Author: Priti Rangnekar
Exploiting the Line Between Vigilance Regarding Cybersecurity Threats and Distrust in the Democratic Process
As Justice John Paul Stevens wrote, “public confidence in the integrity of the electoral process has independent significance because it encourages citizen participation in the democratic process.” With concerns about foreign interference stemming from 2016, misinformation regarding mail-in ballots, and even widespread uncertainty regarding the election’s outcome and reporting, public opinion regarding the democratic process is mired with confusion and conflict. Unfortunately, the erosion of this public confidence is only being exacerbated with a growing threat — perception hacks.
What is a perception hack?
A recently popularized catchphrase, perception hacks are relatively small-scale intrusions that are unlikely to cause significant harm but have a disproportionately large psychological impact on the public. Essentially, malicious actors seek to capitalize on uncertainty and existing expectations or fears of election interference, generating a perception that they have a major impact.
“What concerns me the most is the steady drumbeat of misinformation and amplification of smaller cyber intrusions,” FBI Director Christopher Wray has said in a September hearing, expressing fear of further reductions in voter confidence. Eddie Perez, a director at the Open Source Election Technology Institute, highlights that such intrusions in themselves have negative consequences: “to be effective, all that is required is for the public to perceive a problem — whether real or not.”
Concerns about perception hacks have also been shared on the local level. "If everyone knows that the Russians are trying to get into our election systems, that creates a lot of panic and distrust in the public, and sometimes I think that may have been all they wanted to do, because they didn’t get in,” said Connecticut Secretary of State Denise Merrill. She further added that while addressing technical issues with systems or hardware would be manageable, “a campaign of disinformation that’s raising suspicion about our election” would be the greatest concern.
Coordinated Inauthentic Behavior
Before delving into the specifics of perception hacks in the context of this election, it is important to understand a broader concept: coordinated inauthentic behavior (CIB). CIB is the phenomenon of groups of pages or people working together to mislead others about their identity or actions. “When we take down one of these networks, it’s because of their deceptive behavior, not because of the content they’re sharing,” explains Nathaniel Gleicher, Head of Security Policy at Facebook. For example, although a network may not have false content, if it appears to be run from one part of the world when it is truly run from another, the network may be taken down. According to Gleicher, Facebook’s approach can be summed up by the strategy “look for the needle; shrink the haystack.”
Expert investigators look for and take down the most sophisticated networks.
Build technology to automatically detect and remove the most common threats.
As a result, expert individuals are able to dedicate their skills and efforts to combating the most complex or dangerous threats (looking for the needle — sophisticated networks), since common or low-impact issues are dealt with by automation (shrinking the haystack of all threats).
Examples of Perception Hacking
Leading up to the 2018 midterm elections, a Russian troll farm had created a social media trap. In an attempt to stir concerns about election meddling and sow distrust among the electorate, a website falsely claimed to know the results of the election as part of Russia’s Internet Research Agency. Nevertheless, it did not receive much attention.
In 2020, one of the three networks recently taken down by Facebook originated in Iran and focused primarily on the US and Israel in promoting fake news regarding nonexistent election-related threats via email and Facebook.
Iranian hackers sent intimidating emails to voters in Alaska and Florida claiming to be from the Proud Boys.
US officials and the media had been spreading news of Russian and Iranian groups breaking into state and county data election systems in the past few months. However, much of the concern regarding this specific occurrence was unwarranted, according to Nina Jankowicz, an author, Former Fulbright-Clinton Public Policy Fellow, and Disinformation Fellow at the Wilson Center. The obtained voter information was publicly available, presenting little to no threat to the election process itself.
In some ways, this is the opposite of the 2016 election scenario, in which Russians had run an elaborate interference campaign which included social media efforts, but the American public was not as aware or concerned about the threat until after the election itself.
Why has perception hacking increased?
Decrease substantive capabilities. Following the 2016 election, we have seen improved efficacy and awareness in the tech industry and government for identifying and incapacitating networks with CIB. For example, Facebook has shut down 2 Russian disinformation networks operated by intelligence services, as well as one affiliated with a troll farm. Since this has made it more difficult for malicious actors to have a true impact on election security while going undetected, attackers may opt for a different strategy — hoping to be noticed for their “perception hack” in order to undermine confidence in the election for citizens and voters. Thus, even when the actual casting and counting process in the election is unaffected by foreign nations such as Russia and Iran, we still see an increase in doubt regarding the legitimacy of the election and its results, as well as the use of misinformation to influence voters.
Complexity of the elections system. “Given the size, complexity and diversity of America’s electoral system no country has the ability to change the outcome of the election,” an official said on the eve of Election Day. However, as Gleicher explained last week, this same complexity can be leveraged to create perceptions of large-scale, convoluted influence operations, when in fact, there are none.
Compounding of variables. Even without explicit cybersecurity threats or social media influence by foreign nations, American citizens have already been facing confusion and distrust in aspects of the democratic process. With President Trump’s efforts in discrediting mail-in ballots and cultivating fear of voter fraud, as well as growing concerns regarding the counting of ballots and validity of the outcome itself, there is already fertile ground for fostering conflict and paranoia.
Targeting battleground states. “We’re closely monitoring for potential scenarios where malicious actors around the world may use fictitious claims, including about compromised election infrastructure or inaccurate election outcomes, to suppress voter turnout or erode trust in the poll results, particularly in battleground states,” Gleicher has stated. In addition, efforts to delay or disrupt results in battleground areas such as Detroit or Philadelphia could increase havoc.
Ways to Address Perception Hacking
Citizens and the Public: It is wise to remain calm and judicious regarding information online. As the MIT Technology Review urges, we must “distinguish between relatively harmless election mishaps and cases of true malfeasance,” noting that technical glitches or problems such as misprinted ballots or long lines are often benign and should not be immediately considered evidence of interference or malicious actions.
Social Media and Other Tech Companies: Gleicher has pointed to efforts such as an independent third party fact checking networks, fact-check labels (leading 95% of viewers to not click), as well as providing clear statements on topics such as mail-in ballots, which have historically been safe and not a cause for concern.
Partnerships Between Companies and the Government: Elections operations centers at Facebook bringing together 40 teams, partnerships with the Department of Homeland Security, state and local elections officials, civil society groups, and other tech platforms.
Without a doubt, there is a need to maintain a balance between identifying and preparing for legitimate cybersecurity threats, while also ensuring that truly harmless events or perception hack efforts do not decrease civic engagement or increase unnecessary conflict. By pursuing a combination of goals to improve existing election infrastructure and technology, trust in proven measures for preventing election threats, and commitment to verifying what we are exposed to by the media, we can ensure preparation without spreading paranoia and falling prey to hacks of perception.
Sources