Late last month, I joined Steven Malby, head of the Commonwealth’s Office of Civil and Criminal Justice Reform, on an early morning train to St Hugh’s College in Oxford for a workshop on Cybersecurity and the Democratic Process. The workshop was jointly organised by the Inter-American Committee against Terrorism and the Organisation of American States.
Cybersecurity is an important and expanding area of work for the Commonwealth. We are currently working on four cyber projects to help member countries implement the Commonwealth Cyber Declaration adopted at the last Commonwealth Summit. They include a programme in the Caribbean to train investigators, prosecutors and judges on cybercrime investigation; the establishment and training of criminal justice focal points for electronic evidence across the Commonwealth; a review of cyber laws and policies in three African countries; and the development of a guide and technical support to strengthen cybersecurity in elections.
At the workshop in Oxford, Steven spoke on a panel about good practices and experiences in addressing digital threats to elections. He highlighted the role of election management bodies in the Commonwealth and how the quality of an election is inextricably tied to the authority and trust in the electoral institution. He emphasised that an election management body must have control over the whole process so that the election is viewed as legitimate. The legitimacy of the election process can be questioned by the public when there is an electronic vote, rather than traditional ballots with pen and paper. It is critical to ensure that in whatever format the election takes place, it is – and is perceived as – free and fair.
In Oxford, we also heard from government representatives from Guatemala, Belize, Mexico and Colombia about the cybersecurity threats they face. Participants learned that overwhelmingly, threats come in the form of viruses and malware. However, some countries had found hacks that could be traced back to government actors. The Commonwealth encourages cooperation between member countries so that there is awareness and knowledge of these cybersecurity risks. It is only with an understanding of these threats that frameworks can be developed to manage them.
The workshop participants also heard from the UK National Cyber Security Centre about the volume and types of cybersecurity threats experienced in the UK. This prompted discussion on how and whether ‘fake news’ and disinformation should be viewed in cybersecurity terms. There was also an interesting presentation by William Dutton of Oxford University regarding the role of the internet and social media in swaying political beliefs. His data suggested that while the internet can create ‘echo-chambers’ (where our views are sorted by complex algorithms), this has little effect on changing our political inclinations in practice.
Overall, we had a very insightful day in Oxford hearing from other regions about cybersecurity challenges faced and fruitful conversations about what can be done to remedy these issues. The Commonwealth hopes to build upon the learnings of the day to inform the delivery of our four projects over the coming year.