“The online anarchy of election rules must end”: Věra Jourová, EU Commissioner for Justice, has good reasons to be nervous. From 23rd to 26th of May, all eyes will turn to Brussels as the next European elections will decide on the future trajectory almost half a billion EU citizens. But after the string of cyber attacks on elections from the USA to CEE countries Poland, Bulgaria, Latvia and the Czech Republic, it would be naive to assume that the EU elections would not be targeted. But is Brussels prepared?
“With anti-Europeans on their way to winning more than one-third of seats in the next European Parliament, the stakes in the May 2019 election are unusually high”, warns a new report of the European Council of Foreign Relations published this month.
The EU increasingly resembles a battleship drifting through a continent in crisis: Brexit looms over Europe, extreme right-wing and eurosceptic parties are mushrooming and political divisions seem to be digging its trenches deeper every week.
In the middle of this uncertainty, the political weight of the approaching EU elections should not be underestimated. But will the promise of “free and fair” elections hold true?
”New rules to better protect our democratic processes from manipulation by third countries or private interests”: When EU President Jean-Claude Juncker was stepping in front of the cameras for his last State of the Union Address, he aimed to calm down the widespread fears of EU citizens of cyber meddling in their political future. According to the EU’s large-scale poll of 2018, more than 60% of respondents across 28 states were concerned about elections being manipulated through cyber attacks.
To understand Europe’s electoral anxieties, we have to turn back three years to the 2016 US presidential election. The news hit on both sides of the Atlantic like a bomb: The United States – after all a global superpower, the world’s strongest economy and home of Silicon Valley – was exposed as painfully vulnerable in the digital age.
The unprecedented political scandal of a “troll factory” from St. Petersburg manipulating US voter opinion has still not been fully investigated. What is clear, however, is how targeted misinformation campaigns can be a powerful threat to national security in the 21st century, including for Europe.
Misinformation campaigns, the dangerous “low-hanging fruit”?
Attacks on EU elections can come in two very different forms. The most obvious are malicious attacks directly targeting election technology. This including attempts to hack the vote count itself, but also voter and candidate registration, vote counting or the communication of the results. During the 2017 elections in the Czech Republic, two websites presenting election results were temporarily out of service after being hacked.
Direct attacks on election systems are not the only security risk, however – there is a second threat looming over the countdown to May 23rd. Voter disinformation, including the proliferation of fake news and hate speech on online media, can be just as manipulative – but much more difficult to identify and prevent.
Voter misinformation “is the lower-hanging fruit right now,” explained Liisa Past, a former chief research officer at the Estonian Information System Authority who coordinated security preparations across Europe last year in an interview with POLITICO magazine.
In other words: Instead of attempting to break through difficult security layers to tamper with the vote count, targeting public opinion through the relatively open platforms such as social media is a dangerously easy way to manipulate results.
The EU has launched several campaigns against online disinformation recently, including a webpage denouncing ‘fake news’ across international media. Furthermore, the Commission presented in December its Action Plan to beat online misinformation campaigns, particularly responding to the type of state-sponsored attacks that seem to be pointing to Russia.
However, EU voter’s security will not only depend on Brussel’s political task forces and committees. The success of the plan will also be decided in the glass towers of Dublin that houses the headquarters of digital giants such as Facebook or Twitter.
The 2018 EU Code of Practice on Disinformation, a voluntary framework signed by Facebook, Google and Twitter, embodies the Commission’s ambition to halt the spread of fake news online. In the last evaluation published a week ago, social media platforms received a rare pad on the back from the Commission as the ratio of content deemed illegal hate speech jumped from 28% to 72% removal.
Yet cooperation might not be as smooth as the official press releases suggest. The first compliance report by Facebook, just issued on January 29th, was called out to be “somewhat patchy, opaque and self-selecting in terms of its coverage” by European Commission Security Chief Julian King to the press. Furthermore, even as removal rates have improved, some sites still struggle with compliance: On Twitter, only less than half (42,5%) of hate speech content gets removed – better than in the past, but by far not sufficient.
ECFR: “Anti-Europeans are doing the job of the Kremlin“
For the EU, hate speech is particularly problematic because it includes anti-European sentiments trying to erode confidence in its institutions – especially if it comes from Russia. The think-tank ECFR just published a report warning of the imminent danger of a range of parties across Europe trying to “wreck Europe” and recommends paying more attention to spread awareness about the “enemy from within”. Arguing that “anti-Europeans are doing the job of the Kremlin for them, destabilizing Europe from within”, is emerging as a strategy to mobilize voters that are worried about Russia’s recent information manipulation and election hack attacks.
As 2019 unfolds, citizens of Europe will not only cast their vote for the EU parliament, but also for a range of national governments including Estonia, Lithuania, Latvia, Croatia, Romania and Poland. And whatever the political color, every European citizen deserves to make a choice based on unbiased information – and have his vote count.
Read more: These CEE countries reported most cyber attacks in 2018