Back in May 2021, the New York State Attorney-General issued a report on a scheme by “US Companies and Partisans [to] Hack Democracy”.
This wasn’t some light matter, but serious revelations of a concerted attack on a core element of democracy – the ability of citizens to express their freedom of speech. It’s not so much the “what” but the “how” I’m interested in.
Basically this was done by generating millions of fake comments on social media purporting to come from real citizens.
The danger is artificial intelligence (AI) technologies are making it possible to generate genuine-seeming comments at scale, drowning out the voices of real citizens in a tsunami of fake ones. What the New York report showed is that a few big telecommunications companies paid millions of dollars to specialist “AstroTurf” companies, also known as lead generators, to generate public comments.
These companies then stole people’s identities from dead files and from hacked data dumps and attached them to 9 million public comments and half a million letters to members of Congress.
All of the posts and comments basically said they supported the corporations’ position on the hotly debated policy issue of “net neutrality,” the idea that telecommunications companies must treat all Internet content equally and not prioritise any company or service.
They were discovered because the fakes were crude even identical!
Next time we may not be so lucky. By the way those “AstroTurf” companies were fined millions of dollars, but they were convicted in a civil case rather than a criminal one.
Perhaps in future lawmakers, in the interests of preserving freedom of speech, might consider these types of hacks more criminal in nature.
AI technologies are about to make it far easier to generate enormous numbers of convincing personalised comments and letters, each with its own word choices, expressive style and linguistic tones.
The people who create fake grass-roots organisations have always been enthusiastic early adopters of technology and the use of AI technology is a natural progression.
I’ll name one AI technology as an example – take Generative Pre-trained Transformer 3, or GPT-3, an AI model created by OpenAI, a San Francisco based start-up.
With minimal information, GPT-3 can generate convincing seeming newspaper articles, résumé cover letters, even Harry Potter fiction in the style of Shakespeare.
It is trivially easy to use these techniques to compose large numbers of public comments or letters to politicians.
When the floodgates open, free speech is in danger of drowning beneath a tide of fake letters and comments, tweets and Facebook posts.
The danger isn’t just that fake support can be generated for unpopular decisions, but that public perception may be completely warped!
While former US President Trump was always blaming “fake news” he wasn’t entirely wrong. Coming up to Fiji’s next elections in 2022, there is a danger of the elections being hacked on many fronts.
The most obvious is hacking the elections’ digital devices and servers, including voter registration database and even the voting machines themselves – which usually uses proprietary software and by the very nature of our unique electoral system would be unique as well!
For this I would suggest that independent InfoSec auditors check the functionality and conduct user acceptance-type testing of the entire electronic voting system.
This is fairly straightforward, but would quell any rumours and conspiracy theories of electoral voting systems being hacked.
This doesn’t rule out the insider threat, but sensible use of CCTV surveillance and stringent end-to-end physical security measures should minimise this.
As an added measure I suggest that maybe we should vote on hand-marked paper ballots, counted by optical scanners, and recountable by hand.
Those optical scanners are pretty accurate when they haven’t been hacked and for large populations it’s impractical to count all the ballots without them.
But we should always check up on the machines by doing random audits of the paper ballots. And those audits should be “strong” enough — that is, use good statistical methods and check enough of the ballots — to catch the mistakes that the machines might make or if they are hacked.
However, hacking elections by perverting public perception using social media networks is also a very real threat and although we have a fairly small population (<1 million of which almost 620,000 are eligible voters), most are fairly active online through our excellent broadband Internet infrastructure, low cost Internet services and a very high mobile penetration rate.
In Fiji as in many other countries, I am still astounded at the number of people that consider social media networks a reliable source of news especially Facebook posts and YouTube videos (Instagram/Tiktok for the younger generation).
The use of social media networks for influencing public opinion is so pervasive that the Russians, for example, have taken it to another level.
Introducing the St. Petersburg-based Internet Research Agency founded in mid-2013. Also known as the Trolls from Olgino or more commonly the Russian Trolls, they have employed fake accounts on major social media platforms, discussion boards, newspaper sites and video hosting services to promote the Russian government’s domestic and foreign policy.
This has taken a more sinister role in alleged interference in foreign countries democratic processes by impacting public opinions on their politicians and various other issues of interest.
Employing 1000s of bloggers and commenters whose main task is to meet a daily target of writing thematic posts and comments to allocated fake accounts.
The agency has also leveraged its trolls to erode trust in foreign political and media institutions and political figures amongst others.
Recently the Russian Internet Research Agency has used bots and trolls to sow misinformation about the safety of COVID-19 vaccines, encouraging discord in many countries.
In addition to this, recently CNN has revealed that the Russians and the Internet Research Agency have been running “troll factories” in other countries in Africa.
I believe this is just the tip of the iceberg and does not even consider what the Chinese, North Koreans and others are doing in this space.
Taking into consideration that an estimated 6540 per cent of all Internet traffic is automated (non-human) or bots of which only 2540 per cent are “good” bots associated with legitimate search engines etc the other 4040 per cent are “bad” bots.
That’s 40 per cent of all Internet traffic globally!
As always, God bless you all and stay safe and masked in both digital and physical worlds this weekend.
- ILAITIA B. TUISAWAU is a private cybersecurity consultant. The views expressed in this article are his and not necessarily
shared by this newspaper. Mr Tuisawau can be contacted on ilaitia@cyberbati.com
