Despite widespread publicity, finger-pointing and the laying of criminal indictments, some countries continue trying to interfere online with democratic processes around the world.

As a result Canada’s electronic spy agency believes it is now “very likely” Canadians voters will encounter some form of foreign cyber interference during the run-up to October’s federal election, most likely through disinformation — commonly called fake news.

That’s the conclusion of the latest report on cyber threats to Canada’s democratic process issued this morning by the Communications Security Establishment (CSE).

That’s a change from its 2017 report, which said it was “highly probable” there would be cyber threats against democratic activity here.

The odds are foreign adversaries will do here what they have tried to do in other countries, says the report: Attempt to sway the ideas and decisions of voters by focusing on polarizing social and political issues, promoting the popularity of one party over another, or trying to shape the public statements and policy choices of a candidate.

The CSE is responsible for protecting federal networks and advising the private sector on protecting critical infrastructure.

At a briefing for reporters this morning Karina Gould, the minister for democratic institutions, warned social media companies the government wants more effort from them to prevent their platforms from being used for disinformation.

“There is an onus on social media and digital platforms to better protect the digital public square by increasing efforts to prevent malicious cyber activity including the spread of disinformation,” she said. We have been meeting with these companies, and although discussions have been progressing slowly and have not yet yielded the results we expected at this stage, we remain steadfast in our commitment to secure change from them.”

Gould dangled the possiblity of regulation, although making it clear that wouldn’t happen before the October vote. But, she added. “what is clear to me and to government is technology is changing very rapidly and the platforms have been able to avoid being held to account for the activities that take place on their platforms for too long. So how do we develop something that will stand the test of time?”

Interestingly, Gould is the first cabinet minister to note that on May 28 the House of Commons ethics and privacy committee will hold a hearing to which senior officials from seven major social media platforms — including Google, Twitter, Amazon and Facebook — have been invited to not only be questioned by Canadian MPs, but also by parliamentarians from eight other countries.

That, Gould noted will be a “really important moment.”

Attendence by those officials hasn’t been confirmed.

The good news, is the updated CSE report says it is “improbable” any foreign cyber interference will be of the scale of Russian activity against the 2016 United States presidential election. The U.S. has alleged Russia or Russian-backed groups stole email and documents from branches of the Democratic Party and the Hilary Clinton presidential campaign as well as mounted huge disinformation efforts on social media. As a result a number of Russians have been indicted by grand juries for violating U.S. laws.

In addition, the report notes extensive media coverage and analysis of foreign cyber interference “has greatly raised public awareness of the potential threat, as has more frequent reporting and public attribution of major cyber incidents by CSE and allies. Internet companies have indicated a willingness to reduce the illegitimate use of their platforms that could lead to foreign cyber interference.”

Finally, because Canadian elections are largely paper-based the government believes there are “robust protections” against vote tampering.

That means the IT systems of political candidates, parties are the most vulnerable to cyber threats, as well as the opinions of voters through fake news.

One way the government hopes to counter disinformation is through a media literacy campaign expected to start soon.

It has also begun briefing political parties on what to expect and how to better protect their IT and communications systems.

Criminal offence to hack

The government also made two important legal changes with the passing of Bill C-76 that are about to take effect: It will be a criminal offence to hack into a computer during a federal election, and foreign states will be forbidden from buying advertising during a federal election period.

The government has also created a Security and Intelligence Threats to Elections (SITE) Task Force to prevent covert, clandestine, or criminal activities from influencing or interfering with the electoral process. Among its responsibilities is the task force — not politicians — will decide whether to issue public warnings about suspicious activities

While the CSE report focuses on possible foreign disinformation during the election, at a conference earlier this year the editor of The Logic warned that fake news comes from Canadians as well.

“Don’t be fooled into thinking this is only foreign actors,” David Skok told a conference organized by the Canadian Internet Governance Forum. “Your local politicians and campaign staff and crisis communications firms are doing this more than foreign actors are.”

In concluding that Canada will likely see attempts to interfere with democratic processes the CSE report notes that in 2018, half of all advanced democracies holding national elections had their democratic process targeted by cyber threat activity. “This represents about a threefold increase since 2015 and we expect the upward trend to continue in 2019.”

One of the most recent incidents happened in February when the IT systems of Australia’s parliament and three major partiers were compromised.

In addition, the report says, since 2015

€ More than one foreign adversary has manipulated social media using cyber tools to spread false or misleading information relating to Canada on Twitter, likely to polarize Canadians or undermine Canada’s foreign policy goals.

In particular it notes that in 2016, false information appeared on social media about a “failed Canadian raid” on Russian separatist positions in Ukraine, alleging that 11 Canadian military personnel had been killed. Users shared an English language version of this fictional report over 3,000 times on Facebook. A similar false report about three Canadian soldiers dying after their vehicle hit a landmine in Ukraine spread on pro-Russian websites in May, 2018. Canadian troops are currently in Ukraine in non-combat roles;
€ Foreign state-sponsored media have disparaged Canadian cabinet ministers;
and
€ A foreign adversary has manipulated information on social media to amplify and promote viewpoints highly critical of Government of Canada legislation imposing sanctions and banning travel of foreign officials accused of human rights violations.

Strategic threat

By CSE calculations, the vast majority of cyber threat activity affecting democratic processes around the world since 2010 has been strategic, meaning threat actors specifically targeted a national democratic process for the purpose of affecting the outcome. Most of the remainder of the cyber threat activity was cyber crime, such as stealing voter data in order to sell personal information or use it for criminal purposes.

Cyber attacks are misinformation are attractive weapons for countries for a number of reasons, says the report: The tools are cheap (many can be bought on criminal marketplaces), and attributing and deterring attacks remains difficult.

And while publicity and some criminal charges has shone a light on some nations has raised the costs for some threat actors, the report says “the cost is still not high enough” to make them stop.

While disinformation through social media is a favoured tactic of nation states, the report also warns political parties and their staff can be targets. Attackers will want to steal personal information to embarrass or blackmail a party or candidate, steal party databases or try to infect and destroy IT systems.

Gould urged Canadian voters to be vigilant about what they see on social media. “Take the power back, be critical, look at the sources of information you’re getting and use that to make your decision” when voting.

In a statement Google Canada said it is committed to combating misinformation and working with the Canadian government to fight cyber threats. It noted there have been meetings with Gould and her staff, Elections Canada, the Commissioner of Elections and the Privy Council Office to discuss plans on transparency, cybersecurity and information. In February Google published a white paper on how it is fighting misinformation across Google Search, Google News, YouTube and our advertising platforms. Additionally, in co-ordination with the Canadian Journalism Foundation and Civix, we’re funding NewsWise, a program delivering news literacy curriculum to school-aged Canadians. And it is working with the Cyber Security Centre to prepare for the election, sharing information on how best to secure networks and accounts from malicious attacks. “We have every intention of continuing our close work with government to protect Canada’s democratic institutions and election activities.”

(This story has been updated from the original to include comments from democratic institutions minister Karina Gould and from Google)



Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now