Russian political activist Vladimir Kara-Murza says he has been poisoned twice, but he hasn’t let it stop him from championing greater democratic norms, transparency, and less corruption in an increasingly autocratic Russia. It’s why he, like a plethora of pro-democracy activists from Hong Kong to Hungary, has watched President Donald Trump’s challenges to the result of the U.S. election with anger and frustration. “It’s not just misleading, it’s insulting to draw a parallel and use words like fraudulent and manipulative,” Kara-Murza said of Trump’s unsubstantiated claims that illegal ballots were cast in the election. “Those countries that do have real genuine electoral processes shouldn’t use words like fraud and manipulation carelessly.” Pro-democracy activists in countries where democracy is coming under pressure or is nonexistent worry that Trump’s rhetoric will harm their efforts, make it easier for their leaders to ignore democratic norms and equate any fraud in their own systems with the United States’ 2020 vote. Trump has not provided proof of any fraud despite numerous lawsuits contesting the election results. Even Attorney General William Barr said last Tuesday that there was no evidence of widespread voter fraud during the election, defying the president’s ongoing efforts to reverse the results.
On May 3rd, months after Bolivia’s former president Evo Morales was forced to resign, the country was supposed to elect his successor. Because of covid-19, that election has been postponed. Bolivians are now stuck with a caretaker president who seems in no mood to relinquish power. They are not alone. The pandemic is playing havoc with elections worldwide. Britain, France, North Macedonia and Serbia have already postponed ballots of various sorts. Opposition politicians in Poland have called for the presidential contest in May to be delayed; some have called for a boycott if it takes place. Eighteen American states have postponed or cancelled presidential primaries, including New York, which scrapped its primary on April 27th. At this rate, scores of elections may be derailed or disrupted, perhaps even America’s polls in November.
International: Tech-augmented democracy is about to get harder in this half-baked world | Chris Duckett for Null Pointer/ZDNet
For the wondrous benefits the internet has brought, it is not without its drawbacks. This has manifested itself in two ways when it comes to democracy: A headlong rush into internet voting and a shattering of the polity. As a scientific critique on the act of voting, associate professor Vanessa Teague discussed electronic voting in her recent keynote at Linux.conf.au 2020. Teague has more than enough experience in this area, and has been involved in finding flaws in the iVote system that is increasingly used in New South Wales, as well as the Scytl system used in Swiss elections that iVote is based on. “I think there are some reasonable ways of doing electronic voting in a polling place … but we just don’t know how to do remote electronic voting properly in a way that really safeguards the election against manipulation [via] software bugs,” Teague said last month. The issue Teague sees with remote voting is subtle bugs, such as those involved in shuffling and verifying votes, which can undermine the security of the whole system. “That’s a little bit different from the occasional problems that happen in paper-based systems because you don’t as a result of one little subtle problem hand over a capacity for total manipulation of all of the votes to one entity,” she said. “In summary, I think there are some reasonable ways of doing electronic voting in a polling place … but we just don’t know how to do remote electronic voting properly in a way that really safeguards the election against manipulation on software bugs.”
International: US could learn how to improve election protection from other nations | Scott Shackelford/The Conversation
Hacking into voting machines remains far too easy. It is too soon to say for sure what role cybersecurity played in the 2020 Iowa caucuses, but the problems, which are still unfolding and being investigated, show how easily systemic failures can lead to delays and undermine trust in democratic processes. That’s particularly true when new technology – in this case, a reporting app – is introduced, even if there’s no targeted attack on the system. The vulnerabilities are not just theoretical. They have been exploited around the world, such as in South Africa, Ukraine, Bulgaria and the Philippines. Successful attacks don’t need the resources and expertise of national governments – even kids have managed it. Congress and election officials around the U.S. are struggling to figure out what to do to protect the integrity of Americans’ votes in 2020 and beyond. The Iowa caucuses are run by political parties, not state officials, but many of the concepts and processes are comparable. A look at similar problems – and some attempts at solutions – around the world offers some ideas that U.S. officials could use to ensure everyone’s vote is recorded and counted accurately, and that any necessary audits and recounts will confirm that election results are correct.
International: Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’ | Carole Cadwalladr/The Guardian
An explosive leak of tens of thousands of documents from the defunct data firm Cambridge Analytica is set to expose the inner workings of the company that collapsed after the Observer revealed it had misappropriated 87 million Facebook profiles. More than 100,000 documents relating to work in 68 countries that will lay bare the global infrastructure of an operation used to manipulate voters on “an industrial scale” are set to be released over the next months. It comes as Christopher Steele, the ex-head of MI6’s Russia desk and the intelligence expert behind the so-called “Steele dossier” into Trump’s relationship with Russia, said that while the company had closed down, the failure to properly punish bad actors meant that the prospects for manipulation of the US election this year were even worse. The release of documents began on New Year’s Day on an anonymous Twitter account, @HindsightFiles, with links to material on elections in Malaysia, Kenya and Brazil. The documents were revealed to have come from Brittany Kaiser, an ex-Cambridge Analytica employee turned whistleblower, and to be the same ones subpoenaed by Robert Mueller’s investigation into Russian interference in the 2016 presidential election.
International: Hackers will be the weapon of choice for governments in 2020 | Patrick Howell O’Neill/MIT Technology Review
When Russia was recently banned from the Olympics for another four years in a unanimous decision from the World Anti-Doping Agency (WADA), the instant reaction from Moscow was anger and dismissal. Now the rest of the world is waiting to see how Russia will retaliate this time. In the history books, 2016 will forever be known for unprecedented Russian interference into an American presidential election, but until that transpired, one of the most aggressive cyber campaigns that year centered on the Olympics. In the run-up to the summer games in Brazil, WADA had uncovered a national Russian doping conspiracy and recommended a ban. In response, Moscow’s most notorious hackers targeted an array of international officials and then leaked both real and doctored documents in a propaganda push meant to undermine the recommendation. The International Olympic Committee rejected a blanket ban and allowed each sport to rule individually. Next, the opening ceremony of the 2018 winter games in South Korea kicked off with all the traditional optimism, bright lights, and pageantry—plus a targeted cyberattack known as Olympic Destroyer that was designed to sabotage the networks and devices at the event. The attack’s origins were obfuscated, with breadcrumbs in the malware pointing to North Korea and China—but after investigators untangled the attempts to mislead them, it became apparent that some of the Russian government’s most experienced hackers were behind it. In a series of angry blog posts, the hackers charged that “on the pretext of defending clean sport,” what they described as “the Anglo-Saxon Illuminati” were fighting for “power and cash in the sports world.” It was clear that the Russians viewed the Olympics as one part of a larger world power competition, and looked to hacking as a weapon of choice. Almost nothing has been done to hold anyone responsible.
International: Governments risk cyber attacks if they continue to demand encryption backdoors | Sara Barker/Security Brief
Governments that flout encryption best practice and mandate the inclusion of backdoors into technology are putting their entire countries at risk, according to security professionals. With election time looming, backdoors are perfect targets for cyber attackers who look to target election infrastructure. It was only last year with ‘Five Eyes’ nations (United States, Canada, United Kingdom, Australia, and New Zealand) were lobbying for technology providers to build backdoors into their solutions. According to 384 IT professionals polled at Black Hat USA 2019, 74% believe that countries with government-mandated encryption backdoors are more susceptible to nation-state attacks. Furthermore, many professionals believe that backdoors won’t make countries any safer – 72% believe laws that allow governments to access encrypted personal data will not make countries safer from terrorists.
International: Intel, IBM, Google, Microsoft & others join new security-focused industry group | Catalin Cimpanu/ZDNet
Some of the biggest names in the cloud and hardware ecosystem have agreed to join a new industry group focused on promoting safe computing practices. Founding members include Alibaba, Arm, Baidu, Google Cloud, IBM, Intel, Microsoft, Red Hat, Swisscom, and Tencent. Named the Confidential Computing Consortium, this industry group’s goals will be to come up with strategies and tools to accelerate the adoption of “confidential computing.” By confidential computing, the group is referring to hardware and software-based technical solutions for isolating user data inside a computer’s memory while it’s being processed, to avoid exposing it to other applications, the operating system, or other cloud server tenants. The easiest way of supporting confidential computing practices is through the use of trusted execution environments (TEEs), also known as enclaves. These are hardware and/or software-enforced private regions of a computer’s CPU memory where only certain apps can write and read data.
International: Election hacking has never been cheaper, easier or more profitable | Dan Patterson/CNET
Being a professional hacker has never been more straightforward and lucrative than it is today. According to cyberdefense experts at Microsoft, cybercrime will be a $6 trillion industry by 2022. Hacking tools are available on the dark web for as little as $500 dollars, and some are sold with 24-hour support. The ubiquity of low-cost hacking tools means that elections in the United States and all over the world are persistently threatened by a large and diverse set of hackers. Spikes in malware and phishing attacks targeting political campaigns have been detected during recent elections in Russia, Turkey, Colombia, Azerbaijan and Mali; keyloggers and Trojans were detected in key battleground states ahead of the 2018 US midterm election; and according to the Department of Homeland Security, during the 2016 election all 50 states saw some type of attempted cyberintrusion.
International: Russians’ US election interference has inspired copycats around the world: US study | Charissa Yong/The Straits Times
Russia will not be alone in trying to interfere with the next American election, and other copycats are using similar techniques against other democracies around the world, Stanford University researchers have warned in a report. Russian influence operations used against America during its 2016 presidential election – from brigades of online impostors deepening pre-existing social divisions to hacking operations and obvious propaganda – have been picked up around the world, they said. “American policymakers rightly are focused on threats to election integrity in the United States in the run-up to the 2020 presidential vote, but these threats are part of a much larger, ongoing challenge to democracies everywhere,” said the report titled “Securing American elections”, which was released on June 5. The 96-page report was written by 14 authors, including former US ambassador to Russia Michael McFaul and former Facebook chief security officer Alex Stamos, who headed the social media giant’s investigation into 2016 election manipulation before he joined Stanford University in August last year.
International: 1 in 5 elections faced foreign cyber interference | Dylan Bushell-Embling/Technology Decisions
One in five national elections held worldwide since 2016 were potentially influenced by foreign interference, according to a joint report from the Australian Strategic Policy Institute (ASPI) and IT industry professional association ACS. An analysis of 97 national elections and 31 referenda that have been held since the 2016 US presidential election identified 20 countries with clear examples of foreign interference, including Australia. The analysis was limited to countries considered to be free or partly free countries. These incidents ranged from cyber attacks to voter registration systems, to DDoS attacks to national election commissions, to the use of Facebook to spread disinformation and discourage voter turnout.
International: Cyber-enabled election interference occurs in one-fifth of democracies | Fergus Hanson and Elise Thomas/The Strategist
Cyber-enabled election interference has already changed the course of history. Whether or not the Russian interference campaign during the US 2016 federal election was enough to swing the result, the discovery and investigation of the campaign and its negative effects on public trust in the democratic process have irrevocably shaped the path of Donald Trump’s presidency. Covert foreign interference presents a clear threat to fundamental democratic values. As nations around the world begin to wake up to this threat, new research by ASPI’s International Cyber Policy Centre has identified the key challenges democracies face from cyber-enabled election interference, and makes five core recommendations about how to guard against it. ICPC researchers studied 97 national elections which took place between 8 November 2016 and 30 April 2019. The 97 were chosen out of the 194 national-level elections that occurred during the time period because they were held in countries ranked as ‘free’ or ‘partly free’ in Freedom House’s Freedom in the world report. #url#
International: Cyber security: This giant wargame is preparing for the next big election hack | ZDNet
A giant cyber-defence exercise has pitted teams from NATO nations against mysterious hackers trying to cause chaos during the elections of a small, fictional, country. The aim of the annual Locked Shields exercise is to give teams the chance to practice protection of national IT systems and critical infrastructure under the intense pressure of a severe cyberattack. The event organised by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), which describes the event as the largest and most advanced international live-fire cyber exercise in the world. According to the Locked Shields scenario, the fictional island country of Berylia finds itself under a cyber attack just as the country is conducting national elections. The coordinated attacks aim to disrupt water purification systems, the electric power grid, 4G public safety networks, and other critical infrastructure components. The cyber attacks also attempt to undermine the trust in the election result — leading to public unrest.
“My fellow Americans, an hour ago I learned that Russia had begun preparing its nuclear arsenal. I immediately ordered the United States’ armed forces to launch a pre-emptive nuclear strike. Seconds ago I was told that Russia has launched a counterstrike at the continental US. We anticipate that many of these missiles will reach their targets. Make peace with God and your family. God bless America.” The voice is that of US president Donald Trump, reshaped by artificial intelligence software to pronounce a pre-written script. A data scientist with two hours of recorded Trump speech processed it through an algorithm. The chilling announcement, reminiscent of Orson Welles’s 1938 radio broadcast about an invasion of earth by Martians, was played on Monday at the Paris Peace Forum to show the challenge faced by the newly formed Transatlantic Commission on Election Integrity.
Russia’s efforts to influence the 2016 presidential election may be motivating other foreign adversaries to use social media to try to disrupt U.S. elections going forward, security experts warn. Experts point to Facebook’s announcement this week that it shuttered hundreds of pages tied to foreign governments, with many of the pages — as well as accounts shut down on Twitter and Google — linked to the government of Iran. The development boosted the Trump administration’s claim that other foreign groups, not just Russians, are intent to sow discord while putting a fresh spotlight on the need to ward against election meddling coming from any country. “Look no further than the amazing return of investment yielded by [Russian President] Vladimir Putin in the 2016 election,” said Ron Hosko, a former assistant director of the FBI’s criminal investigative division. “When you see that kind of impact and the U.S. government’s … reticence to fire like weapons back, it is to me not at all surprising that we now have Iran involved in these misadventures,” added Hosko, who is now president of the Law Enforcement Legal Defense Fund.
International: Coalition of former Transatlantic leaders offer chilling election security warning | Washington Times
With more than 20 major elections scheduled in the next two years, governments on both sides of the Atlantic are still not prepared to fend off outside attacks to meddle in campaigns and election counts, an international bipartisan group of political, technology, business and media leaders warned Monday. “Governments are scrambling to prepare for the last disinformation campaign, rather than the next,” the Transatlantic Commission on Election Integrity said in a statement after a meeting in Copenhagen, Denmark. “In the coming years, the proliferation of technology will make it easy for everyone to sow the seeds of confusion and distrust,” the group said. The commission formed in May in the wake of reports that Russia had meddled in the 2016 U.S. presidential election and worked with favored parties in votes across Europe in recent years. U.S. election officials have said they expect Russia to try to interfere in the November midterm and 2020 presidential elections as well.
Between now and the next U.S. presidential election in 2020, Western voters will go to the polls in more than 20 elections. Looking at recent cases of election meddling in both the U.S. and Europe, and the patchy responses from our democratic institutions, there is every reason to believe that these elections provide 20 ripe new targets for Russia and others to interfere. Foreign interference is a relatively low-cost affair in terms of human or financial resources needed. Yet it brings the almost guaranteed advantage of undermining confidence in our legitimate institutions, something non-democratic regimes like Russia relish in. Worryingly, Western governments are still fighting the last war: They’re stuck in the blunt 2016 lexis of “fake news,” while current trends indicate that Russia and similar adversaries are sharpening their toolkit.
Election systems across the world are vulnerable to attack by malicious cyber actors, cyber intelligence company FireEye warned in a new report released today. The report comes weeks after the UK’s National Cyber Security Centre (NCSC) warned that some areas of the British electoral system were also vulnerable to cyber attack, despite the country’s heavily paper-based ballot system. “There are central vote tabulating machines that may be connected to an Intranet or the public Internet. It may be possible for remote adversaries to attack those machines”, FireEye said. It admitted, however, that it has not observed attacks against elections infrastructure, and that the US’s decentralised and unstandardised voting system, “a nation-wide coordinated attack on voting machines would require high technical sophistication, lengthy planning, and extensive resources.”
“If cyberattacks really pose a significant threat, governments need to start thinking of them like they think of other incidents in the physical world,” says a new policy paper from the Australian Strategic Policy Institute (ASPI). “It is telling that Prime Minister Theresa May made public attribution of the Salisbury poisonings in a matter of days and followed up with consequences shortly thereafter. Her decisive action also helped galvanise an international coalition in a very short time frame,” it says. “Obviously that was a serious matter that required a speedy response, but the speed was also possible because government leaders are more used to dealing with physical world incidents. They still don’t understand the impact or importance of cyber events or have established processes to deal with them.” The paper, titled Deterrence in cyberspace, was released on Friday. The author is Chris Painter, formerly the world’s first top cyber diplomat at the US State Department, now a Commissioner on the Global Commission for the Stability of Cyberspace (GCSC), and distinguished non-resident fellow at ASPI’s International Cyber Policy Centre (ICPC).
International: Cyber-stability wonks add election-ware to ‘civilised nations won’t hack this’ standard | The Register
The Global Commission on the Stability of Cyberspace (GCSC) has called for an end to cyber-attacks on electoral infrastructure. The GCSC works to develop “norms” of behaviour it hopes governments and others will adopt in order to leave internet infrastructure untouched during conflict. The body believes that as the internet is now critical to civil society, international agreements should protect its operation so that bystanders to conflicts aren’t harmed by disruptions to online services. Microsoft, the Internet Society and the governments of The Netherlands, France and Singapore have all funded the group. The Commission met last week and resolved that “State and non-state actors should not pursue, support or allow cyber operations intended to disrupt the technical infrastructure essential to elections, referenda or plebiscites.”
U.S. and European governments have failed to effectively respond to growing threats from Russia and elsewhere to meddle in elections, according to former officials including former Vice President Joe Biden who say they’re going to help close that gap. More than 20 elections in North America and Europe over the next two years will provide ‘’fertile ground’’ for interference like that seen during the U.S. presidential election in 2016, former U.S. Homeland Security Secretary Michael Chertoff told reporters Friday in Washington. “We’re at a stage now that it’s important to make sure we have a well-rounded exploration of the ups and downs of various policy choices, but that we also treat this with some urgency — we have elections this year,” said Chertoff, who’s co-chairman of the new Transatlantic Commission on Election Integrity with Anders Fogh Rasmussen, the former NATO Secretary General and Danish prime minister.
A federal appeals court has tentatively scheduled oral arguments for late July in a closely-watched constitutional battle over Florida’s system for restoring the voting rights of felons. The News Service of Florida reports that the 11th U.S. Circuit Court of Appeals is expected to hear arguments the week of July 23, though an online docket does not yet list a specific date.
Dr. Vanessa Teague is one frustrated cryptographer. A researcher at the University of Melbourne in Australia, Teague has twice demonstrated massive security flaws in the online voting systems used in state elections in Australia — including one of the largest deployments of online voting ever, the 2015 New South Wales (NSW) state election, with 280,000 votes cast online. The response? Official complaints about her efforts to university administrators, and a determination by state election officials to keep using online voting, despite ample empirical proof, she says, that these systems are not secure.
International: Study reveals remarkably high proportion of national elections are not free and fair | phys.org
Researchers from the University of Birmingham and the London School of Economics have found that the number of elections across the world has reached an all-time high, but that this has done little to increase the quality of democracy in the world. The findings published today by Yale Books in ‘How to rig an election’ demonstrate that a remarkably high proportion of national elections are not free and fair – enabling authoritarian leaders to remain in power – with the emergence of new technology playing a part in the process of manipulation. Based on more than 500 interviews, and their own experience of watching elections on the ground in countries including; Belarus, Kenya, Madagascar, Nigeria, Thailand and Tunisia, Professor Nic Cheeseman and Dr. Brian Klaas reveal the extent of the democratic decay that has benefitted dictators around the world.
When it comes to securing a second term in power, Egypt’s president is leaving little to chance. Potential rivals in the March election have been sidelined, jailed or threatened with prosecution. The news media is largely in his pocket. On polling day, Egyptians will have a choice between President Abdel Fattah el-Sisi and one of his most ardent supporters — an obscure politician drafted at the 11th hour to avoid the embarrassment of a one-horse race. As he cruises toward victory, Mr. Sisi need not worry either about foreign censure: President Trump has hailed the Egyptian leader as a “fantastic guy,” and most other Western leaders have been largely silent. Across the world, autocratic leaders are engaging in increasingly brazen behavior — rigging votes, muzzling the press and persecuting opponents — as they dispense with even a fig leaf of democratic practice once offered to placate the United States or gain international legitimacy. The global tide is driven by a bewildering range of factors, including the surge of populism in Europe, waves of migration, and economic inequality. And leaders of countries like Egypt, which had long been sensitive to Washington’s influence, know they run little risk of rebuke from an American president who has largely abandoned the promotion of human rights and democracy in favor of his narrow “America First” agenda.
Russia is being accused of orchestrating a sophisticated campaign to influence the presidential election in Mexico – the latest smear against Moscow following allegations involving the US presidential vote, the UK Brexit referendum, elections in France and Kenya, and Catalonia’s secession vote. US National Security Adviser H.R. McMaster claims there is evidence of “Russian meddling” in Mexican elections set for July, according to a video obtained by Mexican newspaper Reforma. Although Russia denies the allegation, the claims illustrate the increasing fears about Russia’s use of advanced cyber tools to spread disinformation.
A group of Czech security researchers earlier this year discovered a way to steal identities from electronic ID cards used in a number of countries, known in the cryptography industry as a ROCA vulnerability. So far, the vulnerability has caused problems in Estonia — the country with perhaps the most comprehensive e-identification and e-government system in the world — and in Spain. Former Estonian President Toomas Hendrik Ilves, a tireless promoter of his country’s e-democracy, has said that other countries and institutions have the same problem, too; they’re just not talking openly about it. He’s very likely right. The discovery poses an important question: Could we perhaps be overeager to adopt technological solutions to problems that don’t necessarily require them?
Kaspersky, the Russian cybersecurity company accused of helping the Kremlin spy on the U.S. intelligence agencies as part of its 2016 election meddling, has launched a new product aimed at helping secure online voting and make elections more transparent and open. Polys, an online voting platform built using the same blockchain technology that underpins bitcoin, allows anyone to conduct “secure, anonymous, and scalable online voting with results that cannot be altered by participants or organizers,” the company said. Kaspersky is already speaking to a number of “politicians and political organizations in Europe” about using the system, and it says that countries in western Europe, Scandinavia and Asia are technologically and mentally ready to make the change to online voting. But one place Kaspersky will not be hawking Polys is Washington.
A new international report has revealed more than a dozen nations fell prey to online manipulation and disinformation tactics during election cycles in the last year, risking internet freedom across the globe. The annual Freedom House “Freedom of the Net” report released on Tuesday found that at least 16 countries sustained attacks similar to Russian online meddling efforts reported during the U.S. 2016 presidential election. Overall, the study of 65 nations found internet freedoms have widely declined since last year’s report. Those 16 nations – Angola, Armenia, Colombia, Ecuador, France, The Gambia, Germany, Indonesia, Italy, Kenya, Rwanda, South Korea, Turkey, the United Kingdom, the U.S. and Zambia – had election campaigns that were touched by fake news reports and had websites and social media accounts vandalized, according to the findings. In some instances, political bots and hijacked accounts were also reported.
International: Making voting both simple and secure is a challenge for democracies | The Conversation
Recent elections around the world have raised concerns about the procedures used for voter registration and their potential consequences. The effects include disenfranchisement (voters being prevented from casting a ballot) and voter rights, fraud and security, and mismanagement and accuracy. It’s critical to strike the right trade-off between making registration accessible and making it secure. But how many countries are affected by these sorts of issues? And which is more problematic – lack of security or lack of inclusion? Our Perceptions of Electoral Integrity survey asked experts for their assessments of electoral integrity in 161 countries that held 260 national elections from January 1 to June 30, 2017. The study used three criteria to monitor the quality of the voter registration process: inclusion, accuracy, and security.