Context, state of play
In recent years, with the increasing use of information and communication technologies (ICTs) in electoral processes as well as the crucial role of social media in electoral campaigns, a number of European and non-European countries have faced actions aimed at destabilising their electoral processes by cyber-attacks, either from inside or outside their territories. Attacks or attempted attacks can also be physical and may occur close to or during pre-electoral periods as well as in the post-electoral period. Destabilising actions, including interferences in an on-going electoral campaign, may come through cyber-attacks or cyber-interferences. Cyber-attacks can take different forms: for example, they can happen through hacking servers of national authorities or of political parties themselves, which could lead to the leaking of sensitive information. Cyber-interferences come from “trolls” acting on social media and disseminating provocative speeches, fake information or sensitive information about candidates and political parties.
Such actions directed against electoral processes undermine the trust of a population in the integrity of the whole electoral process and the capacities of public authorities to ensure smooth and stable electoral processes. Creating the perception of vulnerabilities and possible manipulation occurs as well and is often easier than conducting successful attacks, but can have a similar impact on public trust and credibility of an election.
What is the purpose of the 15th EMB Conference?
The participants in the Conference will be invited to debate the issue of democratic security with regard to electoral processes. There will be discussions on countries’ situations, concerns and experiences in the field of attacks or attempted attacks on electoral processes. Concerned electoral management bodies (EMBs) will be invited to share any solutions they may have found to avoid or deal with such acts. Public trust and how it is created and reinforced, in a situation where ICT systems potentially make the observation of elections more and more complex is an indispensable component of a successful electoral process and will therefore be debated as well.
What does electoral security mean? As electoral processes can potentially lead to tensions and confrontation, particular attention should be paid to security during electoral processes. This covers the security of citizens and candidates, of buildings and installations dedicated to elections as well as the security of the administration of the electoral operations, by EMBs.
While EMBs must ensure security of the electoral operations as such, the authorities, in particular police forces, must ensure an adequate level of security throughout the whole electoral process taking into account that they cannot realistically provide high-level security for an entire country for the whole electoral period.
This implies security for candidates, political parties and – if relevant – for initiative groups supporting them. Security of political parties’ activities implies both security of their installations and buildings, but also of ICT systems, servers storing strategic information, personal data. This also implies the security of the election administration at all levels, including election administration staff.
The Conference will cover legal frameworks and best practices applicable to electoral security and will focus in particular on the role and duties of EMBs in this respect. While it is essential to run secured electoral processes, the fundamental rights, in particular the freedoms of expression, association and assembly, of the participants in an election – citizens and candidates – must be fully respected by authorities, security forces and electoral officials.
Electoral security also implies co-ordination between EMBs and security forces. Security should also be discussed in the context of states of emergency and conflict zones, considering that this situation exists in a number of countries.
The integrity of EMBs and public authorities at large is an essential component to ensure trust in elections. The Conference will discuss how electoral risk management has been, or has to be, updated to include both strategical and tactical measures to cope with new risks that affect electoral processes.
The role and duties of public authorities and providers of public security should therefore be discussed during the Conference, which covers public trust through legislation and practice.
Electoral security must be accompanied by appropriate judicial measures. An appropriate adjudication by EMBs, the judiciary, or a special tribunal, of electoral disputes and complaints about abuses or violence is a crucial part of electoral integrity.
Focus on cybersecurity
One definition of cybersecurity: cybersecurity encompasses all the tools, policies, security concepts, security mechanisms, guidelines, risk management methods, actions, training, best practices, safeguards and technologies that can be used to protect the cyber environment and assets of organisations and users. Cybersecurity also refers to information technology security. One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks, which applies particularly to electoral processes. Another element is the technical nature of ICT systems that make electoral processes less directly observable by citizens, creating a 'black box' protected by security protocols and copyrighted codes.
Importantly, countries affected are not just those that vote electronically. Elections rely on ICTs for other important phases of electoral processes such as voter registration, ballot counting, transfer of results and everyday communication with citizens. Political parties and candidates also rely constantly on ICTs for communicating and canvassing, including the sharing of sensitive information.
Hacking in elections should be expected to increase in the coming years. Cyber-attacks are not limited to election administration, but they also affect political parties, candidates, and may even target other infrastructures that are required on election day, such as electricity and telecommunication links. Even where electoral commissions are well-secured, rumours about vulnerabilities can have an impact on public confidence.
Cyber-attacks are criminalised under the Council of Europe’s Budapest Convention on Cybercrime, which remains to date the only international framework on cybercrime and electronic evidence. The Conference will debate the role of the law-enforcement activities in fighting cybercrime in the context of electoral processes.
Regarding cyber-interferences – but also interferences through traditional media such as newspapers, TV –, the use of “fake news” as well as leaking sensitive information during electoral campaigns by different actors interested in the outcome of elections is a major challenge for democratic elections. Spreading disinformation and rumours during electoral processes is a concern for many EMBs, such as disinformation aimed at discouraging voter participation or dissemination of fake election results to create doubt.