Committee pushes 'cyber taskforce' for security of Australia's election system

The Joint Standing Committee on Electoral Matters is tasked with overseeing the Australian electoral system, specifically the activities of the Australian Electoral Commission (AEC).

Its Status Report [PDF], released on Friday, follows the November publication of the Report on the conduct of the 2016 federal election and matters related thereto [PDF], which made 31 recommendations to the AEC regarding cybersecurity, in particular where the manipulation of elections was concerned.

One of the recommendations made by the committee was that the Australian government establish a permanent taskforce to "prevent and combat cyber manipulation in Australia's democratic process" and to "provide transparent, post-election findings regarding any pertinent incidents".

Specifically, the taskforce, the committee wrote, would focus on "systemic privacy breaches".

In its latest report, the committee again recommended the taskforce be established.

"The committee has already identified the need for a permanent taskforce to prevent and combat cyber-manipulation in Australia's democratic processes and clarification in the legal framework surrounding social media services and their status as a platform or publisher," it wrote.

Pointing to the recent online attack that hit the nation's political parties, forcing a password reset of all Australian Parliament House network users, including politicians and all of their staffers, the committee suggested that political parties may need more support to ensure the security of their systems.

"Political parties are small organisations with only a few full-time staff, yet they collect, store and use large amounts of information about voters and communities," the committee quoted federal opposition leader Bill Shorten as saying following the attack.

"These institutions can be a soft target, and our national approach to cybersecurity needs to pay more attention to non-government organisations. Our agencies shouldn't be just providing advice to political parties but actively assisting in their defence."

"Like the threats, the solutions to these issues are multifaceted," the committee added.

Similar concerns were raised with government agencies earlier this month when the Joint Committee of Public Accounts and Audit probed the cyber resilience of three Commonwealth entities, hearing from the National Archives of Australia that it was concerned with its capacity to achieve full compliance and measure such compliance accordingly.

"I think the advice we received is good; however, I do think the bigger point remains that with self-assessment and reliance on individual agencies, each with an uneven capability and an uneven technical knowledge, we're not going to achieve a consistent resilience across the Commonwealth." Director-General David Fricker told the committee.

In compiling its report, the electoral matters committee said it was considering the extent to which social media bots may have targeted Australian voters and political discourse in the past; the likely sources of social media manipulation within Australia and internationally; ways to address the spread of deliberately false news online during elections; and measures to improve the media literacy of Australian voters.

With the committee noting that disinformation campaigns have been known to influence electoral processes with subversive political messaging, using the 2016 United States Presidential Election and the United Kingdom regarding Brexit as examples, it held hearings with both Twitter and Facebook to discuss what measures the tech giants had in place to "address malicious actors".

See also: Mueller report confirms the worst: National sovereignty is at risk worldwide

While the committee accepted Twitter's promise of stronger advertising regulations aimed at ensuring that political advertising is run by verified individuals, organisations, or registered political parties, candidates, or groups, it was concerned that Facebook was not adequately applying the authorisation rules set out by the Electoral Act to advertising on its platform.

Pointing to a report from the ABC, the committee said it was unacceptable that Facebook executives took a month to respond to AEC concerns about sponsored content from group campaigning on foreign donations laws.

It also considered Facebook's promise to make an announcement on political advertising rules after the federal election as unacceptable.

"The political advertising authorisation rules set out by the Electoral Act apply to all political advertising in Australia, regardless of which platform is used. Like all businesses operating in Australia Facebook has a responsibility to ensure that it complies with local content laws," the committee wrote.

"Further, the committee is also concerned with reports that Facebook is restricting independent scrutiny of advertising on its platform."

Read also: Facebook says people, not regulators, should decide what is seen

Although there has been no evidence of any cyber manipulation in the 2016 Australian federal election, the committee believes that given international events, it is essential that the issue be "actively considered as a part of Australian elections".

"Australia cannot wait until an electoral crisis occurs, and we should not be complacent or diminish the probability of this threat," the committee wrote.

"The evidence presented to the committee and other international investigations shows the power of social media companies to shape what we see and how we see it.

"Governments must address the degree of responsibility of social media companies for their content, together with ways to bring greater transparency to their methods of regulation and moderation. Inconsistency and ambiguity over Facebook's responses on its status as a platform or publisher suggests self-regulation is problematic."

MORE FROM AUSTRALIA

• Australian Electoral Commission battens down the cyber hatches
• Flaws in ACT election systems could reveal voters' votes
• NSW Electoral Commission claims it is safe from second SwissVote flaw
• Australia Post details plan to use blockchain for voting

ELSEWHERE

• Cyber-espionage warning: Russian hacking groups step up attacks ahead of European elections
• Now Russian hackers are using Brexit as part of their cyber attacks
• Google warned: YouTube ads interfere with elections
• Elections 2018: Is misinformation killing democracy?
• Twitter took down accounts from Iran, Venezuela, and Russia that tried to influence 2018 US midterms
• Election hacking: The myths vs. Realities (TechRepublic)
• How to combat global election hacking (TechRepublic)