Israel is buzzing these past few days with news of a breach of the entire country’s database of voters, which was accessible to anyone through an app developed for the Likkud Party by a company called “Elector.”
Before every election in Israel, national or local, the “voter book” is delivered to hundreds of parties, factions, and candidates by the Ministry of Interior, so that they can make contact with voters during their campaigns. The voter book – of course, it’s a digital file – includes names, addresses, identity numbers, father or mother’s name, and voting area. The distribution is sanctioned by the national electoral law and is intended to support the democratic process. It makes it possible for new parties and small ones that have not accumulated large databases of supporters to compete with the big and old parties. This way, new parties are granted a fast pass to the starting line for each campaign. It also allows the candidates to actively rally people to vote and help the elderly and disabled travel to the polls to cast their votes.
However, this high-minded idea has long been undermined by a well-known, systemic, and persistent problem: the Information provided by the Ministry of Interior is in an unprotected basic file, is practically unrestricted in use, and the users who access the information are not monitored. That means any of the recipients could forward the information not only to field activists or polling services, but also to app developers and data brokers. That is exactly how the information came to Elector. The company provided services to the Likud, Shas, and Israel Betinu parties.
The most sensitive information in the register are identification numbers – “anchor” data that allows for the precise identification of a person in Israel – similar to Social Security numbers in the U.S. The release of identification numbers is even more disturbing when they are paired with names and addresses from the voter file. The information is exposed and widely circulated each election campaign (again, vulnerabilities in this system have been known for a long time) and has been used by data brokers, private investigators, and polling companies. Data from the voter file also has been fused together with other data collected online and Census public tables released by law, allowing data scientists to extrapolate demographics and political views.
Data thieves with access to the database hold a rich dossier on each voter. That increases the risk of identity theft, targeting of populations for aggressive and fraudulent online marketing, or even improper influence on political campaigns.
The law states that after an election campaign, the voter file must be returned to the Ministry of Interior, and should not be used for other purposes besides contacting voters during an election period. The parties even sign an affidavit with their commitment. Unfortunately, that piece of paper is no match for the pressures toward sharing the data further and using it for more purposes. After all, the effort required to replicate, transmit, and share information is virtually nil and the value of the information for a variety of legal and illegal uses is great. Tragically, exposing the information endangers each and every citizen of the State of Israel.
And what about small and new parties that fall apart after the elections? The information they have can “hang around” on any laptop sold or taken after the campaign. After all, it’s hard to hold anyone accountable for the data protection failures of a defunct political party.
The Government of Israel was supposed to create a safe communication system years ago to provide secure access to voter data for the limited purpose of contacting voters during an election. Repeated inspections by the Privacy Protection Authority starting in 2009 recommended the system be strengthened. Flaws were made known to government senior officials and the public.
A responsible solution to this persistent failure would include an immediate and vigorous risk assessment and implementation of Privacy by Design tools. Israel should implement a centralized or distributed IT system that is secure, encrypted, monitored, and logs users’ activities. Its use should be limited according to a sound policy that takes into account the parties’ needs during campaigns and our wish to support the democratic process while eliminating the unintended consequences of weak data protections. The government needs to legislate this new system into the 1969 Elections Law and prioritize funding for the project.
In the age of hacks and data breaches, continuing to hand over the voter file to dozens of parties without protection and control over its uses is a massive systemic failure. The next crisis is coming. Data lists and files are still stored on networks, computers, and phones of campaign staff and vendors. Instead of waiting for the next headline, the government must act now.
For more information regarding this data breach, including a systematic overview of all the privacy vulnerabilities, please read Uri Berkowitz’s article on Globes.co.il, which can be found here.
Online Election Propaganda: manipulation, disinformation and dangers to democracy
The book “Network Propaganda: Manipulation, Disinformation, and Radicalization in American Politics” is an academic work combining research in law, sociology and media studies. The book examines the changes that occurred in the resilience of liberal democracies and the influences of media technologies on American politics and democratic processes. Specifically, the research examines the impact of the media on the political ecosystem in the recent elections campaign in the United States.
The book establishes that the two sides of the political map are not equal when it comes to evaluating “news” stories.
The main part of the book analyses millions of data and stories published over 3 years, specifically which might or might have not gone viral during the US elections campaign in 2016.
As the authors write, “the presence and attention of both journalists and readers to diverse sites was enough to enforce a hard constraint on the ability to disseminate politically affirming falsehoods.”
The research didn’t find this pattern of action by right-wing political forces mirrored by the left wing. The false stories that were disseminated by the left wing had no parallels what so ever, in the levels of visibility or trust that has performed the same function on the right.
The dynamics in the right, the authors found, “rewards the most popular and widely viewed channels at the very top of the media ecosystem for delivering stories, whether true or false, that protect the team, reinforce its beliefs, attack opponents, and refute any claims that might threaten ‘our’ team from outsiders.”
The reasons for the results of 2016 elections was, according to the authors – the constant loop of the semi-journalistic right-wing media, that had the most impact.
Professor Benkler is also calling us to embrace the view that the problem is not with technology or it’s effect on our lives but to acknowledge that behind those technologies are humans who are using it and taking advantage of it. People are responsible for the long-term outcomes on the geopolitical system, and not an indication of a failure of the technology itself.
This assertion has profound implications not only for the study of the recent past but also for predictions about the not-so-distant future. Now is our chance to promote a policy to deflect the ill use of technologies.
