Canada will co-host a two-day workshop on improving information exchange between governments, civil society and technology companies to fight election interference and disinformation.
Dominic Leblanc, president of the Queen’s Privy Council and federal minister responsible for protecting Canada’s electoral and democratic institutions from cyber and non-cyber interference, made the announcement this morning in a webcast.
Ottawa is partnering with Microsoft and the Alliance for Securing Democracy, an independent U.S.-based think tank with experts on disinformation, malign finance, and elections integrity.
“Over the next few months, Canada will be working with its partners Microsoft and Alliance to prevent electoral interference in our country, and work with democracy around the world,” Leblanc said. The online workshop will be its first effort.
The announcement is a follow-up to the 2018 agreement by 75 nations and hundreds of non-government organizations and private sectors firms to the Paris Call for Trust and Security in Cyberspace. That document is comprised of nine principles followers pledged to work on, including defending electoral processes.
“What citizens now ask of us is we come together to make sure the Internet remains an effective democratic tool, that it is resilient in the face of threats posed by malicious actors and serves as a place of secure communications and reliable information-sharing,” Leblanc said. Canada is now taking the lead to protect electoral processes from interference by co-leading principle 3 (defending electoral processes) of the Paris Call for Trust and Security in Cyberspace.”
However, Leblanc gave no details on what or when the efforts will deliver. In an email, his office said, “we are in the process of finalizing our workplan for 2020-2021 and will have more to say soon.”
Even before the Paris call as host of the 2018 G7 meeting in Quebec, Canada and others members vowed in their final communique to work directly with Internet service providers and social media platforms to curb what they called the “malicious misuse” of information technology by “foreign actors” who violate privacy through data breaches.
Canada made it a criminal offence to hack into a computer during a federal election period, part of a package to protect this country’s electoral process. And shortly before the 2019 election it took several more steps including the creation of the Security and Intelligence Threats to Elections (SITE) Task Force to prevent covert, clandestine, or criminal activities from influencing or interfering with the electoral process.
This week’s two-day online workshop is described as “the first of our activities” held in partnership with the European Centre of Excellence for Countering Hybrid Threats.
However, during the webcast, Canada’s private sector partners in the effort didn’t hide how difficult the fight will be because the Internet is an open platform.
“The problem of election interference is not going away,” said Microsoft president Brad Smith. “If anything, we’re seeing more countries act with more sophistication to undermine the importance of democracy.” To combat the threat, many communities, including countries, the private sector, academia and others, have to work together, he said.
“We need to do more to share information on the relevant threats that we’re all seeing … to build resilience of political campaigns and parties against cyber threats, to do more to misinformation and disinformation, even amidst the COVID-19 pandemic.”
“This is not a ‘one-and-done’ announcement,” he added. “It’s the first step in a number of steps that will follow … and with a clear goal in sight.” November will be the third anniversary of the Paris Call. Between now and then there is an opportunity “to create a guide to the kinds of best practices that can be used by governments around the world” to combat election interference.
“This is no small task and we have a lot of work ahead of us,” said Laura Rosenberger, director of the Alliance for Securing Democracy. “Democracies around the world are facing shared challenges, and we need to be better at sharing information on both the evolving nature of the threats we are facing and the lessons we learn about what does and doesn’t work in response.
“We really hope this community underneath the Paris Call umbrella will provide a mechanism for capturing and sharing lessons in a more sustained and robust way.”
COVID-19-related misinformation and cyber attacks are also a part of the wider effort aimed at weakening democracies and undermining our institutions, she added.
It requires ongoing vigilance and efforts to build resilience in our populations in a sustained and ongoing manner the pandemic just exacerbates these challenges. “Authoritarian regimes and malicious actors are seeking to take advantage of the crisis to undermine our institutions and democratic governments.”
Among the practices Smith and Rosenberger praised were efforts by search engines and social media to ensure authoritative content is prioritized in searches, improving media literacy among the public and helping political parties fight cyber attacks. The webcast repeatedly emphasized that the battle needs partnership at all levels. Governments, added Leblanc, can’t legislate a solution.
Social media platforms and their ability to be used by botnets to multiply and amplify messages are a particular concern. In March a researcher at the U.S.-based Brennan Center for Justice (named after a former Supreme Court justice) noted that during the U.S. 2016 election a Russian-based group called the Internet Research Agency created “shell groups” mimicking grassroots advocacy groups, and in some cases, impersonating candidates. Those fakes were relatively easy to detect, as an examination often revealed that those shell groups existed solely in Facebook Pages or external websites. More recent work by this group suggests it has adapted.
In response to the 2016 revelations Facebook and other social media sites have been taking down accounts they believe are aimed at manipulating public debate. However, it’s a tough process. Facebook alone says it has 35,000 people doing content evaluation and fact-checking.
Christian Leuprecht, a security and defence expert at Royal Military College and Queen’s University in Kingston, Ont., said in an email that in partnering with both the Alliance for Securing Democracy and the EU’s Hybrid Centre of Excellence (Hybrid COE)Canada is positioning itself between its two most important strategic allies: the United States and Europe. Most Canadians will likely be unaware and surprised to learn that Canada is a part of the Hybrid COE, not only for Canada’s own direct benefit, but also because Canada has long had an interest in a strong, stable, prosperous and harmonious Europe.
“At the same time,” he added, “there are real limits to this approach. One of the wide misconceptions is that adversarial actors directly target electoral process. Instead, their aims are broader and more general. To achieve their aims, they only need to polarize, sow distrust, and delegitimize democratic institutions. To be sure, electoral processes are a distinct vulnerability, but the adversaries’ strategy is more nefarious and can readily be achieved without interfering in actual electoral processes. The risk, then, is that targeting electoral processes as a vulnerability may give a false sense of security from an insidious adversarial strategy that does not need to rely on those processes to achieve its aim.”
Josh Gold, who researches cyberspace governance at the University of Toronto’s Citizen Lab and spoke in his personal capacity over email, noted that Canada participates in two efforts to promote cyber stability at the United Nations: the Group of Governmental Experts (GGE) and the Open-Ended Working Group (OEWG). In both it supports the implementation and operationalization of the 11 voluntary non-binding norms for responsible state behaviour as endorsed by all states following their adoption of the 2015 GGE report. Several of these 2015 norms concern critical infrastructure, one of which reads: A State should not conduct or knowingly support ICT activity contrary to its obligations under international law that intentionally damages critical infrastructure or otherwise impairs the use and operation of critical infrastructure to provide services to the public.