Could Russian hacking pose a threat to Australian democracy?

The Russian hacking of the Democratic National Committee over the past two years might seem like a very American news story, inseparable from the lead characters of Hillary Clinton and Donald Trump, and hyped as only the polarised media of that country can do it.

But when we look more deeply, we see a very threatening reality that concerns all governments, liberal democratic or authoritarian. Australia should take note.

The UK parliament is already alert to the danger. On January 9, 2017, the Joint Committee on the National Security Strategy launched an inquiry into the country’s cyber security. While the terms of reference do not call out political hacking as one of the threats, this subject was the main focus of the committee chair, former Home Secretary Margaret Beckett, when announcing the inquiry:

Attention has recently focused on the potential exploitation of the cyber domain by other states and associated actors for political purposes, but this is just one source of threat that the government must address through its recently launched five-year strategy.

We can only understand the full significance of the Russian hacking by reference to the escalating cyber battles between it and the United States. These began at least as early as 2000, when Vladimir Putin became president. This is described in some detail in a seminar I gave last week at UNSW Canberra.

The cyber campaign got very personal for Putin in January 2016 when a US Treasury official publicly accused him of corruption on a grand scale. This put Putin on notice that his personal political future was in the hands of Western intelligence agencies, which were signalling that they had gained access, including by cyber espionage, to secret information on his offshore accounts.

The more general lesson from the Russian hacking and covert cyber influencing campaign in the US election campaign is how the practice threatens political legitimacy everywhere. This weapon is also a double-edged sword, and will come back to haunt those who use it. This warning applies to both Putin and Trump, in spite of their current appearance of being beneficiaries.

As I argued in January last year, we should expect that Trump’s phone records, email messages, financial transactions, home video selections, internet browsing history will be scrutinised by cyber insurgents.

The threat to Australia

Australian political and business leaders have been facing this threat of cyber surveillance for political purposes from foreign governments for at least 20 years. It is notable, curious even, that there have been no documented instances of such campaigns against Australian leaders.

The governments with the capability and will to conduct such campaigns against our leaders include allies and potential adversaries.

Historically, major governments have used such tactics against foreign leaders only sparingly and with extreme caution. That restraint began to evaporate more recently, as the Russia-US case shows.

As another example, just two days after the US government released the report on Russian’s covert cyber campaign, Israel’s ambassador to the UK was forced to apologise for video comments by one of his staff plotting to “take down” Foreign Office Minister Alan Duncan and chatting about which other ministers should be on the take-down list.

Israel is, of course, not alone in this kind of activity. As mentioned above, this is a tool of policy long used by any government with the wit and talent to do it, and cyber technologies play a central part in it.

No Yahoos

It is in this context that we need to understand the significance of the 2013 leak of 1 billion personal records of Yahoo email users, including Australian politicians, and up to 3,000 government-related accounts.

Prime Minister Malcolm Turnbull is right to have ordered an inquiry into its impact on this country. It is almost certain that much or or all of this material has been in the hands of one or more foreign intelligence agencies since 2013. Yahoo had, in fact, been providing some of its customer content directly to US intelligence before the leak.

The question for the Australian government is whether its inquiry might be top-down rather than bottom-up. The latter approach would involve a look at the 3,000 separate government-related accounts, and then at the exponentially larger number of political correspondents with those account holders.

A more strategic top-down approach might be to ask which Australian political figures have suffered the most spectacular falls from grace in the past couple of years?

Could foreign-sourced cyber-espionage have played a part? Would any one of them have been so aligned with a foreign policy cause to attract the ire of a foreign government that might want to take them out?

Leaving aside that somewhat hypothetical, but not irrelevant, proposition, Australia would definitely benefit from following the lead of the UK’s Margaret Beckett.

Alongside an investigation of the impact of the Yahoo leak, we probably should study our capability to monitor covert cyber-based influencing campaigns against our political and business leaders, especially those who use relatively vulnerable off-the-shelf ICT systems.