It is my recommendation that for now we stick to the manual voting systems. Italy has few rivals (Russia and China to name a few) that have extremely high cyber capabilities, and if seeing an opportunity, they might exploit it. Actually, the risks to move to a digital system are simply too high to make the change.
The upcoming elections in Italy, pause an acute challenge. I am referring to the challenge to the integrity of our democratic process. Recently, liberal democracies have been under attack by various rivals conducting influence operations as well and classic cyberattacks to steal information, disrupt activities and industrial espionage.
Manual vs. Digital
The Italian elections generate a wide range of vulnerabilities all of which must be mitigated. First is the election process itself by damaging the computer systems and the data stored. There are two main voting systems. The first is the manual systemwhereas voters vote manually in ballots using paper notes. The results are then counted and transferred to a central location where they are stored and managed in a computerized data base. There are many problems with the manual approach, to many few are human mistake problems, disaster recovery issues and alike. However, there is a huge advantage in the ability to prevent election results manipulations during the election process. Some of these topics have been already observed by the Committee of the Council of Europe for the Budapest Convention on cybercrimes[1].
The second approach is by using a computerized election process whereas voters can vote electronically in the ballots or even from any location if they have a way to validate their identification. Digital voting systems are already in place in several countries around the world. Though the transition to a digital voting process does not have to be a complicated matter, the risks of such a system are extremely high. This is because any computerized system may be subject to cyber attacks and manipulation. The issue of e-voting has been analyzed also by the EU NIS Cooperation Group in a ‘Compendium on Cyber Security of Election Technology’ [2].
It is my recommendation that for now we stick to the manual voting systems. Italy has few rivals (Russia and China to name a few) that have extremely high cyber capabilities, and if seeing an opportunity, they might exploit it. Actually, the risks to move to a digital system are simply too high to make the change.
Influence Operations
Elections risks do not generate from the election process only. There is a huge risk of influence operations that may influence HOW voters vote. In recent years there has been evidence of various attempts to harm in the democratic election process, using various tools in cyberspace mainly by external attempts to influence the public’s trust in candidates and democratic institutions. While INTERNAL political discourse (true of fake) is legitimate and should continue harmless, EXTERNAL influence (Russia, China, Iran, and others) should not be allowed. The challenge is how to differentiate the two. Italy must address this threat in the most serious way.
As said, the main problem will be to distinguish between attempts to influence illegitimately by foreign powers, and the activity of political parties in Italy who can also use the same methods legitimately. The second challenge will be to foil these attempts and expose them to the public. To do so, we will need a comprehensive intelligence and operational effort. The challenge is great, and it would be good to establish a special inter-organizational team to deal with it. It looks to me that the best organization for the job would be the National Cyber Agency. The Agency will need to establish a dedicated taskforcecombining all the relevant agencies (secret service, intelligence organizations, the police, the carabinieri and other stakeholders, like journalists and academics), all focused for one goal – to make sure that no foreign power is manipulating our people.
Conclusion
The Italian elections come in a very sensitive time in Europe, and thus may attract rivals to harm our democratic process, manipulate results, and influence our people through trolls especially on social media. We must put all the efforts needed to monitor and mitigate these risks. We will need to raise public awareness to make sure we are less exposed to information manipulation and fake news injected by external powers.
[1] It has issued a Guidance Note (‘Digital Technologies in Elections. Questions, lessons learned, perspectives’, 2020) on elections about the Budapest Convention’s procedural powers and mutual legal assistance provisions for criminal investigation or proceeding in election interference. The types of conducts that may be criminalised are illegal access, illegal interception, data interference, system interference, misuse of devices, computer-related forger; see https://rm.coe.int/publication-digital-technologies-regulations-en/16809e803f.
[2] https://www.europeansources.info/record/compendium-on-cyber-security-of-election-technology/