Canada and others members of the G7 vowed in their final communique to work directly with Internet service providers and social media platforms to curb what they called the “malicious misuse” of information technology by “foreign actors” who violate privacy through data breaches.
The communique issued Saturday also singled out Russia – accused by U.S. intelligence agencies of using disinformation through social media in an attempt to interfere in the 2016 U.S. election, and separately accused of hacking during the 2017 French election – “for destabilizing behaviour to undermine democratic systems.” Russia has denied both allegations.
However, shortly after he left the conference in Charlevoix, Que., U.S. president Donald Trump told his staff at the conference not to endorse the communique.
In addition to the 28-paragraph communique, the group also issued what it calls the Charlevoix Commitment on Defending Democracy From Foreign Threats. It says unnamed “foreign actors seek to undermine our democratic societies and institutions, our electoral processes, our sovereignty and our security.”
“We call on others to join us in addressing these growing threats by increasing the resilience and security of our institutions, economies and societies, and by taking concerted action to identify and hold to account those who would do us harm.”
In response the G7 promised to strengthen co-operation to prevent and respond to such interference.
One way is by creating a G7 Rapid Response Mechanism “to strengthen our co-ordination to identify and respond to diverse and evolving threats to our democracies, including through sharing information and analysis, and identifying opportunities for co-ordinated response.
Another is to “engage directly with Internet service providers and social media platforms regarding malicious misuse of information technology by foreign actors, with a particular focus on improving transparency regarding the use and seeking to prevent the illegal use of personal data and breaches of privacy.”
The commitment says the G7 – which also includes the U.K. France, Germany, Italy and Japan – will share lessons learned and best practices with members of civil society and the private sector that are developing related initiatives that promote free, independent and pluralistic media; fact-based information; and freedom of expression.
It also promises to promote critical thinking skills and media literacy to their residents on intentionally misleading information, and improving online security and safety. The commitment also vows to ensure a high level of transparency around sources of funding for political parties and all types of political advertising, especially during election campaigns. The Trudeau government is already partly dealing with this through a proposed election reform bill, which will make it clear that hacking into a computer during a federal election period is a criminal offence. Foreign states will also be forbidden from buying advertising during a federal election period.
The commitment document also references the promise in April by G7 foreign and security ministers in Toronto to look into “unacceptable actions by foreign actors with the malicious intent of undermining our countries’ democratic systems.”
The full communique says the G7 countries are committed to addressing the use of the Internet for terrorist purposes, including as a tool for recruitment, training, propaganda and financing. The governments also promise to work with agencies including the Global Internet Forum to Counter Terrorism.
“I think the communique is well-intentioned but like any diplomatic statement, it is broad, does not include any specific thresholds or details,” commented Imran Ahmad, a privacy and cyber security lawyer with the Miller Thomson law firm who is also a member of the Canadian Advanced Technology Alliance’s (CATA) cyber council . “The specific reference to Russia as a state attempting to undermine democratic institutions, arguably by way of cyber-weapons, is important. What is more important, however, is the absence of the U.S. as a state endorsing the communique. It undermines the overall impact of the communique.”
Those three paragraphs are a reminder that the G7 isn’t just a meeting of heads of state and government, said Christian Leuprecht of Queen’s University and Canada’s Royal Military College, who is currently on leave at the Centre for Crime Policy and Research at the Flinders University of South Australia. It defends democratic values, the democratic way of life, and sets expectations and standards for acceptable norms of behaviour by state and non-state actors. ” No surprise then that they issue a Commitment on Defending Democracy from Foreign Threats. These are also the countries that have the greatest resources and capacity to bring to bear in defence of the strategic commitments on which they agree: such as the about 30 per cent of the world’s GDP, and, together, the largest portion of the world’s defence spending, defence and intelligence capacity.”
None of the issues mentioned in the communique’s three Internet-related paragraphs — terrorism, threats to democracy, Russia’s actions in Syria and Ukraine –pose an existential threat to the G7, he said, although having a separate statement on defending democracy suggests the G7 sees it as a top priority. “But all run counter and challenge the way the G7 see the world, and believe that the world should function and, together, they have sufficient capacity not just to defend their values and interests, but to impose considerable costs on state and non-state actors who do not comply.”
On the other hand David Swan, the Alberta-based director of the cyber intelligence defence centre of the Centre for Strategic Cyberspace and Security Science, saw little in the communique that was substantial. G7 intelligence agencies should already have terrorist organizations on their task lists, he said. And U.S. predsident Donald Trump hasn never acknowledged there was a foreign attempt at meddling in the U.S. election.
“There are no changes, no additions and no calls for additional effort to address cyber security or the terrorist environments. Russian interference in democratic elections needs to be forceably addressed. Russian interference in democratic systems did not rate a complete sentence.
“What is remarkable in this communique is what is NOT here. The Internet has become critical infrastructure, functionally as important as transportation links. Cyber attacks on the international banking system, cyber attacks that can disrupt international transportation did not rate a mention. Cyber security trends indicate that the direct costs of hacking are international, escalating into many billions of dollars. This is a startling oversight.”
Western countries are increasingly worried about foreign countries using the Internet to interfere in democratic processes. Earlier this year the conclusions from an academic conference organized by the Canadian Security Intelligence Service (CSIS) were released which said “disinformation has become a highly effective tool for state actors, profiteers, status seekers, entertainers and true believers. The most skilled national purveyor of falsehoods is Russia. Its historic mastery of ‘special measures’, magnified by modern technology, follows the basic operational principle of vilify and amplify.”
“The negative impact on democracy of false news could increase if Russia and other actors become role models for others, increasing the distribution of malignant material through all the pathways of the electronic age.”
Although the workshop was sponsored by the Canadian government, the report is not an official document.
UPDATE: On June 11 the U.S. Treasury Department sanctioned several Russian firms and persons for engaging in “malicious cyber-enabled activities, including technological support to Russia’s Federal Security Service (FSB). Examples of Russia’s “malign and destabilizing cyber activities” include the destructive NotPetya cyber-attack; cyber intrusions against the U.S. energy grid to potentially enable future offensive operations; and global compromises of network infrastructure devices, including routers and switches, also to potentially enable disruptive cyber-attacks, said the department.
“The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russia’s offensive cyber capabilities,” said the statement. “The entities designated today have directly contributed to improving Russia’s cyber and underwater capabilities through their work with the FSB and therefore jeopardize the safety and security of the United States and our allies,” said Treasury Secretary Steven Mnuchin.
(This story has been updated from the original to include the Treasury Department announcement, and comments from Imran Ahmad, Christian Leuprecht and David Swan)
