Digitising Europe – Protecting democratic processes in Europe from digital threats: the importance of intelligence agencies

ISSN: 2736-6065

“Digitising Europe” is the new ELF Blogposts series that engage with policymakers, industry experts, and academics in order to contribute to a better understanding of how technological change is also driving social, political, and regulatory affairs. Understanding ongoing processes in Cyberspace, regulatory framework of digital market, digital platforms, space, Artificial Intelligence and how those new technological advancements impact our societies is essential to gauging and mitigating the impact of new technologies on our societies.

By Ricardo Silvestre, International Officer, Movimento Liberal Social

The spectacularity of the interference on the democratic and electoral processes observed in the United Kingdom European Union membership referendum (Brexit), and in the United States presidential election, in 2016, caught the world’s attention. The far reaching effects from the results of these two consultations raised a new awareness to the dangers of this kind of meddling, and with that the urgency to reinforce countermeasures to protect citizens from liberal democracies when called to ballot box. Importantly, this time, the perception is transversal to society, not only in politicians, law-makers, and media, but also in the regular voter. More countries were targeted with similar activities, for example, in Ukraine, Georgia and Moldavia. In the 2017 French Presidential election, the headquarters of La République En Marche was victim of a massive cyberattack. In Germany, in 2015, malicious software was detected in the Bundestag, and then in 2016 in computers at the headquarters of the Christian Democratic Union party. These attacks are not limited to political organizations. In the Netherlands hackers targeted the Ministry of General Affairs, where the Prime-minister office is located. The same was observed in Whitehall, the political center of the United Kingdom, where are located the office of Prime-minister, the Ministry of Defence and, at the time, the Foreign & Commonwealth Office.

What can be influenced?

The aims of this kind of operations are known: publication of stolen political information to suppress turnout and to influence voting decisions, and to increase political radicalization and polarization via fracturing topics. The dissemination can be done either by “cut-outs” (front organizations linked with the perpetrators), traditional press (willing or unwilling) and now with social media networks. The effects are an anathema to liberal values, crucial to the functioning of a democracy. These values include civil and political rights, an open society, fair participation in the democratic processes, but, most importantly, the freedom to make an informed choice regarding the people who represent us, our ideas and vision in the government. In 1787, James Madison, in the Federalist Papers, stated that governance by representatives needs a refinement and enlargement of the public views by “passing them through the medium of a chosen body of citizens, whose wisdom may best discern the true interest of their country”. It is clear that with the digital revolution, this “medium” is now vulnerable to actors that want to harm the interests of rival countries, being one of them the correct functioning of democracy.

Intelligence and security Agencies in Brexit and in the US Presidential election

After Brexit, suspicions existed in the United Kingdom of an underestimation, or worst yet, a minimization, of the effects of possible foreign intervention in that public consultation. That led the House of Representatives to demand a report on the security around the referendum. This report was produced by the Intelligence and Security Committee, which holds in its preview the supervising of the Security Services (MI5), the Secret Intelligence Service (MI6) and the Government Communications Headquarters (GCHQ). In the report, simply titled “Russia”, there is a section that deserves special attention: “(…) The brevity was also, to us, again, indicative of the extreme caution amongst the intelligence and security Agencies at the thought that they might have any role in relation to the UK’s democratic processes, and particularly one as contentious as the EU referendum. We repeat that this attitude is illogical; this is about the protection of the process and mechanism from hostile state interference, which should fall to our intelligence and security Agencies”. This is an important warning that needs to be taken into consideration. There are natural questions about the role of intelligence and security agencies on democratic and election processes. However, the alternative, a non-activation or an extreme caution of this important line of defense, also doesn’t make sense, or, is not “logical”, as stated in the report.

As for the United States, when (several) postmortems of the 2016 presidential election were produced, there was no reluctance from intelligence agencies in making their assessments known. This was the case when the Office of the Director of National Intelligence (DNI) produced a report, and a joint statement regarding the foreign interference detected in the election that lead to the victory of the Republican candidate Trump. Important to mention that the DNI collects information from the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), and the National Security Agency (NSA). In a more recent example of this continuous action, the CIA warned that the Russian President was “probably behind” a campaign to discredit the candidate, and eventual winner of the 2020 presidential election, Joe Biden, and that Iran was trying to intimidate voters and incite social unrest. In another example, this time inside the European Union, in the Netherlands, it was the Dutch General Intelligence and Security Service that made public the attempts by Russia to hack the emails from government officials presented above.

European Union capabilities

To fight these problems in its Member States, the European Union offers several instruments like the Action Plan Against Disinformation, the European Democracy Action Plan, the European Cooperation Network on Election, the Compendium on Cyber Security of Election Technology, the EU Cibersecurity Act, the Revised Directive on Security of Network and Information Systems (NIS2), and solutions for hybrid threats and cybersecurity. Equally, organizations like the European Union Agency for Networks and Information Security (ENISA) produces high-quality material for election security, and perform work on the field protecting elections to the European Parliament and in the Member States.

However, there is glaring absence in the “battlefield”, either to a lack of action, or due to an absence of information to the European Union citizen and voter. It looks that we are not using existing capabilities to collect information regarding election interference from hostile intelligence agencies, if not in the Member States internal elections (even if that would be a possible, with a joint work between local and central agencies), then in elections to the European Parliament. Currently, it exists the European Union Intelligence and Situation Centre (INTCEN). Its mission focus on generating early warnings and assessments on threats to the Union institutions and Member States, being in the area of security, defense and counterterrorism, aggregating classified intelligence from civilian intelligence services and agencies from the Member States, military authorities and EU diplomats. The inclusion of this Centre in a wider and integrated European strategy of protection of democracy looks beneficial, since it can serve as a first line of detection of signals, both from open source and human data collection, originating from adversarial countries and their intelligence agencies, and the development and activation of responses to said threats. These attributions can be given by the European Commission with the adoption of a resolution with a clear definition on how this kind of information, and responses, are shared with the Member States intelligence agencies, law-makers, both in the European Parliament and in EU countries, and with the voters when possible or advisable.

Due to the activities carried out by intelligence services from hostile countries trying to affect western liberal democracies, and the importance of an informed electorate about the threats and the fairness of political consultations, the protection of democracy also falls to intelligence and security agencies. In this respect, information gathering and sharing between European agencies can be crucial in the fight against malicious influences, joining others like cyber security, fight against misinformation, best practices for digital literacy, regulations of digital platforms, control of outside money to political processes and other hybrid threats.

Ricardo Silvestre, International Officer at Movimento Liberal Social.