Democracy in Danger: Foreign Intervention in Israel’s Elections via Cyber-Attacks

| Written By:

Eli Bahar and Ron Shamir examine the threats posed by foreign intervention (in its broadest sense) in Israel’s Knesset elections—by means of Cyber-attacks, whether at the state or sub-state level


This study examines the threats posed by foreign intervention (in its broadest sense) in Israel’s Knesset elections—by means of Cyber-attacks, whether at the state or sub-state level. These threats are very real, as recent years have seen multiple cases of states intervening in elections in other countries through the use of internet-based technology. The study does not examine attempts to influence the electoral process by non-internet means or by Israeli political actors, unless they are acting via a foreign entity, or are being utilized by a foreign entity in order to influence the elections by internet-based means.

The study aims at mapping and identifying the main threats to the electoral process and to public trust in the election results. the public’s confidence that the winners and losers are determined through  a process that was not falsified or tampered with in any other way is essential to the existence of our most basic social foundations. These threats are analyzed in the context of the technological, legal, and institutional environments in which the defense of Israel’s elections takes place. Policy recommendations are offered based on this analysis.

Among the countries that over the last decade have been identified as engaging in operations to exert influence via cyber tools, Russia has been the most prominent—albeit not the sole—example, having attempted to intervene in elections in the Ukraine (2014), the United States (2016), France (2017), Germany (2017), and the Netherlands (2017), as well as in referenda in the United Kingdom, the Netherlands, Italy, and Spain (2017). These actions were generally intended to support a particular candidate or undermine another, while some had other goals as well: to create divisiveness in those countries over issues of substance, and thus jeopardize social cohesion; to advance strategic goals, such as weakening the NATO pact; to undermine the principle of abiding by international norms; and to damage public trust in the democratic process.

Cyberspace  offers a wide variety of means and methods for influencing elections such as: theft of information from political figures and its dissemination  in a way and at a time that will be damaging to  opponents; corrupting information within the election system—ranging from altering the electoral register to tampering with  results—in order to undermine public trust ; preventing the use of systems through g DDOS (distributed  denial of service) attacks at a pre-determined time, and in places using  electronic voting systems, attacking computerized voting machines; creating and disseminating fake news over social networks; hoaxing third parties, such as journalists, by using false identities on the web; and more.

Experience shows that attempts to intervene in elections include three main types of attack: (a) on the execution of the electoral process at any of its stages, whether via forgery or by interference with or denial of service; (b) on political parties and figures by  various means, including stealing personal and political information and publicizing it at an advantageous time, interfering with party preparations for the elections, and more; and (c) attacks on  social networks and news sites as sources of major influence over voters’ political positions, using cyber tools.

Cyber-attacks on the electoral process may include the use of technological tools such as bots and big data technology; use of advanced tools for hacking into computer systems; and the use of paid trolls, infiltration of innocent web forums, and more. These tools have been used, for example, in influence operations aiming to disseminate misleading information to a very large audience; to steal information and selectively publicize it at a time that will have the greatest impact on the elections; in personalized micro-targeting operations; in operations to exert influence by damaging infrastructure; and more. What all these efforts tend to have in common is that the source of the attacks is camouflaged   making it very difficult to identify the state or organization behind them, and to clearly identify the attacker.

The outcomes of cyber-attacks on elections in the United States and other Western countries in recent years have demonstrated that no country can remain indifferent to the very real threat of such attacks against its electoral process and against public trust in the election results. Thus, a series of actions is required—for both defense and deterrence, in order to significantly bolster democracies’ resilience and to protect them against such attacks. However, when liberal democracies seek to defend themselves against attacks of this kind, many questions arise regarding democratic principles, most prominent  among them being ---how to ensure that activities designed to prevent attacks on the electoral process will not themselves be used to violate  liberal-- democratic principles as freedom of expression, privacy, and equality.

Cyber-attacks intended to harm Israel’s electoral process could be carried out in all the ways used to attack electoral systems in other countries. In addition, Israel is a polarized society being torn apart by strong internal tensions over many issues: Jewish-Arab relations, religion and state the future of the occupied territories, and more. Thus, a blow to the social consensus over the electoral mechanism as the main national expression of democracy and as the source of the government’s legitimacy and to undermine public trust in the election results—could be particularly harmful to what binds Israeli society together and makes it possible for Israel to function despite significant controversy. And so, protecting the electoral process in Israel is especially important.

A review of the institutional structure of organizations responsible for ensuring the security of the electoral system (its broadest sense) against cyber-attacks reveals that this responsibility is divided (as detailed in the study ) among several entities, including the Central Elections Committee, the National Cyber Directorate, the Israel Security Agency, the Israel Police, the Knesset Sergeant-at-Arms, the Ministry of the Interior, the Privacy Protection Authority, and the Registrar of Databases and the Cyber Unit in the State Attorney’s office.

It appears that the overall responsibility for protecting the elections from cyber-attack lies with the Central Elections Committee, while the preliminary stage (preparing the electoral registry) is the responsibility of the Ministry of the Interior. It is not clear who is responsible for protecting political parties, and in practice-- this is handled by the parties’ director-generals. As regards political figures who might be targets for attack, the Knesset Sergeant-at-Arms is partially responsible for data security for MKs and their parliamentary aides, but it is not clear who is responsible for protecting political figures who are not MKs, from cyber-attack. Influencing elections via manipulation of social media and news websites is the most problematic issue in terms of defining and setting clear responsibilities; here the division of responsibility between the National Cyber Directorate and the Israel Security Agency should be examined.

The main problem lies in the fact that monitoring the internet in order to protect free and democratic elections in and of itself fraught with clear dangers for democracy, in light of the concern that tracking the activities of voters and of political activists may limit freedom of expression and impinge on privacy and equality in the elections—values that are at the heart of the democratic process. Consequently, the precondition for any regulation or legislation on this issue must be an assessment of its impact on freedom of expression, on protection of privacy, and on other civil rights, given the sensitivity of the electoral process.

Moreover, this sensitivity requires a clear definition of hierarchy and clear rules on reporting, especially regarding the relationship between the Central Elections Committee’s constitutional responsibility to ensure elections that are untainted in any way and the fact that security organizations report directly to the government. In addition, principles for organizational coordination and boundaries between the security and enforcement agencies on this issue must be set, along with principles for notifying the public, and more.

The following policy recommendations are intended to strengthen and improve the defense of the electoral process in Israel, from Cyber-attacks by foreign entities, both in order to prevent any undue influence on the election results and to maintain public trust in them.

The main recommendations are as follows:
  1. The overall responsibility for protecting the elections process from foreign intervention should be given to the Central Elections Committee, with a clear ruling that the constitutional and institutional independence of the Committee will be maintained in this area as well. Consequently, the responsibilities and powers of the chairperson of the Central Elections Committee in this regard should be clearly defined.
  2. A permanent advisory committee should be appointed to advise the chairperson of the Central Elections Committee on protecting the electoral process from cyber-attacks by foreign state entities. The roles of this advisory committee will include coordinating and sharing information among the various bodies regarding cyber-attacks on the electoral process; recommending to the chairperson methods of identifying such an attack and its source, and means for thwarting it or limiting its harmful effects; and making recommendations to the chairperson on publicizing the fact that an attack has taken place, whether partially or fully, and the timing of such publication.
  3. The elections process should be declared a “critical national infrastructure,” anchored in the Knesset Elections Law.
  4. The National Security Council (NSC) should formulate an overall approach for the defense of Israel’s electoral system against foreign intervention, and submit it for approval by the relevant body—the government or the cabinet.
  5. Regulations should be introduced defining which body has responsibility for protecting political parties from cyber-attacks and how this should be exercised in practice, and funding should be made available, including via “designated funds” set aside in the parties’ election budgets, so that each party can implement the security proposals autonomously.
  6. Responsibility for protecting members of Knesset and their parliamentary aides should lie with the Knesset Sergeant-at-Arms, and rules should be set down for reporting among the entities involved in protecting the electoral process from any suspicion of cyber-attack against members of Knesset or their parliamentary aides.
  7. The directors-general of political parties should be made responsible for protecting their Knesset members’ use of computers that are not under the jurisdiction of the Knesset Sergeant-at-Arms, as well as for defending against cyber-attacks on political figures who are not members of Knesset. The directors-general should apply data security rules that will be issued by the Central Elections Committee, based on recommendations from the National Cyber Directorate.
  8. It should be made a requirement, either via recommendation or by a binding act of legislation, that primary elections within political parties should be held using paper voting slips, rather than computerized systems.
  9. The National Cyber Directorate (NCD) should be made responsible for defense against any cyber-based attempts to influence elections via social networks and news websites. If any such attempts are identified, they should be reported to the chairperson of the Central Elections Committee and to the Israel Security Agency (ISA). Arrangements for which body is responsible for dealing with these attacks should be agreed upon between the NCD and the ISA, with the approval of the chairperson of the Central Elections Committee. Due to the sensitivity of this subject, a specific unit should be set up within the NCD to handle it, overseen by a body headed by a retired justice. This body will ensure that the unit’s activities are restricted to identifying use of social networks to influence elections in Israel so as to serve foreign interests.
  10. The chairperson of the Central Elections Committee should have the power to decide whether to make public the discovery of an attempt by a foreign entity to influence the elections.
  11. Agreements should be reached for international cooperation to identify the source of any attacks discovered, including attempts in reaching an international treaty.
  12. A covenant should be agreed upon in which all political parties commit to refraining from operating virtual accounts (bots and trolls) as part of their political campaigns, whether directly or indirectly.
  13. Any act of collusion between an Israeli citizen or resident and a foreign entity, aimed at influencing the elections should be made a criminal offense. This offense should be worded carefully so as to restrict it only to relevant cases, and prevent it from being used against worthy activities.
  14. The establishment of a broad civil system for fact-- checking should be encouraged, as part of the mechanism to defend the public from targeted
  15. The possibility should be explored of passing a law forbidding the use of personal information for political micro-targeting, or at the least, to require full transparency vis-à-vis those being targeted, indicating that the message being presented is from a political source.

Implementing these recommendations, and paying ongoing institutional attention to technological changes and developments in the field of cyber-attacks, can strengthen Israel’s ability to defend itself and also increase public awareness of the issue, which is an essential component of democratic resilience.