A colossal amount of stolen personal data on German politicians, journalists and celebrities was shared online this month.
The hacker, who admitted to his actions, is expected to face a mild sentence if he continues to co-operate with investigators, partly because he has provided an important wake-up call about the weakness of security in vital systems. Horst Seehofer, interior minister, conceded the use of incredibly weak passwords such as “iloveyou” and “123”.
How many more warnings do politicians need? We can expect many more hacks and leaks, especially in the run-up to crucial European elections in May. Preparations must be made to protect voters against the manipulation of political parties, candidates and journalists across Europe. We need to stress-test all technological systems used in vital democratic processes.
By improving the cyber security of political party databases and email servers, and by updating software and the security of electoral systems, some attacks can be avoided. Similarly, providing training to spot phishing and other tricks, as well as the use of two-step verification and encrypted messaging, can go a long way. Public resources should be freed where needed. After all, the resilience of democracy is in the public interest.
Beyond foreign interference and hacks, political candidates and parties receive all kinds of advice on the use of the internet and social media to optimise their reach among voters. They should commit not to deploy bot networks, either directly or through consultants, nor use “ deep fake” technologies in election campaigns. Parties should reveal the sources of non-public campaign financing and be transparent in political advertisements, even if the law does not require them to be.
These are not fictional concerns. In the US, the Democratic party has learnt that the hard way in Alabama. The Washington Post has revealed a 2017 Kremlin-inspired scheme named Project Birmingham in which data experts allegedly created fake social media accounts to share deceptive messages with voters. Of the donors, consultants, campaign teams and candidates who have acknowledged involvement, all have denied knowing the full extent of their deployment. Facebook is conducting an investigation.
Then there is the question of how to respond to data released through hacks and leaks. Journalists in Germany and beyond are now debating how to handle stolen information. Do they publish, no matter the source, if the leaked materials are in the public interest? Or will home addresses, details of secret lovers, and family photos remain off limits?
Journalists in Germany and beyond are now debating how to handle stolen information, even if the leaked materials are in the public interest
Some hacks are useless if they do not reach large audiences. The drip-feed publishing of hacked internal Democratic National Committee emails in 2016 in the US was certainly disruptive right before the presidential elections.
That stolen or leaked data do not create a sensational effect when the media take a different approach was clear in France in 2017 when last-minute revelations about Emmanuel Macron, then a presidential candidate, were not reported until after the elections. Candidates in France are generally not supposed to communicate in the 48 hours before elections, and a stark warning was issued to the media by the French electoral commission that sharing stolen information could be a criminal offence. Editors and journalists all over Europe should consider a code of conduct to deal with hacks and leaks as a matter of responsible journalism.
The first week of 2019 has offered a warning for European politicians and public authorities to prepare better for an election year with high political and digital stakes. With better preparation it is not too late to increase resilience all over Europe. Let the latest German hack be the very last wake-up call.
The writer is a Dutch politician and Member of the European Parliament