June 13, 2017
How to Putin-Proof Your Elections
By Jakub Janda and Veronika Víchová
The European Values Think-Tank’s Kremlin Watch Program has looked into Russia-linked interference operations in the UK, the Netherlands, United States, France, and Germany and identified thirty-five ways governments can mitigate hostile foreign interference. One size doesn’t fit all, of course, but some steps are universal.
Democracies must start treating their electoral process as part of their critical infrastructure. Any hostile foreign meddling is unacceptable, and we need to cut it off. The electoral process is sacred for good reason.
Elections are more than casting and counting votes; campaigns and the ways societies are informed about them also matter. A comprehensive assessment of the state’s strengths and weaknesses against hostile foreign influence is the first step, and the Czech National Security Audit can be used as a framework.
Governments are much better off admitting they cannot tackle the threat of election interference alone. They need the support of the media, private sector, and civil society. Those actors—if independent and strong—can sometimes expose Kremlin proxies faster and better than governments. For example, in early 2017, the Kremlin spread a fake story that German soldiers had raped a Lithuanian girl, which was swiftly debunked by Lithuanian media and civil society.
That’s why it is worrying that major countries like Germany and France lack a robust network of specialized expert bodies, and systematic research on hostile foreign influence and disinformation is almost non-existent. There are also countries, like Slovakia, where civil society is the only national actor fighting Russia’s subversive influence; it lacks official support. The Czechs and Swedes have put together good models that others should emulate, dedicating teams at the Swedish Civil Contingencies Agency (MSB) and the Czech Centre Against Terrorism and Hybrid Threats (CTHT) to study and counter this threat.
Civil society and open-source research organizations can make a difference. When sufficiently funded, they can build capacities for real-time monitoring of disinformation campaigns and rapid digital forensics investigation to identify origins and the nature of the penetration. For example, the work of Bellingcat and the Atlantic Council’s Digital Forensics Research Lab is exemplary. More is certainly needed.
Kremlin picks candidates
Disinformation operations are Russia’s weapon of choice. We have seen hundreds cases of disinformation successfully spreading into the mainstream media and influencing domestic politics. When it comes to elections, Moscow has two options; it can support a preferred candidate, or attack the non-preferred candidate.
Even before a campaign begins, Moscow may provide its candidate with financial and media support. Apart from the well-known financial injections to Marine Le Pen’s National Front, there are also less visible cases. In Finland, a Russian-funded neo-Nazi hate site MV-lehti and a network of similar sites have for months aggressively promoted suspected criminal Ilja Janitskin for president. Moreover, candidates might receive intelligence support by a foreign power, for example, information on an opponent’s weaknesses or hidden scandals. Even though this can never be fully avoided, countries can review their legislation to make the consequences severe. Colluding with a foreign intelligence agency, even through proxies, should be an absolute no-go. Domestic security institutions should explicitly say that if such a situation happened, it would be made public immediately and prosecution would follow.
Coordination within government is also important. In the Netherlands this spring, there was a special inter-agency working group dedicated to protecting the elections; the Czechs are now running one as well.
The Kremlin’s usual method, as the French and US intelligence agencies have concluded, is to attack the non-preferred candidate. They did this in the United States, France, and Germany. The playbook is simple: create disinformation, engage bots and other automated online tools to spread various smears and accusations, hack the non-preferred candidate’s campaign, and disseminate the materials through Kremlin’s useful idiots such as Wikileaks. Many would say there’s nothing that can be done, which is false. Governments should set up clear frameworks on how their security experts can offer assistance to all campaigns. Also, standardized communication channels and criteria between campaigns and the official government institutions protecting the electoral process need to be established for early warnings and reporting of possible major incidents against the campaigns.
French President Emmanuel Macron’s campaign demonstrated the utility of preparedness when it was hacked. Macron was probably the first candidate Moscow really wanted to hurt, but the Kremlin failed because Macron’s campaign invested into cyber security and prepped contingency plans for the expected attacks. And it worked.
Informal networks of private volunteer investigators such as the Baltic Elves or the Polish “Fifth Column” can be crucial during a crisis; they will publicly expose the Kremlin in real time. Governments should support these activities, for example by funding classes on basics of cyber security for wider audiences.
Another step would be going after online bots. All democratic campaigns can pledge they won't use any kind of automatized online bots. Electoral legislation can be amended to specify what isn’t legitimate.
It’s important to remember that Russia is not invincible. Sergei Kisylak is not James Bond. Moscow’s plans will not always work. But one can be sure that if Moscow has a preferred candidate, it will pursue its goals aggressively. It’s time to push back with courage and strength.
Jakub Janda is the head of the Kremlin Watch Program at the European Values Think-Tank in Prague. Veronika Víchová is an analyst at the Kremlin Watch Program at the European Values Think-Tank.