society. Because of this, protecting the electoral process in Israel carries special importance.
A review of the institutional structure of the organizations that are responsible for various elements relating to the security of the electoral system—in its broadest sense—against cyber-attacks reveals that this responsibility is divided (as detailed in the study) among several entities, including the Central Elections Committee, the National Cyber Directorate, the Israel Security Agency, the Israel Police, the Knesset Sergeant-at-Arms, the Ministry of the Interior, the Privacy Protection Authority, and the Registrar of Databases and the Cyber Unit in the State Attorney’s office.
It appears that the overall responsibility for protecting the elections themselves from cyber-attack lies with the Central Elections Committee, while the preliminary stage (preparing the electoral register) is the responsibility of the Ministry of the Interior. It is not clear who is responsible for protecting political parties, and in practice this is handled by the party directors-general. As regards political figures who might be targets for attack, the Knesset Sergeant-at-Arms is partially responsible for data security for serving members of Knesset and their parliamentary aides, but it is not clear who is responsible for protecting political figures who are not Knesset members from cyber-attack. The issue of influencing elections via manipulation of social media and news websites is the most problematic for defining and setting clear responsibilities, and here the division of responsibility between the National Cyber Directorate and the Israel Security Agency should be properly examined.
The main problem lies in the fact that monitoring the internet in order to protect free and democratic elections is an activity that itself carries noticeable dangers for democracy, as there is a concern that tracking the activities of voters and of political activists may serve to limit freedom of expression and impinge on privacy and equality in the elections—interests that lie at the heart of the democratic process. Consequently, the precondition for any regulation or legislation on this issue must be an assessment of its impact on freedom of expression, on privacy protections, and on other civil rights, given the particular sensitivity of the electoral process.
Moreover, the extreme sensitivity of the electoral process requires unique rules of subordination and reporting, especially regarding the relation between the constitutional responsibility of the Central Elections Committee for the purity of the elections in their broadest sense, and the fact that the security organizations report directly to the government. It is also necessary to set principles for organizational coordination and boundaries regarding this issue between the security and enforcement agencies themselves, principles for notifying the public, and more.
The following policy recommendations are intended to strengthen and improve the defense of the electoral process in Israel, in its broadest sense, from cyber-attacks by foreign entities, both in order to prevent any undue influence on the election results and to maintain public trust in those results.
The main recommendations are as follows:
(1) The overall responsibility for protecting the elections process from foreign intervention should be given to the Central Elections Committee, with a clear ruling that the constitutional and institutional independence of the Committee will be maintained in this field as well. Consequently, the responsibilities and powers of the chairperson of the Central Elections Committee in this regard should be clearly defined.
(2) A permanent advisory committee should be appointed to advise the chairperson of the Central Elections Committee on protecting the electoral process from cyber-attacks by foreign state entities. The roles of this advisory committee will include coordinating and sharing information between the various bodies regarding cyber-attacks on the electoral process; recommending to the chair methods of identifying such an attack and its source, and means for thwarting it or limiting its harmful effects; and making recommendations to the chair on publicizing, partially or fully, the fact that an attack has taken place, including the timing of such an announcement.
(3) The elections process should be declared a “critical national infrastructure”, anchored in the Knesset Elections Law.
(4) The National Security Council (NSC) should formulate an overall approach for the defense of Israel’s electoral system from foreign intervention, and submit it for approval by the relevant body—the Government or the cabinet.
(5) Regulations should be introduced stating which body has responsibility for protecting political parties from cyber-attacks and how this should be done in practice. Funding should be made available, including via “designated funds” set aside in the parties’ election budgets, so that each party can implement the security proposals autonomously.
(6) Responsibility for protecting members of Knesset and their parliamentary aides should lie with the Knesset Sergeant-at-Arms, and rules should be set down for reporting between the various entities involved in protecting the electoral process from any suspicion of cyber-attack against members of Knesset or their parliamentary aides.
(7) The directors general of political parties should be made responsible for protecting their Knesset members’ use of computers that are not under the jurisdiction of the Knesset Sergeant-at-Arms, as well as defending against cyber-attacks on political figures who are not members of Knesset. The directors-general should apply data security rules that will be issued by the Central Elections Committee, based on recommendations from the National Cyber Directorate.
(8) It should be made a requirement, either via recommendation or through binding act of legislation, that primary elections within political parties should be held using paper ballots and not computerized systems.
(9) The National Cyber Directorate (NCD) should be made responsible for defending against any cyber-based attempts to influence elections via social networks and news websites. If any such attempts are identified, they should be reported to the chair of the Central Elections Committee and to the Israel Security Agency (ISA). Arrangements for which body is responsible for dealing with these attacks should be agreed between the NCD and the ISA, with the approval of the chair of the Central Elections Committee. Due to the sensitivity of this subject, a dedicated unit should be set up within the NCD to handle it, overseen by a body headed by a retired justice. This body will ensure that the unit’s activities are restricted to identifying use of social networks to influence elections in Israel to serve foreign interests.
(10) The chair of the Central Elections Committee should have the power to decide whether to make public the discovery of an attempt by a foreign entity to influence the elections.
(11) Agreements should be reached for international cooperation to identify the source of any attacks discovered. International cooperation to identify the source of attacks should be promoted; this should include an attempt to draft an international treaty.
(12) A covenant should be drafted in which all political parties commit to refraining from operating virtual accounts (bots and trolls) as part of their political campaigns, whether directly or indirectly.
(13) The act of collusion between an Israeli citizen or resident and a foreign entity with the aim of influencing the elections should be made a criminal offense. This offense should be defined carefully so as to restrict it only to relevant cases, and prevent it from being applied against worthy activities that are not the target of this legislation.
(14) The establishment of a broad civil system for fact-checking should be encouraged, as part of the public resilience mechanism to defend against targeted misdirection.
(15) The possibility should be explored of passing a law that forbids the use of personal information for political micro-targeting, or at the least, that requires full transparency for those being targeted that the message presented is from a political source.
Implementing these recommendations, and paying continued institutional attention to technological changes and developments in the field of cyber-attacks, can strengthen Israel’s ability to defend itself and also increase public awareness of the issue, which is an essential component of democratic resilience.