By: Ron Shamir and Eli Bahar
Read the Full Paper Here (Hebrew)
Read the Paper's Summary (English)
In recent years we have witnessed a series of cyber-attacks aimed at the electoral system in various democratic countries. For example, in a Israeli Knesset hearing held in July 2017, it was reported, among other things, that "... according to American reports, the computers of the Democratic Party in the United States were breached a year prior to the elections ... information was shared on the network at a predetermined time, It has been rumored that Hillary Clinton, who is running for president, is sick, and the question is how much this has affected her perception of competence ... Research has shown that about 20 percent of Twitter conversations about elections in the United States before the election in a given month, were carried out through so-called "social bots" - social robots - which is an algorithm in a computer that spread messages, posing as a real Twitter user and distributes targeted messages".
It is not always possible to know who is behind the attacks, but analyzes based on the scope, sophistication, and resources required for these attacks lead to the conclusion that at least in some cases the attack was a hostile state entity. In addition, organized hacker groups have the ability, and sometimes the motivation, to intervene by tampering or counterfeiting, in state election campaigns, so that potential attackers are not limited to states.
Schematically, the attacks on the electoral process can be carried out by means of cyber tools found in three main domains:
A. Attacking the electoral process itself: An attack can be carried out in one of two ways - disrupting and damaging the electoral process - in a manner that will impair the ability to sustain the process or reach results (for example, resulting of damaging vital computer systems,) or falsify the results of the vote -. Tampering may be carried out by means of cyber-attack of voting machines (in countries using such machines) and/or disruption or falsification the computer network involved in counting of votes.
B. Attacking parties: The parties are the main players in the political arena in general and in the election campaign in particular. The sensitive information that party usually treasures relates to the list of potential voters/supporters and their campaigning and campaigning system - including on Election Day itself; Internal correspondence, whose exposure is likely to embarrass the writers; Information relating to the planning of the campaign, including information on political opponents, planning to raise or minimize issues, and so on.
C. Influence on the public through the use of social networks: The emphasis is on an organized and covert campaign aimed at influencing the electoral process by spreading rumors, publishing and empowering tendentious information (true or false) that is not legitimate election propaganda. Use of illegal distribution methods such as: bots, disguising the source of content, blocking legitimate information and other means, provided that their purpose is to influence the election campaign through the use of social networks in an unattributed form. In this regard, it is necessary to formulate criteria that distinguish between legitimate and illegitimate propaganda, to propose the mechanism that will determine them, and to bring them to the attention of the public.
Another dimension concerns the question of attribution, "who is attacking?" A foreign entity? Whether it is a local, political, criminal or other actor, and what is the significance of the distinction regarding the policy that the state must take against the various attackers.
The study will focus on the analysis of the state's responsibility for each of these dimensions, weighing the advantages and disadvantages of the various alternatives and recommendations regarding the policies required to deal with the phenomenon, including the time dimension - which is critical to the effectiveness of the action. Exposure and action during the election process is much more effective then post-mortem. In this context, it is necessary to establish a policy regarding public information sharing, which is of paramount importance, as some of the ways to neutralize the results of the attack are by informing the public in real time.
Objectives of the study
A. Mapping and identifying the main threats to the electoral process by foreign entities (foreign countries and foreign organized non-state actors) and the public's confidence in the election results. In terms of cyber-attacks - a comparative perspective;
B. Analysis of the technological-legal environment in the field of protecting the electoral process in Israel;
C. Policy recommendations.
Research Question
The study seeks to answer the question of what are the main threats to the election campaign in the cyber domain? What can the regulators do in order to increase public confidence in the election process and its results?
Methodology
A. Conducting interviews - Central Elections Committee; Israeli National Cyber Directorate.
B. Conducting comparative research.
C. Combining the technological and legal fields in all aspects of the study including policy recommendations. For example, the recommendations will address technological issues, such as the technological security of election campaign computers, as well as the creation of legal infrastructure to protect the election campaign from propaganda that is not a legitimate election campaign, and the development of a technological system to identify illegitimate propaganda on social networks.
The product will be a policy paper that will be presented in a forum that will be set jointly with stakeholders.