Cyberspy service eyes political blackmail as part of democratic risk assessment

Safeguarding personal information on voters lists, ensuring election ballot tallies aren’t manipulated and preventing fake news from swaying the public might also be part of the study, said Scott Jones of the Communications Security Establishment.

The agency is thinking in rather broad terms at this point about the risk assessment the government has requested, Jones said Monday after a talk sponsored by the University of Ottawa’s Centre for International Policy Studies.

But he added the agency is looking to federal ministers for direction on how sweeping the exercise should be.

“What are the things we need to be able to protect against? What are the things we need to be aware of?” asked Jones, the CSE’s assistant deputy minister for information technology security.

The secretive CSE uses highly advanced systems to monitor foreign communications for security-related threats and intelligence of interest to Canada. But it also plays a key role in defending federal cybersystems from exploitation.

The Liberal government recently asked the CSE to analyze risks to Canada’s political and electoral activities from hackers, as well as provide cybersecurity advice to political parties and Elections Canada.

The disclosure of stolen Democratic Party emails, published by WikiLeaks, proved highly embarrassing last year to U.S. presidential contender Hillary Clinton. American intelligence officials said Moscow led the attack, though the Russian government has denied involvement.

There were even questions as to whether election-day results were electronically distorted, though no evidence that this had taken place.

Some have suggested that Canada’s reliance on paper ballots for voting helps protect its election processes from hackers. However, Jones noted the possibility of someone tinkering with the digital counts of all those paper slips.

Beyond threats to electronic databases, there are concerns that politicians themselves might be compromised.

A “customized threat briefing to parliamentarians” could emerge from the Canadian risk assessment, given the potential dangers from extortion, Jones suggested.

“I kind of expect my member of Parliament to work for me and not to be manipulated or blackmailed or embarrassed into doing something else,” he said.

“These are things that we’re thinking about.”

Jones is also mindful of forces that can unduly influence public thinking, such as fake news and ill-informed tweets. “Our opinions could be shaped by a Facebook post with no way of determining whether it’s legitimate or not.”

It is unclear how far the review will delve into such interference, or whether anything can be done about it, Jones said.

“We’re thinking really wide right now, and how big does this need to be? And then saying, well, which pieces do we need to cover? And how can we help?”

– Jim Bronskill

News from © Canadian Press Enterprises Inc. 2017