Written by: Robert Brennan Hart. Featuring: Robert Herjavec, Jason Hermitage and Bryan Ruteledge.
“At any given moment, public opinion is a chaos of superstition, misinformation and prejudice.” – Gore Vital
With politically polarizing elections in Ottawa and Edmonton just around the corner, the direct correlation between technology, privacy, economics and democracy have never been clearer or more profound. Any Canadian political operation that views democracy as an infallible right of passage may well find themselves in the dustbin of Canadian political history. And, even the most cynical and apolitical Canadian citizen might agree that the future of our brave country will look much different depending on whether Rachel Notley or Jason Kenney are driving the engine of Alberta and Canada’s so-called future economy.
Over the last several years, digitally bolstered assaults on the foundations of democracy have been waged across the globe. Canadians, as idealistic as we often are, would be overly optimistic to assume we are immune. Big Internet executives are sitting behind closed doors with Canadian political and third party groups to try and get ahead of the ongoing assaults to our democratic process. An oxymoron perhaps; but necessary, nonetheless.
To date, Canadians have seemed relatively powerless against technological assaults to our democracy. Public education of the ongoing threat is moving orders of magnitude slower than those actors perpetrating it. For example, the US Alliance for Securing Democracy has successfully built a dashboard to track one threat vector, but, given the rapidly growing scale of the problem, it is very likely they’re only scratching the very surface. Those who seek to destabilize our elections deal with politically polarizing topics that have a natural constituency. Attempting to separate fact from fiction in this realm is a very tricky grey area; both for social media, the government, and the citizen alike.
In an effort to move the conversation from one of reaction to proaction, I sat down with Robert Herjavec, Founder and CEO of global cybersecurity firm Herjavec Group, Jason Hermitage, Vice President of Public Sector at Microsoft Canada and Bryan Rutledge, Canadian Country Manager at McAfee, to find out what citizens, governments, and political parties can do to protect against the potential ethical and societal risks of this emerging threat.
How do businesses and governments defend themselves against an actor with unlimited resources, tech savvy agents and an unwavering focus on destabilizing western democracies? What practical cybersecurity mechanisms can be deployed to ensure our privacy, dignity and democratic agency remain uncompromised?
Threats to our democratic processes from cyber-enabled interference have become a critical concern. Addressing this threat to democracy will require significant new efforts by governments, technology companies – both individually and in partnership – as well as academia and civil society.
We, as an industry, need to acknowledge that there is no single step by itself will be sufficient to address this problem. Each of our companies can continue to do more to protect and defend our customers around the world, and at Microsoft we’re focused on doing precisely that. But in addition, we believe the time has come to call on the world’s governments to come together, affirm international cybersecurity norms that have emerged in recent years, adopt new and binding rules and get to work implementing them. In short, the time has come for governments to adopt a Digital Geneva Convention which outlines cyber security commitments to protect civilians on the internet.
Democracy requires vigilance and at times action by citizens to protect and maintain it. No individual or company can hope to meet this imperative by itself. We all need to do our part. We’re committed to doing our part by helping to protect candidates and campaigns in preserving their voices and votes no matter what party they support
Bad actors with corrupt intentions are everywhere, and they will continue to unleash powerful new cybersecurity threats. So the best protection requires two key cybersecurity strategies – preparation and knowledge.
I think we all know that organizations must be prepared with cybersecurity solutions and tools for perimeter protection, device security, data protection, patch/vulnerability management and cloud protection. But tools alone are not enough. Across the entire workforce, there must be understanding of attack methodologies, and training to ensure good password hygiene, and to recognize and avoid phishing schemes.
It’s also important for security practitioners to leverage tools that work together more holistically. That’s why, at McAfee, our motto is “together is power”. Given that adversaries are well funded and use advanced techniques, we must embrace a collaborative approach across the security industry. That means, for example, adopting open platforms and increasing use of automation and human-machine teaming to maximize our collective effectiveness.
On a positive note, we are making technological progress. For example, advancements in data analytics are giving us visibility into both inadvertent and malicious activities that put organizations at risk. It is now both technically possible and economically feasible to collect telemetry data generated by daily business activity. Efficient machine learning algorithms are exposing unusual and risky behaviour that is invisible to security solutions currently in use. Advances like these enable organizations to prioritize risk against their most critical assets.
Social media has proven to be a very profitable engine for disseminating disinformation on a mass scale. Should the Canadian government follow the lead of the European Union and the introduction of their GDPR privacy legislation to try and contain the mass proliferation and monetization of personal data?
I believe there will be far more legislation tied to data privacy and security compliance and yes the Canadian government has a responsibility to act here. After the Facebook Cambridge Analytica controversy there was a massive review of data security laws. The GDPR is best in class at this point but it’s only a matter of time until we see more action in the United States and also here in Canada to continue to build on this standard in terms of data privacy, security and transparency.
While much of the attention around GDPR is focused on penalties, the advantage it brings will be the need for organizations to implement a comprehensive data management program. Clearly there is a need for robust data protection regardless of regulatory compliance requirements. Experience tells us that organizations must make efforts to improve data resiliency, and implement contingency programs to ensure availability of their data following catastrophic events.
A key success factor for a comprehensive data management program is the active and genuine participation of end users to understand the importance of the organization’s data, how it is used, and how important it is to protect it. So a concerted effort by business leaders to educate employees on the importance of data use will provide foundational awareness to tackle the greater challenge of monetization and weaponization of personal data.
How can consumers protect themselves against digitally weaponized psychology and ensure they don’t fall victim to campaigns of disinformation and manufactured political bias?
This one’s simple to me – if you didn’t enter a lottery you didn’t win it, no one from Russia wants to marry you all of a sudden and you’re not going on a vacation for free – so don’t click! We have to mature as a population to the click bait, social engineering scams and of course weaponized psychology as you put it that can distort our beliefs and make us vulnerable to cyber attacks. We all know humans are the weakest link in any enterprise, so as business leaders, it’s our responsibility to limit access to select sites or tools that are traditionally weak in security; and make our people more aware of cyber risks through regular training and tests. Again, security isn’t perfect, but we can improve and learn, because security is everyone’s responsibility.
Defending against disinformation efforts is a critical challenge, especially where disinformation is used to influence the electoral process, one of the most important aspects of our democratic society. We are helping address this challenge and more through our Defending Democracy Program. At Microsoft, we believe that enhancing digital media literacy and transparency will be a powerful tool to reduce the impact of disinformation campaigns. As part of this program, we are working in partnership with leading academic institutions and think tanks dedicated to countering state-sponsored computational propaganda and junk news. We also recently announced a new partnership with NewsGuard Technologies, which will empower voters by providing them with high-quality information about the integrity and transparency of online news sites.
New misinformation techniques are surfacing every day. A recent example is Astroturfing; the practice of masking the sponsor of a message to make it appear as though it originates from a grassroots organization. This technique is particularly harmful when considered alongside the degrading credibility of online reviews and proliferation of fake news.
Generally speaking, consumers need to be aware that much of what they read in today’s digital forums is opinion-based, so it is always critical to evaluate the source, and even seek out multiple sources or opinions. Broadly targeted education programs, perhaps sponsored by governments and corporations, would enable consumers to become better at protecting themselves.